Privacy Policy
1 . Introduction
This website is operated by: vertical48 UG (haftungsbeschränkt).
It is very important to us to handle our website visitors' data confidentially and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.
Below we explain how we process your data on our website. We use language that is as clear and transparent as possible so that you really understand what happens to your data.
2. General information
2.1 Processing of personal data and other terms
Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently sitting in front of. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.
2.2 Applicable regulations/laws - GDPR, BDSG and TDDDG
The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.
In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.
2.3 The person responsible
The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
You can reach the person responsible at:
vertical48 UG (limited liability)
Röötbergshof 43 22397 Hamburg
getintouch@vertical48.net
2.4 Data Protection Officer
We have appointed a data protection officer for our company. You can reach him under:
simply Legal GmbH
Sebastian Schenk
Burkarderstr. 36, 97082 Würzburg
dpo@dieter-datenschutz.de
2.5 How data is generally processed on this website
As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.
You consciously provide us with other personal data.
You will find detailed information on this below.
2.6 Your rights
The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.
You can find out what these rights look like in detail and how to exercise them in the last section of this Privacy Policy.
2.7 Data protection - Our view
Data protection is more than just a chore for us! Personal data has great value and careful handling of this data should be a matter of course in our digitalized world. As a website visitor, you should also be able to decide for yourself what "happens" to your data, when and by whom. That is why we are committed to complying with all legal regulations, only collect the data we need and, of course, treat it confidentially.
2.8 Forwarding and deletion
The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.
Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.
We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a 'good' overview of this.
For further information, please refer to this Privacy Policy and contact the person responsible if you have any specific questions.
2.9 Hosting
Squarespace: Our website uses the Squarespace website builder system, a service provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, D08 N12C, Ireland. Squarespace enables the creation, administration and individual design of websites including functions such as content management, e-commerce, appointment booking, analysis and marketing tools. In the course of using Squarespace, IP addresses, browser and operating system information, pages visited, dwell times, geographical locations (derived from IP addresses), referrer URLs, page interactions (e.g. clicks on buttons), form data entered and transaction and checkout data are typically processed. Data processing is carried out for the purpose of providing and improving website use, carrying out analysis and marketing measures, enabling e-commerce functions and protecting technical security. As a rule, the legal basis is Art. 6 para. 1 lit. f GDPR, the legitimate interest in the reliable provision and optimization of the website offer and Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for the performance of a contract with users. Squarespace uses various cookies, in particular analysis and functional cookies, to recognize returning visitors, evaluate site usage and ensure technical functions. Analysis and marketing cookies are only used with express consent; the legal basis for this is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Personal data may be transferred to a third country, in particular to the USA. The transfer takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in order to ensure an adequate level of data protection. The personal data is generally deleted as soon as it is no longer required for the stated purposes, users withdraw their consent or after any statutory retention periods have expired. Further information can be found in Squarespace's Privacy Policy: https://www.squarespace.com/privacy
2.10 Legal basis
The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 para. 1 sentence 1:
a) The data subject has given their consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) The processing is necessary for compliance with a legal obligation to which the controller is subject;
d) Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In the following sections, we will provide you with the specific legal basis for the respective processing.
3. What happens on our website
When you visit our website, we process your personal data.
We use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.
Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.
3.1 Data collection when accessing the website
When you visit the website, information is automatically stored in so-called server log files. This is the following information:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
This data is temporarily required in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes:
• System security of the website
• System stability of the website
• Troubleshooting on the website
• Establishing a connection to the website
• Presentation of the website
Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.
Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved.
If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.
Otherwise, no merging with other data takes place.
3.2 Cookies
3.2.1 General information
This website uses so-called cookies. This is a data record, information that is stored in the browser of your end device and is related to our website.
The use of cookies can make it easier for visitors to navigate the website.
In our cookie consent tool you will find all information about the cookies that we use on our website (if applicable after your consent).
3.2.2 Rejecting cookies
You can manage all cookies that are not technically necessary directly via our cookie consent tool.
You can prevent cookies from being set by adjusting your browser settings.
Here you will find the corresponding links to frequently used browsers:
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3%B6schen&redirectlocale=en
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.
If you are using a different browser, we recommend that you enter the name of your browser and 'delete and manage cookies' in a search engine and follow the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.
However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.
3.2.3 Technically necessary cookies
We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.
The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case.
3.2.4 Technically not necessary cookies
We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary.
The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.
3.3 Data processing through user input
3.3.1 Own data collection
We offer the following (service) on our website: Contact form .
We collect the following data for this purpose:
• Name
• E-mail address
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
3.3.2 Contact us
a) e-mail
When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.
b) Contact form
Squarespace (contact form)
Our website uses the Squarespace contact form, a service provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland, D08 N12C. The contact form allows visitors to contact us electronically and submit inquiries directly via the website. When using the Squarespace contact form, information such as name, email address, telephone number, IP address, browser and device data and the content entered into the form by visitors is processed. The purpose of the processing is to process and respond to inquiries and to communicate with interested parties and customers. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, insofar as the request is aimed at the conclusion or execution of a contract, and Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in efficient communication with visitors to the website. If cookies are set for functional purposes via the contact form, this is only done with consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. Squarespace may transfer personal data to the USA or other third countries; the standard contractual clauses of the EU Commission are used for protection. The data processed via the contact form will be deleted as soon as the respective request has been finally processed or storage is no longer required, unless statutory retention obligations prevent this or consent is revoked. Further information on data processing by Squarespace can be found at https://www.squarespace.com/privacy.
3.4 Cookie Consent Tool
Squarespace Cookie Consent Tool
Our website uses the Cookie Consent Tool from Squarespace, Inc, 225 Varick Street, 12th Floor, New York, NY 10014, USA, which manages the consent of visitors to the use of cookies as a consent management solution. The tool ensures that a cookie banner is displayed on the website in which visitors can consent to the use of non-essential cookies (e.g. for analysis or marketing purposes), reject them or set their selection individually. It ensures that non-essential cookies and similar technologies are only activated after explicit consent has been given. In particular, the visitor's preferences regarding cookie settings, the selection (e.g. agree, reject, manage) and an identifier in the browser to store this decision are processed. The purpose of data processing is to obtain, store and manage consent for the use of cookies in compliance with data protection regulations and to provide evidence to supervisory authorities. The legal basis for the processing is Art. 6 para. 1 lit. c GDPR for the fulfillment of legal obligations and, if consent is stored, Art. 6 para. 1 lit. f GDPR due to the legitimate interest in legally secure consent management. For the use of non-essential cookies, Art. 6 para. 1 lit. a GDPR in conjunction with. § Section 25 (1) TDDDG, as consent is required for this. The tool itself sets technically necessary cookies, which are used to store and recognize the selected cookie preferences. Non-essential cookies are only set on the basis of the consent given. Personal data is transferred to Squarespace in the USA. To protect the data, the EU standard contractual clauses pursuant to Art. 46 GDPR are used as suitable guarantees. The cookie consent data is deleted as soon as it is no longer required for the purpose of processing, consent is withdrawn or statutory retention obligations expire. Further information can be found in Squarespace's Privacy Policy at: https://www.squarespace.com/privacy
3.5 Website construction kit system
Squarespace
Our website uses the Squarespace website builder system, a service provided by Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, D08 N12C, Ireland. Squarespace enables the creation, administration and individual design of websites including functions such as content management, e-commerce, appointment booking, analysis and marketing tools. In the course of using Squarespace, IP addresses, browser and operating system information, pages visited, dwell times, geographical locations (derived from IP addresses), referrer URLs, page interactions (e.g. clicks on buttons), form data entered and transaction and checkout data are typically processed. Data processing is carried out for the purpose of providing and improving website use, carrying out analysis and marketing measures, enabling e-commerce functions and protecting technical security. As a rule, the legal basis is Art. 6 para. 1 lit. f GDPR, the legitimate interest in the reliable provision and optimization of the website offer and Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for the performance of a contract with users. Squarespace uses various cookies, in particular analysis and functional cookies, to recognize returning visitors, evaluate site usage and ensure technical functions. Analysis and marketing cookies are only used with express consent; the legal basis for this is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Personal data may be transferred to a third country, in particular to the USA. The transfer takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR in order to ensure an adequate level of data protection. The personal data is generally deleted as soon as it is no longer required for the stated purposes, users withdraw their consent or after any statutory retention periods have expired. Further information can be found in Squarespace's Privacy Policy: https://www.squarespace.com/privacy
3.6 Analysis and tracking tools
Squarespace Analytics
This website uses the analytics service Squarespace Analytics from Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland D08 N12C. Squarespace Analytics is used to analyze website traffic, monitor visitor behavior, measure interaction and evaluate the success of sales processes. The personal data processed includes, in particular, IP address, browser type and version, referrer data, geographical information based on the IP address, page views and navigation behavior, interaction events (such as form submissions and clicks) and information on the device and platform used. Processing is carried out for the purpose of evaluating and optimizing the website and analyzing reach and user behavior. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR due to the legitimate interest in the analysis and optimization of the online offer and, if applicable, Art. 6 para. 1 lit. a GDPR i. V. m. § 25 para. 1 TDDDG, if consent to the setting of analysis cookies has been given. Squarespace Analytics only sets analysis cookies after prior consent, which can be revoked at any time with effect for the future. The legal basis for this is Art. 6 para. 1 lit. a GDPR i. V. m. § 25 para. 1 TDDDG. Personal data is not transferred to third countries, as processing takes place within the EU. The stored data will be deleted as soon as it is no longer required for the stated purposes or consent has been revoked, provided there are no legal retention periods to the contrary. Further information on data processing by Squarespace Analytics can be found at: https://www.squarespace.com/privacy
3.7 Social media plugins
Functions and content of the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, D02 AD98, Ireland, are integrated on this website. LinkedIn enables the integration of social media content such as share buttons, embedded profiles and direct access to network functions such as sharing, following or logging in via LinkedIn. Personal data is processed, including IP address, browser and device data, referrer URL, timestamp of interaction, details of interactions (e.g. clicks, shares), LinkedIn profile information (e.g. member ID and profile details for logged-in users) as well as cookies and tracking IDs. The purpose of data processing is the integration and functionality of social media elements, the improvement of reach, the analysis of user behavior, targeted advertising and networking in a professional context. The legal basis for the integration and analysis is regularly Art. 6 para. 1 lit. f GDPR due to the legitimate interest in efficient information dissemination and external presentation. If personal data is processed for tracking, reach analysis or marketing cookies, this is done on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG. LinkedIn uses different types of cookies, including functional cookies to provide the embedded services, analytics cookies to measure reach and marketing cookies to display personalized advertising. These cookies are only activated if consent has been given and can be revoked at any time. The transfer of personal data to third countries, in particular to the USA, cannot be ruled out. In these cases, LinkedIn uses EU standard contractual clauses in accordance with Art. 46 GDPR as appropriate safeguards to ensure an adequate level of data protection. Personal data will be deleted as soon as they are no longer required for the purposes of their processing, users revoke their consent or there are no longer any legal obligations to retain them. Further information on data processing by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy
3.8 Social media profiles
In addition to our website, our company is also present on social networks. Here we want to present our company and create the opportunity to get in touch with us.
We also use the opportunity to place advertisements and job advertisements on social media.
In the following, we provide information about which data we and the respective social network process when you visit and interaction with our profile.
We operate a Xing page. This social media platform is offered by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Interaction with our company profile
When you visit our Xing profile and interact with us via it, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. It is also possible to contact us as the operator via the specified contact channels via the company profile. If users are logged in to XING with their user account when they access the company page, information about accessing the service can be assigned to the respective user account. This information is also available to us as the operator of the company profile. The provision of information can be avoided by logging out of the XING user account before accessing the company page. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content, to maintain business contacts, to draw attention to our services and job advertisements and to get in touch with visitors to our profile and interested parties. Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.
Processing of personal data and cookies by Xing
When using and accessing our company profile, personal data is also processed by Xing. Xing is solely responsible for this processing. We have no influence on the processing by Xing. If consent has been given (for example, by setting the XING status to "actively looking for a job"), Xing will contact you directly to suggest suitable job offers. The processing of data can be restricted in the privacy settings. Xing's Privacy Policy can be viewed here: https://privacy.xing.com/de/datenschutzerklaerung
We operate a LinkedIn profile on https://www.linkedin.com/. This social network is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Interaction with our company profile
When you visit our LinkedIn profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our LinkedIn profile. Insofar as a request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.
Page Insights
LinkedIn provides us with aggregated statistics and insights (called Page Insights) that tell us how people interact with our Company Page. Among other things, we receive information about the number of profiles that view, comment on or otherwise interact with our posts, as well as aggregated demographic and other information that helps us learn about the interaction with our page or LinkedIn profile. Page Insights provided to us by LinkedIn consist of aggregated data, and LinkedIn does not provide us with any personally identifiable information about members in relation to Page Insights. We also have no way of linking Page Insights to individual members. When placing ads, LinkedIn provides us with information about the types of people who see our ads and the success of our ads. Personal data is only passed on to us if this person has consented to such processing. We also receive information from LinkedIn that allows us to understand which of our ads led to a purchase being made or an action being taken. This data is processed for the purpose of analyzing our reach and adapting our content and ads to user interests. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target-group-specific content and place advertisements in order to better market our company and our services. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. When processing personal data in the course of the so-called Page Insights, the processing is carried out in joint responsibility with LinkedIn in accordance with Art. 26 para. 1 GDPR. We have concluded a corresponding agreement with LinkedIn for this purpose, which can be viewed [here](https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn's contact details are as follows: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For LinkedIn, you can contact the data protection officer at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
Processing by LinkedIn
By visiting our company profile, LinkedIn may also process additional personal data. In this case, the processing is carried out under the sole responsibility of LinkedIn and without our knowledge. More information from LinkedIn on this: https://de.linkedin.com/legal/privacy-policy.
3.9 Audio and video conferencing
Zoom
Our website uses the video conferencing and communication service Zoom, provided by Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA, for European users with services via regional subsidiaries such as ZVC Germany, ZVC Netherlands or ZVC UK. Zoom enables audio and video conferences, webinars, live chats, screen sharing and online meetings to be held directly via the website. In the course of use, IP addresses, account information, session and meeting data, registration information for webinars, engagement data (e.g. recordings, transcripts) and interaction data such as chat messages, shared files or technical usage information are usually processed. The data processing serves the provision and management of online meetings, interactive communication and the implementation and evaluation of digital events. The legal basis for the processing is regularly Art. 6 para. 1 lit. b GDPR (implementation of (pre-)contractual measures), for support or administrative processes as well as analysis purposes Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication and IT security). Depending on the integration, Zoom uses functional cookies for session management and, if necessary, analysis or marketing cookies to evaluate usage, whereby analysis and marketing cookies are only used with consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG are used. Functional cookies are necessary for operation and are used in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with. § 25 para. 2 TDDDG are used. Personal data is transferred to third countries, in particular to the USA, whereby Zoom uses the EU standard contractual clauses as suitable guarantees in accordance with Art. 46 para. 2 lit. c GDPR. The storage period depends on the respective purpose, i.e. data is deleted or blocked after the purpose of processing ceases to apply, if consent is revoked or objected to, or if statutory retention periods expire. Further information can be found in Zoom's Privacy Policy: https://www.zoom.com/en/trust/privacy/privacy-statement/
Microsoft Teams
We integrate Microsoft Teams from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, on our website to provide audio and video conferencing as well as chat and collaboration functions. Microsoft Teams makes it possible to hold and participate in online meetings, video conferences and chats directly via the browser, integrate appointments, share files and communicate in real time. As a rule, profile information (e.g. name, email address, profile picture), communication content (chat messages, meeting content, shared files, recordings, transcripts), device and connection data (e.g. app version, device type, country code), usage data (usage behavior, interaction details), optional location data and, if activated, media content (images, video recordings within meetings) are processed. The purpose of data processing is to provide, conduct and follow up on online meetings and to enable efficient team communication and collaboration. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the use takes place in the context of (pre-)contractual measures, as well as Art. 6 para. 1 lit. f GDPR to safeguard the legitimate interest in a modern, efficient communication and collaboration platform. If Microsoft Teams uses cookies to provide the function, this is only done for session management and functionality with consent, which can be revoked at any time; the legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Data may be transferred to third countries, in particular the USA, as part of support, maintenance or subcontracting processes; Microsoft uses the EU standard contractual clauses as a suitable guarantee in accordance with Art. 46 GDPR. Data will be deleted as soon as the purpose of processing ceases to apply, if consent is withdrawn or after expiry of statutory retention periods. Further information is available at https://privacy.microsoft.com/en-us/privacystatement.
3.10 Cloud backups
OneDrive
The cloud storage service Microsoft OneDrive, which is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, is integrated on our website. OneDrive enables the storage, synchronization, exchange, joint editing and management of files and documents in real time. During use, the content and metadata of the stored files (such as file names, file types, version histories), user and sharing data (who accessed or edited which file and when), activities in connection with files (uploading, editing, sharing) and, if applicable, structured data from uploaded forms or worksheets are processed. Data processing is carried out for the purpose of providing central file storage, smooth collaboration, document management and ensuring access controls and traceability. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR due to the legitimate interest in efficient teamwork, secure data management and simplified file exchange; if files are provided or shared as part of a contractual relationship, Art. 6 para. 1 lit. b GDPR may also be relevant. Insofar as cookies are set as part of the integration, this is only done for functionality and security; these technically necessary cookies are subject to Art. 6 para. 1 lit. f GDPR and § 25 para. 2 TDDDG; further use of cookies (e.g. for analysis purposes) does not take place via the embedding of OneDrive functions. Personal data is transferred to the USA. The standard contractual clauses of the EU Commission are used as suitable guarantees in accordance with Art. 46 GDPR, supplemented by additional technical and organizational measures for data security. The data is stored for the duration of the use of the functions until files or accounts are deleted or at the request of the user, provided that there are no legal storage obligations to the contrary. Further information is available at: https://www.microsoft.com/en-us/privacy/privacystatement
Microsoft Azure
For backup and cloud storage purposes on our website, we use the services of Microsoft Azure, provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA. Microsoft Azure provides cloud infrastructure that enables the storage and backup of data to protect against data loss, recovery and secure management. When using Microsoft Azure, in particular IP addresses, authentication and access data (e.g. via Azure Active Directory), transmitted content data, upload content (e.g. backup files) and technical information such as browser and device data may be processed. The purpose of data processing is to secure and provide backups, to restore the website in the event of data loss and to comply with business and IT security requirements. The legal basis is Art. 6 para. 1 lit. f GDPR due to our legitimate interest in secure and reliable data storage and, if applicable, Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract. Cookies are not set by the Microsoft Azure backup service on our website. Data may be transferred to the USA. Microsoft uses the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR as suitable guarantees. Data is stored by Microsoft for as long as necessary to fulfill the purpose and then deleted in accordance with the statutory retention periods or in the event of revocation or discontinuation of the purpose. Further information can be found at: https://www.microsoft.com/en-us/privacy/privacystatement
4. What else is important
Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.
4.1 Your rights in detail
4.1.1 Right to information in accordance with Art. 15 GDPR
You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.
4.1.2 Right to rectification in accordance with Art. 16 GDPR
This right includes the correction of incorrect data and the completion of incomplete personal data.
4.1.3 Right to erasure in accordance with Art. 17 GDPR
This so-called 'right to be forgotten' gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This "right to be forgotten" also corresponds to the controller's obligation under Art. 17 para. 2 GDPR to take reasonable steps to ensure that the data is generally erased.
4.1.4 Right to restriction of processing in accordance with Art. 18 GDPR
This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.
4.1.5 Right to data portability in accordance with Art. 20 GDPR
This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.
4.1.6 Right to object pursuant to Art. 21 GDPR
In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.
4.1.7 Right to "individual decision-making" pursuant to Art. 22 GDPR
In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.
4.1.8 Further rights
The GDPR contains comprehensive rights to inform third parties about whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.
We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.
We would also like to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.
4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR
You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.
5. What if the GDPR is abolished tomorrow or other changes take place?
The current status of this Privacy Policy is 11.06.2026. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. We therefore reserve the right to amend this Privacy Policy at any time. We will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.
Created with the kind support of Dieter macht den Datenschutz