The following is an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.
[lightweight-accordion title=”Legal basis“]
- Consent (Art. 6 (1) p. 1 lit. a) DSGVO) – The data subject has given their consent to the processing of personal data relating to their for a specific purpose or purposes.
- Contract performance and pre-contractual requests (Art. 6 (1) p. 1 lit. b) DSGVO) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures which are carried out at the data subject’s request.
- Legal obligation (Art. 6 (1) p. 1 lit. c) DSGVO) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 (1) p. 1 lit. f) DSGVO) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
[/lightweight-accordion]
In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
[lightweight-accordion title=”Security measures“]
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
TLS encryption (https): To protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
[/lightweight-accordion]
[lightweight-accordion title=”Transmission of personal data“]
In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
[/lightweight-accordion]
[lightweight-accordion title=”Data transfer to the USA“]
On this website, tools from companies are integrated which have their headquarters in the USA. By activating the tools, your personal data can be forwarded accordingly to the US servers of the respective company. The USA is not a safe third country in the sense of EU data protection law. For US companies, there is an obligation to hand over personal data to security authorities, without it being possible for a data subject to take legal action against this. It cannot be ruled out that US authorities may process, permanently store or evaluate their data located on US servers for monitoring purposes. We have no influence on these processing activities.
[/lightweight-accordion]
[lightweight-accordion title=”Deletion of data“]
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
Our data protection notices may also contain further details on the retention and deletion of data, which take priority for the respective processing operations.
[/lightweight-accordion]