Thought LeadershipPrivacy Policy
As at 19/11/2024
1. General scope of data processing
Data protection is a high priority in our company. We comply with the General Data Protection Regulation (GDPR), which regulates the processing of personal data uniformly for the entire European Union and other national data protection laws of the member states as well as other data protection regulations. We collect, process and use personal data only insofar as this is necessary to provide a functional website and to present our offers and provide our services.
As a user, you can visit our website without providing any personal data. Personal data is only collected and used insofar as this is necessary to provide a functional website and our content and services. Your personal data will only be collected and used with your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons or where the collection and processing of data is permitted by law.
For security reasons, we use an SSL certificate on our website to provide secure connections by encrypting all incoming and outgoing data traffic. You can recognize the encryption by the lock symbol in your browser line and by the fact that “https://” is displayed there.
2. Name and address of the person responsible for data processing
The controller within the meaning of the GDPR is
IT Verlag für Informationstechnik GmbH
Ludwig-Ganghofer-Str. 51
D-83624 Otterfing
Phone: 08104-6494-0
E-mail: [email protected], [email protected]
3. Definitions
The terms used in this privacy policy correspond to those in Article 4 GDPR. For the purposes of this Regulation, the term
“personal data” – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“data subject” – any identified or identifiable natural person whose personal data is processed by the controller.
“Processing” – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Restriction of processing” – the marking of stored personal data with the aim of restricting its future processing;
“Profiling” – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
“Controller” – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Recipient” – a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“Third party” – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
“Consent” – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. General legal bases for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR is the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
If the necessary processing serves to safeguard our legitimate interests or those of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing.
5. Data erasure and storage duration
Your personal data stored by us will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject, e.g. due to retention and documentation obligations under tax and commercial law. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
6. Collection of technical access data, server log files
Each time you visit our website, our web server automatically collects data and information from the computer system of the computer you are using. The following data is collected:
– Browser name and version used
– Operating system used
– IP address
– Date and time of access
– Website from which you accessed our website (referrer URL)
– Name and URL of the files accessed via our website
– http status code/access status
The above data is temporarily stored in the log files of the web server we use. This data is not stored together with your other personal data. Your data cannot be assigned by us to any specific person. We only use this technical log data for statistical purposes and to optimize our website and its security. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
Temporary storage of the IP address by our web server is necessary to enable delivery of the web pages accessed to your computer. For this purpose, the IP address of the accessing computer must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. The aforementioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
The stored data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection or removal on your part.
7. Use of cookies
We use “cookies” on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system accessing the website. When you access a website, a cookie may be stored on the operating system of the computer you are using. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
The purpose of using cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change, e.g. log-in information, content of the shopping cart, adoption of language settings, remembering search terms. The user data collected by technically necessary cookies is not used to create user profiles. The data processed by cookies is required for the purposes mentioned to safeguard our legitimate interests in a customer-friendly website design in accordance with Art. 6 para. 1 p. 1 lit. f GDPR or are carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract.
We work together with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard disk when you visit our website (third-party cookies). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case in the following sections.
Cookies are stored on your computer and transmitted from it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. Depending on your browser, this can also be done automatically. You can find setting options for your browser on the website of the respective provider of your browser.
Please note that the functionality of our website may be limited if cookies are not accepted.
8. Advertising and tracking-free access with contentpass
On our website we offer you a service for ad-free and tracking-free access. This service is called contentpass and is offered by Content Pass GmbH, Wolfswerder 58, 14532 Kleinmachnow, Germany. When you subscribe to the service, contentpass becomes your contractual partner. You can find more information about this service at contentpass.net.
In order to display and thus offer you this service on our website, contentpass processes your IP address on our behalf at the beginning of your website visit. For the registration and contract processing of contentpass and the associated data processing, contentpass is the controller within the meaning of the GDPR. We are solely responsible for processing your IP address. The processing is necessary for technical reasons in order to be able to display and offer you the contentpass service. For more information on data processing at contentpass, please read their privacy policy.
The basis for the data processing of the IP address, as part of our order processing with contentpass, is our legitimate interest in offering you the opportunity to access our website without advertising and tracking and your legitimate interest in using our website practically without advertising and tracking [Art. 6 para. 1 sentence 1 letter f) GDPR, in conjunction with § 25 para. 2 no. 2 TDDDG]. In addition, we hereby fulfill the legal obligation to obtain legally compliant consent to data processing requiring consent [Art. 6 para. 1 lit. c) GDPR in conjunction with § 25 para. 2 no. 2 TDDDG].
You can subscribe to contentpass and log in here.
9. Cookie consent with CCM19
Our website uses the cookie consent technology of CCM19 to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter referred to as “CCM19”). When you enter our website, a CCM19 cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored.
The data collected will be stored until you ask us to delete it or delete the CCM19 cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of CCM19 cookies can be found in the CCM19 privacy policy at https://www.ccm19.de/datenschutzerklaerung.html
You can revoke your consent to the use of functional and performance cookies at any time for the future. You can find the link to the cookie settings here.
CCM19 cookie consent technology is used to obtain the legally required consents in accordance with Art. Art. 6 para. 1 lit. a GDPR for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
We have concluded an order processing contract with CCM19. This is a contract required by data protection law, which ensures that CCM19 processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
10. Newsletter
If you have the option of subscribing to a free newsletter on our website, the following applies: When you register for the newsletter, the data from the input screen is transmitted to us. The data requested in the input mask includes your e-mail address. Entering your first name and surname is voluntary so that we can address you personally in the newsletter. Your consent to the processing of the data is obtained during the registration process and reference is made to this privacy policy. We use the so-called double opt-in procedure for sending newsletters. This means that we will not send you an e-mail newsletter unless you have expressly confirmed to us that you agree to receive such a newsletter. You will then receive a confirmation e-mail from us in which we ask you to confirm that you wish to receive future newsletters by clicking on a corresponding link. By clicking on the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In addition, the IP address of the accessing computer and the date and time of registration are also collected during registration in order to prevent misuse of the services or the e-mail address used or to be able to trace it in the event of a complaint. The aforementioned purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. No data will be passed on to third parties in connection with data processing for the sending of newsletters. The data is used exclusively for sending the newsletter. If you have given your consent, the legal basis for processing the data after you have registered for the newsletter is Art. 6 para. 1 lit. a GDPR.
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore only be stored for as long as your subscription to the newsletter is active, unless you have expressly consented to further use of your data. You can unsubscribe from the newsletter at any time. There is a corresponding link for this purpose in every newsletter. This also enables you to withdraw your consent to the storage of the personal data collected during the registration process.
Mailchimp
We use the “MailChimp” service of the provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, to send newsletters. With “MailChimp”, the recipients’ data is used in pseudonymous form, i.e. without assignment to a user, to optimize or improve our own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for statistical purposes. The data of our newsletter recipients is only used by us and not by the Rocket Science Group LLC, for example to write to you ourselves or to pass the data on to third parties.
The European Commission has not issued an adequacy decision for the MailChimp service in the USA. We base our cooperation with them on standard data protection clauses of the European Commission. If your IP address is collected via the technologies, it will be shortened by activating IP anonymization before it is stored on the provider’s servers. The full IP address is only transmitted to a server of the provider and shortened there in exceptional cases. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. We have concluded an order processing contract with the provider in accordance with. Art. 28 para. 3 sentence 1 GDPR.
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR (consent). You can withdraw your consent at any time by unsubscribing from the newsletter. This also applies in the event that you do not wish to be analyzed by MailChimp. We provide a corresponding link or email address at the end of each newsletter to enable you to unsubscribe. You can also unsubscribe from the newsletter directly on the website.
Your data stored with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the MailChimp servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. Further information about the provider’s data processing can be found in the privacy policy at the following link: https://mailchimp.com/legal/privacy/.
11. Customer registration
If you have the option of setting up a customer account on our website and registering by entering your personal data, the following applies: The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. Which data is collected can be seen from the respective input forms. As part of the registration process, your consent to the processing of this data is expressly obtained. At the time of registration, the following data is also stored for security reasons: The IP address of the accessing computer, date and time of registration. The above purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
Your registration is required to fulfill a contract with you or to carry out pre-contractual measures. By registering, we can quickly and conveniently make the data you have entered available to you again without you having to enter it again. If you have given your consent, the legal basis for processing the data is Art. 6 para. 1 lit. a GDPR. If the registration serves the fulfillment of a contract between you and us or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
As a user, you have the option of canceling your registration at any time. You can change the data stored about you at any time. To change or delete your data, simply contact us using the contact details given in the legal notice. Ideally, you should send us an e-mail. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
12. E-mail contact
If you contact us by e-mail, only the personal data you provide in the e-mail will be stored in order to process the contact. Under no circumstances will your data be passed on to third parties. Your data will only be used for the intended communication. The legal basis for the processing of data with your consent is Art. 6 para. 1 lit. a GDPR. The legal basis for the processing of personal data that you have transmitted to us by email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective communication with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
You have the option of withdrawing your consent to the processing of your personal data at any time. If you have contacted us by e-mail, you can object to the storage of your personal data at any time. The revocation can be made, for example, by sending a revocation e-mail or by letter to our contact addresses shown in the imprint. All personal data stored in the course of contacting us will then be deleted.
13. Tools and plugins from third-party providers
We use third-party tools on our website, e.g. for the analysis of usage data, in order to be able to design our online offers and our website in an optimal and needs-based manner with a view to user-friendliness and optimization. The tools generally use “cookies” (for a definition, see “Cookies” above). For the data processed in this way, we may require your prior informed consent in accordance with Art. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool).
In order to respect your privacy, the data that may allow a reference to your person, such as IP address, login or device identifiers, are anonymized or pseudonymized as early as possible. Specifically, this involves the following tools:
a) INFOnline Measurement
Our website uses the multi-stage measurement procedure ‘INFOnline Measurement’ by INFOnline GmbH (https://www.INFOnline.de) to determine statistical key metrics (Page Impression, Visit, (technical) Client) regarding the usage of our digital offering. The goal of usage measurement is to statistically determine the number of visits to our website, the number of website visitors, and their browsing behavior based on a uniform standard procedure, thus obtaining market-wide comparable values. As a member of the Information Community for the Determination of the Circulation of Advertising Media e.V. (IVW – https://www.ivw.eu), usage statistics are regularly provided by the IVW with the performance values ‘Page Impression’ and ‘Visit’ in the IVW display (https://ausweisungdigital.ivw.de/).
1. legal basis for the processing
Measurement with INFOnline Measurement (pseudonymous system: IOMp) by INFOnline GmbH occurs within the framework of usage measurement with consent according to Art. 6 Para. 1 lit. a) GDPR. The purpose of processing personal data is the formation of digital performance values (Page Impression, Visit, and (technical) Client) for creating statistics. The statistics serve to comprehend and substantiate the usage of our offering.
2. type of data
The data collected with INFOnline Measurement does not allow for unequivocal identification of a user as a person due to the type and quantity of data. A JavaScript code (so-called ‘Measurement Manager’) is used, which automatically integrates and executes the necessary measurement sensors for anonymous and/or pseudonymous data processing when called via the user’s browser or end device, based on consent information from the Consent Management Platform (CMP) used by the digital offering. INFOnline Measurement is designed as an anonymous system (without Client Identifier) and as a pseudonymous system (with Client Identifier).
In the anonymous census procedure (IOMb), processing of personally identifiable information is entirely avoided, which particularly includes the IP address. This is completely removed from communication and processing. A communication interface, the so-called ‘service platform’, prevents the exchange of the user’s IP address with INFOnline systems during INFOnline Measurement. The IP address as personal data is discarded on the service platform before the measurement request is forwarded to INFOnline. No geolocation via IP address is performed. The dataset generated in the census procedure is a pure PI data collection.
In the pseudonymous measurement procedure (IOMp), the following data with personal reference according to EU GDPR are collected using the 3rd-party cookie ‘i00’ (ioam.de) and the 1st-party cookie ‘ioam2018’:
– IP address: Every device requires a unique address for data transmission on the internet. Short-term storage of the IP address is technically necessary due to the internet’s functionality. In the pseudonymous procedure, IP addresses are processed unabridged.
– A randomly generated client identifier: Reach measurement uses unique device identifiers for computer system recognition, a ‘Local Storage Object’ (LSO) or a signature created from various automatically transmitted browser information. This identifier is unique to a browser as long as the cookie or Local Storage Object is not deleted. Measurement of data and subsequent assignment to the respective identifier may be possible even when visiting other websites using INFOnline GmbH’s pseudonymous measurement procedure.
The following unique identifiers can be transmitted as a hash to INFOnline GmbH:
- Abbreviated Client IP or X-Forwarded-For (XFF)
- User agent (as hash)
Personal data in the sense of EU GDPR is only used for measurement to the extent that a JavaScript is deployed to a user assigned an individual IP address and a randomly generated Client Identifier for accessing web content.
3. Data Usage
The measurement procedure of INFOnline GmbH used on this website determines usage data to collect performance values Page Impression, Visit, and Client.
- Geolocation
In the pseudonymous measurement procedure (IOMp), website access is assigned to the location of access based on the IP address, only up to the geographical level of federal states/regions. From these geographical information, no conclusions about a user’s specific place of residence can be drawn. - Cross-offering Consolidation of Usage Data
In the pseudonymous measurement procedure (IOMp), usage data of a (technical) client (e.g., a browser on a device) are consolidated across websites and stored in a database.
4. Data Retention Period
In the census procedure, the abbreviated IP address is discarded. In the pseudonymous procedure, the IP address is stored for a maximum of 60 days. In the pseudonymous procedure, usage data in connection with the unique identifier are stored for a maximum of 6 months. The validity of the cookies ‘i00’ and ‘ioam2018’ used in the pseudonymous procedure on the user’s end device is limited to a maximum of 1 year.
5. Data Transfer
The IP address is not transferred.
6 Rights of the Affected Person
The affected person has the following rights: Right to information (Art. 15 GDPR), Right to correction (Art. 16 GDPR), Right to object (Art. 21 GDPR), Right to deletion (Art. 17 GDPR), Right to restrict processing (Art. 18f. GDPR), Right to data portability (Art. 20 GDPR), Right to revocation (Art. 7 Para. 3 GDPR) (for consent).
For inquiries of this nature, please contact [email protected]. Please note that we must ensure that the inquiring person is actually the affected person. The affected person has the right to file a complaint with a data protection authority. Further information about data protection in INFOnline Measurement can be found on the website of INFOnline GmbH (https://www.infonline.de), which operates the measurement procedure.
b) Google AdSense
We use Google AdSense, an online service provided by Google Ireland Limited.
Gordon House, Barrow Street, Dublin 4, Ireland (Google). The service is used to place advertisements on third-party websites. Google AdSense uses an algorithm to display advertisements on third-party sites that match the content of the respective third-party site. Google AdSense thus enables interest-based targeting of the Internet user, which is achieved by generating individual user profiles.
The purpose of Google AdSense is to integrate interest-based advertisements on our website. Google AdSense stores a cookie in your browser for this purpose. The term “cookies” is described above under the heading “Cookies”. By setting a cookie, Google is able to analyze the use of our website. Each time you access a page of our website on which a Google AdSense code has been stored, your Internet browser is automatically prompted to transmit the necessary data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of your personal data, such as your IP address, which Alphabet Inc. among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements. The data is also transferred to the United States of America, where it is stored and processed. Google may pass on this personal data collected via the technical process to third parties.
Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in Internet pages to enable log file recording and log file analysis, which allows statistical evaluation to be carried out. Using the embedded tracking pixel, Google can recognize whether and when one of our web pages was opened by you and which links were clicked on by you. Tracking pixels are used, among other things, to evaluate the flow of visitors to a website.
For the setting of cookies and/or tracking pixels, we require your informed consent in accordance with. Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool). Further information on Google AdSense and data protection can be found at https://www.google.de/intl/de/adsense/start/.
c) Google reCAPTCHA
We use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes sending your IP address and any other data required by Google for the reCAPTCHA service to Google.
For the use of Google reCAPTCHA, we require your informed consent in accordance with Art. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool). Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/
d) Google Maps
We use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (country) maps in order to visualize geographical information. By using this service, our location is displayed to you and any directions are made easier.
Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access the subpages in which the Google Maps map is integrated. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them.
For the setting of cookies, we require your informed consent in accordance with Art. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool). You also have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used. You can view Google’s terms of use at http://www.google.de/intl/de/policies/terms/regional.html. The additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html. Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://policies.google.com/privacy?hl=de&gl=de.
e) Google Web Fonts
This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. To use Google WebFonts, we require your informed consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool).
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/
f) Google Analytics 4
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics 4 uses “cookies”, which are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website (including the anonymized, i.e. shortened IP address) is usually also transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA and stored there.
IP anonymization “_anonymizeIp()” is activated on our website. With this option, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. This prevents your IP address from being personalized.
Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.
For the processing described above, in particular the use of Google Analytics cookies to read information on the terminal device you are using, you must give us your express and informed consent in accordance with Art. 6 para. 1 lit. a DSGVO have given. To obtain your consent, we use a so-called “cookie consent tool”, which appears when you visit our website. You can use the “cookie consent tool” to give us your consent to the use of Google Analytics or exercise your right to refuse consent by deactivating the service for your website. Once you have given your consent, you can revoke it at any time with effect for the future via the “cookie consent tool”.
Google Analytics 4 uses the special function “demographic characteristics” and can use it to create statistics that make statements about the age, gender and interests of site visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the data collected cannot be assigned to a specific person and is deleted after being stored for a period of two months.
We would like to point out that we have activated Google Signals in Google Analytics 4. This will update the existing Google Analytics 4 features (advertising reports, remarketing, cross-device reports and reports on interests and demographics) to receive aggregated and anonymized data from you if you have allowed personalized ads in your Google Account. Your data can be analyzed across devices. Google can recognize which devices (smartphone, laptop) you use to visit our website, cross-device tracking. By activating Google signals, we can launch cross-device remarketing campaigns. Remarketing means that we can also show you our offer on other websites.
In Google Analytics 4, additional visitor data such as location, search history, YouTube history and data about your actions on our website are collected by activating Google signals. This provides us with more useful information from Google about your interests and demographic characteristics, which helps us to define target groups. The reports help us to better assess your interests. This allows us to customize our website and our services for you. This data expires after 26 months. Please note that this data is only collected if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual data. You can manage and delete this data in your Google account.
The “UserIDs” function can be used on this website as an extension to Google Analytics 4. If you consent to the use of Google Analytics 4 acc. Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in with this account on different devices, your activities, including conversions, can be analyzed across devices
We have concluded a data processing agreement with Google for the use of Google Analytics 4. This contract obliges Google to protect the data of our website visitors within the framework of standard contractual clauses and not to pass it on to third parties. For the transfer of data from the EU to the USA, Google relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA, see https://policies.google.com/privacy/frameworks.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
You can find more information about Google Analytics here: https://policies.google.com/privacy
g) Cloudflare
We use the Content Delivery Network (CDN) of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to improve the security and loading times of our website. This is done within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
A CDN is a network of globally distributed servers that is used to deliver optimized content to the user of the website. In the course of this, personal data may be processed in Cloudflare’s server log files. Please also refer to the information in the “Hosting” section.
Cloudflare acts as the recipient of your personal data and acts as a processor on our behalf. This corresponds to our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as we do not operate our own content delivery network.
You have the right to object to the processing. The prospects of success of the objection will be determined as part of a balancing of interests. The processing of the data mentioned in this section is neither legally nor contractually required, but the functionality of the website is not guaranteed without this processing. Your personal data will be stored by Cloudflare for as long as is necessary for the purposes mentioned.
You can find more information on how to object and delete your data at Cloudflare at Cloudflare DPA. Cloudflare has implemented compliance measures for international data transfers that apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further details can be found at: https://www.cloudflare.com/de-de/privacypolicy/?tid=331706180787.
h) Algolia
This website uses the Algolia search technology via an API. The provider is Algolia, Inc. with its registered office at 589 Howard Street, Suite 5, San Francisco, CA 94105, USA.
In order to use the functions of the Algolia search, it is necessary to save your IP address and your search query. This information is usually transmitted to an Algolia server in Europe or the USA and stored there. The operator of this site has no influence on this data transfer.
The use of the Algolia search is in the interest of optimal accessibility and easy findability of our online offers. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in Algolia’s privacy policy: https://www.algolia.com/policies/privacy.
i) Hotjar
We use Hotjar on our website. This is a web analysis service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, hereinafter referred to as “Hotjar”.
For the use of Hotjar, we require your informed consent in accordance with Art. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool).
Hotjar is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website. Hotjar enables us to track your usage behavior on our website, such as your mouse movements or mouse clicks. log and evaluate your mouse movements or mouse clicks. However, your visit to our website is anonymized. In addition, Hotjar analyzes information about your operating system, your Internet browser, incoming or outgoing links, the geographical origin as well as the type and triggering of the terminal device you use and processes it for statistical purposes. Hotjar can also obtain direct feedback from you. Hotjar also offers further data protection information at https://www.hotjar.com/legal/policies/privacy.
In addition, you have the option of ending the analysis of your usage behavior by opting out. By confirming the link https://www.hotjar.com/opt-out, a cookie is stored on your end device via your Internet browser, which prevents further analysis. Please note, however, that you will have to click on the above link again if you delete the cookies stored on your device.
j) YouTube
We use functions of the “YouTube” service to integrate our own videos on our website as part of so-called “framing”. YouTube is operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland (“Google”).
We only integrate YouTube videos in “extended data protection mode”, which YouTube itself provides. This initially prevents YouTube from storing cookies on your device. However, your IP address and other data will be transmitted when you access the relevant pages. This tells Google which of our websites you have visited. However, this information cannot be assigned to you unless you are logged in to YouTube or another Google service before accessing the page. For the use of YouTube we need your informed consent acc. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool). If you have not given your consent, the YouTube videos are also blocked by so-called content blockers. If you still want to watch the video, you must first agree to Google’s privacy policy when you click on the video; only then can you start the video.
When the playback of an embedded YouTube video is started, “YouTube” only sets cookies in the extended data protection mode that do not contain any personal data that could be traced back to you, unless you are logged in to any Google service at the same time. If you want to avoid a personal reference, you can prevent this by logging out of your YouTube account. The integration of cookies takes place in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of collecting information about user behavior, compiling video statistics and improving the user-friendliness of the YouTube service
You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Regardless of whether the embedded video is played, a connection to the Google “double-click” network is established when you visit this website. Further information on the handling of user data can be found in Google’s privacy policy at the URL https://www.google.de/intl/de/policies/privacy.
k) Vimeo
We use plugins of the video portal Vimeo of the provider Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”).
When you visit one of our websites with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also receives knowledge of the IP address you were using at the time of your visit. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
For the use of Vimeo, we require your informed consent in accordance with Art. of Art. 6 para. 1 lit. a GDPR, which you can give before activation via a consent window (cookie consent tool). If you have not given your consent, the Vimeo videos are also blocked by so-called content blockers. If you still want to watch the video, you must first agree to Vimeo’s privacy policy when you click on the video; only then can you start the video.
When the playback of an embedded Vimeo video is started, “Vimeo” only sets cookies in the extended data protection mode that do not contain any personal data that could be traced back to you, unless you are logged in to any Vimeo service at the same time. If you want to avoid a personal reference, you can prevent this by logging out of your Vimeo account. The integration of cookies takes place in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of collecting information about user behavior and creating video statistics as well as improving the user-friendliness of the Vimeo offer
You have the right to object to the creation of these user profiles, whereby you must contact Vimeo to exercise this right. For more information on how Vimeo handles user data, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy.
l) Eventbrite
For event and ticket management, we use the online platform of Eventbrite, Eventbrite Inc, 95 Third Street, 2nd Floor, San Francisco, CA 94103, USA. In Europe, the company is represented by Eventbrite Operations (IE) Limited, 97 South Mall Cork, T12XV54, Ireland. The branch office in Germany is Eventbrite DE Gm, Oranienstraße 25, 10999 Berlin.
If you register for a paid event, you will be redirected to the Eventbrite online platform. When you visit the Eventbrite website, further personal data is automatically collected, for which Eventbrite is responsible as the operator of the website. This includes a unique identifier associated with your access device and/or your browser (e.g. your IP address), as well as characteristics of your access device and/or your browser. Statistical data about your activities on the Services and information about how you access the Services is also collected. This data is collected using technologies such as cookies, pixel tags, local shared objects and web storage. The purposes and legal bases of this processing are described in detail in Eventbrite’s privacy policy https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinien-von-eventbrite/
Eventbrite is the sole controller for this automated processing, over which we have no influence. This also applies to all data that is processed as part of registration and login on the Eventbrite website. You can find more information on this in Eventbrite’s privacy policy.
When an event is booked, Eventbrite collects personal data on our behalf, such as surname, first name, employer, email address and information about the events booked and attended. This data is used for the proper organization of events, the identification and authentication of participants and the provision of services before and during the event. The
The processing of your data is based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR, which you give during the registration process by entering and confirming your personal data. You have the option to withdraw your consent for the future at any time. In addition, the processing is based on the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which concerns the creation of a list of participants, the monitoring of event capacity and other organizational aspects.
Depending on the situation, Eventbrite may act either as the controller or as the processor. You can find more information on this and on the data processed in Eventbrite’s privacy policy https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinien-von-eventbrite/
Eventbrite acts as a processor for IT Verlag GmbH as the organizer and has concluded a corresponding data processing agreement, which contains further information on the handling and protection of the processed personal data. However, it is possible that Eventbrite may also process the data for its own purposes. Further information on this can also be found in Eventbrite’s privacy policy.
Eventbrite processes personal data in the USA in accordance with the applicable EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR. A corresponding contract has been signed by Eventbrite and is available online https://cdn.evbstatic.com/s3-s3/static/images/en_US/legal_policies/Eventbrite_Organiser_Standard_Contractual_Clauses.pdf. In addition, Eventbrite is certified in accordance with the new Data Privacy Framework between the USA and the EU https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNl5AAG&status=Active.
However, it is important to note that you do not have the same effective legal remedies available to you as within the EU. Eventbrite is subject to the investigatory and enforcement powers of the US Federal Trade Commission. For more information, please see Eventbrite’s Privacy Policy.
We have no influence on any disclosure by Eventbrite. Further details can be found in Eventbrite’s privacy policy. In the event that Eventbrite is responsible, all inquiries from data subjects should be addressed directly to Eventbrite.
14. information on data transfer to third countries
We use technologies from service providers on our website whose server locations may be in third countries outside the EU or the EEA. This also includes the USA. If, as in the case of the USA, there is no adequacy decision by the EU Commission, an adequate level of data protection must be ensured by means of other suitable guarantees. On July 16, 2020, the ECJ ruled that the Privacy Shield agreement between the EU and the USA may no longer be used to transfer personal data to the USA. This means that the sectoral adequacy decision has been repealed.
Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection regulations (Binding Corporate Rules) are possible in principle, but require prior review by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the ECJ ruling, it may be necessary to take additional protective measures.
We have generally agreed the standard data protection clauses issued by the EU Commission and still valid with the third-party technologies we use that process personal data in a third country such as the USA. Where possible, we also agree additional guarantees to ensure that adequate data protection is guaranteed in the USA or other third countries.
Notwithstanding this, it may happen that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, we will ask you for your consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your personal data to a third country. This relates in particular to the transfer of data to the USA.
In particular, there is a risk that US authorities may receive access rights to your personal data that are not sufficiently restricted from an EU perspective without us as the data exporter or you as the data subject being aware of this and you may not have any legal remedies available to you to prevent this or to take action against such access.
15 Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access (Art. 15 GDPR) – You can request confirmation from us as the controller as to whether personal data concerning you is being processed by us.
In the case of processing, you can request the following information from us: the purposes for which the personal data are processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed the categories of recipients to whom the personal data concerning you have been or will be disclosed; the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; any available information as to the source of the data if the personal data are not collected from the data subject; the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject. You also have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. Art. 46 GDPR in connection with the transfer.
Right to rectification (Art. 16 GDPR) – You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.
Right to erasure (Art. 17 GDPR) – You have the right to obtain from us, as the controller, the erasure of personal data concerning you without undue delay. In this case, we are obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing. (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR. (4) The personal data concerning you has been processed unlawfully. (5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
If we have made the personal data concerning you public and we are obliged pursuant to Art. Art. 17 para. 1 GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested us to delete all links to this personal data or copies or replications of this personal data.
The right to erasure does not exist if the processing is necessary (1) for exercising the right of freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or (5) for the establishment, exercise or defense of legal claims.
Right to restriction of processing (Art. 18 GDPR) – You may request the restriction of the processing of personal data concerning you under the following conditions: if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to information (Art. 19 GDPR) – If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.
Right to data portability (Art. 29 GDPR) – You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where (1) the processing is based on consent pursuant to Art. 6 (1) GDPR. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR and (2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
16. Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
If you exercise your right to object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
17. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time, by e-mail to [email protected] or in writing to IT Verlag für Informationstechnik GmbH, Ludwig-Ganghofer-Str. 51, 83624 Otterfing. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
18. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply (1) if the decision is necessary for entering into, or performance of, a contract between you and the controller, (2) if it is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) if it is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
19. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
20. Further data protection information
If you have any further questions about data protection, please do not hesitate to contact us. Our contact details can be found above under the information on the controller in this privacy policy or in our legal notice.
This privacy policy is provided by
IT Verlag GmbH / RA Kai Harzheim, Hamburg – www.harzheim.eu
Update June 2024
IT Verlag für Informationstechnik GmbH, Ludwig-Ganghofer-Str. 51, D-83624 Otterfing, Germany