PRIVACY STATEMENT of the Digital Stage Initiative

(hereinafter referred to as: DSI)

We are very pleased about your interest in our project. Data protection is of particular importance to the management of DSI. It is generally possible to use the website of DSI without providing any personal data. However, if DSI person concerned wishes to make use of special services offered by our initiative via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

The processing of personal data, such as the name, address, e-mail address or telephone number of DSI person concerned, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to DSI. By means of this data protection declaration, our initiative wishes to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration is intended to inform affected persons about the rights to which they are entitled.

As DSI is responsible for the processing, DSI has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions in principle may have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions of Terms

The data protection declaration of DSI is based on the terms and definitions used by the European authority for directives and regulations when issuing the Basic Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used herein in advance.
We use the following terms, among others, in this data protection declaration:

a) personal data
Personal data shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as DSI name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c) processing
Processing shall mean any operation or set of operations, which is performed upon personal data with or without the aid of automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

d) blocking of processing
Blocking of processing shall mean the marking of stored personal data with the aim of restricting or limiting their future processing.

e) profiling
Profiling shall mean any automated processing of personal data using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person´s job performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location.

f) pseudonymization
Pseudonymization shall mean the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the need of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.

g) controller or person responsible for the processing
Controller or person responsible for the processing shall mean the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union law or by the law of the Member States, provision may be made for the controller to be designated or the specific criteria for his nomination may be provided for by European Union law or by the law of the Member States.

h) processor
Processor shall mean a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

i) recipient
The recipient shall mean a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not that person is a third party. However, public authorities which may receive personal data in the course of a specific investigation mandated under European Union or national law shall not be considered to be recipients.

j) third parties
A third party shall mean a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

k) consent
Consent shall mean any freely given, specific, informed and unequivocal expression of the data subject’s will in a specific case, in the form of a statement or other unequivocal affirmative indication by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

2. Name and address of the person responsible for the processing

The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other regulations of a data protection nature is indicated at the top of the page.

3. Cookies

The Internet pages of DSI use cookies. Cookies are text files which are filed and stored on a computer system via an Internet browser.
Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identification of the specific cookie. It consists of a string of characters that can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID.
By using cookies, DSI can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
By means of a cookie, the information and offers on our website can be optimized in the interest of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his or her access data each time he or she visits the website, as this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online store. The online store uses a cookie to remember the items that a customer has placed in the virtual shopping cart.
The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.

4. Collection of general data and information

The website of DSI collects a number of general data and information each time the website is accessed by a data subject or automated system. These general data and information are stored in the server log files. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.

When using these general data and information, DSI does not draw any conclusions about the person concerned. Rather, this information is required in order to (1) deliver the contents of our website correctly, (2) optimize the contents of our website and the advertising for it, (3) ensure the permanent operability of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by DSI on the one hand statistically and also with the aim of increasing data protection and data security in our initiative, in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided a person concerned.

5. Routine deletion and blocking of personal data

The data controller processes and stores personal data of the data subject only for the time necessary to achieve the purpose of storage or if this is provided for in laws or regulations by the European Directives and Regulations Authority or another competent legislator to which the data controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the European Directives and Regulations Authority or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

6. Rights of the data subject

a) right to confirmation Every data subject has the right, granted by the European Directives and Regulations Authority, to obtain at any time and free of charge confirmation from the data controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of information, he or she may at any time contact an employee of the data controller.
b) right to information Every person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to obtain at any time and free of charge information from the data controller about the personal data stored about him or her and to obtain a copy of this information. Furthermore, the European Directives and Regulations Authority has granted the data subject access to the following information:
the processing purposes
the categories of personal data processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations
where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this period
the existence of a right of to request rectification or erasure of personal data concerning him or her or of a right of objection to such processing by the controller
the right to lodge a c to a complaint to a supervisory authority
where the personal data are not collected from the data subject: any available information as to their source
the existence of automated decision making, including profiling, in accordance with Article 22(1) and (4) of the General Data Protection Regulation (GDPR) and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing on the data subject. In addition, the data subject has the right of access to information on whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject shall also have the right to be informed of the appropriate safeguards in relation to the transfer and; if a data subject wishes to exercise this right of access, he or she may at any time contact a member of the controller´s staff.
c) right of rectification
Every person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to request the immediate rectification of incorrect personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing, and, if a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of the controller´s staff.
d) right of erasure (right to be forgotten)
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to obtain from the controller the immediate erasure of personal data concerning him/her, where one of the following grounds applies and if the processing is not necessary:
The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
the data subject withdraws the consent on which the processing is based pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing
The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
The personal data have been unlawfully processed.
The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data have been collected in relation to the offer of information society services in accordance with Art. 8(1) of the GDPR. If one of the above grounds applies and a data subject wishes to have personal data stored at DSI deleted, he/she may contact a member of the data controller´s staff at any time. The member of the controller´s staff of DSI will take reasonable measures to immediately comply with the data subject´s wishes of deletion. If the personal data has been made public by DSI and our initiative is the responsible controller in accordance with Art. 17(1) of the GDPR, DSI will take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary. The employee of DSI will take the necessary steps in individual cases.

e) right to restriction of processing
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to request the controller to restrict the processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period of time enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to the processing in accordance with Art. 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored at DSI, he/she can contact a member of the controller´s staff at any time for this purpose. The employee of DSI will arrange for the restriction of the processing.
f) right to data portability
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to receive the personal data concerning him/her, which have been provided by the data subject to a data controller, in a structured, commonly used and machine-readable format. He/she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided
where the processing is based on consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR or on a contract pursuant to point (b) of Art. 6 (1) GDPR
and the processing is carried out by automated means,
unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising his or her right to data portability in accordance with Art. 20 (1) GDPR, the data subject has the right to request that personal data be transmitted directly from one controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
g) right to object
Every person affected by the processing of personal data has the right, granted by the European Directives and Regulations Authority, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her that is based on point (e) or (f) of Art. 6(1) of the GDPR, including profiling based on those provisions. DSI does not process the personal data in the event of an objection unless we can demonstrate compelling legitimate reasons for processing that override the interests, rights and freedoms of the data subject, or the processing is necessary for the assertion, exercise or defence of legal claims.
Where DSI processes personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to such processing for marketing purposes which includes profiling to the extent that it is related to such direct marketing.
In addition, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data relating to him which is carried out by the DSI for the purposes of scientific or historical research or for statistical purposes in accordance with Art 89 (1) of the GDPR. In order to exercise the right of objection, the data subject may contact any member of the DSI staff or any other employee of the DSI directly, unless such processing is necessary for the performance of a task carried out in the public interest. The data subject is also free to exercise his/her right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
h) automated individual decision-making including profiling
The data subject has the right, granted by the European Directives and Regulations Authority, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision
(1) is not necessary for entering into, or performance of, a contract between the data subject and the controller,
or (2) is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject´s rights and freedoms and legitimate interests,
or (3) is based on the explicit consent of the data subject.
Where the decision is (1) necessary for the entering onto, or performance of, a contract between the data subject and the controller, or (2) is taken with the explicit consent of the data subject, DSI shall implement suitable measures to safeguard the data subject´s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
i) right to revoke a consent under data protection law
A data subject affected by the processing of personal data has the right granted by the European Directives and Regulations Authority to revoke his or her consent to the processing of personal data at any time. Where a data subject wishes to request his or her right to revoke a consent, he/she can contact a member of the controller´s staff at any time for this purpose.

7. Data protection regulations on the use and application of Google Analytics (with anonymization function)

The person responsible for processing has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, monitoring and evaluation of data about the behavior of visitors to Internet websites. Among other things, a web analysis service collects data about the Internet website from which a person concerned has accessed an Internet page (so-called referrer), which sub-pages of the Internet page were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising.
Operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The data controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if the access to our Internet pages is from a European Union Member State or from another state which is a party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is the analysis of visitor flows to our website. Google uses the data and information obtained to evaluate the use of our website, among other things, in order to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website.
Google Analytics sets a cookie on the information technology system of the person concerned. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website, which is operated by the person responsible for processing and on which a Google Analytics component has been integrated, is called up, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. In the course of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
By means of the cookie, personal information such as the access time, the location from which an access originated and the frequency of visits to our website by the person concerned is stored. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on to third parties this personal data collected via the technical process.
The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the opportunity to object to and prevent the collection of data generated by Google Analytics and relating to the use of this website and to the processing of this data by Google. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject’s information technology system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her sphere of control, it is possible to reinstall or reactivate the browser add-on.
For further information and the applicable Google privacy policy refer to https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

8. Legal basis of the processing

Point (a) of Art. 6 (1) GDPR serves our initiative as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on point (b) of Art. 6 (1) GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our initiative is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on point (c) of Art. 6 (1) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our initiative was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case the processing would be based on point (d) of Art. 6 (1) GDPR. Finally, processing operations could be based on point (f) of Art. 6 (1) GDPR. Processing operations which are not covered by any of the above are based on this legal basis if the processing is necessary to safeguard a legitimate interest of DSI or of a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the person responsible (Recital 47 Sentence 2 GDPR).

9. Legitimate interests in the processing pursued by the controller or by a third party

If the processing of personal data is based on point (f) of Article 6 (1) GDPR, our legitimate interest is to carry out our business activities for the benefit of all our employees and our shareholders.

10. Period of time for which personal data are stored

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data is routinely deleted if it is no longer required for the performance or initiation of contract.

11. Legal or contractual provisions on the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a person concerned provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if DSI concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the person concerned makes personal data available, he or she must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

12. Existence of automated decision making

As a responsible initiative, we avoid automatic decision making or profiling.

13. Newsletter

If you register for our free newsletter, the data requested by you for this purpose, i.e. your e-mail address, will be transmitted to us. At the same time, we save the IP address of the Internet connection from which you access our website as well as the date and time of your registration. During the further registration process, we will obtain your consent to send you the newsletter, describe the content specifically and refer you to this Privacy Policy. We use the data collected in the process exclusively for sending the newsletter – they will therefore not be passed on to third parties.

The legal basis for this is point (a) of Art. 6 (1) GDPR.

You can revoke your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 (3) GDPR. To do so, you only need to inform us of your revocation or click on the unsubscribe link contained in every newsletter.

14. Contact requests / contact possibility

If you contact us via our contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for processing and answering your inquiry – without the provision of this data, we cannot answer your inquiry or can only answer it to a limited extent.

The legal basis for this processing is point (b) of Art. 6 (1) GDPR.

Your data will be deleted if your inquiry has been finally answered and the deletion is not opposed by any legal storage obligations, such as for example in the case of a possible subsequent contract.

15. User contributions, comments and ratings

We offer the opportunity to publish on our Internet pages questions, answers, opinions or ratings, hereinafter only referred to as “contributions”. If you make use of this offer, we will process and publish your contribution, date and time of submission and the pseudonym you may use.

The legal basis for this is point (a) of Art. 6 (1) GDPR. You can revoke your consent at any time with effect for the future in accordance with Art. 7 (3) GDPR. To do so, all you have to do is to inform us of your revocation.

Furthermore, we also process your IP and e-mail address. The IP address is processed because we have a legitimate interest in initiating or supporting further steps if your contribution infringes the rights of third parties and/or is otherwise illegal.

In this case, the legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in any necessary legal defence.

16. Online job applications / publication of job advertisements

We offer you the opportunity to apply for a job with us via our website. With these digital applications, your applicant and job application data will be collected and processed electronically by us for the purpose of handling the application procedure.

The legal basis for this processing is § 26 (1) sentence 1 German Federal Data Protection Act (GFDPA) in conjunction with Art. 88 (1) GDPR.

If a contract of employment is concluded as a consequence of the application procedure, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process – this is, of course, in compliance with any more extensive legal obligations.

The legal basis for this processing is also § 26 (1) sentence 1 GFDPA in conjunction with Art. 88 (1) GDPR.

If an application is rejected, we automatically delete the data transmitted to us two months after notification of the rejection. However, the data will not be deleted if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to statutory provisions, e.g. due to the obligation to produce evidence under the German General Equal Treatment Act (GETA).

In this case, the legal basis is point (f) of Art. 6 (1) GDPR and § 24 para. 1 no. 2 GFDPA. Our legitimate interest lies in the legal defense or law enforcement.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further based on your consent. The legal basis then is point (a) of Art. 6 (1) GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) GDPR by making an according declaration to us with effect for the future.

17. Twitter

We maintain an online presence on Twitter to present our initiative and our services and to communicate with customers/interested parties. Twitter is a service of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We would like to point out that there is a possibility that user data may be processed outside the European Union, specifically in the USA. This may result in increased risks for the user in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access possibility lies exclusively with Twitter. Twitter Inc. is certified under the Privacy Shield and has thus committed itself to comply with the European data protection standards.

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

The Twitter privacy policy can be found at

https://twitter.com/de/privacy

18. YouTube

We maintain an online presence on YouTube to present our initiative and our services and to communicate with customers/interested parties. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

We point out that there is a possibility that user data may be processed outside the European Union, specifically in the USA. This may result in increased risks for the user in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access possibility lies exclusively with YouTube. Google LLC is certified under the Privacy Shield and has thus committed itself to comply with European data protection standards.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The YouTube privacy policy can be found at

https://policies.google.com/privacy

19. LinkedIn

We maintain an online presence at LinkedIn to present our initiative and our services and to communicate with customers/interested parties. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

We point out that there is a possibility that user data may be processed outside the European Union, specifically in the USA. This may increase the risks for the user in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access possibility lies exclusively with LinkedIn. LinkedIn Corporation is certified under the Privacy Shield and has thus committed itself to comply with European data protection standards.

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

The LinkedIn privacy policy can be found at

https://www.linkedin.com/legal/privacy-policy

20. Facebook

To promote our products and services and to communicate with interested parties or customers, we operate a initiative presence on the Facebook platform.

On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data protection officer of Facebook can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have determined the joint responsibility in an agreement regarding the respective obligations in terms of the GDPR. This agreement, from which the mutual obligations arise, can be accessed via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that is carried out as a result thereof and which is reproduced below is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the analysis, communication, sales and promotion of our products and services.

The legal basis may also be the user’s consent pursuant to point (a) of Art. 6 (1) GDPR to the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) GDPR.

When our online presence is called up on the Facebook platform, user data (e.g. personal information, IP address, etc.) are processed by Facebook Ireland Ltd. as the platform operator in the EU.

These user data are used for statistical information about the use of our initiative presence on Facebook. Facebook Ireland Ltd. uses these data for market research and advertising purposes as well as to create user profiles. Using these profiles, Facebook Ireland Ltd. is, for example, able to place interest-related advertisements inside and outside of Facebook. If the user is logged into his or her account on Facebook at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

In the event that the user communicates via Facebook, the user’s personal data entered on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s inquiry has been finally answered and no legal obligations to retain the data exist, e.g. in the event of subsequent contract performance.

Facebook Ireland Ltd. may also use cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented by the browser settings, but by a corresponding setting of the Flash Player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

More details on the processing activities, their prevention and the deletion of data processed by Facebook can be found in the Facebook Data Policy:

https://www.facebook.com/privacy/explanation

It cannot be excluded that the processing by Facebook Ireland Ltd. may also take place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has subjected itself to the “EU-US Privacy Shield” and thereby declares its compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

21. Instagram

To promote our products and services and to communicate with interested parties or customers, we operate a initiative presence on the Instagram platform.

On this social media platform, we share a are joint responsibility with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The Instagram data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have determined the joint responsibility in an agreement regarding the respective obligations in terms of the GDPR. This agreement, from which the mutual obligations arise, can be accessed via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that is carried out as a result thereof and is reproduced below is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the analysis, communication, sales and promotion of our products and services.

The legal basis may also be the user’s consent pursuant to point (a) of Art. 6 (1) GDPR to the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 (3) GDPR.

When our online presence is accessed on the Instagram platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as operator of the platform in the EU.

This user data is used for statistical information about the use of our initiative presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. For example, Facebook Ireland Ltd. may use these profiles to place interest-related advertisements inside and outside Instagram. If the user is logged into his or her account on Instagram at the time of access, Facebook Ireland Ltd. may also link the data to the user’s account.

In the event that the user communicates with Instagram through Instagram, the personal data of the user entered on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s inquiry has been conclusively answered and no legal storage obligations, e.g. in the case of subsequent contract performance, exist.

Facebook Ireland Ltd. may also use cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented by the browser settings, but by a corresponding setting of the Flash Player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

For details on processing activities, their prevention and the deletion of data processed by Instagram, please refer to Instagram’s Data Policy:

https://help.instagram.com/519522125107875

It cannot be excluded that the processing by Facebook Ireland Ltd. may also take place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has subjected itself to the “EU-US Privacy Shield” and thereby declares its compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

22. Linking social media via graphic or text link

We also advertise presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents that when a website with a social media application is called up, a connection is automatically established to the respective server of the social network to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network.

After the user is forwarded, information about him or her is collected by the respective network. It cannot be excluded that the data collected in this way is processed in the USA.

In the first instance these are data such as IP address, date, time and visited page. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the user’s specific visit to the user’s personal account. In case that the user interacts via a “share” button of the respective network, this information can be stored in the user’s personal account and, if necessary, be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. There is also the possibility to configure the respective user account accordingly.

23. The following social networks are integrated into our site by linking:

Facebook
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://www.facebook.com/policy.php

EU-US Privacy Shield Certification https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Twitter
Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Privacy policy: https://twitter.com/privacy

EU-US Privacy Shield certification

https://www.privacyshield.gov/…0000TORzAAO&status=Active

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Privacy policy: https://policies.google.com/privacy

EU-US Privacy Shield Certification https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

EU-US Privacy Shield Certification https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://help.instagram.com/519522125107875

EU-US Privacy Shield Certification https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

24. “Facebook” Social Plug-in

In our Internet presence we use the plug-in of the social network Facebook. Facebook is an Internet service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook”.

Facebook guarantees by certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

that the data protection regulations of the EU will also be observed even when processing data in the USA.

The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in improving the quality of our Internet presence.

Further information about the possible plug-ins and their respective functions can be found on Facebook at

https://developers.facebook.com/docs/plugins/

If the plug-in is stored on one of the pages you visit on our website, your Internet browser will download a representation of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Facebook while visiting one of our Internet pages equipped with the plug-in, the information collected by the plug-in during your specific visit will be recognized by Facebook. Facebook may assign the information collected to your personal user account there. For example, if you use the “Like” button on Facebook, this information is stored in your Facebook user account and, possibly, published on the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or prevent the loading of the Facebook plug-in from being blocked by using an add-on for your Internet browser.

Further information about the collection and use of data as well as your rights and protection options in this regard are made available by Facebook in the sections

https://www.facebook.com/policy.php

 

25. “Twitter” social plug-in

We use the Twitter social network plug-in on our website. Twitter is an Internet service of Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter referred to as “Twitter”.

Twitter guarantees by certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

that the EU’s data protection regulations are also observed even when processing data in the USA.

The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in improving the quality of our Internet presence.

If the plug-in is stored on one of the pages of our Internet presence that you visit, your Internet browser will download a representation of the plug-in from the servers of Twitter in the USA. For technical reasons it is necessary that Twitter processes your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Twitter while visiting one of our websites equipped with the plug-in, the information collected by the plug-in about your specific visit will be recognized by Twitter. Twitter may assign the information collected in this way to your personal user account. For example, if you use the “Share” button on Twitter, this information will be stored in your Twitter user account and published on the Twitter platform. If you want to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter user account.

Twitter provides further information on the collection and use of data as well as your rights and protection options in this regard in the sections on

https://twitter.com/privacy

26. YouTube

We use YouTube in our Internet presence. This is a video portal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.

YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

Google, and with it its subsidiary YouTube, guarantee by certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

that the EU’s data protection regulations will also be observed even when processing data in the USA.

We use YouTube together with the “Enhanced Data Protection Mode” feature to show you videos. The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in improving the quality of our Internet presence. According to YouTube, the function ” Enhanced Data Protection Mode ” has the effect that the data described in more detail below is not transmitted to the YouTube server before you actually start a video.

Without this ” Enhanced Data Protection Mode “, a connection to the YouTube server in the USA is established as soon as you access one of our Internet pages on which a YouTube video is embedded.

This connection is required in order to display the respective video on our website via your Internet browser. As a result, YouTube will at least record and process your IP address, the date and time, and the website you visited. Furthermore, a connection to the advertising network “DoubleClick” of Google will be established.
If you are logged in to YouTube at the same time as visiting our website, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube account.

For the purpose of functionality as well as for the analysis of usage behavior, YouTube permanently stores cookies via your Internet browser on your end device. If you do not agree with this processing, you have the possibility to prevent the storage of cookies by changing the settings in your Internet browser. You will find more information on this under the section “Cookies” above.

Further information on the collection and use of data and your rights and protection options in this regard is held by Google in the files listed under

https://policies.google.com/privacy

27. Vimeo

We use “Vimeo” on our website to display videos. This is a service of Vimeo, LL C, 555 West 18 th Street, New York, New York 10011, USA, hereinafter referred to as “Vimeo”.

In some instances, the processing of user data takes place on Vimeo servers in the USA. Vimeo guarantees, however, by certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active

that the EU’s data protection regulations will also be observed even when processing data in the USA.

The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in improving the quality of our Internet presence.

If you visit a page of our website in which a video is embedded, a connection to the Vimeo servers in the USA will be established to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Vimeo while visiting one of our Internet sites where a Vimeo video is embedded, Vimeo may associate the information collected with your personal user account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.

For the purpose of functionality and usage analysis, Vimeo uses the web analysis service of Google Analytics. Google Analytics stores cookies on your end device via your Internet browser and sends to Google information about the use of our Internet pages in which a Vimeo video is embedded. It cannot be ruled out that Google will process this information in the USA.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this in the section “Cookies” above.

The legal basis is point (f) of Art. 6 (1) GDPR. Our legitimate interest lies in improving the quality of our Internet presence and in the legitimate interest of Vimeo to analyze user behavior statistically for optimization and marketing purposes.

Vimeo offers further information on the collection and use of the data as well as on your rights and options for protecting your privacy under

http://vimeo.com/privacy

28. Paypal as payment method

Our data controller has integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility to make virtual payments by credit card if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
If the data subject selects “PayPal” as a payment option during the payment process on our website, data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Necessary for the processing of the purchase contract, are also such personal data which are in connection with the respective order.
The transmission of the data is intended for payment processing and fraud prevention. The person responsible for processing will transmit personal data to PayPal in particular where there is a legitimate interest in the transmission. Personal data exchanged between PayPal and the data controller may be shared by PayPal with credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfill the contractual obligations or if the data is to be processed by order.
The person concerned has the possibility to revoke his or her consent to PayPal’s handling of personal data at any time. Revocation, however, does not affect personal data that is essential for the processing, use or transmission in the course of the (contractual) handling of payments.
PayPal’s applicable data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

This Privacy Policy was created by the data protection declaration generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the external data protection officer Nuremberg, in cooperation with the lawyer for IT and data protection law Christian Solmecke, and was supplemented by parts of the sample data protection declaration of the law firm Weiß & Partner (https://www.ratgeberrecht.eu/leistungen/muster-datenschutzerklaerung.html)