Privacy Policy
1. Introduction
This website is operated by: ProSafeCon GmbH.
It is very important to us to handle the data of our website visitors responsibly and to protect it as best as possible. For this reason, we make every effort to comply with the requirements of the GDPR.
Below we explain how we process your data on our website. We use clear and transparent language so that you can truly understand what happens with your data.
2. General Information
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all data that can be used to identify you personally. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when “something happens with it.” For example, the IP address is transmitted from the browser to our provider and automatically stored there. This constitutes processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and further legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws – GDPR, BDSG and TDDDG
The scope of data protection is governed by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as national law.
In addition, the TDDDG supplements the provisions of the GDPR, insofar as the use of cookies is concerned.
2.3 The Controller
The controller responsible for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
You can contact the controller at:
ProSafeCon GmbH
Grafenberger Allee 277
40237 Düsseldorf
2.4 Data Protection Officer
We have appointed a Data Protection Officer for our company. You can contact them at:
Dr. Cornelia Klaubert-Lath
Grafenberger Allee 277-287 A
40237 Düsseldorf
datenschutz@prosafecon.de
2.5 How data is generally processed on this website
As already mentioned, some data (e.g. IP address) is automatically collected. This data is primarily required for the technical provision of the homepage. Where we use personal data beyond this or collect other data, we will inform you or request your consent.
Other personal data is provided by you voluntarily.
Detailed information on this can be found further below.
2.6 Your rights
The GDPR provides you with extensive rights. These include, for example, free access to the origin, recipient, and purpose of your stored personal data. You may also request the correction, blocking, or deletion of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke consent at any time.
Details of these rights and how to exercise them can be found in the final section of this Privacy Policy.
2.7 Data Protection – Our Perspective
For us, data protection is more than just a legal obligation! Personal data has great value, and careful handling of this data should be self-evident in our digital world. Furthermore, you as a website visitor should be able to decide yourself what, when, and by whom something happens with your data. For this reason, we commit to complying with all legal provisions, collecting only the data necessary for us, and treating this data confidentially.
2.8 Disclosure and deletion
Disclosure and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you of our general approach.
Data is only disclosed on a legal basis and only when unavoidable. This may be the case, in particular, if it involves a so-called processor and a data processing agreement under Art. 28 GDPR has been concluded.
We delete your data once the purpose and legal basis for processing no longer exist and no other legal obligations prevent deletion. A good overview of this is provided by Art. 17 GDPR.
Please refer to this Privacy Policy for all further information and contact the controller with specific questions.
2.9 Hosting
This website is externally hosted. The personal data collected on this website is stored on the servers of the hosting provider. This includes both the automatically collected and stored log files (see below for details) and any other data provided by website visitors.
External hosting is used for the purpose of providing our website securely, quickly, and reliably, and in this context serves the fulfillment of contracts with our potential and existing customers.
The legal basis for processing is Art. 6 para. 1 lit. a, b, and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information on the website visitor’s or user’s device within the meaning of the TDDDG.
Our hosting provider only processes data necessary to fulfill its service obligations and acts as our processor, meaning it is bound by our instructions. We have concluded a corresponding data processing agreement with our hosting provider.
We use the following hosting provider:
Cloudways
Cloudways Ltd., Junction Business Centre, 1st Floor Sqaq Lourdes ST. JULIANS, STJ 3334 Malta.
https://www.cloudways.com/en/terms.php#privacy.
2.10 Legal bases
The processing of personal data always requires a legal basis. According to Art. 6 para. 1 sentence 1 GDPR, the following options are provided:
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessary to protect the vital interests of the data subject or another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the following sections, we will inform you of the specific legal basis for each type of processing.
3. What happens on our website
By visiting our website, we process personal data about you.
To best protect this data against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the https:// or the lock symbol in your browser’s address bar.
Below you will learn which data is collected when visiting our website, for what purpose, and on which legal basis.
3.1 Data collection when accessing the website
When the website is accessed, information is automatically stored in so-called server log files. This includes the following information:
– Browser type and browser version
– Operating system used
– Referrer URL
– Hostname of the accessing computer
– Time of the server request
– IP address
This data is temporarily required to display our website continuously and without problems. In particular, this data serves the following purposes:
– System security of the website
– System stability of the website
– Troubleshooting on the website
– Connection to the website
– Display of the website
Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and results from our legitimate interest in the functionality and security of the website.
Where possible, this data is stored pseudonymized and deleted once the respective purpose has been achieved.
Where the server log files allow identification of the data subject, the data is stored for a maximum of 14 days. An exception exists if a security-related incident occurs. In that case, the server log files are stored until the security-relevant incident has been resolved and fully clarified.
No merging with other data takes place.
3.2 Cookies
3.2.1 General
This website uses so-called cookies. These are data records, information stored in the browser of your device, related to our website.
By setting cookies, navigation on the website can be made easier for visitors.
In our cookie consent tool, you will find all information about the cookies we use on our website (possibly after your consent).
3.2.2 Rejecting cookies
All cookies that are not technically necessary can be managed directly via our cookie consent tool.
You can prevent the setting of cookies by adjusting your browser settings.
Here are the relevant links to commonly used browsers:
Mozilla Firefox: https://support.mozilla.org/…
Google Chrome: https://support.google.com/…
Microsoft Edge: https://support.microsoft.com/…
Safari: https://support.apple.com/… (1) and https://support.apple.com/… (2)
If you use another browser, we recommend entering the name of your browser and “delete and manage cookies” into a search engine and following the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.
We must point out that comprehensive blocking/deletion of cookies may lead to impairments when using the website.
3.2.3 Technically necessary cookies
We use technically necessary cookies on this website to ensure our website functions properly and in compliance with the applicable laws. They help to make the website more user-friendly. Some functions of our website cannot be displayed without cookies.
The legal basis is, depending on the case, Art. 6 para. 1 lit. b, c and/or f GDPR.
3.2.4 Technically unnecessary cookies
We also use cookies that are not technically necessary. These serve, among other things, to analyze visitor behavior or provide website features that are not essential.
The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.
3.3 Data processing through user input
3.3.1 Own data collection
We offer the following service on our website: contact form.
For this purpose, we collect the following data:
– Name
– Email address
– Address
– Telephone number
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data is deleted once the respective purpose no longer applies and if legally permissible.
3.3.2 Contact
a) Email
If you contact us by email, we process your email address and possibly further data contained in the mail. These are stored on the mail server and partially on the respective devices. Depending on the request, the legal basis is usually Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. Data will be deleted once the purpose no longer applies and if legally permissible.
b) Telephone
If you contact us by phone, call data may be stored pseudonymized on the device and with the telecommunications provider. Personal data collected during the call is processed solely to handle your request. Depending on the matter, the legal basis is usually Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. Data will be deleted once the purpose no longer applies and if legally permissible.
c) Contact form
We provide a contact form. This serves to get in touch with our company.
We usually process your first and last name, phone number, email address, postal address, and the content of your message. The data is stored on our web server and forwarded internally to the responsible email addresses.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and providing easy contact options. If the contact aims at concluding a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR.
We delete this data no later than 3 months after receipt unless it is needed for an existing contractual relationship.
We integrate the contact form from:
Gravity Forms
Rocketgenius Inc., 1620 Centerville Turnpike STE 102, Virginia Beach, VA 23464, USA
https://www.gravityforms.com/privacy/
d) Appointment scheduling tool
Amelia
We use the WordPress booking plugin Amelia by TMS-Plugins, based at 16192 Coastal Highway, Lewes, Delaware 19958, USA, to allow you easy online appointment booking.
Amelia is a powerful booking system allowing you to book appointments and events directly on our website.
The following data is processed when using Amelia: name, email address, phone number (optional), selected appointment/event, payment information (for paid bookings).
Data is processed to: handle and confirm bookings, inform about changes or cancellations, provide the booked service, and possibly process payments.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient appointment management).
Amelia uses functional cookies necessary for the booking system. Legal basis: Art. 6 para. 1 lit. f GDPR.
No transfer of personal data to third countries takes place. Data is processed on EU servers.
Data is stored as long as necessary for the purpose or until the user requests deletion. Statutory retention periods remain unaffected.
More info: https://wpamelia.com/privacy-policy/.
3.3.3 Questionnaires/Forms
a) Tripetto
On our website we use the functions of Tripetto to implement questionnaires. This is a service of Tripetto B.V., Schimmelpenninckstraat 4, 2316 DT, Leiden, Netherlands.
This service allows us to create online forms for collecting messages, inquiries, or other inputs for our website and to embed them there.
Tripetto provides a cloud solution. All data collected when using our form is stored on the servers of Tripetto.
Tripetto uses essential, functional, analytics, and marketing cookies. They serve to ensure the functions of Tripetto, analyze user behavior, and enable personalized marketing.
Non-essential cookies are only set with consent. This consent can be withdrawn at any time. Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
Further legal basis for the use of Tripetto: Art. 6 para. 1 lit. f GDPR (legitimate interest in creating and embedding forms). Where processing via the form serves the provision of contractual services, the legal basis is Art. 6 para. 1 lit. b GDPR.
The data entered by the website visitor into the form is stored on Tripetto’s servers until deletion is requested, consent to storage is withdrawn, or the purpose of storage no longer applies. Statutory retention periods remain unaffected.
More info:
https://tripetto.com/blog/dont-trust-someone-else-with-your-form-data/
https://tripetto.com/tutorials/self-hosting-form-and-survey-data/
b) Pipedrive
On our website we use the functions of Pipedrive to implement questionnaires. This is a service of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia.
This service allows us to create online forms for collecting messages, inquiries, or other inputs for our website and to embed them there.
Pipedrive receives the data entered into the form on our website.
It uses essential, functional, analytics, and marketing cookies. They serve to ensure the functions of Pipedrive, analyze user behavior, and enable personalized marketing.
Non-essential cookies are only set with consent. Consent can be withdrawn at any time. Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
Further legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in embedding functioning forms). Where processing serves contractual services, the legal basis is Art. 6 para. 1 lit. b GDPR.
Data entered into the form is stored on Pipedrive’s servers until deletion is requested, consent is withdrawn, or the purpose no longer applies. Statutory retention periods remain unaffected.
More info:
https://www.pipedrive.com/en/privacy
3.4 Cookie Consent Tool
3.4.1 Real Cookie Banner
To ensure that only cookies with a valid legal basis are set, we use the consent management tool Real Cookie Banner by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany.
This service is used to obtain website visitors’ consent for storing certain cookies or using certain technologies and to document this in compliance with data protection law.
When accessing this website, the consent or withdrawal of consent is stored as a Real Cookie Banner cookie in the visitor’s browser. No connection is made to Real Cookie Banner servers.
Legal basis: Art. 6 para. 1 lit. c GDPR.
Data is stored until deletion is requested, the cookie is deleted by Real Cookie Banner itself, or the purpose of storage no longer applies. Statutory retention requirements remain unaffected.
3.5 Newsletter
3.5.1 Pipedrive
We use Pipedrive to provide our newsletter. This service is offered by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia.
The service organizes and analyzes newsletter distribution. The data entered to receive the newsletter is stored on Pipedrive’s servers.
Pipedrive also allows analysis of interactions with the newsletter, measuring conversion rates, and categorizing recipients to tailor content to target groups.
This analysis can be objected to.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime by unsubscribing. The legality of processing carried out before withdrawal remains unaffected.
We also use Pipedrive’s other email services to fulfill contractual obligations and customer management. Legal basis: Art. 6 para. 1 lit. b GDPR.
Data is deleted at the end of the contract between us and Pipedrive, unless consent is withdrawn earlier. In that case, data is removed from the distribution list.
More info:
https://www.pipedrive.com/en/privacy
3.6 Mailing service
3.6.1 Google Mail
We use Google Mail as our mailing service. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
It is an email service.
Processing is based either on consent under Art. 6 para. 1 lit. a GDPR (e.g., when used to contact leads) or on Art. 6 para. 1 lit. b GDPR (contract performance). Consent can be withdrawn anytime.
Data is deleted when the contract with Google ends.
For transfers to the US, EU Standard Contractual Clauses (SCCs) apply.
More info:
https://policies.google.com/privacy?hl=de
3.7 Analytics and tracking tools
3.7.1 Google Analytics
We use Google Analytics, a web analytics service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies to recognize users and analyze usage behavior. Cookies are only set with consent, which can be managed in the cookie consent tool and withdrawn at any time.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
Collected information is usually transferred to a Google server in the USA and stored there.
Since July 10, 2023, an adequacy decision applies. Google LLC is certified under the EU-US Data Privacy Framework. Transfers to other third countries (e.g., Singapore) may occur, in which case SCCs apply.
Google Analytics uses IP anonymization: within the EU/EEA IPs are shortened so they cannot be traced back to individuals. Google also commits to data protection under the Google Ads Data Processing Terms.
A browser plugin can prevent transmission of collected information (e.g., IP address) to Google. Download: https://tools.google.com/dlpage/gaoptout?hl=de.
Data retention depends on customer settings, up to a maximum of two years per cookie.
More info:
https://support.google.com/analytics/answer/6004245?hl=de
Email: support-deutschland@google.com
3.7.2 Google Consent Mode
We use Google Consent Mode to adjust the use of Google services depending on consent. Even when denied, some anonymized data may be processed.
We use the Basic Consent Mode to collect aggregated, anonymized data. IP addresses may be transferred to Google. Purpose: website improvement and anonymous conversion analysis.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).
More info: https://support.google.com/analytics/answer/9976101
3.7.3 Google Ads Remarketing
We use Google Ads Remarketing, a web analytics service by Google Ireland Limited.
Cookies allow website visitors to be assigned to target groups and provided with personalized advertising.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
More info:
https://www.google.com/settings/ads/onweb/
https://policies.google.com/technologies/ads?hl=de
3.7.4 Google Tag Manager
We use Google Tag Manager by Google Ireland Limited.
It does not store cookies or perform its own analysis but helps manage embedded tools. IP addresses may be transmitted to Google in the USA.
Legal basis: Art. 6 para. 1 lit. f GDPR.
More info: https://policies.google.com/privacy?hl=en
3.7.5 Google Ads
We use Google Ads, an online advertising program by Google Ireland Limited.
The service allows ads in Google Search linked to keywords and targeted ads using cookies for conversion tracking.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
For transfers to the US, SCCs apply.
More info: https://privacy.google.com/businesses/controllerterms/mccs/
3.7.6 GA Connector
We integrate GA Connector, a service of Sergii Zuiev Software, ul. Mazowiecka 11/49, 00-052 Warsaw, Poland.
It integrates CRM systems with Google Analytics, enabling companies to track lead sources and conversions. We use the Salesforce-to-Google Analytics integration.
Changes to Salesforce records are monitored and sent via HTTPS directly to Google Analytics. GA Connector itself cannot access your data.
More info:
https://gaconnector.com/docs/gdpr-and-gaconnector/
https://gaconnector.com/about-us/privacy-policy.php
3.7.7 Microsoft Advertising
We use Microsoft Advertising, provided by Microsoft Ireland Operations Limited.
It enables targeted advertising across platforms and performance analysis.
Data processed: IP address, browser info, visited websites, ad interactions.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in optimizing marketing) or Art. 6 para. 1 lit. a GDPR (consent).
Cookies for analytics/marketing are only set with consent.
Data transfers to the US are based on SCCs.
More info: https://www.microsoft.com/de-de/privacy/privacystatement
3.8 Social Media Plugins
3.8.1 Instagram
This website integrates elements of the social network Instagram. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element is activated, a direct connection is established between the visitor and the Instagram servers, and their IP address is transmitted. If the visitor has a user account, the visit to this website can be assigned to that account. We as the website operator do not gain knowledge of the transferred content.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
If personal data is collected on this website with the help of Facebook/Instagram and transmitted to Meta, both the website operator and Meta Platforms Ireland Limited are jointly responsible (Art. 26 GDPR). This joint responsibility only concerns collection and transfer of the data. An agreement on joint processing exists:
https://www.facebook.com/legal/controller_addendum
The website operator is responsible for providing data protection information and safe integration of the Instagram tool. Facebook/Instagram is responsible for product security. Rights of data subjects regarding data processed by Instagram must be exercised with Instagram directly.
For transfers to the US, SCCs of the EU Commission apply.
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php
https://instagram.com/about/legal/privacy/
View Privacy Policy for Instagram here
3.8.2 LinkedIn
This website integrates elements of LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
If activated, a direct connection between the visitor and LinkedIn servers is created, and the IP address is transmitted. If the visitor has a LinkedIn account, the visit can be linked to it. The operator does not gain knowledge of the content transferred.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
For transfers to the US, SCCs apply.
https://www.linkedin.com/help/linkedin/answer/62538/…
More info:
https://www.linkedin.com/legal/privacy-policy
View Privacy Policy for LinkedIn here
3.8.3 XING
This website integrates elements of the social network XING, provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
If activated, a direct connection between the visitor and XING servers is established. Personal data and IP addresses are not stored, and user behavior is not analyzed.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
More info:
https://privacy.xing.com/de/datenschutzerklaerung
View Privacy Policy for Xing here
3.9 Social Media Profiles
Besides our website, we are also present with our company on social networks to present ourselves and to enable contact. We also use these networks for advertising and job postings.
Below we explain what data we and the respective social network process when you visit or interact with our profiles.
3.9.1 LinkedIn
We operate a LinkedIn profile at https://www.linkedin.com/.
a) Interaction with our company profile
When you visit and interact with our profile, we process personal data: publicly available data on your profile and data in posts, comments, or messages. By liking or sharing, we can see your profile and public information.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in providing content and enabling profile use). If related to contract fulfillment, Art. 6 para. 1 lit. b GDPR applies.
b) Page Insights
LinkedIn provides aggregated statistics (Page Insights) on interactions with our page. These do not contain personal data. We cannot link them to individual members.
When placing ads, LinkedIn provides information on audience types and ad performance. Personal data is only shared with us if users have consented.
Purpose: analyzing reach, tailoring content, marketing.
Legal basis: Art. 6 para. 1 lit. f GDPR.
For Page Insights, processing is jointly controlled with LinkedIn (Art. 26 GDPR). Agreement:
https://legal.linkedin.com/pages-joint-controller-addendum
Contact: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
DPO contact: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
3.9.2 Processing by LinkedIn
LinkedIn may also process additional personal data in its sole responsibility. Info:
https://de.linkedin.com/legal/privacy-policy
3.9.3 Instagram
We operate an Instagram profile, offered by Meta Platforms Ireland Limited.
a) Interaction with our company profile
We process publicly available profile data and data from posts, comments, or messages. Through likes/shares, we see profiles and public info.
Legal basis: Art. 6 para. 1 lit. f GDPR, or Art. 6 para. 1 lit. b GDPR if related to contracts.
b) Insights
Meta collects and provides aggregated statistics (Insights) on interactions with our page. These are anonymized. We cannot identify individuals.
Purpose: analyzing reach, adapting content and ads.
Legal basis: Art. 6 para. 1 lit. f GDPR.
For Insights, processing is joint with Meta (Art. 26 GDPR). Agreement:
https://www.facebook.com/legal/terms/page_controller_addendum
Meta contact: Online: https://www.facebook.com/help/contact/1650115808681298
Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Instagram DPO contact: https://www.facebook.com/help/contact/540977946302970
More info on Insights: https://de-de.facebook.com/help/pages/insights
Privacy Policy: https://privacycenter.instagram.com/policy/
When accessing Instagram, your IP is transmitted. Meta may link IPs and cookies to accounts. This allows profiling and targeted ads.
More info:
https://privacycenter.instagram.com/policy/
3.10 Third-party content
3.10.1 Google reCAPTCHA
We use Google reCAPTCHA by Google Ireland Limited to determine whether input is by a human or bot. Data is transmitted to Google automatically when the website is accessed.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
More info: Privacy, Terms
3.10.2 Friendly Captcha
We use Friendly Captcha, provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. It verifies human input.
Legal basis: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be withdrawn anytime.
More info: https://friendlycaptcha.com/legal/privacy-end-users/
3.10.3 Advanced Custom Fields PRO
We use ACF Pro by WP Engine Inc. to extend WordPress functionality. ACF itself does not process personal data. It may set cookies in the WordPress admin area (non-personal).
Legal basis: Art. 6 para. 1 lit. f GDPR.
More info: https://wpengine.com/legal/privacy/
3.10.4 Polylang
We use Polylang by WP SYNTEX for multilingual content. It may set a cookie to remember the chosen language (1-year expiry).
Legal basis: Art. 6 para. 1 lit. f GDPR.
More info: https://polylang.pro/privacy-policy/
3.10.5 YOAST SEO
We use YOAST SEO by Yoast B.V. for SEO optimization. It does not process personal data.
More info: https://yoast.com/help/gdpr/
3.10.6 Loco Translate
We use Loco Translate by White Interactive Ltd for managing translations in WordPress. It may process IPs, browser info, technical data.
Legal basis: Art. 6 para. 1 lit. f GDPR.
Cookies may be set, non-essential ones only with consent (Art. 6 para. 1 lit. a GDPR).
More info: https://localise.biz/info/privacy/cookies
3.10.7 Wordfence Security
We use Wordfence Security by Defiant Inc., Seattle, USA, to protect our website. It processes IPs, URLs, browser info, timestamps, login attempts.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in security). Functional cookies may be set, non-essential ones only with consent.
For US transfers, SCCs apply.
More info: https://www.wordfence.com/privacy-policy/
3.11 Audio and video conferences
3.11.1 ClickMeeting
We use ClickMeeting by ClickMeeting Sp. z o.o., Gdansk, Poland. Personal data such as meeting metadata, shared files, and technical info is processed.
Legal basis: Art. 6 para. 1 lit. a GDPR (cookies with consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (communication).
More info: https://clickmeeting.com/de/legal
3.11.2 Google Meet
We use Google Meet by Google Ireland Limited for conferences. Similar data is processed as above.
Legal basis: Art. 6 para. 1 lit. a, b, f GDPR.
More info: https://policies.google.com/privacy?hl=de
3.12 CRM Systems
3.12.1 Pipedrive CRM
We use Pipedrive CRM by Pipedrive OÜ, Estonia, to manage customer relationships. Data collected on our website may be processed in the CRM.
Legal basis: Art. 6 para. 1 lit. b GDPR (contractual purposes).
More info: https://www.pipedrive.com/en/privacy
3.13 Cloud Backups
We use cloud backups to protect our website data against loss, corruption, or attacks. Personal data stored on the website may also be included in backups.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in data security).
We use: Lucky-Cloud, operated by luckycloud GmbH, Bundesallee 39-40a, 10717 Berlin.
https://luckycloud.de/datenschutz/
4. Other Important Information
Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.
4.1 Your rights in detail
4.1.1 Right of access (Art. 15 GDPR)
You can request information on whether personal data concerning you is being processed. If so, you may request further details about the nature and manner of the processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.
4.1.2 Right to rectification (Art. 16 GDPR)
This includes the correction of inaccurate data and the completion of incomplete personal data.
4.1.3 Right to erasure (Art. 17 GDPR)
This so-called “right to be forgotten” gives you the right, under certain conditions, to demand deletion of personal data by the controller. This applies, for example, when the purpose for processing has ceased, consent has been withdrawn, or processing was carried out without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This right is also linked to the controller’s obligation under Art. 17 para. 2 GDPR to take reasonable steps to achieve general erasure.
4.1.4 Right to restriction of processing (Art. 18 GDPR)
This right is subject to the conditions listed in Art. 18 para. 1 lit. a to d GDPR.
4.1.5 Right to data portability (Art. 20 GDPR)
This grants the basic right to receive your own data in a commonly used format and to have it transmitted to another controller. However, this applies only to data processed based on consent or contract (Art. 20 para. 1 lit. a and b GDPR) and only if technically feasible.
4.1.6 Right to object (Art. 21 GDPR)
You may object to the processing of your personal data, particularly if your interest in objection outweighs the controller’s legitimate interest in processing, or if processing relates to direct marketing and/or profiling.
4.1.7 Right to “individual decision-making” (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. However, this right is subject to the limitations and additions in Art. 22 para. 2 and 4 GDPR.
4.1.8 Other rights
The GDPR includes rights regarding informing third parties if you exercise your rights under Art. 16, 17, or 18 GDPR, provided this is feasible and reasonable.
We also remind you of your right to withdraw consent at any time (Art. 7 para. 3 GDPR). The legality of processing carried out before withdrawal remains unaffected.
Additionally, we point to your rights under §§ 32 ff. BDSG, which are largely identical to those described above.
4.1.9 Right to lodge a complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates this regulation.
5. What if the GDPR is abolished tomorrow or other changes occur?
The current version of this Privacy Policy is dated 05.08.2025. From time to time, it may be necessary to adapt its content to reflect actual or legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the updated version at the same place and recommend reading it regularly.
Created with the kind support of Dieter macht den Datenschutz
