Privacy Policy.

In order to fulfil our obligations in accordance with Art. 13 GDPR, this privacy policy will inform you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") that occurs in the provision of our services and within our online offering. This online offering includes, in particular, the necessary websites and associated functions and content as well as external online presences, such as social network profiles and media. With regard to the terms used, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).​

By using any of Squarespace’s Services, you confirm you have agreed to the Terms of Service and read and understood this Privacy Policy and our Cookie Policy.

Data controller

The person responsible for data processing within the meaning of Art. 13 I GDPR is:
Dimitris Bellos
Georg-Kerschensteiner-Str. 45
81829 München
E-Mail-Adresse: info@pisizedesign.com
Telefon: +49(0)15255821194

Data subjects

The data processing carried out by us affects users of our online offer, recipients of the newsletter, interested parties and customers.

Types of data processed

If you simply access our website, i.e. without registering or providing any other information, only the data transmitted to our server by the respective user's browser (so-called "server log files") is collected. The following data is affected by this:

• Date and time at the time of access

• Amount of data sent in bytes

• Source/reference from which you reached the page

• IP address used (if applicable: in anonymised form)

• Usage data (e.g. cookies, websites visited, interest in content, access times)

• Meta/communication data (e.g. software information, IP/MAC addresses, operating system and browser used)

If the respective user also completes a registration or submits other information, the following data is also processed:

• Inventory data (e.g. personal master data, names or addresses)

• Contact data (e.g. e-mail addresses, telephone numbers)

• Content data (e.g. text entries, photo and video material)

Purpose of the processing

The data is processed

• to provide the online offering, including its functions and content,

• to answer contact enquiries and communicate with users,

• to ensure security measures,

• to measure reach and

• for marketing purposes

Terminology used

According to Art. 4 No. 1 GDPR, "personal data" means "any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

According to Art. 4 No. 2 GDPR, "processing" means "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".

According to Art. 4 No. 4 GDPR, "profiling" means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements".

According to Art. 4 No. 5 GDPR, "pseudonymisation" means "the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person". According to Art. 4 No. 6 GDPR, a "filing system" is "any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis".

According to Art. 4 No. 7 GDPR, "controller" means "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law". According to Art. 4 No. 8, "processor" is "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".

According to Art. 4 No. 9 GDPR, "recipient" is "a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party". However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing". The IP address is a combination of numbers assigned to a device by an internet service provider in order to grant the device access to the internet.​

Legal bases

In accordance with Art. 13 I c) GDPR, we are obliged to inform you of the legal basis of our data processing. For users from the scope of the General Data Protection Regulation (GDPR), which extends to the European Union (EU) and the European Economic Community (EEC), the following applies with the proviso that no other legal basis is mentioned in the data protection declaration:

• Art. 6 para. 1 lit. a and Art. 7 GDPR is the legal basis for the processing of data covered by consent.

• Art. 6 para. 1 lit. b GDPR is the legal basis for the processing of data for the fulfilment of our owed services, for the implementation of pre-contractual measures and for answering enquiries.

• Art. 6 para. 1 lit. c GDPR is the legal basis for the processing for the fulfilment of our legal obligations.

• Art. 6 para. 1 lit. d GDPR is the legal basis for the processing of personal data that is necessary in order to protect the vital interests of the data subject or of another natural person.

• Art. 6 para. 1 lit. e GDPR is the legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, insofar as this is necessary for this purpose.

• Art. 6 para. 1 lit. f GDPR is the legal basis for processing to protect our legitimate interests.

• Art. 6 para. 4 GDPR concerns the processing of data for purposes other than those for which they were collected. Such processing is only possible under the conditions specified here.

• Art. 9 para. 2 GDPR places special requirements on the processing of special categories of data (in accordance with Art. 9 para. 1 GDPR).​

Security measures

In order to ensure a level of protection appropriate to the risk, we ensure in accordance with

• the legal requirements, taking into account the state of the art,

• the costs of implementation, the nature, scope, context and purposes of processing, and

• the varying likelihood and severity of the risk to the rights and freedoms of natural persons

for appropriate technical and organisational measures.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by

• controlling physical access to the data,

• controlling access to the data,

• controlling the input and forwarding of data, ensuring its availability and its separation.

In addition, we have created procedures that guarantee the exercise of data subjects' rights, the deletion of data and the response to data threats.

​

Cooperation with processors, joint controllers and third parties

For certain services, it is necessary in the course of our data processing to disclose data to other persons (usually companies), i.e. to transfer data to them or otherwise grant them access to the data. These companies are, on the one hand, processors or joint controllers and, on the other, third parties such as payment service providers. Such disclosure only takes place on the basis of a legal authorisation or obligation, consent by the user or on the basis of our legitimate interests, which exist, for example, in the use of agents or web hosts. Such a legitimate interest also exists in particular in the processing of data for administrative purposes.

In the event that we make data accessible to other companies in our group of companies (by disclosure, transmission or granting access in any other form), this is done in particular for administrative purposes. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. In addition, access may also be based on a legal requirement.
​

Transfers of data to third countries

Disclosure, transfer or other access to the data to a person (this also includes a company) in a third country (i.e. outside the EU, EEA or the Swiss Confederation) takes place if the legal requirements are met. This applies in particular to processing for the fulfilment of our contractual or pre-contractual obligations. Otherwise, the processing must be based on your consent, a legal obligation or our legitimate interests. We are also obliged to ensure the necessary minimum standards in this constellation. This includes, for example, that the respective third country has been officially recognised as having a level of data protection equivalent to that of the EU or that officially recognised special contractual obligations are observed.

Rights of the data subjects

You have the right to request information as to whether data concerning you is being processed. In addition, you have the right to further information and to receive a copy of the data in accordance with the legal requirements. You have the right to have data concerning you completed and to have incorrect data concerning you corrected. In accordance with the legal requirements, you have the right to have the data concerning you erased without undue delay. Alternatively, you have the right to restrict the processing of the data in accordance with the legal requirements. (see also right to object)

In accordance with the legal requirements, you have the right to demand the provision of the data concerning you that you have made available to us and may also demand its transmission to other data controllers. You have the right to lodge a complaint with the competent supervisory authority.

Right of cancellation

You can revoke your consent at any time with effect for the future.

​Right to object

You have the right to object to the future processing of data concerning you in accordance with the statutory provisions. The objection may in particular also be directed against processing for the purposes of direct advertising.

​Cookies

We offer the use of temporary and permanent cookies. If you do not agree to this use, please deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Cookies are small files that are stored on your computer. These files contain different types of information. Cookies are primarily used to store information about a user of an online service. In particular, for example, login data, the contents of a shopping basket and items accessed in an online shop or websites accessed in general are stored.

A distinction must first be made between temporary and permanent cookies. Temporary cookies are also known as "session cookies" or "transient cookies". These are cookies that are deleted after you leave the website. This usually happens when the browser is closed.

Permanent cookies (or "persistent cookies") are files that remain stored even after the browser is closed. This means that the above-mentioned information can be retained beyond the respective browser session. This is particularly relevant for cookies that contain information on user interests. This data is often used for reach measurement or marketing purposes. A distinction must also be made between so-called "third-party cookies", which are offered by providers other than the controller who operates the online service, and so-called "first-party cookies", which are present in all other cases. It is generally possible to object to the use of cookies used for online marketing purposes. There are a variety of providers for this purpose. In the case of tracking, this service is offered by the US website "https://www.aboutads.info/choices/” or the EU website "https://www.youronlinechoices.com/”. In addition, the storage of cookies can also be prevented by deactivating them in the browser settings. However, this option may mean that not all functions of this online offer can be used. Technically unnecessary cookies are only used with your consent.

Deletion of data

In accordance with the legal requirements, we delete the data collected by us or restrict its processing. We delete the data stored by us as soon as the purpose on which the storage is based has ceased to exist and there are no statutory retention obligations to the contrary and no deviating provisions have been made in this data protection declaration. If the data is not deleted because it is required for other, legally permissible purposes (e.g. storage for commercial or tax law reasons), its processing will be restricted. In this case, the data is processed exclusively for this purpose and is otherwise blocked.

Social media presence

We have company pages on several social media platforms. In this way, we want to provide more information about our company and opportunities for communication. There are company pages on the following social media platforms:

• Facebook

• Instagram

• Twitter

• LinkedIn

• Xing

​Personal data about you may be processed when you visit or interact with a profile on a social media platform. Information about the social media profiles used also often constitutes personal data. This also includes messages and statements made in connection with the use of a profile. When you access a social media profile, certain information about this profile is also usually collected automatically, which may also constitute personal data.

We also process information that you provide to us via our company pages on the respective social media platforms. This information may take the form of a user name used, contact information or information provided to us. We only process this personal data on a regular basis if we have expressly asked you to provide us with this data in advance. We carry out this processing as the sole controller. This data is processed on the basis of our legitimate interest in contacting the enquirer. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

In addition, we may process this data for evaluation and marketing purposes. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR and is in our interest in further developing our services and informing you specifically about our services. Further processing of the data is possible if you have given your consent (Art. 6 para. 1 lit. a GDPR) or to fulfil a legal obligation (Art. 6 para. 1 lit. c GDPR).

​Facebook and Instagram

When you visit our Facebook or Instagram page, on which we present our company or individual products from our range, certain information about you is processed. The sole controller for the processing of this personal data is Meta Platforms Ireland Limited (Ireland/EU - Meta). For more information about Meta's processing of personal data, please visit https://www.facebook.com/privacy/explanation.

Meta offers the possibility to object to certain data processing; information and opt-out options can be found at https://www.facebook.com/settings?tab=ads. Meta provides our Facebook and Instagram pages with statistics and insights in an anonymous form, which we use to understand what kind of actions people take on our pages (so-called page insights). These Page Insights are created based on certain information about the people who have visited our pages. This processing of personal data is carried out by Meta and us as joint controllers. The processing is based on our legitimate interest in analysing the type of actions taken on our website and improving our website on the basis of these findings. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We cannot link the information obtained via Page Insights to the Facebook profiles of people who interact with our Facebook page. We have entered into a joint controllership agreement with Meta, which sets out the division of data protection obligations between us and Meta. Details of the processing of personal data that gave rise to Page Insights and the agreement we have entered into with Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also exercise your rights as a data subject against Meta in relation to these data processing operations (see Your rights). Further information can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation. Please note that according to Meta's Privacy Policy, User Data is also processed in the USA or other third countries. Meta only transfers User Data to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

Twitter

Twitter Inc. (USA) is exclusively responsible for the processing of personal data when accessing our Twitter profile. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/de/privacy.

LinkedIn

When you visit our LinkedIn page, LinkedIn Ireland Unlimited (Ireland/EU - LinkedIn) is the only party responsible for the processing of personal data. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy LinkedIn processes personal data to provide us with anonymous statistics and insights when you visit, follow or participate in our LinkedIn company page. This gives us insights into the type of actions you take on our website (so-called page insights). For this purpose, LinkedIn processes data that you have already provided to LinkedIn via information in your profile, for example about your function, country, industry, length of service, company size and employment status. In addition, LinkedIn processes information about your interaction with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. We do not receive any personal data about you from LinkedIn through the page insights. We can only access aggregated Page Insights. It is also not possible for us to draw conclusions about individual members from the information in Page Insights. The processing of personal data in Page Insights is carried out by LinkedIn and us as joint controllers. This processing is in our legitimate interest to evaluate the nature of the actions taken on our LinkedIn Company Page and to improve our Company Page based on these findings. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We have entered into a joint controllership agreement with LinkedIn, which sets out the division of data protection obligations between us and LinkedIn. The agreement is available at https://legal.linkedin.com/pages-joint-controller-addendum. The following applies: 

• LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can do this by contacting LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) or via the contact details in the Privacy Policy. You can contact LinkedIn Ireland's Data Protection Officer at the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details we have provided to find out how to exercise your rights in relation to the processing of your personal data in The Page Game. In this case, we will forward your request to LinkedIn.

• LinkedIn and we have agreed that the Irish Data Protection Commission is the primary supervisory authority for the processing of Page Insights. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or another supervisory authority at any time. Please note that personal data may also be processed by LinkedIn in the United States or other third countries in accordance with LinkedIn's privacy policy. LinkedIn only transfers personal data to countries for which the European Commission has adopted an adequacy decision pursuant to Art. 45 GDPR or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

​XING

New Work SE (Germany/EU) is the sole controller for the processing of personal data when you visit our XING profile. You can find more information about the processing of personal data by New Work SE at https://privacy.xing.com/en/your-privacy. Communication via Messenger We use Messenger for communication, so please read the following information about the Messenger functions, encryption, the use of communication metadata and your options to object. For end-to-end encryption of content (i.e. your message content and attachments), please note that the content of the communication (i.e. the message content and the attached images) is encrypted from start to finish. This means that the content of the message cannot be viewed, not even by the messenger provider itself. You should always use the latest version of Messenger with encryption enabled to ensure that the message content is encrypted.

Encryption of the message content is guaranteed. However, we also point out to our communication partners that the content cannot be viewed by the messenger provider, but that the provider can obtain technical information about the communication partner's communication with us and the communication partner's device used for processing and, depending on the settings of their device, location information (so-called metadata).

If we obtain your consent before communicating with our communication partners via Messenger, the legal basis for our processing of your data is your consent. (Art. 6 para. 1 lit. a GDPR) You can revoke your consent at any time and object to communication with us via Messenger at any time.

Otherwise, if we do not ask for your consent or you have contacted us, we use Messenger to communicate with our contractual partners and to initiate contracts. (Art. 6 para. 1 lit. b GDPR) In the case of other interested parties and communication partners, the use is based on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communication via Messenger. (Art. 6 para. 1 lit.f GDPR)

We delete messages in accordance with our general deletion guidelines and otherwise as soon as we can assume that a continuation of the conversation is not to be expected and the deletion does not conflict with any other statutory retention obligations. Contact data, usage data, meta/communication data and content data of our communication partners are processed for contact requests, communication Services used:

• Facebook Messenger: Facebook Messenger with end-to-end encryption (the end-to-end encryption of Facebook Messenger requires activation if it is not activated by default); Service provider: https://www.facebook.com, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com;

Privacy Policy: https://www.facebook.com/about/privacy; Opt-Out: https://www.facebook.com/settings?tab=ads.

• Signal: Signal Messenger with end-to-end encryption; Service provider: Privacy Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA; Website: https://signal.org/; Privacy Policy: https://signal.org/legal/.

• Telegram Broadcasts: Telegram Broadcasts - Messenger with end-to-end encryption; Service provider: Telegram, Dubai; Website: https://telegram.org/; Privacy Policy: https://telegram.org/privacy.

• Threema: Threema Messenger with end-to-end encryption; Service provider: Threema GmbH, Churerstrasse 82, 8808 Pfäffikon SZ, Switzerland; Website: https://threema.ch/en; Privacy Policy: https://threema.ch/de/privacy.

• WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Website: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal.

​Processing for business purposes

We also process contract data (e.g. subject matter of the contract, term, date of conclusion) and payment data (e.g. account number) of our customers, interested parties and business partners in order to provide contractual services and other services. These include, in particular, services, customer care, marketing, advertising and market research. Online store and customer account When users place orders in our online store, we process their data in order to enable them to select, save and order the selected products and services as well as their payment and delivery or execution. In particular, this involves inventory data, communication data, contract data and payment data. The data subjects are our customers, interested parties and other business partners.

The purpose of the processing is the provision of contractual services in the context of the operation of an online store, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and the items accessed. In addition, we use permanent cookies to store the login status. The data processing takes place on the one hand to fulfil our services and carry out contractual measures (e.g. execution of order processes), on the other hand to comply with legal regulations (e.g., legally required archiving of business transactions for commercial and tax purposes). The information marked as required is necessary for the establishment and fulfilment of the contract.

Data will only be passed on to third parties within the scope of delivery and payment, within the scope of legal permissions and obligations, as well as on the basis of our legitimate interests, which we expressly inform you about in this privacy policy. Examples of this include, in particular, disclosures to legal and tax advisors, financial institutions, freight companies and authorities. Our users are offered the opportunity to create a user account. This enables them in particular to view their orders and access further services, such as canceling an order or preparing a return. Users are informed of the mandatory information required for registration. The accounts we create are non-public and cannot be indexed by search engines. In the event of termination of such an account by the user, the data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons.

All data collected as part of the customer account will be retained until it is deleted and subsequently archived in the event of a legal obligation or our legitimate interests. This is the case, for example, in the event of legal disputes. It is the responsibility of the user to save the data before the end of the contract in the event of termination. We store the IP address used by you during registration, during subsequent logins and when using our online services, as well as the time of the respective user action. This storage takes place on the basis of our legitimate interests in protecting users from misuse and other unauthorized use. This data is not passed on to third parties. This does not apply if this is necessary to pursue our legal claims as a legitimate interest or if there is a legal obligation to do so. After expiry of the statutory warranty rights or other contractual rights or obligations, such as payment claims or performance obligations from contracts, the data collected and stored by us will be deleted. The necessity of storing the data is reviewed every three years. In the event of retention due to statutory archiving obligations, the data will be destroyed once this obligation has expired.

​External payment service providers

We use external payment service providers who have their own platform to process payment transactions. Please note the privacy policy of ..., available at:

• Stripe (https://stripe.com/en-de/privacy),

• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),

• Klarna (https://www.klarna.com/de/datenschutz/),

• Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/),

• Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/),

• Visa (https://www.visa.de/datenschutz),

• Mastercard (https://www.mastercard.de/de-de/datenschutz.html),

• American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

​The use of payment service providers in the context of the fulfillment of contracts is based on Art. 6 para. 1 lit. b. GDPR. In addition, external payment service providers are used on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR in order to be able to offer our users effective and secure payment options.

The payment service provider primarily collects inventory data (such as the name and address), bank data (such as account numbers or credit card numbers), passwords, TANs and checksums as well as contract, sum and recipient-related information. This information is necessary for the execution of transactions. However, the data entered is processed exclusively by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information on whether the payment was successfully completed. For identity and credit checks, the data may be transmitted by the payment service provider to credit agencies. In this regard, we refer to the terms and conditions and data protection notices of the respective payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. Further information can also be found there, in particular on the assertion of rights of revocation, information and other rights of data subjects.

​Administration, financial accounting, office organization, contact management

We process data as part of the performance of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. This data is the same data that we process to provide our contractual services. This processing is carried out in accordance with Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR.

Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities. We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers. We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We store this data, most of which is company-related, permanently.

Business analyses and market research

We analyze the data available to us, in particular that relating to business transactions, contracts and inquiries, in order to operate our business economically. In doing so, we also try to recognize market trends and the wishes of our contractual partners and users (marketing, market research). For these purposes, we process in particular inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6 para. 1 lit. f. GDPR are processed by us. As part of the processing, we can, for example, compare the details of registered users within their profiles with the services they have used.

The analyses carried out are designed to increase user-friendliness and business efficiency and to optimize our offering. The analyses are carried out exclusively for our own purposes and are not disclosed externally, unless they are anonymous analyses with summarized values. The persons affected by these measures include our contractual partners, interested parties, customers, visitors and users of our online offering. If such analyses or profiles are personal, they are deleted or anonymized when the user gives notice. Otherwise, this happens after two years from the conclusion of the contract. Furthermore, the overall business analyses and general trend determinations are created anonymously where possible.

​Registration function

Users have the option of creating a user account. During the registration process required for this, the necessary mandatory information is disclosed to the users. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account. In particular, login information (name, password and an email address) is collected and processed. All data entered during registration is used for the use of the user account and the associated purposes. Our users may receive information by e-mail that is relevant to the user account. This may concern technical changes, for example.

If a user account is terminated by the user, their data relating to the user account will be deleted, subject to a statutory retention obligation. It is the responsibility of users to back up their data before the end of the contract in the event of termination. We are entitled to permanently delete all user data stored during the term of the contract.

In addition, we store the IP address and the time of the respective user action as part of the registration and login function. This is done on the basis of our legitimate interests as well as those of the users, as this is intended to ensure protection against misuse and other unauthorized use. This data is not passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c. GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.

Comments and contributions

If users submit comments or other contributions as part of our online offering, their IP addresses may be stored for seven days on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR for seven days. This is also done for our own security. This applies in particular in the event that someone leaves illegal content in comments or posts, e.g. insults or prohibited political propaganda. We can be held liable for this content ourselves, e.g. via so-called "Stoererhaftung" (Breach of Duty of Care), and are therefore interested in the identity of the author, for example in order to make claims for damages. In addition, we process on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR, we process the data of our users with regard to spam detection. On the same legal basis, we store the IP addresses of users for the duration of surveys and use cookies to avoid multiple votes.

We permanently store personal information, any contact and website information as well as the content information left in the context of comments and contributions within our online offering until the user objects.​

Comment subscriptions

Follow-up comments can be subscribed to by users with their consent in accordance with Art. 6 para. 1 lit. a GDPR. The respective user will then receive a confirmation email to check whether they are the owner of the email address entered. Users can cancel ongoing comment subscriptions at any time. To do so, they simply need to revoke their consent. Information on the revocation options is included in the confirmation e-mail. In order to be able to prove the user's consent, we store the time of registration and the user's IP address and delete this information as soon as the user unsubscribes from the subscription.

However, we may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. Otherwise, the data will be deleted by us after the three-year period has expired.​

Contacting us

When contacting us, which is possible via contact form, e-mail, telephone, fax or social media, the user's details are processed for the purpose of processing and handling the contact request. The legal basis with regard to contractual/pre-contractual relationships results from Art. 6 para. 1 lit. b. GDPR. With regard to other inquiries, Art. 6 para. 1 lit. f. GDPR is relevant. The information provided by users is generally stored in a customer relationship management system (CRM system) or comparable inquiry organization.

We delete the data obtained with regard to the request if it is no longer required. The necessity is reviewed every two years. Otherwise, the statutory archiving obligations apply.

Newsletter

The following is information on the content of our newsletter, the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you simultaneously declare your consent to receiving it and to the procedures explained.

Content of the newsletter:

We only send newsletters in the form of e-mails and other electronic notifications with advertising information with the prior consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging:

Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that a message is sent to the e-mail address you have provided, in which confirmation of the registration is requested by clicking on a specific link. This confirmation is necessary so that users can only register with e-mail addresses that they can access themselves and not misuse third-party e-mail addresses. In order to be able to prove the registration process in accordance with the legal requirements, every registration for the newsletter is logged. For this purpose, the time of registration and confirmation as well as the user's IP address are recorded. In addition, changes to your data stored by the mailing service provider are recorded.

Registration data:

To register for our newsletter, all you need to do is enter your email address. In order to be able to address you personally in the newsletter, we ask you to provide an additional name.

Legal basis:

The legal admissibility of sending newsletters results from the above-mentioned consent by the respective recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Art. 7 para. 2 no. 3 UWG. § Section 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. GDPR in conjunction with. § Section 7 para. 3 UWG. The logging of the registration process is based on the protection of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. These interests consist in the establishment and maintenance of a user-friendly and secure newsletter system for business purposes, which also enables us to prove consent.

Cancellation/revocation:

You have the right to cancel our newsletter service at any time. By doing so, you simultaneously revoke your consent. You will find a link to unsubscribe from our newsletter at the end of each newsletter. In order to be able to prove that consent has been given but later revoked, we are entitled to store the unsubscribed e-mail addresses for up to three years after revocation on the basis of our legitimate interests. This data is processed exclusively for the purpose of a possible defense against claims. If you confirm the former existence of your consent, you can submit an individual request for deletion at any time.

​Newsletter - performance measurement

Our newsletters contain a so-called "web-beacon". This is a pixel-sized file that is loaded from our server when the newsletter is opened or, if we use a mailing service provider, from their server. Technical information, such as information on the browser and operating system of the respective user as well as their IP address and time of retrieval, is collected when the newsletter is retrieved. This information is used for the technical improvement of the services. The technical data can be evaluated with regard to the respective target groups and their reading behavior, the respective retrieval locations, which can be determined by the IP address, and the access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, it is possible that this information may be assigned to individual newsletter recipients. However, we assure you that it is neither our intention nor that of any mailing service providers we use to spy on individual users.

The evaluations are used much more to determine the reading habits of our users and to adapt our content to them or to distribute different content according to the interests of our users. It is not possible to revoke the measurement of success separately. In the event that you do not agree with the analysis, you must cancel the entire newsletter subscription.

Hosting and e-mail dispatch

We use external hosting services for the operation of our online offering. This concerns:

• Infrastructure and platform services

• Computing capacity, storage space and database services,

• e-mail dispatch services and

• Sicherheitsleistungen und technische Wartungsleistungen.

In the context of safeguarding our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract). Art. 28 GDPR (conclusion of order processing contract), the following data in particular is processed by us or our hosting provider:

• Inventory and contact data,

• Content data and contract data as well as

• usage, meta and communication data.

This data processing concerns our customers as well as interested parties and visitors to our online offer. This website was created with Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland, D08 N12C (Squarespace Ireland Limited is a private company limited by shares under the laws of Ireland with company registration number 527641.) and is also hosted on their servers. (Squarespace privacy policy: https://www.squarespace.com/privacy) Squarespace.com is responsible for the processing of the personal data received and its subsequent transfer to third parties acting on behalf of Squarespace.com as its representative. Squarespace collects statistical data about visits to this website. The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address and the requesting provider. Squarespace uses this log data for statistical evaluation for the purposes of operation, security and optimization of the website and this data is also available to us as the operator of this website.​

The use of Squarespace is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time with effect for the future. We have concluded an order processing contract with Squarespace. This is a contract prescribed by data protection law, which ensures that personal data is only processed in compliance with the GDPR.

​​Collection of access data and log files

On the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). This data includes:

• Name of the website accessed and any specific files,

• the date and time of access

• amount of data transferred,

• Notification of successful retrieval,

• Browser type and version, the user's operating system,

• referrer URL (the previously visited page),

• IP address and

• the requesting provider.

For security reasons, log file information is stored for up to seven days and then deleted. This serves in particular to clarify acts of abuse or fraud. If data is suitable as evidence to clarify a matter, it is excluded from deletion until the respective incident has been finally clarified.