Privacy Policy

Data Security and Protection Policy

Our Commitment to Data Protection

The security of your personal data is our highest priority. We have implemented rigorous technical and organizational measures to protect your information from unauthorized access, loss, or misuse. As a private company, we strictly adhere to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). These standards apply equally to our internal operations and our external service providers.

Key Legal Definitions

To ensure transparency and clarity, we utilize the following definitions as established by European legislation:

Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject"). This includes identifiers such as names, ID numbers, location data, or specific physical, genetic, mental, or social factors.
Processing: Any operation performed on personal data, whether automated or not, including collection, storage, adaptation, transmission, or erasure.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: A natural or legal person who processes data on behalf of the Controller.
Profiling: Automated processing used to evaluate personal aspects of a natural person, such as work performance, economic situation, or personal interests.
Consent: A freely given, specific, and unambiguous indication of agreement to the processing of one's data via a statement or clear affirmative action.

Legal Basis for Processing

Under Art. 6 (1) GDPR, the processing of personal data is only lawful if at least one of the following applies:

Consent: You have given clear agreement for a specific purpose.
Contractual Necessity: Processing is required to fulfill a contract with you.
Legal Obligation: We are required by law to process the data.
Vital Interests: Processing is necessary to protect someone's life.
Public Interest: Processing is necessary for tasks carried out in the public interest.
Legitimate Interests: Processing is necessary for our legitimate business interests, provided they do not override your fundamental rights (especially regarding children).

Data Collection: Website Usage

When you visit our website for informational purposes (without registering or submitting forms), we only collect the data your browser automatically transmits to our server. This data is technically necessary to ensure the stability and security of your connection.

We collect the following technical information:

IP address and Time zone (GMT difference).
Date and time of access.
Specific page(s) visited and the content of the request.
HTTP status code and volume of data transferred.
The referring website (from which the request originated).
Browser type, version, language, and operating system.

Note on Retention: This technical data is deleted immediately following a technical evaluation. This process is justified under Art. 6 para. 1 lit. f) GDPR, serving our legitimate interest in providing a functional, secure, and optimized website experience.

Cookie Management and Deletion

You have full control over the cookies stored on your device. Most internet browsers allow you to:

Block: Prevent the storage of cookies entirely.
Notify: Request a prompt every time a website attempts to set a cookie.
Delete: Remove existing cookies from your device at any time.

Detailed instructions for these settings are available in the "Help" menu of your specific browser. Please note that disabling technical cookies may limit the functionality of our website.

Google Analytics 4 (GA4)

We use Google Analytics 4, a web analysis service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). This service helps us understand how users interact with our website to improve our services and marketing.

Data Processing & Pseudonymization

Cookies & Tracking: GA4 uses cookies and databases stored on your device. Information generated about your usage is typically transmitted to a Google server.
IP Anonymization: Your IP address is automatically shortened (truncated) by Google within the EU or EEA before being processed. This ensures that the data is pseudonymized and cannot be directly linked to you.
Server-Side Tracking: We may utilize server-side tracking to further pseudonymize your data on our own infrastructure before it reaches Google.

Usage of Data & Demographic Characteristics

Google evaluates website usage on our behalf to provide reports on activity. GA4 also allows us to analyze "demographic characteristics" (such as age, gender, and interests) via browser fingerprints and third-party data.

Important: This data remains anonymous and cannot be assigned to any specific individual.

Consent and Retention

Legal Basis: This processing only occurs if you provide express consent via our Cookie Consent Tool (Art. 6 para. 1 lit. a) GDPR).
Revocation: You may withdraw your consent at any time with future effect by updating your preferences in our Cookie Consent Tool.
Retention: Data collected via GA4 and demographic characteristics are stored for 2 months and then automatically deleted.

International Transfers & Security

Data Processing Agreement: We have a strict contract with Google to ensure your data is protected and not shared with unauthorized third parties.
Trans-Atlantic Data Privacy Framework: For data processed in the USA, Google is certified under the Data Privacy Framework, ensuring a level of protection consistent with European standards.
Further Information: You can view Google’s privacy terms at Google Privacy & Terms.

Children

Our services are generally aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.

Legal Effectiveness (Severability Clause)

Should individual provisions or specific terms within this data protection declaration be or become legally invalid, void, or unenforceable, the validity and enforceability of the remaining sections shall remain unaffected. The invalid provision will be replaced by the applicable statutory regulations.

Page updated

Google Sites

Report abuse