Privacy statement
Thank you for visiting our website www.db-consulting.team and for your interest in our company. With the aim of offering you the highest possible level of transparency, we will inform you below about the type, scope and purpose of the collection, processing and use of personal data that arise when using our website. The General Data Protection Regulation (hereinafter referred to as “GDPR”) can here retrieve it as a complete document.
contents
1. Definitions of terms
2. Responsible person in accordance with Article 4 No. 7 GDPR
3. Legal basis of processing
4. Storage of data/deletion of data
5. Transfer of personal data
6. Collection of personal data
7. cookies
8. Webflow
10. Google Analytics
11. Google Maps
12. Google Fonts
13. multilingualizer
14. jsDelivr
15th newsletter
16. Your rights
17. Right of objection
18. Data security
1. Definitions of terms
The following terms, which we use within our privacy policy, are defined within Art. 4 GDPR. This is only an excerpt from Article 4 GDPR. All definitions can be found in the GDPR (available here).
Personal data (Art. 4 No. 1 GDPR)
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social are the identity of that natural person.
Processing (Art. 4 No. 2 GDPR)
Processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data, such as collecting, organizing, storing, adapting or changing, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
Pseudonymization (Art. 4 No. 5 GDPR)
Pseudonymization includes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
Responsible person (Art. 4 No. 7 GDPR)
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.
Contract processor (Art. 4 No. 8 GDPR)
A processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible.
Third party (Art. 4 No. 10 GDPR)
A third party is a natural or legal person, authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process personal data.
Consent (Art. 4 No. 11 GDPR)
The consent of the data subject is any voluntary, informed and unambiguous statement of intent in the specific case, in the form of a statement or other unequivocal affirmative action by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.
Companies (Art. 4 No. 18 GDPR)
A company is a natural or legal person who carries out an economic activity, regardless of its legal form, including associations or partnerships that regularly engage in economic activity.
2. Responsible person in accordance with Art. 4 No. 7 GDPR
db Personnel- und Unternehmensberatung GmbH
Saar Innovation Campus, Altenkesseler Strasse 17/A3
66115 Saarbruecken
telephone: +49 681 844992111
email: kontakt@db-consulting.team
Our full legal notice can be found here: https://www.db-consulting.team/impressum
contents
1. Definitions of terms
2. Responsible person in accordance with Article 4 No. 7 GDPR
3. Legal basis of processing
4. Storage of data/deletion of data
5. Transfer of personal data
6. Collection of personal data
7. cookies
8. Webflow
10. Google Analytics
11. Google Maps
12. Google Fonts
13. multilingualizer
14. jsDelivr
15th newsletter
16. Your rights
17. Right of objection
18. Data security
1. Definitions of terms
The following terms, which we use within our privacy policy, are defined within Art. 4 GDPR. This is only an excerpt from Article 4 GDPR. All definitions can be found in the GDPR (available here).
Personal data (Art. 4 No. 1 GDPR)
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social are the identity of that natural person.
Processing (Art. 4 No. 2 GDPR)
Processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data, such as collecting, organizing, storing, adapting or changing, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
Pseudonymization (Art. 4 No. 5 GDPR)
Pseudonymization includes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
Responsible person (Art. 4 No. 7 GDPR)
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.
Contract processor (Art. 4 No. 8 GDPR)
A processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible.
Third party (Art. 4 No. 10 GDPR)
A third party is a natural or legal person, authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process personal data.
Consent (Art. 4 No. 11 GDPR)
The consent of the data subject is any voluntary, informed and unambiguous statement of intent in the specific case, in the form of a statement or other unequivocal affirmative action by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.
Companies (Art. 4 No. 18 GDPR)
A company is a natural or legal person who carries out an economic activity, regardless of its legal form, including associations or partnerships that regularly engage in economic activity.
2. Responsible person in accordance with Art. 4 No. 7 GDPR
db Personnel- und Unternehmensberatung GmbH
Saar Innovation Campus, Altenkesseler Strasse 17/A3
66115 Saarbruecken
telephone: +49 681 844992111
email: kontakt@db-consulting.team
Our full legal notice can be found here: https://www.db-consulting.team/impressum
3. Legal basis for processing
3. Legal basis for processing
With any processing described in our privacy policy, we will inform you of the corresponding legal basis on which the processing is carried out. A distinction is made between the following groups of cases in which processing is lawful:
- You have given us consent to process your personal data for one or more specific purposes (Article 6 (1) (a) GDPR).
- There is a contract between you and us for the fulfilment of which processing is carried out or the processing is necessary to carry out pre-contractual measures, which are carried out at your request (Art. 6 (1) (b) GDPR).
- Fulfilment of a legal obligation to which we are subject requires processing (Art. 6 (1) (c) GDPR).
- Protecting the vital interests of you or another natural person requires processing (Art. 6 (1) (d) GDPR).
- The performance of a task assigned to us in the public interest or exercise of official authority requires processing (Art. 6 (1) (e) GDPR).
- The need for processing to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data prevail (Article 6 (1) (f) GDPR).
4. Storage of data/deletion of data
Within the processing described in our privacy policy, we will inform you of the corresponding storage period and the dates of deletion or blocking of data. If no express storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for storage no longer exists. Storage may take place beyond the defined periods if legal regulations to which we are subject (e.g. § 147 AO, § 247 HGB) provide for a different storage period.
Following the storage period, the personal data will be deleted or blocked, unless further storage is required by us on the basis of a legal basis. In addition, storage beyond the specified time is possible in the event of (any) legal dispute with you or other legal proceedings.
5. Transfer of personal data
If your personal data is shared, you will be informed accordingly at the relevant section of our privacy policy.
6. Collection of personal data
Below, we will inform you about the collection of personal data (such as name, email address, address or user behavior).
6.1. Exclusive use of our website for informational purposes
If you neither register on our website (for example in the form of a newsletter) nor submit data to us in any other way (for example by using a contact form), only the personal data that is transmitted from your browser to our server will be collected. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line:
- Internet protocol address (IP address)
- time and date of the respective access
- Time zone difference to Greenwich Mean Time (GMT)
- The specific page accessed
- Access status/ Hypertext Transfer Protocol (http)
- Amount of data that was transferred in each case
- Website from which access to our website is made (referrer URL)
- Internet browser used (including language and version)
- Operating system used
The legal basis for collecting the listed data results from Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring an error-free connection and convenient use of our website, as well as in analyzing system stability and security and using the data for further administrative purposes.
6.2. Contact via email
If you contact us via the e-mail address in section 2 or other e-mail addresses of our company published on our website, we will store your e-mail address and other contact details within your email (e.g. your name or telephone number) in order to process your request. This data is immediately deleted as soon as further storage is no longer necessary. Should there be legal storage periods with regard to the data, the processing will be restricted accordingly instead of the deletion of the data. Depending on the reason for sending the email, the legal basis for processing the data is based on Article 6 (1) (b) GDPR or Article 6 (1) (1) (f) GDPR, i.e. it is either to process the contract concluded with you and to fulfill our (pre) contractual obligations or is based on our legitimate interest in getting in touch with those interested in our service.
6.3. contact form
When you contact us via the contact form on our website, your e-mail address and name as well as other contact details provided voluntarily by you (e.g. telephone number) will be stored and processed by us in order to process your request. Depending on the reason for the contact, the legal basis for processing the data is based on Article 6 (1) (b) GDPR or Article 6 (1) (1) (f) GDPR, i.e. it is either to process the contract concluded with you and to fulfill our (pre) contractual obligations or is based on our legitimate interest in getting in touch with those interested in our service.
7. cookies
We use cookies on our website. Cookies are small, browser-specific text files that are stored on your hard drive. As a result, the location that sets the respective cookie receives certain information, but this does not allow programs to be executed or viruses to be transmitted. Cookies are divided into the following classes:
First, a distinction is made based on who has set the respective cookie (website operator in the form of first-party cookies or third parties in the form of third-party cookies).
There is then a distinction as to the duration of storage.
There are transient cookies that are automatically deleted when the browser is closed, in particular so-called session cookies, which store a session ID. With these session cookies, your computer is recognized when you visit our website again within a session with the same browser. When you close your browser or log out, these temporary cookies are deleted.
There are also so-called persistent cookies, which are stored for a longer period of time (up to two years). However, the period until deletion differs from cookie to cookie. You can manually delete these cookies at any time using your browser settings.
So-called flash cookies form another group. This is a Flash player bound cookie that stores the technical data required to play video or audio content (e.g. image quality or network speed), although there is normally no automatic expiration date and the cookies save the necessary data regardless of the browser used. Some browsers (such as Firefox) offer the option of deleting Flash cookies together with other cookies.
Cookies are also differentiated based on their function, which is most relevant from a data protection perspective. Technical (essential) cookies are cookies that are necessary to be able to perform basic functions of the website (e.g. saving a product that has been added to the shopping cart).
Performance cookies collect information about the use of the website and errors that occur as a result. This is anonymous information that is used to improve the website.
Using advertising cookies or targeting cookies, it is possible to display customized advertising (including from third-party providers) to the user of the website and to determine this ad in terms of effectiveness.
Sharing cookies connect the website to other services (e.g. social media presences).
We only automatically use technical cookies and therefore cookies that are essential for the operation of our website based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in order to effectively design and constantly improve our website. All other cookies are only used if you have consented to their use in accordance with Article 6 (1) (a) GDPR via our consent tool. You can revoke this consent at any time by clicking on the button at the bottom left of the page.
In addition, we will once again explicitly inform you, within the statements in this privacy policy, about the respective application if an application we use sets cookies.
We would like to point out that you can prevent the storage of cookies at any time by setting your browser accordingly. We have compiled further information in this context with regard to the most common browsers below, but would like to point out that this may restrict the functionality of our website.
Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
Microsoft Edge: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
8. Webflow
Our website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as “Webflow”). At the same time, Webflow provides the content management system for our website. We have concluded an order processing contract with the company which contains the standard contractual clauses for the transfer of personal data to processors in third countries in accordance with Directive 95/46/EC of the European Parliament and of the Council (available in German here). Webflow's global privacy policy can be found here: https://webflow.com/legal/privacy. The privacy policy for the EU and Switzerland can be found here: https://webflow.com/legal/eu-privacy-policy
8.1. hosting
Webflow hosts our website using the content delivery networks of the US companies Fastly Inc. and Amazon Web Services, Inc. A content delivery network is a network of spatially distributed, possibly interconnected servers. This always uses the server that is closest to the respective user of the website. The CDN used here includes servers in North America and parts of Europe. For more information, visit the following Webflow page:
https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service
8.1.1. Fastly
Webflow hosts our website using the content delivery network of the US company Fastly Inc. 475, Brannan St. #300, San Francisco, CA 94107. The company's privacy policy can be found here:
https://www.fastly.com/privacy/
8.1.2. Amazon CloudFront
Webflow hosts our website using the content delivery network of the US company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109. The CDN is called Amazon CloudFront. The company's legal notice can be downloaded here:
https://aws.amazon.com/de/impressum/?nc1=f_cc
The company's privacy policy can be found here:
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2020-08-15.pdf
8.2. Cloudflare
To ensure cross-browser compatibility so that the modern functionality of Webflow pages is also available in older browsers that do not support them natively, Webflow integrates JavaScript using the CDN Cloudflare. The operator of the CDN is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107. The company's privacy policy can be found here:
https://www.cloudflare.com/de-de/privacypolicy/
8.3. website-files.com
There is also a connection to the domain website-files.com. This domain belongs to the company Webflow. It hosts images and other assets that are integrated into our website. This domain from Webflow is also hosted via the Fastly and Amazon CloudFront CDNs.
8.4. jsDelivr
We use the open-source CDN jsDelivr on our website to integrate a webflow widget. When you visit the website, the personal data mentioned in this privacy policy is transmitted purely for informational purposes. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website functional. The privacy policy of the open-source CDN jsDelivr can be found here: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
8.5. legal basis
The legal basis for data processing within the meaning of the above is Article 6 (1) (b) GDPR. In sections 7.1. — 7.3, there is also a transfer of data to the USA and thus to a so-called unsafe third country within the meaning of the GDPR. Data transmission is nonetheless permitted. The legal basis for this lies in Art. 46 para. 1, para. 2 lit. c GDPR (standard contract clauses) or in Art. 49 para. 1 lit. b GDPR and therefore in the fulfilment of a contract between us and you as a user or in the need to carry out pre-contractual measures. For the USA, there is currently neither an adequacy decision by the EU nor any other appropriate guarantees. The protection of your data cannot be guaranteed in the destination country USA. There is currently no level of data protection equivalent to that of the EU in the USA. The transfer is therefore associated with corresponding risks. In particular, there are no guarantees that your submitted data will not be accessed by government agencies.
For example, it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA for short; in German, for example, “International Intelligence Surveillance Act”, a law that regulates the United States' foreign intelligence and counterintelligence activities). In this context, we expressly point out that, as an EU citizen, you have no effective legal protection against the processing of your data by US authorities on the basis of FISA.
9. Usercentrics
We use the Usercentrics consent management tool from Usercentrics GmbH Sendlinger Straße 7, 80331 Munich Impressum: https://usercentrics.com/de/impressum/nachfolgend called “Usercentrics”). Usercentrics' privacy policy can be found here: https://usercentrics.com/de/datenschutzerklaerung/. We have concluded a corresponding contract for order data processing with Usercentrics. The Usercentrics tool automatically sets cookies to save the decisions you have made regarding privacy settings. The legal basis results from Art. 6 (1) (c), f GDPR, as we thus ensure compliance with legal requirements. Our legitimate interest in using Usercentrics lies in operating our website in compliance with data protection regulations. Usercentrics states that all servers are located in the EU: https://usercentrics.atlassian.net/wiki/spaces/SKB/pages/17825793/Wo+befinden+sich+die+Usercentrics+Server
10. Google Maps
We integrate Google Maps on our website using Google API (the acronym API stands for Application Programming Interface). This is a program interface that allows us to integrate third-party services on our website; the privacy policy regarding the Google API service can be found here: https://developers.google.com/terms/api-services-user-data-policy). This is an interactive map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Impressum: https://www.google.de/intl/de/contact/impressum.html. The parent company of this company based in Ireland is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA94043, USA (hereinafter referred to as “Google”). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de. When you access the subpage on which Google Maps is implemented, Google receives the information about this call and the personal data mentioned in this privacy policy is transmitted to Google when the website is used for informational purposes only. This transfer is used to create a user profile by Google and takes place regardless of whether you have a Google account.
11. Google Fonts
We use Google Fonts on our website and integrate them via Google API (the acronym API stands for application programming interface). This is a program interface that allows us to integrate third-party services on our website; the privacy policy regarding the Google API service can be found here: https://developers.google.com/terms/api-services-user-data-policy). These are fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Impressum: https://www.google.de/intl/de/contact/impressum.html. The parent company of this company based in Ireland is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de. When you visit the website, Google receives the information about this call and the personal data mentioned in this privacy statement is transmitted to Google purely for informational purposes. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website graphically appealing and user-friendly.
12. multilingualizer
On our website, we use the Multilingualizer tool from Matiogi Ltd in Great Britain (C/O Ascot Drummond Devonshire House, Manor Way, Borehamwood, HERTFORDSHIRE, WD6 1QQ (hereinafter referred to as “Matiogi”). There is currently an EU adequacy decision with regard to Great Britain. An “adequacy decision” is a decision adopted by the European Commission in accordance with Article 45 GDPR and which determines that a third country (i.e. a country that is not bound by the GDPR — in this case Great Britain) offers an adequate level of protection for personal data. When you visit the website, the personal data mentioned in this privacy policy is transmitted purely for informational purposes. Matiogi's privacy policy can be found here: https://www.multilingualizer.com/privacy-policy/. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website available in different languages.
12th newsletter
To always be informed about offers and interesting blog articles from our company, you can subscribe to our newsletter. To successfully sign up for the newsletter, all you have to do is enter your email address in the registration form. The only mandatory information within the registration form is your e-mail address. We store your e-mail address and any other data you have provided voluntarily (the legal basis for this is Article 6 (1) (a) GDPR) in order to send you the newsletter in the future. Furthermore, our site only stores your IP address and the times of newsletter subscription and newsletter unsubscription after sending the last newsletter for the period in which it is necessary for us to provide proof of your registration, including your confirmation and your cancellation, and to enable us to clarify any improper use of your data (the time of deletion is therefore determined after the limitation period for any claims). You have the right to withdraw your consent to send our newsletter at any time and thus unsubscribe from the newsletter without incurring any costs other than the transmission costs at the basic rates. There are two ways to do this. On the one hand, you can send us a corresponding e-mail to kontakt@db-consulting.team or click on the “unsubscribe newsletter” link, which is available at the end of every newsletter you receive from us.
13. Your rights
We will explain your rights under the GDPR below. You can download the GDPR as a complete document here.
Right to information in accordance with Article 15 (1) GDPR
You have the right to request confirmation from us as to whether personal data relating to you is being processed by you. If the answer is yes, in addition to the right to information about this personal data, you have a right to information about processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (in particular for recipients in third countries or international organizations), the storage period or criteria for determining the storage period, the existence of a right of correction or deletion of Personal data concerning you or the right to restrict processing on our part and the existence of a right to object to this processing, the existence of a right of appeal to a supervisory authority, all available information about the origin of the data (in the event that it was not collected by us), the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of a such processing.
Right to rectification in accordance with Art. 16 GDPR
You have the right to request us to correct incorrect personal data without delay and to complete incomplete personal data concerning you.
Right to deletion (“right to be forgotten”) in accordance with Article 17 (1) GDPR
You have the right to request that we delete the personal data relating to you immediately. However, under Article 17 (3) GDPR, this right does not exist if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or to assert, exercise or defend legal claims.Right to restrict processing in accordance with Article 18 (1) GDPR
You have the right to request that we restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies for the period of time that enables us to verify the accuracy), if the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for processing purposes, but you need it to assert, exercise or defend legal claims or you have filed an objection to processing in accordance with Article 21 (1) GDPR (the restriction applies as long as it is not yet clear whether our legitimate reasons outweigh yours).
Right to data portability under Art. 20 GDPR
You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format and to transfer it to another person responsible without hindrance on our part (or to request direct transmission from us to another person responsible, if this is technically possible) if the processing by us was based on consent or a contract or was carried out using automated procedures.
Right to withdraw consents granted in accordance with Article 7 (3) GDPR
You have the right to withdraw consent given to us at any time with effect for the future, so that data processing based on consent can no longer be continued in the future, but does not affect the lawfulness of the processing carried out up to your revocation.
Right to lodge a complaint under Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is contrary to the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, place of work or the location of the alleged infringement. For more information, click here: https://www.bfdi.bund.de/DE/Datenschutz/Ueberblick/MeineRechte/Artikel/BeschwerdeBeiDatenschutzbehoereden.html
17. Right of objection
In addition to the above rights, you also have the right at any time to object to the processing of your personal data based on the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 p. e GDPR) or to protect legitimate interests on our part (Art. 6 para. 1 p. f GDPR), provided that there are reasons for this arising from your particular situation. In the event of an objection, no further processing of personal data will be carried out unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms or that serve to assert, exercise or defend legal claims. If your personal data is processed for direct marketing or profiling purposes, provided that there is a connection to direct marketing, you have a general right to object without the need for reasons arising from your particular situation. In the event of an objection, we will immediately stop processing personal data for these purposes. To exercise your right of revocation or objection, simply send an e-mail to kontakt@solvitdigital.team
18. Data security
The encryption and communication protocol TLS 1.2 (Transport Layer Security) is used on our website. Through the TLS certificate we use and issued by a certification authority, we enable encrypted data exchange between web browser and web server, which means that sensitive data cannot be read by third parties. We use the method with the highest level of encryption that your browser supports, which will usually be 256-bit encryption. The higher the number of bits, the longer the key and therefore the better protection against third parties.
This privacy policy was created individually for this website by Frame for Business GmbH in cooperation with Schützle Rechtsanwaltskanzlei mbH.
Within the processing described in our privacy policy, we will inform you of the corresponding storage period and the dates of deletion or blocking of data. If no express storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for storage no longer exists. Storage may take place beyond the defined periods if legal regulations to which we are subject (e.g. § 147 AO, § 247 HGB) provide for a different storage period.
Following the storage period, the personal data will be deleted or blocked, unless further storage is required by us on the basis of a legal basis. In addition, storage beyond the specified time is possible in the event of (any) legal dispute with you or other legal proceedings.
5. Transfer of personal data
If your personal data is shared, you will be informed accordingly at the relevant section of our privacy policy.
6. Collection of personal data
Below, we will inform you about the collection of personal data (such as name, email address, address or user behavior).
6.1. Exclusive use of our website for informational purposes
If you neither register on our website (for example in the form of a newsletter) nor submit data to us in any other way (for example by using a contact form), only the personal data that is transmitted from your browser to our server will be collected. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line:
- Internet protocol address (IP address)
- time and date of the respective access
- Time zone difference to Greenwich Mean Time (GMT)
- The specific page accessed
- Access status/ Hypertext Transfer Protocol (http)
- Amount of data that was transferred in each case
- Website from which access to our website is made (referrer URL)
- Internet browser used (including language and version)
- Operating system used
The legal basis for collecting the listed data results from Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring an error-free connection and convenient use of our website, as well as in analyzing system stability and security and using the data for further administrative purposes.
6.2. Contact via email
If you contact us via the e-mail address in section 2 or other e-mail addresses of our company published on our website, we will store your e-mail address and other contact details within your email (e.g. your name or telephone number) in order to process your request. This data is immediately deleted as soon as further storage is no longer necessary. Should there be legal storage periods with regard to the data, the processing will be restricted accordingly instead of the deletion of the data. Depending on the reason for sending the email, the legal basis for processing the data is based on Article 6 (1) (b) GDPR or Article 6 (1) (1) (f) GDPR, i.e. it is either to process the contract concluded with you and to fulfill our (pre) contractual obligations or is based on our legitimate interest in getting in touch with those interested in our service.
6.3. contact form
When you contact us via the contact form on our website, your e-mail address and name as well as other contact details provided voluntarily by you (e.g. telephone number) will be stored and processed by us in order to process your request. Depending on the reason for the contact, the legal basis for processing the data is based on Article 6 (1) (b) GDPR or Article 6 (1) (1) (f) GDPR, i.e. it is either to process the contract concluded with you and to fulfill our (pre) contractual obligations or is based on our legitimate interest in getting in touch with those interested in our service.
7. cookies
We use cookies on our website. Cookies are small, browser-specific text files that are stored on your hard drive. As a result, the location that sets the respective cookie receives certain information, but this does not allow programs to be executed or viruses to be transmitted. Cookies are divided into the following classes:
First, a distinction is made based on who has set the respective cookie (website operator in the form of first-party cookies or third parties in the form of third-party cookies).
There is then a distinction as to the duration of storage.
There are transient cookies that are automatically deleted when the browser is closed, in particular so-called session cookies, which store a session ID. With these session cookies, your computer is recognized when you visit our website again within a session with the same browser. When you close your browser or log out, these temporary cookies are deleted.
There are also so-called persistent cookies, which are stored for a longer period of time (up to two years). However, the period until deletion differs from cookie to cookie. You can manually delete these cookies at any time using your browser settings.
So-called flash cookies form another group. This is a Flash player bound cookie that stores the technical data required to play video or audio content (e.g. image quality or network speed), although there is normally no automatic expiration date and the cookies save the necessary data regardless of the browser used. Some browsers (such as Firefox) offer the option of deleting Flash cookies together with other cookies.
Cookies are also differentiated based on their function, which is most relevant from a data protection perspective. Technical (essential) cookies are cookies that are necessary to be able to perform basic functions of the website (e.g. saving a product that has been added to the shopping cart).
Performance cookies collect information about the use of the website and errors that occur as a result. This is anonymous information that is used to improve the website.
Using advertising cookies or targeting cookies, it is possible to display customized advertising (including from third-party providers) to the user of the website and to determine this ad in terms of effectiveness.
Sharing cookies connect the website to other services (e.g. social media presences).
We only automatically use technical cookies and therefore cookies that are essential for the operation of our website based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in order to effectively design and constantly improve our website. All other cookies are only used if you have consented to their use in accordance with Article 6 (1) (a) GDPR via our consent tool. You can revoke this consent at any time by clicking on the button at the bottom left of the page.
In addition, we will once again explicitly inform you, within the statements in this privacy policy, about the respective application if an application we use sets cookies.
We would like to point out that you can prevent the storage of cookies at any time by setting your browser accordingly. We have compiled further information in this context with regard to the most common browsers below, but would like to point out that this may restrict the functionality of our website.
Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
Microsoft Edge: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
8. Webflow
Our website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as “Webflow”). At the same time, Webflow provides the content management system for our website. We have concluded an order processing contract with the company which contains the standard contractual clauses for the transfer of personal data to processors in third countries in accordance with Directive 95/46/EC of the European Parliament and of the Council (available in German here). Webflow's global privacy policy can be found here: https://webflow.com/legal/privacy. The privacy policy for the EU and Switzerland can be found here: https://webflow.com/legal/eu-privacy-policy
8.1. hosting
Webflow hosts our website using the content delivery networks of the US companies Fastly Inc. and Amazon Web Services, Inc. A content delivery network is a network of spatially distributed, possibly interconnected servers. This always uses the server that is closest to the respective user of the website. The CDN used here includes servers in North America and parts of Europe. For more information, visit the following Webflow page:
https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service
8.1.1. Fastly
Webflow hosts our website using the content delivery network of the US company Fastly Inc. 475, Brannan St. #300, San Francisco, CA 94107. The company's privacy policy can be found here:
https://www.fastly.com/privacy/
8.1.2. Amazon CloudFront
Webflow hosts our website using the content delivery network of the US company Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109. The CDN is called Amazon CloudFront. The company's legal notice can be downloaded here:
https://aws.amazon.com/de/impressum/?nc1=f_cc
The company's privacy policy can be found here:
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_German_2020-08-15.pdf
8.2. Cloudflare
To ensure cross-browser compatibility so that the modern functionality of Webflow pages is also available in older browsers that do not support them natively, Webflow integrates JavaScript using the CDN Cloudflare. The operator of the CDN is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107. The company's privacy policy can be found here:
https://www.cloudflare.com/de-de/privacypolicy/
8.3. website-files.com
There is also a connection to the domain website-files.com. This domain belongs to the company Webflow. It hosts images and other assets that are integrated into our website. This domain from Webflow is also hosted via the Fastly and Amazon CloudFront CDNs.
8.4. jsDelivr
We use the open-source CDN jsDelivr on our website to integrate a webflow widget. When you visit the website, the personal data mentioned in this privacy policy is transmitted purely for informational purposes. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website functional. The privacy policy of the open-source CDN jsDelivr can be found here: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
8.5. legal basis
The legal basis for data processing within the meaning of the above is Article 6 (1) (b) GDPR. In sections 7.1. — 7.3, there is also a transfer of data to the USA and thus to a so-called unsafe third country within the meaning of the GDPR. Data transmission is nonetheless permitted. The legal basis for this lies in Art. 46 para. 1, para. 2 lit. c GDPR (standard contract clauses) or in Art. 49 para. 1 lit. b GDPR and therefore in the fulfilment of a contract between us and you as a user or in the need to carry out pre-contractual measures. For the USA, there is currently neither an adequacy decision by the EU nor any other appropriate guarantees. The protection of your data cannot be guaranteed in the destination country USA. There is currently no level of data protection equivalent to that of the EU in the USA. The transfer is therefore associated with corresponding risks. In particular, there are no guarantees that your submitted data will not be accessed by government agencies.
For example, it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA for short; in German, for example, “International Intelligence Surveillance Act”, a law that regulates the United States' foreign intelligence and counterintelligence activities). In this context, we expressly point out that, as an EU citizen, you have no effective legal protection against the processing of your data by US authorities on the basis of FISA.
9. Usercentrics
We use the Usercentrics consent management tool from Usercentrics GmbH Sendlinger Straße 7, 80331 Munich Impressum: https://usercentrics.com/de/impressum/nachfolgend called “Usercentrics”). Usercentrics' privacy policy can be found here: https://usercentrics.com/de/datenschutzerklaerung/. We have concluded a corresponding contract for order data processing with Usercentrics. The Usercentrics tool automatically sets cookies to save the decisions you have made regarding privacy settings. The legal basis results from Art. 6 (1) (c), f GDPR, as we thus ensure compliance with legal requirements. Our legitimate interest in using Usercentrics lies in operating our website in compliance with data protection regulations. Usercentrics states that all servers are located in the EU: https://usercentrics.atlassian.net/wiki/spaces/SKB/pages/17825793/Wo+befinden+sich+die+Usercentrics+Server
10. Google Maps
We integrate Google Maps on our website using Google API (the acronym API stands for Application Programming Interface). This is a program interface that allows us to integrate third-party services on our website; the privacy policy regarding the Google API service can be found here: https://developers.google.com/terms/api-services-user-data-policy). This is an interactive map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Impressum: https://www.google.de/intl/de/contact/impressum.html. The parent company of this company based in Ireland is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA94043, USA (hereinafter referred to as “Google”). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de. When you access the subpage on which Google Maps is implemented, Google receives the information about this call and the personal data mentioned in this privacy policy is transmitted to Google when the website is used for informational purposes only. This transfer is used to create a user profile by Google and takes place regardless of whether you have a Google account.
11. Google Fonts
We use Google Fonts on our website and integrate them via Google API (the acronym API stands for application programming interface). This is a program interface that allows us to integrate third-party services on our website; the privacy policy regarding the Google API service can be found here: https://developers.google.com/terms/api-services-user-data-policy). These are fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Impressum: https://www.google.de/intl/de/contact/impressum.html. The parent company of this company based in Ireland is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de. When you visit the website, Google receives the information about this call and the personal data mentioned in this privacy statement is transmitted to Google purely for informational purposes. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website graphically appealing and user-friendly.
12. multilingualizer
On our website, we use the Multilingualizer tool from Matiogi Ltd in Great Britain (C/O Ascot Drummond Devonshire House, Manor Way, Borehamwood, HERTFORDSHIRE, WD6 1QQ (hereinafter referred to as “Matiogi”). There is currently an EU adequacy decision with regard to Great Britain. An “adequacy decision” is a decision adopted by the European Commission in accordance with Article 45 GDPR and which determines that a third country (i.e. a country that is not bound by the GDPR — in this case Great Britain) offers an adequate level of protection for personal data. When you visit the website, the personal data mentioned in this privacy policy is transmitted purely for informational purposes. Matiogi's privacy policy can be found here: https://www.multilingualizer.com/privacy-policy/. The legal basis for processing the data results from Article 6 (1) (f) GDPR and is based on our legitimate interest in making our website available in different languages.
12th newsletter
To always be informed about offers and interesting blog articles from our company, you can subscribe to our newsletter. To successfully sign up for the newsletter, all you have to do is enter your email address in the registration form. The only mandatory information within the registration form is your e-mail address. We store your e-mail address and any other data you have provided voluntarily (the legal basis for this is Article 6 (1) (a) GDPR) in order to send you the newsletter in the future. Furthermore, our site only stores your IP address and the times of newsletter subscription and newsletter unsubscription after sending the last newsletter for the period in which it is necessary for us to provide proof of your registration, including your confirmation and your cancellation, and to enable us to clarify any improper use of your data (the time of deletion is therefore determined after the limitation period for any claims). You have the right to withdraw your consent to send our newsletter at any time and thus unsubscribe from the newsletter without incurring any costs other than the transmission costs at the basic rates. There are two ways to do this. On the one hand, you can send us a corresponding e-mail to kontakt@db-consulting.team or click on the “unsubscribe newsletter” link, which is available at the end of every newsletter you receive from us.
13. Your rights
We will explain your rights under the GDPR below. You can download the GDPR as a complete document here.
Right to information in accordance with Article 15 (1) GDPR
You have the right to request confirmation from us as to whether personal data relating to you is being processed by you. If the answer is yes, in addition to the right to information about this personal data, you have a right to information about processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (in particular for recipients in third countries or international organizations), the storage period or criteria for determining the storage period, the existence of a right of correction or deletion of Personal data concerning you or the right to restrict processing on our part and the existence of a right to object to this processing, the existence of a right of appeal to a supervisory authority, all available information about the origin of the data (in the event that it was not collected by us), the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of a such processing.
Right to rectification in accordance with Art. 16 GDPR
You have the right to request us to correct incorrect personal data without delay and to complete incomplete personal data concerning you.
Right to deletion (“right to be forgotten”) in accordance with Article 17 (1) GDPR
You have the right to request that we delete the personal data relating to you immediately. However, under Article 17 (3) GDPR, this right does not exist if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or to assert, exercise or defend legal claims.Right to restrict processing in accordance with Article 18 (1) GDPR
You have the right to request that we restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies for the period of time that enables us to verify the accuracy), if the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for processing purposes, but you need it to assert, exercise or defend legal claims or you have filed an objection to processing in accordance with Article 21 (1) GDPR (the restriction applies as long as it is not yet clear whether our legitimate reasons outweigh yours).
Right to data portability under Art. 20 GDPR
You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format and to transfer it to another person responsible without hindrance on our part (or to request direct transmission from us to another person responsible, if this is technically possible) if the processing by us was based on consent or a contract or was carried out using automated procedures.
Right to withdraw consents granted in accordance with Article 7 (3) GDPR
You have the right to withdraw consent given to us at any time with effect for the future, so that data processing based on consent can no longer be continued in the future, but does not affect the lawfulness of the processing carried out up to your revocation.
Right to lodge a complaint under Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is contrary to the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, place of work or the location of the alleged infringement. For more information, click here: https://www.bfdi.bund.de/DE/Datenschutz/Ueberblick/MeineRechte/Artikel/BeschwerdeBeiDatenschutzbehoereden.html
17. Right of objection
In addition to the above rights, you also have the right at any time to object to the processing of your personal data based on the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 p. e GDPR) or to protect legitimate interests on our part (Art. 6 para. 1 p. f GDPR), provided that there are reasons for this arising from your particular situation. In the event of an objection, no further processing of personal data will be carried out unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms or that serve to assert, exercise or defend legal claims. If your personal data is processed for direct marketing or profiling purposes, provided that there is a connection to direct marketing, you have a general right to object without the need for reasons arising from your particular situation. In the event of an objection, we will immediately stop processing personal data for these purposes. To exercise your right of revocation or objection, simply send an e-mail to kontakt@solvitdigital.team
18. Data security
The encryption and communication protocol TLS 1.2 (Transport Layer Security) is used on our website. Through the TLS certificate we use and issued by a certification authority, we enable encrypted data exchange between web browser and web server, which means that sensitive data cannot be read by third parties. We use the method with the highest level of encryption that your browser supports, which will usually be 256-bit encryption. The higher the number of bits, the longer the key and therefore the better protection against third parties.
This privacy policy was created individually for this website by Frame for Business GmbH in cooperation with Schützle Rechtsanwaltskanzlei mbH.