Deutsch
Data protection declaration and consent to the processing of proof of identity
We are delighted to welcome you to our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject), such as name, address, email address or user behaviour. This is data with which we can identify you. In addition, you will occasionally also find information about data processing operations outside of this website (e.g. video conferences or newsletters).
Responsible for data processing
Person responsible
for the processing of personal data within the terms of the EU General Data Protection Regulation (GDPR)
Van Ham Kunstauktionen GmbH & Co. KG
Hitzelerstr. 2
50968 Köln
GERMANY
Telephone: +49 (221) 92 58 62-0
Email: info@van-ham.com
Data protection officer
exkulpa gmbh
Waldfeuchter Str. 266
52525 Heinsberg
Telephone: +49 (2452) 99 33 11
Email: datenschutz@van-ham.com
General information
In addition to the data you actively disclose to us on this website (e.g. via our contact form) we collect some technical data. These so-called metadata are automatically transmitted from your computer to our servers as soon as you enter our website (browser, operating system or time stamp, among others). We use these data to ensure that our website is displayed correctly. Moreover, we can collect data via integrated third-party providers (e.g. for external media such as map services or analytics tools). We will inform you about the different purposes and legal basis in this Data Protection Declaration.
Storage duration
If no separate storage period is specified in this Data Protection Declaration, we will store your personal data as long as the purpose of the data processing exists. If you contact us with a justified deletion request or revoke your consent, we will delete your data. This does not affect legal storage obligations.
Legal basis for data processing
If you have consented to the data processing, your personal data will be processed on the basis of Art. 6(1a) GDPR or Art. 9(2a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. If you have given your express consent to the transfer of personal data to third countries, the data will also be processed according to Art. 49(1a) GDPR. If you have given your consent to the storage of cookies or the access to information on your terminal (e.g. via device fingerprinting) the data will also be processed on the basis of Art. 25(1) Telecommunications Digital Services Data Protection Act (TDDDG). You may revoke your consent at any time. If your data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, we will process your data in accordance with Art. 6(1b) GDPR. In addition, we will process your data if this is necessary for fulfilling a legal obligation, on the basis of Art. 6(1c) GDPR. The data may moreover be processed based on our legitimate interest according to Art. 6(1f) GDPR. In the following paragraphs of this Data Protection Declaration we inform you about the respective legal basis in individual cases.
Note on the data transfer to third countries and US companies without DPF certification
Please note that we use tools by companies located in third countries or the USA which are unsafe under data protection law and that are not covered by the EU-US Data Protection Framework Agreement (DPF). When we use these tools, your personal data may be transferred to and processed in these countries. Please note that a level of data protection that is comparable to that of the EU cannot be guaranteed in these countries.
We wish to point out that the USA generally offers a level of data protection that is comparable with that of the EU. The transfer of data to the USA is permitted if the recipient has DPF certification or provides suitable additional guarantees. Information about data transfer to third countries, including data recipients, is provided in our Data Protection Declaration.
Automated decision-making
Your personal data will not be processed for the purpose of automated decision-making.
Your rights
As data subject, you have the following rights according to the General Data Protection Regulation (GDPR):
Further data processing operations
General information obligations
This information is directed at customers, interested parties, suppliers and employees. We process your personal data for the following purposes:
Categories of recipients of personal data
Within our company, employees only have access to the data that they absolutely need to fulfil their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who have been commissioned in accordance with data protection regulations and who are based within the EEA. If service providers commissioned by us are given access to personal data during the performance of their services, these service providers have entered into controller processor agreements with us in accordance with Art. 28(3) GDPR.
Duration of data storage
The data we process will be stored for the duration of the existence and execution of the contractual relationship and in compliance with statutory storage periods. These are, in particular, commercial and tax storage obligations according to the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular storage and documentation periods are up to ten years. If no contractual relationship is established, we process the data only for as long as the specific purpose requires.
Data processing in accordance with the Money Laundering Prevention Act
According to Sec. 2(1) GwG (Geldwäschepräventionsgesetz = Money Laundering Prevention Act) we are obliged to comply with measures to prevent money laundering and the financing of terrorism. The legally required measures include the identification of contractual partners (Sec. 11 GwG) if a certain transaction amount is exceeded. Under certain circumstances we are also obliged to report suspicious transactions or transaction intentions (Secs. 27 et seq. GwG). Within the scope of the mandatory identification and/or reporting, we collect personal data and, if necessary, forward it to the Central Office for Financial Transaction Investigations (FIU). The legal basis for data collection and disclosure is Art. 6(1c) GDPR in conjunction with the respective legal provisions of the GwG. Unless other legal provisions on recording and storage obligations provide for a longer period in individual cases, we are obliged to store the data for five years. After the retention period has expired, the data will be destroyed in accordance with data protection regulations without the need for a separate request to do so.
Proof of identity may be, for example, an identity card or passport, etc.
Person responsible
If you send your proof of identity to VAN HAM Kunstauktionen GmbH & Co. KG, Hitzelerstrasse 2, 50968 Köln, Germany, then VAN HAM is responsible for processing your personal data. You can reach our data protection officer at the contact details given above.
Legal basis for processing
The legal basis for processing your personal data, in particular your biometric data, if applicable, is your consent pursuant to Art. 6(1a) GDPR, which you can revoke at any time without giving reasons.
Consignees
Only VAN HAM employees have access to your personal data. VAN HAM itself employs external service providers for the maintenance of its information technology, who may be given access to your personal data within the scope of their activities. Your personal data will be stored on our VAN HAM servers at Hitzelerstrasse 2, 50968 Köln, Germany.
Cookies
Cookies are small text files which are stored by your browser on your terminal in order to store certain pieces of information during your use of the website. Cookies allow us to improve various aspects of our website and make your visit more comfortable.
There are various types of cookies that serve difference purposes. Temporary cookies, also called session cookies, are only stored for the duration of your use of the website and are automatically deleted when you close your browser. Permanent cookies, on the other hand, remain stored on your terminal for a longer period and allow us to recognize you and your preferences during repeat visits to the website.
Cookies can also be subdivided into first-party and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is integrated on our website, such as plug-ins or analytics tools.
The use of cookies serves various purposes, for instance to ensure that the website functions properly, to store user settings, generate anonymous statistics about user behaviour, or show personalized content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases the setting of cookies is based on your legitimate interest according to Art. 6(1f) GDPR to make our website functional and user-friendly. As website operator we have a legitimate interest in the storage of necessary cookies that enable us to provide technically error-free and optimized services. When we obtain your consent for the use of cookies, processing is done on the basis of Art. 6(1a) GDPR in conjunction with Art. 25(1) TDDDG. You may revoke your consent at any time.
Consent with Cookiebot
Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal or to the use of certain technologies in order to document this in a manner that complies with data protection laws. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereafter "Cookiebot").
When you enter our website, a connection is established to Cookiebot's servers to obtain your consents and other declarations regarding cookie use. To assign and document your consent or your revocation, a cookie is set in your browser. This data is stored until you delete the cookie, request us to delete the data, or the purpose for the data processing no longer applies. This does not affect legal storage obligations.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1c) GDPR.
Order processing
To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Data processing in detail
In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data, and the respective storage periods. An automated decision in individual cases, including profiling, does not occur.
Website provision
When you access and use our website, we collect your personal data which your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:
Our website is not hosted by us but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.
The host is employed for the purpose of fulfilling contractual obligations to our potential and existing customers (Art. 6(1b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offerings by a professional provider (Art. 6(1f) GDPR).
Contact form
Type and scope of processing
If you send us inquiries (e.g. via contact form, email, or phone), we store all data resulting from this (e.g. name, email address, subject of inquiry, etc.). We need this data to process your inquiry and to be able to answer follow-up questions. We do not pass on this data without your consent.
Purpose and legal basis
The processing of this data is performed according to Art. 6(1b) GDPR if your request is related to the execution of a contract or is necessary for the performance of precontractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1f) GDPR) or on your consent (Art. 6(1a) GDPR) if you have given it beforehand.
Storage duration
The data you have entered in the contact form will remain with us until you request us to delete it, you revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form for job applicants
Type and scope of processing
We collect and process the personal data of applicants. These data may also be processed electronically, for instance when applicants submit application documents via email or a web form on our website. On our website we give you the option to send us applications for advertised open positions via email.
Purpose and legal basis
We process the personal data of applicants in accordance with the legal stipulations for the purpose of initiating an employment relationship (Art. 6(1b) GDPR). You are not obligated to provide us with these data. However, without these data we cannot carry out an application process with you.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6(1b) GDPR and, if you provide us with special categories of personal data such as health information, on the basis of Art. 9(2b) for the purpose of implementing the employment relationship.
In order to approach potential applications, we moreover use services of the professional networks LinkedIn and XING. In this respect, the operators of the networks act as data processors according to our instructions. The legal basis of the communication with potential applicants on our behalf is Art. 6(1f) GDPR (our legitimate interests). If you send us your application in response to such a communication, we will process your data for the purpose of initiating an employment relationship as described above on the basis of Art. 6(1b) GDPR.
Storage duration
Your data will be stored for a period of six months beyond the end of the application process. This is done to protect our legitimate interests in order to check if we need the data to avert any claims in connection with the application process. Subsequently, we are required to delete or anonymize your data. In this case the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).
If it is evident that further storage of the data will be required after the six-month period has expired (e.g. due to an impending or pending legal dispute) to protect our legitimate interests, the data will not be deleted until the purpose for continued storage no longer applies. The legal basis for this continued data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6(1f) GDPR in conjunction with Art. 24(1 no. 2) German Data Protection Act (BDSG) or, inasmuch as special categories of personal data are stored, Art. 9(2f) GDPR in conjunction with Art. 24(2) GDPR).
Inclusion in the pool of applicants
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 24 months on the basis of their consent within the terms of Art. 6(1a) and Art. 9(2a) GDPR. If you have indicated special criteria of personal data in your application, such as health information, your consent also applies to these data. You are not obligated to provide us with your application data for our talent pool. However, without these data we cannot consider you for vacancies advertised in the future, unless you send us a new application.
The consent to the inclusion of application data in the talent pool is voluntary and may be revoked at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
Your application documents will be deleted from the talent pool at the latest after the storage period has expired or revoked or you have accepted a job offer from one of the companies responsible for the talent pool.
If you receive an offer of employment with us during the application process and you accept this offer, we or this company will store the personal data collected as part of the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Art. 6(1b) GDPR or, if you submit special categories of personal data such as health information, Art. 9(2b).
Newsletter
On this website we offer you our newsletter. If you would like to subscribe, we need your email address and other data that proves that this is in fact your email address and that you agree to subscribing to the newsletter. Beyond that, no personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.).
When processing the data you provide when registering for the newsletter, we rely exclusively on your consent according to Art. 6(1a) GDPR as legal basis. You can revoke your consent to the future processing and storage of your personal data at any time (e.g. via the “Unsubscribe” link in the newsletter).
We store your personal data which you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the service provider who distributes it. This does not apply to data of yours that we have stored for other purposes.
If you unsubscribe from the newsletter, your email address will be stored by us or the service provider in a blocking list for an indefinite period of time. This is done to prevent future mailings to you. The data from the blocking list will be used exclusively for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest according to Art. 6(1f) GDPR to fulfil our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.
MailerLite
This website uses MailerLite for sending newsletters. The provider is UAB “MailerLite”, J. Basanaviciaus 15, LT-03108 Vilnius, Lithuania.
MailerLite is a service for the organization and analysis of the sending of the newsletter. The data you enter to receive the newsletter will be stored on the servers of MailerLite in Lithuania.
The emails sent with MailerLite contain a tracking pixel which connects to the servers of MailerLite when the email is opened. This makes it possible to learn whether a newsletter message was opened. In addition, MailerLite also enables us to determine whether and which links in the newsletter message are clicked on. All links in the email are tracking links with which clicks can be counted.
More information on the analytics functions of MailerLite is available at https://www.mailerlite.com/features.
The data processing is based on your consent (Art. 6(1a) GDPR). You can revoke your consent at any time. This does not affect the legitimacy of the data processing operations already carried out.
The data stored by us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and are subsequently deleted from the distribution list. Data that have been stored by us for other reasons remain unaffected by this.
Once you have been deleted from the newsletter list, your email address may be stored by us or the newsletter service provider in a so-called blocking list to prevent further mailings. The data from the blocking list will only be used for this purpose and will not be merged with other data. This serves your as well as our interest in compliance with the legal requirements for sending newsletters (legitimate interest according to Art. 6(1f) GDPR). Storage in the blocking list is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.
More information on data protection at MailerLite is available at https://www.mailerlite.com/legal/privacy-policy.
To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Registration of a user account
You have the option of registering an account on our website. We process the user data you have entered solely for the purpose of providing the service for which you have registered. As for important changes, for instance those concerning the scope of offers or technically necessary changes, we use the email address you entered during the registration to pass information on to you. The data entered during registration is processed for the purpose of implementing the usage relationship and for initiating further contracts, if applicable (Art. 6(1b) GDPR).
We store the data collected during registration for as long as you are registered on this website and will subsequently be deleted. Statutory storage periods remain unaffected.
Registration of a customer account
Type and scope of processing
In the context of order processing we collect your personal data to register a customer account. You can choose whether you wish to order as a guest or register a permanent user account. The information collected during registration via the required fields of the entry form is identical in both cases and necessary for processing the order in the online shop. When a permanent user account is registered, we also collect a password determined by you. Moreover, you can voluntarily provide additional information that is in your opinion required for processing the order.
In compliance with Art. 28 GDPR, your personal data is only passed on to third parties (such as shipping service provider / freight forwarder) and order processors inasmuch as this is necessary for processing the order.
Purpose and legal basis
We process your data for the purpose of registering a user account to fulfil a contract with you according to Art. 6(1b) GDPR. There is a contractual obligation to provide your data inasmuch as this relates to the obligatory fields, because we need this information to identify you and fulfil the pertinent contract. There is no legal obligation to provide the data. If this information is not provided, the order cannot be placed in our online shop and hence a contract cannot be concluded. There is no obligation to provide the additional information provided voluntarily. An order can be placed in our online shop without providing the voluntary information.
The additional processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and to display your previous purchases as well as to store your purchase-related data (e.g. storage of billing address, different shipping addresses) on the basis of your consent in accordance with Art. 6(1a) GDPR. By cancelling your customer account you can declare your revocation at any time with effect for the future according to Art. 7(3) GDPR.
Storage duration
If you order as a guest, we store your personal data until your order has been completely processed (termination of the contract). When you register a permanent customer account, we store the purchase-related data beyond the termination of the contract until you revoke your consent (cancellation of the customer account). In both cases, your data will continue to be stored only if there are legal storage obligations (e.g. tax and commercial law).
Data transmission upon contract conclusion for online shops, retailers and shipping of goods
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have explicitly agreed to the transmission.
The basis for the data processing is the fulfilment of a contract or precontractual measures according to Art. 6(1b) GDPR.
Credit checks
In the case of a purchase on invoice or any other method of payment for which we provide advance payment, we may carry out a credit check (scoring). For this purpose, we transmit your entered data (e.g. name, address, age, or bank details) to a credit agency. The probability of a payment default is determined based on this data. In the event of an excessive risk of nonpayment, we may refuse the payment method in question.
The basis for data processing is the fulfilment of a contract or precontractual measures according to Art. 6(1b) GDPR, as well as the prevention of payment defaults (legitimate interest according to Art. 6(1f) GDPR). If you have previously given your consent to your data being processed, this will be done solely on the basis of Art. 6(1a) GDPR; the consent can be revoked at any time.
Payment services
We integrate third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective providers apply. The basis for the data processing is the fulfilment of a contract or precontractual measures according to Art. 6(1b) GDPR as well as to make the payment process as smooth, convenient and secure as possible (Art. 6(1f) GDPR). If you have previously given your consent to your data being processed, this will be done solely on the basis of Art. 6(1a) GDPR; the consent can be revoked at any time.
We use the following payment service providers:
Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany. More information on data processing at Concardis is available at https://www.concardis.com/datenschutz .
Presence on social media platforms
On our website we operate public profiles in various social networks. More detailed information on the social networks we use is provided in the pertinent sections of our Data Protection Declaration.
Social networks such as Facebook, Twitter, etc. can analyze your user behaviour comprehensively when you visit their websites or a website with integrated social media content (e.g. Like buttons or advertising banners). By visiting our social media sites, numerous data protection–relevant processing operations are triggered:
If you are logged into your social media account and visit our social media web page, the operator of the social media portal can allocate this visit to your user account. However, your personal data may also be collected when you are not logged in or have no account with the respective social media portal. In this case the data is collected via cookies that are stored on your terminal or by recording your IP address.
The data collected in this manner enables the social media platforms to generate user profiles where your preferences and interests are recorded. As a result, interest-based advertising can be displayed on and outside of the respective social media website. If you have an account with the respective social network, the interest-based advertisements may be displayed on all devices on which you are or were logged in.
Please note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be performed by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis for data processing
The purpose of our social media sites is to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of Art. 6(1f) GDPR. The analytics process initiated by the social networks may have a different legal basis that must be stated by the operators of the social networks (e.g. consent according to Art. 6(1a) GDPR).
Responsible party and assertion of rights
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. Principally, you can assert your rights (information, correction, deletion, restriction of processing, data transferability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our possibilities are largely determined by the corporate policy of the respective provider.
Duration of data storage
The data collected directly by us via our social media site will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. regarding their privacy policy, see below).
Facebook page
Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereafter Meta). According to Meta, the data collected is also transferred to the USA and other countries.
We have concluded an agreement on joint processing with Meta (Controller Addendum). This agreement stipulates the data processing operations for which we or Meta are responsible when your visit our Facebook page. You can view the agreement by clicking on the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link to log in: https://www.facebook.com/settings?tab=ads.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For further information, please see Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Instagram page
Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For further information on the way your personal data is handled, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
Twitter page
Our company uses the short message service X (formerly Twitter). The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customize your X data protection settings yourself in your user account; to do so, log in at this link: https://x.com/settings/account/personalization.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details are available at https://gdpr.x.com/en/controller-to-controller-transfers.html.
For further information, please see X’s privacy policy: https://x.com/de/privacy.
LinkedIn page
Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable the LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For further information on the way your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube Our company has a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For further information on the way your personal data is handled, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Pinterest Our company has a profile on Pinterest. The operator is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For further information on the way your personal data is handled, please refer to Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.
Discord
We have a Discord channel. It is operated by Discord Inc., De Haro Street #200, San Francisco, CA 94107, USA. More information on data protection is available at https://discord.com/privacy
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Video conferencing
Data processing
We use online conferencing tools to communicate with our customers. The tools we use are listed in detail below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and by the provider of the respective tool.
The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you joined the conference, the number of participants and other metadata.
In addition, the provider of the tool processes all technical data required to run the conference. This specifically includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and connection type.
As you share content during the use of a conferencing tool, it will be stored on the providers’ servers. This includes cloud recordings, chat messages, voice messages as well as photos and videos that you share while using this service.
Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conferencing tools, please refer to the privacy statements of the respective tools used.
Purpose and legal basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6(1f) GDPR). If you have previously given your consent to your data being processed, this will be done solely on the basis of Art. 6(1a) GDPR; the consent can be revoked at any time.
Storage duration
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for which the data was stored no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data which is stored by the operators of the conferencing tools for their own purposes. Please contact the operators of the conferencing tools directly for details.
Video conferencing tools
We use the following tools for video conferencing:
TeamViewer
We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on data processing, please refer to TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Order processing
To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider. Website visitors are only processed according to our instructions and in compliance with GDPR.
Fast Fonts
We use Fast Fonts from Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA, as a service to provide fonts for our website. To obtain these fonts, you connect to servers of Monotype Imaging Inc., whereby your IP address is transmitted.
Purpose and legal basis
The use of Fast Fonts is based on our legitimate interests, i.e. interest in a uniform presentation as well as the optimization of our website according to Art. 6(1f) GDPR.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Storage duration
The specific storage period of the processed data cannot be influenced by us but is determined by Monotype Imaging Inc. Further information can be found in the privacy policy of Fast Fonts: https://www.monotype.com/legal/privacy-policy.
Google Analytics
On this website, we use services and functions provided by Google Analytics, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Type and scope of data processing
With the help of Google Analytics, we as the website operator can trace how our website is being used. This analysis tells us how often our website is accessed, how long visitors stay on the page, and with which devices or systems they access the website. In addition, we may use Google Analytics to track your mouse movements and clicks. Google Analytics uses machine learning technologies to analyze and supplement your data. The processing of the collected data usually takes place on Google servers in the USA.
Legal basis
Our use of Google Analytics is based on your consent in accordance with Art. 6(1a) GDPR in conjunction with Art. 25(1) TDDDG. You can revoke your consent at any time.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information about this at https://privacy.google.com/businesses/controllerterms/mccs/.
Order processing
To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Storage duration
Google stores data linked to cookies, user IDs, or advertising IDs. This data is stored for two months and then anonymized or deleted. You can find more information about the storage period or the deletion of your data at https://support.google.com/analytics/answer/7667196?hl=de.
Google Tag Manager
On this website, we use services and functions provided by Google Tag Manager, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to use other tools on our website. It does not create user profiles, it does not store cookies, and it does not perform independent analytics. However, your IP address is collected and may be transmitted to the USA. Google Tag Manager itself is only used to manage those tools that are integrated by it.
In using Google Tag Manager on this website, we rely on Art. 6(1f) GDPR as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website easily and quickly. If you have previously given consent to data processing on this website by Google Tag Manager, your data is processed solely on the legal basis of Art. 6(1a) GDPR in conjunction with Art. 25(1) TDDDG. You can revoke your consent at any time.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
Meta Pixel
We use the Metal Pixel on this website, which is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Meta Pixel allows us to analyze the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook ad. We use this data to measure the success of our ads on Facebook and to optimize them. For this purpose, we as the website operator only receive anonymized data, so that we cannot identify you as a user.
Meta, on the other hand, processes the data in a way that assigns it to a specific user and then uses it for its own advertising purposes. This allows Meta to display personalized advertisements on Meta and other websites. We as the website operator have no influence on this. You can find more information on data processing in Meta’s privacy policy at https://www.facebook.com/about/privacy/.
Legal basis
Our use of Meta-Pixel is based on your consent in accordance with Art. 6(1a) GDPR and Art. 25(1) TDDDG. You can revoke your consent at any time.
The company is certified according to the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA whose purpose is to ensure compliance with European data protection standards when processing data in the USA. Certification according to the DPF obligates companies to observe these data protection standards.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. For more information, please visit https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
If personal data is collected on this website through these services and passed on to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland bear joint responsibility for the processing of your personal data (Art. 26 GDPR). However, in these instances we are only responsible for the collection of your data and its transmission to Meta, while Meta is responsible for what happens to the data afterwards. The obligations we impose on each other in the context of joint responsibility are set out in a data sharing agreement. Please see the following link for the exact text of the agreement: https://www.facebook.com/legal/controller_addendum. Accordingly, we must provide you with information on data protection when using the Meta tool and ensure that the tool is implemented on our website in a manner that complies with data protection regulations.
Meta itself is responsible for the security of its own products. If you wish to exercise your data subject rights and, for example, request information about your data processed by Meta, you can contact Meta directly. If you assert your rights as a data subject with us, we are obligated to transmit your request to Meta.
Last revised: 01.01.2025
Call us at +49 (221) 92 58 62-0or write to us. We will process your request promptly and get back to you as soon as possible. If you would like us to call you back, please specify a time slot within our business hours (Mon-Fri 10 a.m. to 5 p.m.).
