Data protection, privacy and data security

General information about data processing

Scope of processing personal data

We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services.

The collection and use of personal data of our users (for example, name, address or e-mail address) only after consent of the user. This data will not be passed on to third parties without your express consent. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

Data protection information obligations according to Art. 13 GDPR.

Purposes, categories and legal bases of data processing:

If we have received data from you, we will generally only process it for the purposes for which we received or collected it.

We only process pD that is absolutely necessary for the sale of our products and service/maintenance. These are essentially contact data, such as name, (company) address, phone number, e-mail.

Data processing for other purposes is only considered if the legal requirements necessary in this respect exist in accordance with Art. 6 (4) GDPR. We will, of course, comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR in this case.

The legal basis for the processing of personal data is generally – unless there are more specific legal provisions – Art. 6 GDPR. In particular, the following possibilities come into consideration here:

• Consent (Art. 6 para. 1 lit. a) GDPR).
• Data processing for the fulfillment of contracts (Art. 6 (1) (b) GDPR)
• Data processing on the basis of a balancing of interests (Art. 6 para. 1 lit. f) GDPR)
• Data processing for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)

If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future.

Recipients of the data:

– Internal company departments, especially accounting, human resources, purchasing, sales, affiliated companies of the Gebauer Group (timeline-erp).

Transfer to third countries:

– Currently not planned

Storage period of the data:

We process the data as long as this is necessary for the respective purpose.

Insofar as statutory retention obligations exist – e.g. in commercial law or tax law – the personal data concerned will be stored for the duration of the retention obligation. After expiry of the retention obligation, it is checked whether there is a further necessity for processing. If there is no longer a necessity, the data is deleted.

As a matter of principle, we carry out an examination of data towards the end of a calendar year with regard to the need for further processing. Due to the volume of data, this check is carried out with regard to specific types of data or purposes of processing.

Of course, you can request information about the data we have stored about you at any time (see below) and, if there is no need for further processing, you can request that the data be deleted or the processing restricted.

Right to information, correction, deletion, restriction of processing:

Customers, suppliers and employees have the right to information, correction and deletion or restriction of processing about the personal data stored by us. Deletion takes place if there are no retention obligations. As long as the retention obligations exist, a restriction of processing can be made.

Right to object, data portability and revocation of consent:

Customers, suppliers and employees have the right to object to processing and the right to data portability. If the processing is based on consent, as in the case of consent to contact us by email, this consent can be revoked at any time with effect for the future.

Right of complaint to the supervisory authority:

Customers, suppliers and employees have the right to complain to the supervisory authority responsible for them. The contact details of the supervisory authority responsible for us are:

LDI State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Germany, Tel.: 0211/38424-0, [email protected]

Necessity of the provision of data:

The provision of personal data is necessary to carry out the business relationship. If the data is not provided, customer care and follow-up may be partially or completely impossible. It is also generally necessary for the fulfillment of entrepreneurial tasks and process control.

Automated decision-making including profiling is not carried out in this context.

Data protection information obligations according to Art. 14 GDPR

In connection with the distribution of our products via the company platform timeline-erp.com, your personal data has been collected. Please refer to the following data protection information:

Purposes, categories and legal bases of data processing:

If we have received data from you, we will generally only process it for the purposes for which we received or collected it.

We only process pD that is absolutely necessary for the sale of our products and service/maintenance. These are essentially contact data, such as name, (company) address, phone number, e-mail.

Data processing for other purposes only comes into consideration if the legal requirements necessary in this respect exist in accordance with Art. 6 Para. 4 GDPR. We will, of course, comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR in this case.

The legal basis for the processing of personal data is generally – unless there are more specific legal provisions – Art. 6 GDPR. In particular, the following possibilities come into consideration here:

• Consent (Art. 6 para. 1 lit. a) GDPR)
• Data processing for the fulfillment of contracts (Art. 6 (1) (b) GDPR)
• Data processing on the basis of a balancing of interests (Art. 6 para. 1 lit. f) GDPR)
• Data processing for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)

If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.

Recipients of the data:

– Internal company departments, especially accounting, human resources, purchasing, sales, affiliated companies of the TimeLine Business Solutions Group (timeline-erp).

Transfer to third countries:

– Currently not planned

Storage period of data:

We process the data as long as this is necessary for the respective purpose.

Insofar as statutory retention obligations exist – e.g. under commercial law or tax law – the personal data in question will be stored for the duration of the retention obligation. After expiry of the retention obligation, it is checked whether there is a further necessity for processing. If there is no longer a necessity, the data is deleted.

As a matter of principle, we carry out an examination of data towards the end of a calendar year with regard to the need for further processing. Due to the volume of data, this check is carried out with regard to specific types of data or purposes of processing.

Of course, you can request information about the data we have stored about you at any time (see below) and, if there is no need for further processing, you can request that the data be deleted or the processing restricted.

Right to information, correction, deletion, restriction of processing:

Customers, suppliers and employees have the right to information, correction and deletion or restriction of processing about the personal data stored by us. Deletion takes place if there are no retention obligations. As long as the retention obligations exist, a restriction of processing can be made.

Right to object, data portability and revocation of consent:

Customers, suppliers and employees have the right to object to processing and the right to data portability. If the processing is based on consent, as in the case of consent to contact us by email, this consent can be revoked at any time with effect for the future.

Right of complaint to the supervisory authority:

Customers, suppliers and employees have the right to complain to the supervisory authority responsible for them. The contact details of the supervisory authority responsible for us are:

LDI State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Germany, Tel.: 0211/38424-0, [email protected]

Necessity of the provision of data:

The provision of personal data is necessary to carry out the business relationship. If the data is not provided, customer care and follow-up may be partially or completely impossible. It is also generally necessary for the fulfillment of entrepreneurial tasks and process control.

Automated decision-making, including profiling, is not carried out in this context.

Source of data:

Your data was collected from/derives from the platform timeline-erp.com of the Gebauer group of companies. This consists of the following companies:

Gebauer GmbH
Obere Dammstraße 8-10
42653 Solingen
Deutschland
Tel. +49 212 230 35 0
Fax +49 212 230 354 5
E-Mail [email protected]

TimeLine Neo GmbH
Obere Dammstraße 8 – 10
42653 Solingen
Deutschland
Tel. +49 212 230 35 35 470
Fax. +49 212 230 35 45
E-Mail [email protected]

ODS Organisation Datenverarbeitung u. Software GmbH
Obere Dammstraße 8 – 10
42653 Solingen
Deutschland
Tel. +49 212 230 35 470
Fax. +49 212 230 35 45
E-Mail [email protected]

TimeLine Financials GmbH und Co. KG
OT Bretnig
Weststraße 5
01900 Großröhrsdorf
Germany
Phone +49 35952 341 0
Fax +49 35952 341 22
E-mail [email protected]

TimeLine Consulting GmbH und Co.KG
Zeppelinstr. 4
79331 Teningen Nimburg
Germany
Phone +49 7663 60 878 0
Fax +49 7663 60 878 29
E-mail [email protected]

TimeLine Consulting GmbH und Co. KG
Äußere Nürnberger Straße 62
91301 Forchheim
Germany
Phone +49 9191 97 78 07 20
Fax +49 9191 97 78 07 50
E-mail [email protected]

TimeLine Competence Partners GmbH
Merzhauserstraße 183
79100 Freiburg
Germany
Phone +49 761 769 943 00
E-mail [email protected]

TimeLine Consulting Wuppertal GmbH
Saarbrücker Str. 40-42
42289 Wuppertal
Germany
Phone +49 202 584 1400
E-mail [email protected]

TimeLine Consulting B.V.
Daalstraat 2
6181 JR Elsloo
Netherlands
Phone +31 433 020 199
E-mail [email protected]

EDIfacilities SARL
1, Rue St. Willibrord
5504 Bech-Kleinmacher
Luxembourg
Phone +352 23 67 64 86
E-mail [email protected]

S.C. TimeLine Business Systems S.R.L.
Gimnasticii 9
550172 Sibiu
Romania
Phone +40 269 704 480
Fax +40 369 801 833
E-mail [email protected]

S.C. TimeLine Consulting S.R.L.
Gimnasticii 9
550172 Sibiu
Romania
Phone +40 269 213 942
Fax +40 369 801 833
E-mail [email protected]

TimeLine Business Systems, k.s.
Námestie Slovenského povstania 5
90031 Stupava
Slovakia
Phone +421 918 800 902
E-mail [email protected]

TimeLine ERP India Pvt. Ltd.
905, Matrix (Near Divya Bhasker)
S G Road, Ahmedabad – 390 051
Gujarat – India
Phone +91 97 14 65 95 99
E-mail [email protected]

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for the processing.

Recipient of data

In-house departments, especially marketing, sales, human resources.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is required for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Data deletion and storage duration

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

Automatic data storage and website delivery

Each time our website is called up, certain information is automatically created and stored. Website means the totality of all individual web pages on a domain (e.g. timeline-erp.de). This collected data should be collected as sparingly as possible and only with justification.

While you are visiting our website, the web server – which is the computer on which this website is stored – usually automatically stores data such as the following for reasons of operational security, for the creation of access statistics, etc.

• the complete Internet address (URL) of the accessed website (e.g. www.examplewebsite.de/examplelanguage/)
• the browser and browser version (e.g. Chrome)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. www.beispielquellsite.de/vondabinichgekommen/)
• the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files called web server log files.

As a rule, these files are stored for two weeks and then automatically deleted. A storage of these data together with other personal data of the user does not take place.

Use of cookies

Our website uses cookies to store user-specific data. Below we explain what cookies are and why they are used.

What are cookies?

Whenever you visit a website, you do so with a browser. Known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser or on your computer system when you visit them. These files are called cookies.

These cookies use special strings to store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits this information back to our site. If this happens, our site knows which settings you made during your last visit and displays them accordingly.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies do not cause any damage to your PC and do not contain viruses or Trojans. Cookies also cannot access information on your PC.

What are the different types of cookies?

We use different types of cookies on our website, each with different purposes. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until they expire or you delete them.

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, it needs these cookies to be able to save your cookie settings at all or to display the desired website language.

Statistics Cookies
Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website. In addition, these cookies are also used to measure the loading time and behavior of the website with different browsers.

Marketing cookies
Marketing cookies are used by third-party vendors or publishers to display personalized advertisements. They do this by tracking visitors across websites.

When you first visit our website, you will be asked which of these types of cookies you would like to allow. This decision is also stored in a cookie.

Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

How can I delete cookies?

You can find information about which cookies have been stored in your browser and how to delete them in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Microsoft Edge:Delete and manage cookies

Legal basis for data processing

The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller (please also refer to our document on the duty to inform pursuant to Article 13 GDPR)

Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you can request the following information from the controller.

Information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims; or

(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to deletion

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary for.

(1) for the exercise of the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) for the assertion, exercise or defense of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data relating to you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that.

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

(2) the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

(3) is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include, at a minimum, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Hosting by maxcluster

We host our website at maxcluster. The provider is maxcluster GmbH,
Lise-Meitner-Str. 1b, D-33104 Paderborn. For details, please refer to maxcluster’s privacy policy: https://maxcluster.de/datenschutz. The use of maxcluster is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Order processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

SSL-Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Cloudflare

To make our website faster and more secure, we use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) for this website. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is a US company that offers various security services and a content delivery network. These services serve as a reverse proxy for websites and are located between the user and our hosting provider. We will try to explain in more detail below what this all means exactly.

What is Cloudflare?

Cloudflare provides a Content Delivery Network (CDN) consisting of servers connected via the Internet. Cloudflare has distributed these servers around the world so that websites can reach your screen faster. Simply put, Cloudflare creates copies of our website on its own servers. Now, when you visit our website, a load balancing system ensures that the server that can display our website to you the fastest delivers the most parts of our website. A CDN considerably reduces the distance of data transmission to your browser. In this way, you not only receive the content of our website from our hosting server, but also from servers all over the world. The use of Cloudflare is particularly useful for users from abroad as it allows the site to be retrieved from a server nearby. Cloudflare not only offers the ability to deliver websites quickly, but also various security features such as DDoS protection or the Web Application Firewall.

Why we use Cloudflare?

With our website, we naturally want to offer you the best possible service. Cloudflare helps us to increase the speed and security of our website. Cloudflare provides us with services such as DDoS protection and web firewall as well as web optimizations. A reverse proxy and the content distribution network (CDN) are also included. Cloudflare protects against threats and restricts inappropriate bots and crawlers that waste our server and bandwidth resources.

What data is stored by Cloudflare?

As a rule, Cloudflare only transmits the data that is controlled by the operators of the website. Thus, the content is not determined by Cloudflare, but always by the operator of the website itself. In addition, Cloudflare may collect certain information about our website and process data that is sent by us or that has received instructions relevant to Cloudflare. In most cases, Cloudflare receives information such as IP addresses, security fingerprints, DNS log data and performance data for websites from browser activity. Log data helps Cloudflare to detect new threats, for example. In this way, Cloudflare can provide our website with a high level of security protection. Cloudflare processes this information as part of its services in accordance with applicable legislation. Of course, this includes the General Data Protection Regulation (GDPR).

Cloudflare also uses a cookie for security reasons. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is particularly useful if you are using our website from a location where there are a number of infected computers. But if your computer is reliable, we can determine this through the cookie. This way you can browse our website unhindered despite infected PCs in your area. It is also important to note that this cookie does not store any personal data. This cookie is absolutely necessary for the security of Cloudflare functions and cannot be switched off.

Cookies from Cloudflare

__cfduid
Expiration time: 1 year
Usage: Security settings for each individual visitor
Example value: d798bf7df9c1ad5b7583eda5cc5e78311141511

Cloudflare also works with third-party providers. In accordance with privacy policies and other confidentiality and security measures, they may process personal data only under Cloudflare’s instructions. Cloudflare will not share any personal data without our explicit consent.

Where and for how long is the data stored?

Your data is stored by Cloudflare primarily in the USA and the European Economic Area. Cloudflare is able to transfer and access the above information globally. Cloudflare typically stores user-level data for domains for less than 24 hours. However, if Cloudflare triggers an IP address security alerts, exceptions to the above retention period may occur.

How can I delete my data or prevent data storage?

Cloudflare only stores data logs for the period of time they are needed and these are usually deleted within 24 hours. In addition, Cloudflare does not store any personal information, such as your IP address. But Cloudflare does store information indefinitely as part of its permanent logs to increase the overall performance of Cloudflare Resolver and to identify potential security risks. On the page https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/ you can read exactly which permanent logs are stored. All data collected (temporarily or permanently) by Cloudflare is cleansed of all personal data. Cloudflare also anonymizes all permanent log files.

In their privacy policy, Cloudflare states that they are not responsible for the content they receive. As a rule, Cloudflare refers to us as the website operator when you ask Cloudflare to update or delete your content. By deactivating the execution of script code in your browser or integrating a script blocker in your browser, you can also completely prevent the entire collection and processing of your data by Cloudflare.

Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
You can find more information on data protection at Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/

Contact form and e-mail contact

Description and scope of data processing

Our website contains contact forms that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

• Name, company where you work, business e-mail address, business telephone number, subject and personal message.
  For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

Google reCAPTCHA

Our primary goal is to ensure the best possible security and protection of our website for you and us. We use Google reCAPTCHA from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to ensure this. We can use reCAPTCHA to find out whether you are actually a human and not a robot or other spam software. Spam refers to any unsolicited information that is sent to us electronically. Traditional CAPTCHAS often required solving text or image puzzles for verification. With Google’s reCAPTCHA, ticking a box to confirm that you are not a bot is sufficient in most cases. With the new Invisible reCAPTCHA version, it is no longer necessary to check the box.

The legal basis for the use is Article 6 (1) f (lawfulness of processing), because there is a legitimate interest in protecting this website from bots and spam software.

What is reCAPTCHA?

Google’s free captcha service reCAPTCHA protects websites from spam software and non-human visitors. This service is mostly used when you fill out forms on the Internet. A captcha service is an automatic Turing test that ensures that an Internet action is carried out by a real person and not by a bot. The Turing test, named after the computer scientist Alan Turing, shows how a human differs from a bot. With captchas, this can also be done by the computer or a software program. Small tasks that are easy for humans to solve but pose considerable difficulties for machines can be found in classic captchas. With reCAPTCHA, it is no longer necessary to actively solve puzzles. Modern risk techniques are used by the tool to distinguish humans from bots. All you need to do is tick the “I am not a robot” box. With Invisible reCAPTCHA, this is no longer necessary. A JavaScript element is integrated into the source code of reCAPTCHA. The tool then runs in the background and examines your user behavior. The software calculates a Captcha score from these user actions. This score is already used by Google before the Captcha is entered to determine the probability that you are a person. In general, ReCAPTCHA or Captchas are used when bots are able to manipulate or abuse certain actions (e.g. registrations, surveys, etc.).

Why do we use reCAPTCHA?

We only want to welcome real people to our site. That’s why we pull out all the stops to protect ourselves and give you the best possible user experience. That’s why we use Google reCAPTCHA from Google. By using reCAPTCHA, information is sent to Google. This is used by Google to check whether you are actually a human being. The security of our website and therefore your security is guaranteed by reCAPTCHA. For example, without reCAPTCHA, a bot that registers could register as many email addresses as possible in order to subsequently “spam” forums or blogs with unwanted advertising content. ReCAPTCHA enables us to avoid such bot attacks.

What data is stored by reCAPTCHA?

In order to find out whether the actions on our website actually originate from people, reCAPTCHA collects personal data from users. It is therefore possible to send the IP address and other data required for the reCAPTCHA service to Google. In the EU Member States or in other contracting states of the European Economic Area Agreement, IP addresses are almost always truncated before the data lands on a server in the United States. As long as you are not logged in with your Google account while using reCAPTCHA, the IP address will not be combined with other Google data. The reCAPTCHA algorithm first checks whether Google cookies from other Google services (e.g. YouTube, Gmail, etc.) are already included in your browser. Then reCAPTCHA places another cookie in your browser and records a screenshot of your browser window.

The completeness of the following list of collected browser and user data is not guaranteed. Rather, they are examples of data that we believe Google processes.

• Referrer URL (the address of the page from which the visitor came)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (the software that enables the operation of your computer. Common operating systems are Windows, Mac OS X or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
• Date and language settings (which language or date you have preset on your PC is saved)
• All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
• Screen resolution (shows how many pixels the image display consists of)

It is undisputed that Google uses and evaluates this data even before you click on the “I am not a robot” checkbox. Ticking the box is no longer necessary in the Invisible reCAPTCHA version, and the entire recognition process takes place in the background. Google does not provide detailed information about exactly how much and what data it stores.

The following cookies are used by reCAPTCHA:

Name: IDE 
Expiration time: after one year 
Usage: This cookie is set by the company DoubleClick (also owned by Google) to register and report the actions of a user on the website in dealing with advertisements. This allows the effectiveness of advertising to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311141511

Name: 1P_JAR 
Expiration time: after one month 
Usage: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can also be used to prevent a user from seeing the same ad more than once.
Example value: 2019-5-14-12

Name: ANID 
Expiry time: after 9 months 
Usage: We were unable to find out much information about this cookie. In Google’s privacy policy, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored under domain google.com.
Example value: U7j1v3dZa3111415110xgZFmiqWppRWKOr

Name: CONSENT 
Expiry time: after 19 years 
Usage: The cookie stores the status of a user’s consent to the use of various Google services. CONSENT is also used for security purposes to verify users, prevent fraudulent login information and protect user data from unauthorized attacks.
Beispielwert: YES+AT.de+20150628-20-0

Name: NID 
Expiration time: after 6 months 
Usage: NID is used by Google to customize ads to your Google searches. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. So you always get customized ads. The cookie contains a unique ID that Google uses to collect the user’s personal settings for advertising purposes.
Example value: 0WmuWqy311141511zILzqV_nmt3sDXwPeM5Q

Name: DV 
Expiration time: after 10 minutes 
Usage: As soon as you have checked the “I am not a robot” box, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymized form and is also used to make user distinctions.
Example value: gEAABBCjJMXcI0dSAAAANbqc311141511

How long and where is the data stored?

By inserting reCAPTCHA, data is transferred from you to the Google server. Google does not clearly explain exactly where this data is stored. It can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is not merged with other Google data from other Google services. However, if you are logged in to your Google account while using the reCAPTCHA plug-in, the data will be merged. The deviating data protection provisions of Google apply to this.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=311141511

Google Cookies

Our website uses the following cookies:

_ga
Contains a randomly generated user ID. Based on this ID, Google Analytics can recognize returning users on this website and merge the data from previous visits.

Storage period: 2 years

_dc_gtm_xxx
Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.

Storage duration: 1 minute

_gat_gtag_xxx
Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.

Storage duration: 1 minute

_gcl_au
Contains a randomly generated user ID.

Storage time: 90 days

_gid
Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.

Storage duration: 24 hours

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Legal basis for data processing

The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent in this regard, is Art. 6 (1) lit. a GDPR.

Purpose of the data processing

We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. By clicking on “Confirm selection” for Analytical Cookies or “Select & confirm all” in our Cookie Consent banner, you consent at the same time in accordance with Art. 49 (1) p. 1 lit. a GDPR, for the exceptional cases in which personal data is transferred to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities, for control and for monitoring purposes, possibly also without any legal remedy. If you click on “Accept only necessary cookies”, the transmission described above will not take place.

Duration of storage, possibility of objection and removal.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link

https://tools.google.com/dlpage/gaoptout?hl=en

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Information from the third-party provider

Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms: http://www.google.com/analytics/terms/de.html, Data Protection Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

Google Tag Manager

We use the service called Google Tag Manager from Google. “Google” is a group of companies and consists of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.

We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data.

For more information on the Google Tag Manager, please refer to Google’s privacy policy.

Please note that American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google due to the Internet Protocol (TCP) when this service is integrated, due to American laws such as the Cloud Act.

Google Adwords (Google Ads)

We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

These advertisements are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

You can prevent participation in this tracking process in various ways:

(a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies will result in you not receiving third-party ads;

b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com“, https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies;

c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies;

d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(6) The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f DS-GVO. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Objection to advertising mails

The use of contact data published within the scope of the imprint obligation for the transmission of not expressly requested advertising and information materials is hereby contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails. The same applies to the unlawful use of our contact data in this or similar contexts.

Status: 28.02.2024