Data Security and Protection Policy
Our Commitment to Data Protection
The security of your personal data is our highest priority. We have implemented rigorous technical and organizational measures to protect your information from unauthorized access, loss, or misuse. As a private company, we strictly adhere to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). These standards apply equally to our internal operations and our external service providers.
Key Legal Definitions
To ensure transparency and clarity, we utilize the following definitions as established by European legislation:
Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject"). This includes identifiers such as names, ID numbers, location data, or specific physical, genetic, mental, or social factors.
Processing: Any operation performed on personal data, whether automated or not, including collection, storage, adaptation, transmission, or erasure.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: A natural or legal person who processes data on behalf of the Controller.
Profiling: Automated processing used to evaluate personal aspects of a natural person, such as work performance, economic situation, or personal interests.
Consent: A freely given, specific, and unambiguous indication of agreement to the processing of one's data via a statement or clear affirmative action.
Legal Basis for Processing
Under Art. 6 (1) GDPR, the processing of personal data is only lawful if at least one of the following applies:
Consent: You have given clear agreement for a specific purpose.
Contractual Necessity: Processing is required to fulfill a contract with you.
Legal Obligation: We are required by law to process the data.
Vital Interests: Processing is necessary to protect someone's life.
Public Interest: Processing is necessary for tasks carried out in the public interest.
Legitimate Interests: Processing is necessary for our legitimate business interests, provided they do not override your fundamental rights (especially regarding children).
Data Collection: Website Usage
When you visit our website for informational purposes (without registering or submitting forms), we only collect the data your browser automatically transmits to our server. This data is technically necessary to ensure the stability and security of your connection.
We collect the following technical information:
IP address and Time zone (GMT difference).
Date and time of access.
Specific page(s) visited and the content of the request.
HTTP status code and volume of data transferred.
The referring website (from which the request originated).
Browser type, version, language, and operating system.
Note on Retention: This technical data is deleted immediately following a technical evaluation. This process is justified under Art. 6 para. 1 lit. f) GDPR, serving our legitimate interest in providing a functional, secure, and optimized website experience.