Privacy policy
Exclusion of liability
Wrage GmbH makes every effort to ensure that the information provided on the Wrage Website is complete, up-to-date and correct. However, Wrage cannot guarantee the accuracy, completeness and up-to-dateness of the information on the Wrage Website or any transmission errors and disclaims any liability for any resulting damage or inconvenience. The customer acknowledges that Wrage can in particular also not assume any warranty for the content of linked third-party websites and rejects any liability therefor. Each participant is responsible for himself/herself. The organiser shall not be liable for any damage to property or impairment of physical or mental health. The participant undertakes to observe all instructions given by us. We assume no liability for the journey to and from the venue.
Data protection declaration
This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “processing” or “responsible person”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
General information
Responsible party
Wrage GmbH
Managing Director: Greta Lipp
Schlüterstraße 4
20146 Hamburg
Germany
Telephone: +49(0)40-413297-0
Fax: +49(0)40-44 24 69
E-mail: wrage@wrage.de
Data protection officer: The data protection officer can be contacted at the above address or by e-mail at daten@wrage.de.
Types of data processed in connection with our company’s services, e.g., ticketing, newsletter etc.
– Contact data (e.g., names, addresses)
– Contact data (e.g., e-mail, telephone numbers)
– Content data (e.g., text entries, graphics, videos)
– Usage data (e.g., web sites visited, content interests, access times)
– Meta-/Communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of our online offer (hereinafter we also refer to the data subjects collectively as “users”).
Collection and storage of personal data as well as type and purpose of processing
– Provision of the online offer, its functions and contents
– Answering contact requests and communication with users
– security measures
– Reach measurement/marketing
Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as a “natural person”); “identifiable” means a natural person who can be identified directly or indirectly, in particular by reference to an identified or identifiable natural person (hereinafter ‘data subject’); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or an e-mail address. (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Responsible person” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal basis
In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.
Safety measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subject rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).
Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies (order processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g., for the USA through the “Privacy Shield””) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.
In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 of the GDPR and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of withdrawal
You have the right to revoke any consent you have given in accordance with Art. 7 (3) DSGVO with effect for the future.
Right to object to data collection in special cases and to direct marketing (Art. 21 DSGVO)
If data processing is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR). If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion is not contrary to any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to other legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
Data collection
Cookies
We use temporary and permanent cookies on our website.
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US American site www.aboutads.info/choices/ or the EU site www.youronlinechoices.com. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that not all functions of this online offer can then be used.
Hosting and Content Delivery Networks (CDN)
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract). Art. 28 DSGVO (conclusion of order processing agreement).
External hosting
This website and the webshop are hosted by external service providers (hosters). The personal data collected on the websites is stored on the servers of the hosters. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The hosters are used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hosters will only process your data insofar as this is necessary to fulfil their service obligations and follow our instructions with regard to this data.
We use the following hosters:
Website:
RAIDBOXES GmbH
Hafenstrasse 32
48153 Münster
Webshop:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur
Conclusion of a contract on order processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hosters.
Access data and server log files
We, or rather our hosting provider, collect data on every access to our website on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we or our hosting provider collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
Business-related processing
We also process
– Contract data (e.g., subject matter of the contract, term, customer category)
– Payment data (e.g., bank details, payment history)
of our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising.
Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up enquiries. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g., after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO), if this has been requested.
The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Registration on this website
You can register on this website in order to use additional functions on the site. We use the data you enter for this purpose only for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
For important changes, for example in the scope of the offer or in the case of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.
Order processing in the online shop and customer account
We process the data of our customers in the context of the order processes in our online shop in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.
The data processed includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the scope of operating an online shop, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart and temporary and permanent cookies to store the login status.
The processing is based on Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfilment of the contract. We only disclose the data to third parties in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities.
Users must create a customer account to purchase tickets, an online course or other products, in which they can view their orders and, if applicable, participate in online courses at any time. As part of the registration process, the required mandatory information is provided to users and processed on the basis of Art. 6 (1) lit. b DSGVO for the purpose of providing the customer account. The processed data includes in particular the login information (name, password as well as an e-mail address). The data entered during registration is used for the purposes of using the customer account and its purpose. Users may be informed by e-mail of information relevant to their customer account, such as technical changes. The customer accounts are not public and cannot be indexed by search engines.
If users have cancelled their customer account, their data relating to the customer account will be deleted, subject to their retention being necessary for commercial or tax law reasons in accordance with Art. 6 Para. 1 lit. c DSGVO. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of termination before the end of the contract.
Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO. The IP addresses are anonymised or deleted after 7 days at the latest.
For our webshop system, we use a third-party system from IONOS SE, Montabaur. To ensure data protection-compliant processing, we have concluded an order processing contract with our webshop system provider. Further information on the IONOS data treasure can be found at: https://www.ionos.de/hilfe/index.php?id=3157&source=helpandlearn.
IONOS uses third-party services to provide its services. These include Amazon Web Service, Inc. as well as cloudfront.net, which are US cloud computing providers belonging to the Amazon group. The data protection guidelines of cloudfront.net can be found here: https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html) and of Amazon here: https://www.amazon.de/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ.
Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract.
When using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
External payment service providers
We use external payment service providers through whose platforms users and we can make payment transactions. In the context of the performance of contracts, we use the payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. b. DSGVO in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The details are required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.
The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.
We use the following payment services/payment service providers within the scope of this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details and the privacy policy can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
Sofortüberweisung
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, which can then log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as your personal data are transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and, if applicable, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment by Sofortüberweisung can be found in the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
giropay
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am Main (hereinafter “giropay”).
For details, please refer to the giropay privacy policy: https://www.paydirekt.de/agb/index.html
Administration, financial accounting, office organisation, contact management
We process data within the scope of administrative tasks as well as organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transmit data to the tax authorities, advisors, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Contact
When contacting us (e.g., by contact form, e-mail, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
Online presences in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.
Newsletter
With the following information, we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter(s), you agree to receive them and to the procedures described.
Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or with legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our services and us.
The newsletter is sent using “ActiveCampaign”, a newsletter dispatch platform with its registered office at 1 N Dearborn, 5th Floor, Chicago, IL 60601, United States, represented in Europe by its branch in Dublin, Ireland, Block D, Iveagh Court, Hardcourt Road Dublin, 2.
Information on the data protection provisions of the shipping service provider is available at: https://www.activecampaign.com/de/legal.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on ActiveCampaign servers in the USA. ActiveCampaign uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, ActiveCampaign may use this data to optimise or improve its own services, e.g., for the technical optimisation of the dispatch and the presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. ActiveCampaign does not use the data of newsletter recipients to contact them directly or to pass them on to third parties.
ActiveCampaign is certified under the US-EU data protection agreement “Privacy Shield” and thus undertakes to comply with the EU data protection regulations.
Conclusion of a contract on commissioned processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our service provider “Active Campaign”.
Double opt-in and logging: Registration for our newsletters takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. Registrations for newsletters are logged in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.
Registration data: To register for newsletters, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter, as well as your country or city for the purpose of selecting offers, if this is requested.
The dispatch of the newsletter and the associated performance measurement is based on the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission in accordance with § 7 para. 3 UWG.
The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as the expectations of the users and furthermore allows us to prove consent.
Cancellation/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
Newsletter – performance measurement
The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file which is retrieved from our server or, if we use a dispatch service provider, from their server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected.
This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Analysis tools
Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services. Usage guidelines: www.google.com/intl/de/tagmanager/use-policy.html.
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. DSGVO) Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law www.privacyshield.gov/participant.
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google.
Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.
For more information on Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy policies.google.com/privacy as well as the settings for the display of advertisements by Google adssettings.google.com/authenticated.
Users’ personal data is deleted or anonymised after 14 months.
Google Analytics Remarketing
We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users.
If you have a Google account, you can object to personalised advertising at the following link:
The use of Google Remarketing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in marketing its products as effectively as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Further information and the data protection provisions can be found in Google’s data protection declaration at: https://policies.google.com/technologies/ads?hl=de.
Google AdWords and conversion measurement
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 9.10.2008 (“Google”) on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law www.privacyshield.gov/participant.
We use the online marketing method Google “AdWords” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to better target ads for and within our online offering to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she has been interested in on other online offers, this is referred to as “remarketing”. For these purposes, when our website and other websites on which the Google advertising network is active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer.
Furthermore, we receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies users.
The users’ data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google’s servers in the USA.
For more information on Google’s use of data, settings and opt-out options, please refer to Google’s privacy policy policies.google.com/technologies/ads and the settings for the display of advertisements by Google adssettings.google.com/authenticated.
Facebook Pixel, Custom Audiences and Facebook Conversion
Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law www.privacyshield.gov/participant.
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook’s data usage policy: www.facebook.com/policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: www.facebook.com/business/help/651294705016616.
You can opt-out of the Facebook Pixel’s collection and use of your data to display Facebook Ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: www.facebook.com/settings. The settings are platform independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.
You can also opt out of the use of cookies for reach measurement and advertising purposes by visiting the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website www.aboutads.info/choices or the European website www.youronlinechoices.com/uk/your-ad-choices/.
Plug-ins and tools
Third-party services and content
Within our online offer, we use content or service providers on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation of our online offer within the meaning of art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
Facebook Social Plugins
We use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. DSGVO) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g., videos, graphics or text contributions) and are recognisable by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law www.privacyshield.gov/participant.
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer by the latter. In the process, user profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his or her IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of the users, can be found in the data protection information of Facebook: www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings; or via the US site www.aboutads.info/choices/ or the EU site www.youronlinechoices.com. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
YouTube with enhanced data protection
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
Vimeo without tracking (Do-Not-Track)
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have set Vimeo in such a way that Vimeo will not track your user activities and will not set any cookies. The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy. Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. This informs Google that your IP address has been used to access this website. The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data input on this website (e.g., in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. The storage and analysis of the data is based on art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
For further information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
Status: 10 May 2022