Privacy

Status: September 20, 2023

1. subject matter and scope

We take the protection of your personal data very seriously. With this privacy policy, we inform you about which personal data we collect and how and for what purposes it is processed. We always treat your personal data in accordance with the statutory data protection regulations and this privacy policy.
‍

2. responsible person and data protection officer

The responsible party is ParkDepot GmbH, St. Martin-Straße 72, 81541 Munich, Germany, e-mail: info@park-depot.de, Tel.: +49 (0) 89 356477 60 (hereinafter "Parkdepot").

Our data protection officer is Christian Schmoll, e-mail: schmoll@lucid-compliance.com. If you have any questions about data protection, you can contact our data protection officer at any time.
‍

3. visit our website

3.1 Log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling end device. The following data is logged:

- IP address of the calling terminal

- Operating system of the calling terminal device

- Browser version of the calling end device

- Name of the retrieved file or website

- Date and time of retrieval

- Amount of data transferred

- Referring URL

This data is processed in order to be able to present the website, to ensure the security, availability and integrity of the website (e.g. detection and defense against DoS attacks or access by bots), to improve the quality and presentation of the website, to be able to identify and correct errors and for statistical purposes.

This data is regularly deleted after 7 days at the latest.

Our website is hosted by a service provider in the EU on the basis of a contract processing agreement pursuant to Art. 28 DSGVO.

The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interest are the purposes mentioned above.

3.2 Content Delivery Network for the Website

We use a Content Delivery Network (CDN) to increase the security and delivery speed of the website. A CDN is a network of servers distributed around the world that is able to deliver optimized content to users. For this purpose, personal data may be processed in server log files of the provider of the CDN.

The provider of the CDN will act for us as a processor on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO.

Since a CDN is a network of globally distributed servers, the use of a CDN may result in a transfer of personal data to a third country (outside the EU or EEA). If there is no adequacy decision for the third country pursuant to Art. 45 of the GDPR, we ensure that appropriate safeguards are provided for this transfer pursuant to Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1lit. f) DSGVO. Our overriding legitimate interest is to increase the security and delivery speed of the website.
‍

4. prospects, customers and service providers (CRM)

If you contact us, e.g. by e-mail or via a contact form, the information you provide will be processed for the purpose of handling the request.

We need the information requested in a contact form to process your request, to address you correctly and to send you a reply.

The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interest is communication with interested parties, visitors and customers. If the communication takes place in the context of a contractual relationship or is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit b) DSGVO.

We process the data of our customers, service providers and suppliers as part of the provision of our contractual services. In this context, inventory data (for example, surname and first name of the contact person(s), address), contact data (for example, e-mail address, telephone number), contract data (for example, subject matter of the contract, term), payment data and data collected in the course of the provision of services and/or required for the provision of services are processed, if applicable.

Inquiries and customer relationships are regularly stored and processed in our CRM system. The data processed in the process (surname, first name, title, postal address, date of birth if applicable, your specific interest with regard to our products and services and your interactions with us) may also be used by us for direct marketing purposes, in particular for postal advertising, in compliance with the statutory requirements.

The legal basis for this storage and processing is our legitimate interest pursuant to Art.6 para. 1 lit. f) DSGVO. Our overriding legitimate interest is the marketing of our products and services and the maintenance of our prospect, customer and service provider relationships.
‍

5. appointment

We use the tool Calendly for simple, fast and uncomplicated appointment scheduling. Calendly is provided by Calendly LLC in the USA (hereinafter "Calendly").

When making an appointment with the Calendly tool, the information you provide is processed for the purpose of making an appointment with us.

Calendly acts as a processor for us on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO.

When using the appointment scheduling function of Calendly, a transfer of personal data to a third country (outside the EU or EEA) may occur. If there is no adequacy decision for the third country according to Art. 45 DSGVO, we ensure that appropriate safeguards are provided for this transfer according to Art. 46 DSGVO. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.

The legal basis for this data processing is Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interest is communication with interested parties and customers. If the appointment is aimed at the conclusion of a contract or takes place within the framework of an existing contractual relationship, the legal basis for the processing is Art. 6 (1) (b) DSGVO.
‍

6. cookies and third-party tools/functionalities

Cookies and local storage technologies are used on our website and third-party tools and functionalities are integrated.

Cookies are pieces of information that are transmitted from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. In cookies, information is stored that arises in each case in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain direct knowledge of your identity as a result.

We also use third-party tools and functionalities, for example, to extend the functionality of the website, to analyze the use of the website and to optimize the content accordingly.

When integrating tools and functionalities from third-party providers, personal data may be transmitted to the providers of the integrated tools and functionalities in order to be able to provide the tools and functionalities.

Cookies, local storage techniques, and third-party tools and functionalities are referred to hereinafter uniformly as "cookies" for convenience.

When you visit our website, essential cookies are set that are absolutely necessary for the operation of the website. These essential cookies can be, for example, cookies that are required for the display of the website with a content management system, that are used to recognize language settings or that are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.

The technically necessary cookies, including their purpose and the storage period or deletion period, are explained to you below and in detail also in our cookie banner, which is displayed when you call up the website.

The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) DSGVO. Our overriding legitimate interests are the operation and provision of our website.

We also use optional non-essential cookies, for example, to collect additional information about the interests of visitors to our website or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.

Non-essential cookies, including their purpose and storage period or deletion period, are also explained to you in our cookie banner, which is displayed when you access the website.

Non-essential cookies are only set if you have explicitly consented to the setting of non-essential cookies. You can also select different categories of non-essential cookies that you want to allow in the cookie banner.

When using non-essential cookies, the legal basis for storing and reading information is Section 25 (1) TTDSG (or in Austria Section 96 (3) TKG) and, with regard to the processing of personal data, Article 6 (1) a) DSGVO.

6.1 Essential cookies

6.1.1 Consent Management ("CMP")

On our website, we use the Usercentrics service provided by Usercentrics A/S in Denmark. We use Usercentrics to inform you about the cookies used on our website and to obtain your consent to use non-essential cookies. To store the consent, a permanent cookie is stored in your browser.

The following data is automatically logged: IP address in anonymized form (the last three digits are set to "0"), date and time of consent, user agent (information about the end device), URL on which the consent was collected, status of consent (which cookies were consented to).

The data collected and processed in the context of the use of Usercentrics is processed by Usercentrics A/S as a processor on the basis of a contract processing agreement pursuant to Art. 28 DSGVO in the European Union.

The legal basis for this data processing is initially Art. 6 para. 1 lit. f) DSGVO, the provision of our website and ensuring the possibility to obtain consent for non-essential cookies. If you give consent, the legal basis for the processing of data for consent is Art. 7. para. 1 iVm. 6 para. 1 lit c) DSGVO.

6.1.2 Translations (Weglot)

On our website we use the translation service Weglot of Weglot SAS in France. Weglot is loaded when you visit the website and allows you to set the language of the website. Through the integration of the translation service Weglot, a connection between your browser and the servers of Weglot is established when you visit our website and your IP address and device information are transmitted to Weglot. The transmitted data is necessary for the functionality of Weglot.

The data processed in the context of the use of Weglot is processed by Weglot as a processor on the basis of a contract processing agreement pursuant to Art. 28 DSGVO in the European Union.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is the provision of our website in multiple languages including a corresponding selection option for website visitors.

6.1.3 Videos (YouTube)

YouTube videos are embedded on our website. These are provided, via a plugin, by Google Ireland Ltd. in Ireland ("YouTube").

We use the "extended privacy settings" for embedded YouTube videos, which means that YouTube does not set cookies.

Nevertheless, when you visit a website with the YouTube plugin, a connection to YouTube is inevitably established and your IP address is transmitted to YouTube in the process.

When using YouTube, personal data may be transferred to a third country (outside the EU or EEA). If there is no adequacy decision for the third country pursuant to Art. 45 of the GDPR, we ensure that appropriate safeguards are provided for this transfer pursuant to Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.

For more information about YouTube's privacy practices, please visit YouTube's Privacy and Security Center: https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248

The legal basis for this data processing when using YouTube is Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.

6.1.4 Maps (Google Maps)

We use the Google Maps service (API) of Google Ireland Limited in Ireland on our website. Google Maps enables the display of interactive maps. When calling up sub-pages of the website on which Google Maps is used, information about your use of our website (such as your IP address) is transmitted to Google's servers in the USA and stored there.

For more information on data processing and data protection at Google, please see Google's privacy policy at https://policies.google.com/privacy?hl=de.

Personal data may be transferred to a third country (outside the EU or the EEA). If there is no adequacy decision for the third country in accordance with Art. 45 of the GDPR, we ensure that suitable guarantees are provided for this transfer in accordance with Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interests are the operation and provision of our website.

6.1.5 Google reCAPTACHA

On our website we use the service reCAPTCHA of Google Ireland Limited in Ireland. With reCAPTCHA, we determine whether a person or a computer makes a certain entry in a form. Google uses the following data to check whether a person or computer makes an entry: IP address of the terminal device used, the website that is visited on our site and on which the captcha is embedded, the date and duration of the visit to the website, information on the type of browser and operating system used, the Google account if the user is logged in to Google, mouse movements on the reCAPTCHA areas and tasks in which images are to be identified.

For more information on data processing and data protection at Google, please see Google's privacy policy at https://policies.google.com/privacy?hl=de.

When using Google reCAPTCHA, personal data may be transferred to a third country. If there is no adequacy decision for the third country pursuant to Art. 45 DSGVO, we ensure that appropriate safeguards are provided for this transfer pursuant to Art. 46 DSGVO. We will gladly provide you with proof of the appropriate guarantees at any time upon request.

The legal basis for the described data processing is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interests are the operation, provision and security of our website, specifically the protection against automated inputs and attacks.

6.1.6 Google Tag Manager

On our website we use the tool Google Tag Manager. Google Tag Manager is provided by Google Ireland Limited in Ireland. Through the tool, website tags can be managed via an interface. Google Tag Manager only implements tags, but no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data, but Google Tag Manager does not access this data.

6.2 Optional non-essential cookies

6.2.1 Geolocation (Geo Targetly)

On our website, we use the Geo Targetly geolocation service provided by V&T Technologies Pty. Ltd. in Australia. Geo Targetly allows us to determine the approximate location of a website visitor's device and display location-specific information accordingly. Geo Targetly processes the IP address of website visitors and also uses a cookie.

The data processed in the context of the use of Weglot is processed by V&T Technologies Pty, Ltd. as a processor on the basis of a contract processing agreement pursuant to Art. 28 DSGVO.

When using Geo Targetly, a transfer of personal data to a third country may take place. If there is no adequacy decision for the third country according to Art. 45 DSGVO, we ensure that appropriate safeguards are provided for this transfer according to Art. 46 DSGVO. We will gladly provide you with proof of the appropriate guarantees at any time upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) a) DSGVO.

6.2.2 Web analytics (Google Analytics)

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited in Ireland ("Google").

JavaScript tags allow us to collect information about your use of the Website and Platform. Google Analytics also regularly uses cookies to collect information about a user's interactions with the website or platform.

In the context of the use of Google Analytics, your IP address and information about the use of the website or platform, browser type and version, operating system used, the previously visited page and the time of the server request are transmitted to Google servers and processed there.

Within the scope of IP anonymization, the collected IP address of users within the European Economic Area is shortened before being transmitted to the USA. Only in exceptional cases, in the event of technical faults in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google.

Google acts for us as a processor on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO.

Personal data may be transferred to a third country (outside the EU or the EEA). If there is no adequacy decision for the third country in accordance with Art. 45 of the GDPR, we ensure that suitable guarantees are provided for this transfer in accordance with Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate guarantees at any time upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) a) DSGVO.

6.2.3 Heatmap (Hotjar)

We use the web analytics service Hotjar from Hotjar Ltd. in Malta. Hotjar enables an analysis of the use of the website and the platform by collecting and processing data on the use of the website or platform and on the behavior of users and on the end devices used via cookies and a script (in particular, the IP address of the end device (in anonymized form), screen size, device type (UniqueDevice Identifiers), information about the browser used, location (country only), preferred language). Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by us to identify individual users nor is it merged with other data about individual users. The collected data can be used to analyze the user's interactions with the website or platform, for example by creating heat maps.

Details on data processing by Hotjar can be found here: https://www.hotjar.com/privacy/

Hotjar acts as a processor for us on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO.

Personal data may be transferred to a third country (outside the EU or the EEA). If there is no adequacy decision for the third country in accordance with Art. 45 of the GDPR, we ensure that suitable guarantees are provided for this transfer in accordance with Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate guarantees at any time upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) a) DSGVO.

6.2.4 Tracking pixel

Tracking pixels from various providers are used on our website to track website usage and the actions of website visitors for the purpose of conversion tracking. Tracking pixels from the following providers may be used: LinkedIn, Bing, Meta, Google Ads, Outbrain, Pinterest, Snapchat, Taboola, TikTok, Twitter, Yahoo Native (Gemini).

The tracking pixels are a code snippet that tracks the actions of website visitors, which further allows us to personalize and improve our advertisements and measure their success. This allows us to evaluate our website for statistical and market research purposes and optimize advertising campaigns.

The data collected via the tracking pixels may be used by the providers of the respective pixels for their own tracking and advertising purposes. For further details, please refer to the privacy statements of the providers of the respective pixels.

If you are a member of a social media platform of one of the providers of the tracking pixels and have allowed the respective provider to do so via the settings of your user account with the social media network, the provider of the social media network or the tracking pixel may link the information collected about your visit to our website to your user account with the respective social media network and use it for the targeted placement of advertisements.

We can also measure the effectiveness of advertisements in the respective social media networks and see whether a user was redirected to our website via such ads (conversion measurement).

The integration of such tracking pixels may result in the transfer of personal data to a third country (outside theEU or EEA). If there is no adequacy decision for the third country in accordance with Article 45 of the GDPR, we ensure that suitable guarantees are provided for this transfer in accordance with Article 46 of the GDPR. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) a) DSGVO.
‍

7. social media

7.1 Social media buttons

Social media buttons of various social media networks (e.g. Linkedin, Instagram, Twitter and Facebook) are integrated on our website.

If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option, and your rights and setting options for data protection, please refer to the respective data protection information of the providers of the social media networks.

7.2 Social media-Pages

We maintain a publicly accessible profile on various social media networks networks (e.g. Linkedin, Instagram, Twitter and Facebook).

If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network.

You can assert your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 para. 1 lit. f) DSGVO. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.
‍

8. applications

8.1 Active sourcing

We carry out so-called active sourcing measures to identify promising potential employees on the external labor market and actively contact potential applicants and employees. The purpose of the data processing is recruitment, e.g. by individually referring promising candidates to job offers in our company.

In active sourcing, we collect the following categories of data: Last name, first name, gender, contact data, education, work experience, qualification, salary data, application data, extra-occupational experience and interests and other information resulting from public profiles on social networks, in particular LinkedIn and Xing, and/or from other publicly accessible sources on the Internet.

All personal data processed in the context of Active Sourcing is collected from generally/publicly available sources from the Internet, in particular from social networks such as LinkedIn and Xing.

The legal basis for the collection and processing of publicly available data in the context of active sourcing is our legitimate interest pursuant to Art. 6 (1) lit. f) DSGVO. Our overriding legitimate interest is the identification, approach and recruitment of the best possible employees for our company.

8.2 Application process

We collect and process personal data from applicants for the purpose of carrying out the application process.

If we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be deleted immediately after the end of the application process, unless there is an overriding legitimate interest, such as the defense of claims or a preservation of evidence function under the General Equal Treatment Act (AGG), that precludes deletion.

The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 (1) b) DSGVO, in Germany § 26 BDSG.

8.3 Talent Pool

If an applicant has consented to a longer storage of the data in our Talent Pool, we will store the data submitted as part of the application in our Talent Pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, to contact the applicant in this regard. After this period, the data will be deleted.

Such consent to the storage of application data in our applicant pool can be revoked at any time for the future. To do so, please send us an e-mail to the contact details given above.

The legal basis for storing the application documents in our Talent Pool is, if applicable, the applicant's consent pursuant to Art. 6 Para. 1 lit. a)DSGVO.

8.4 Compliance/sanctions list screening

Applicants who are shortlisted as part of the application process may be subjected to an initial compliance check. During the compliance check, the name and address of the applicant are compared with relevant sanctions lists, in particular on the basis of the EU anti-terror regulations.

For the implementation of the compliance/sanctions list screening, we use an external service provider as a processor on the basis of an agreement on order processing pursuant to Art. 28 DSGVO.

The legal basis for this storage and processing is, if there is a legal obligation to carry out a compliance/sanctions list screening, Art. 6 para. 1 lit. c) DSGVO. In individual cases, depending on a weighing of interests, a compliance/sanctions list screening may also take place if there is no mandatory legal obligation. In this case, the legal basis is our legitimate interest pursuant to Art. 6 (1) f) DSGVO in avoiding potential sanctions by foreign authorities.
‍

9. videoconferences and webinars

If you participate in a videoconference, webinar or online meeting etc. (hereinafter "videoconferences") organized by us, we process your personal data in the course of your participation.

When participating in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.

If you participate in a videoconference organized by us, you must usually provide at least one name when registering. However, you can also use a pseudonym. Your IP address is also processed to enable your participation and login information and device/hardware information is stored. Email address and profile picture are also processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.

To enable participation in the videoconference, data from the microphone of your terminal device as well as from any video camera of the terminal device and, if you share your screen, information from this "screenshare" is processed. You can turn off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.

Audio and video recordings of the video conference can be created. In this case, MP4 files of all video, audio and presentation recordings are processed. There is always an indication of the recording, if one is made, and the explicit consent of the participants to the recording is always obtained, if required.

You may have the option of using the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to log them.

Insofar as personal data of our employees is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing, provided that German law is applicable to the processing of employee data.

If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, performance or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) f) DSGVO is the legal basis for the data processing. Our legitimate interest in these cases is the effective implementation of video conferences.

Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).

Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our overriding legitimate interest pursuant to Art. 6 (1) lit. f) DSGVO. Our legitimate interest in these cases is the effective implementation of video conferences.

We use one or more service providers as processors for the performance of video conferences on the basis of a commissioned processing agreement pursuant to Art. 28 DSGVO.

Personal data may be transferred to a third country (outside the EU or the EEA). If there is no adequacy decision for the third country in accordance with Art. 45 of the GDPR, we ensure that suitable guarantees are provided for this transfer in accordance with Art. 46 of the GDPR. We will be happy to provide you with proof of the appropriate safeguards at any time upon request.
‍

10. mergers and aAcquisitions (M&A)

If we are involved in a restructuring, acquisition, asset sale, merger, financing, transfer of services to another provider, due diligence, insolvency or receivership, your personal data may be transferred to third parties to the extent legally permitted in connection with and as part of the relevant legal process, subject to compliance with the fundamental principles of data protection law.'
‍

11. age restriction

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about persons under 16.
‍

12. recipients of data

Within our company, those internal departments or organizational units receive your data that need them to fulfill their tasks, if necessary to fulfill contracts with you, to process data with your consent or to protect our overriding legitimate interests.

Data is only passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g. on the basis of Art. 6 para. 1 lit. b) DSGVO for contractual purposes or to protect our overriding legitimate interest in accordance with Art. 6 para. 1 lit. f) DSGVO in the effective performance of our business operations.

If we use service providers or third parties to provide the website and/or platform or other services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.
‍

13. your rights

You have the rights explained below with regard to the personal data we process that concerns you:

13.1 Right to information

You can request information in accordance with Art. 15 DSGVO about your personal data that we process.

13.2 Right to rectification

If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 DSGVO. If your data is incomplete, you can request that it be completed.

13.3 Right to deletion

You may request the deletion of your personal data in accordance with Art. 17 DSGVO.

13.4 Right to restriction of processing

In accordance with Art. 18 DSGVO, you have the right to request restriction of the processing of your personal data.

13.5 Right to object to processing

You have the right to object at any time on grounds relating to your particular situation to the processing of your personal data that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO in accordance with Art. 21(1) DSGVO. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims (Art. 21 (1) DSGVO).

In addition, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing in accordance with Art. 21 (2) DSGVO; this also applies to any profiling, insofar as it is associated with such direct marketing.

13.6 Right to revoke your consent

Insofar as you have given your consent for processing, you have a right of revocation pursuant to Art. 7 (3) DSGVO.

13.7 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format ("data portability") as well as the right to have this data transferred to another controller if the prerequisites of Art. 20 (1) lit. (a) and (b) DSGVO are met.

13.8 Exercise of rights

You may exercise your rights by notifying the data controller or data protection officer using the contact details provided above.

13.9 Right to complain to the data protection supervisory authorities

If you believe that our processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice pursuant to Art. 77 DSGVO.
‍

14. mandatory information and profiling

The provision of personal data is neither legally nor contractually required, you are also not obliged to provide personal data, however, the provision of personal information is necessary for the conclusion of a contract in that certain information is mandatory in order to conclude (and perform) a contract.

We do not perform automated decision-making including profiling.
‍

15. storage/retention and deletion

We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purpose of the data processing purposes or as provided by the storage periods stipulated by law. If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.
‍

16. information security

We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection for the personal data we process that is appropriate to the risk of the processing in question and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.

Our employees receive regular training on data privacy and information security and are committed to confidentiality and data protection.

A restrictive rights and roles concept on a "need to know" basis ensures that employees only have access to the personal data they absolutely need to perform their tasks.
‍

17. modification of the privacy policy

We reserve the right to amend this data protection declaration from time to time so that it always complies with the current legal requirements and/or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. When you visit the website or use our services, the current data protection declaration always applies.

‍