Privacy Policy

Effective: February 5, 2025

Responsible Party

Michael, Neisens
Hirschpark, 3
33161, Hövelhof, Germany

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of processing, and refers to the data subjects.

Types of Processed Data

Inventory data.
Contact data.
Content data.
Usage data.
Metadata, communication, and procedural data.
Log data.

Categories of Data Subjects

Communication partners.
Users.

Purposes of Processing

Communication.
Security measures.
Organizational and administrative procedures.
Feedback.
Provision of our online services and user-friendliness.
Information technology infrastructure.

Applicable Legal Bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR, national data protection regulations in your or our country of residence or establishment may apply. In individual cases, if specific legal bases apply, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for taking pre-contractual measures at the request of the data subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that the interests, rights, and freedoms of the data subject are not overridden.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer and automated decision-making including profiling. Additionally, state data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to data as well as access, input, transfer, availability, and segregation of data. Furthermore, we have procedures in place to ensure the exercise of data subject rights, deletion of data, and responses to data breaches. We also consider data protection in the development or selection of hardware, software, and procedures according to the principle of data protection by design and by default.

Transfer of Personal Data

In the course of our processing of personal data, it may be transferred to other entities, companies, legally independent organizational units, or individuals. Recipients of such data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place as part of the use of services provided by third parties or the disclosure or transfer of data to other persons, entities, or companies, this is done in accordance with legal requirements. If the data protection level in the third country is recognized as adequate (Art. 45 GDPR), that decision serves as the basis for the transfer. Otherwise, transfers take place only if the data protection level is secured by other means, in particular through standard contractual clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or where transfer is required by contract or law (Art. 49 para. 1 GDPR). Furthermore, we inform you about the legal basis for transfers to third countries for the individual providers, with adequacy decisions taking precedence. More information on third-country transfers and adequacy decisions can be found on the EU Commission's website: Under the “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level as adequate for certain companies from the USA as of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at (in English). We will inform you in our privacy notices which service providers are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or no other legal basis for processing exists. This applies in cases where the original purpose of processing is no longer applicable or the data is no longer needed. Exceptions exist when legal obligations or specific interests require longer retention or archiving.

In particular, data that must be retained for commercial or tax purposes or that is necessary for legal proceedings or the protection of the rights of other natural or legal persons must be archived accordingly. Our privacy notices contain additional information on the retention and deletion of data specific to certain processing activities. If multiple retention or deletion periods are provided, the longest period shall apply. If a period does not explicitly begin on a specific date and lasts at least one year, it starts automatically at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, the triggering event is the effective date of termination or other cessation of the legal relationship. Data that is no longer required for its original purpose but is retained due to legal or other reasons is processed solely for the purposes justifying its retention.

PRIVACY.STORAGE.POLICY

Further information on processing activities, procedures, and services:

Rights of Data Subjects

Provision of Online Services and Web Hosting

We process user data in order to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of Data Processed: Usage data (e.g., page views, duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved); log data (e.g., log files regarding logins or data retrieval or access times).
Data Subjects: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of IT systems and technical devices such as computers, servers, etc.); security measures.
Retention and Deletion: Deletion in accordance with the section 'General Information on Data Storage and Deletion'.
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing activities, procedures, and services:

Collection of Access Data and Log Files: Access to our online services is recorded in the form of so-called 'server log files'. These files may include the address and name of the accessed pages and files, date and time of access, data transferred, confirmation of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The log files may be used for security purposes, e.g. to prevent server overload (especially in the case of abusive attacks such as DDoS), as well as to ensure the load and stability of the servers;
Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the incident is conclusively clarified.

Use of Cookies

The term 'cookies' refers to functions that store and retrieve information on users' devices. Cookies may be used for various purposes, such as ensuring functionality, security, and convenience of online services as well as for analyzing visitor traffic. We use cookies in accordance with legal requirements. Where necessary, we obtain user consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide explicitly requested content and functions. This includes saving settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We clearly inform you about the scope of consent and which cookies are used.

Notes on the Legal Basis for Data Protection: Whether we process personal data via cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests as explained in this section and in the context of the respective services.

Retention Duration: With regard to retention, the following types of cookies are distinguished:

Temporary Cookies (also: session cookies): Temporary cookies are deleted as soon as the user leaves the online service and closes their device (e.g., browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved and preferred content displayed when the user revisits the website. Similarly, usage data collected via cookies can be used for reach measurement. If no explicit information on the type and retention period is provided (e.g., as part of obtaining consent), you should assume that these cookies are permanent and may be stored for up to two years.

General Notes on Withdrawal and Objection (Opt-out): Users can withdraw their consent at any time and also object to the processing of their data in accordance with legal requirements, including via their browser's privacy settings.

Types of Data Processed: Metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Data Subjects: Users (e.g., website visitors, users of online services).
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Processing of Cookie Data Based on Consent: We use a consent management solution to obtain user consent for the use of cookies or for the processing methods and providers specified in the consent management solution. This process obtains, records, manages, and enables the withdrawal of consent, particularly with regard to the use of cookies and similar technologies for storing, retrieving, and processing information on users' devices. In this process, user consent is obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management solution. Users also have the option to manage and withdraw their consent. The consent declarations are stored to avoid repeated requests and to provide evidence of consent in accordance with legal requirements. The storage is performed server-side and/or in a cookie (so-called opt-in cookie) or by similar technologies to associate the consent with a specific user or device. If no specific information is provided regarding the consent management service providers, the following general notes apply: The retention period for consent is up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details of the consent (e.g., the relevant cookie categories and/or service providers), as well as information about the browser, system, and device.

Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Contact and Inquiry Management

When you contact us (e.g., by mail, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information you provide is processed to answer your inquiry and to take any requested measures.

Types of Data Processed: Inventory data (e.g., full name, address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions including information on authorship or time of creation); usage data (e.g., page views, duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions). Metadata, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
Data Subjects: Communication partners.
Purposes of Processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.
Retention and Deletion: Deletion in accordance with the section 'General Information on Data Storage and Deletion'.
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further information on processing activities, procedures, and services:

Contact Form: When you contact us via our contact form, email, or other communication channels, we process the personal data you provide to answer and handle your inquiry. This typically includes information such as your name, contact details, and any additional information you provide that is necessary to process your request. We use this data solely for handling your inquiry and communication; Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).