Privacy Policy
We process personal data when you visit our website and when providing services to our contractual partners. Definition: Personal data is data that can be used to identify you personally.
We are aware of the responsibility we bear when receiving data. We therefore handle it with appropriate care and comply with the provisions of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union, and other provisions relating to data protection. Of course, you should always know
- who is responsible and available to help with questions and concerns regarding the protection of your data (see "Responsible body" and "Data protection officer" in this privacy policy).
- what specific personal data we collect, why we collect it, and
- on what legal basis,
- when and how we may share personal data with third parties, and, of course,
- what rights you have in relation to the data we process (see "Rights of the data subject").
The answers to these questions can be found in this privacy policy.
Table of contents
I. Responsible body
II. Data protection officer
III. Use of cookies
IV. Accessing the website (log files)
V. Contacting us
VI. Data processing for payment transactions
VII. Data processing during verification processes
VIII. Data Processing in Connection with Support Services
IX. Data transfer to third parties/third countries
- Google services
- CommuniPay
- Zendesk
X. Abuse and fraud prevention
XI. Security
XII. Storage period/routine deletion
XIII. Rights of the data subject
XIV. Changes to the privacy policy
I. Responsible body for data processing
campoint AG (hereinafter referred to as "campoint" / "we" / "us")
Dr.-Hermann-Neubauer-Ring 32
63500 Seligenstadt
Phone +49 (0)6182 8955-0
Fax +49 (0)6182 8955-299
Email info@campoint.net
Terms:
Responsible body = the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Data processing = Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
II. Data protection officer
You can contact our data protection officer by mail at the address provided in this privacy policy under "Responsible body" with the addition "Data Protection Officer" or by email at: datenschutzbeauftragter@campoint.net
III. Use of cookies
We use cookies on our website. These are small files that your Internet browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.
Information relating to the specific device used is stored in the cookie. However, this does not mean that we immediately obtain knowledge of your identity, but your browser can be recognized and identified via a cookie ID. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again using the same device and browser to use our services, we will automatically recognize that you have already visited us and what entries and settings you have made. You will not need to re-enter this information. Information for identifying a so-called advertiser is also stored. This is the operator of a website who has placed an advertisement on their website that links to our website. By clicking on this advertisement, you can access our website. The information to identify the advertiser is used so that we can assign them remuneration for the successful promotion of our site.
On the other hand, we use cookies to statistically record the use of our website and to evaluate this for the purpose of optimizing our offer for you.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer and thus permanently object to storage. It is also possible to set your browser so that a message always appears before a new cookie is created.
We also use a cookie consent tool. When you visit our site, a pop-up window appears where you can check boxes to give your consent for specific types of cookies. If you do not check a box for a tool, these cookies will be blocked.
We have a legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR for the purposes stated above.
If certain cookies are set based on your consent and the data is processed in accordance with Art. 6 (1) (a) GDPR, you can revoke your consent at any time with future effect (e.g., by changing your cookie settings on our website) without affecting the lawfulness of the processing of your data that has taken place up to that point.
You can also opt out of cookies used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (NAI): optout.networkadvertising.org/, the European website "YourOnlineChoices" www.youronlinechoices.com/uk/your-ad-choices/, and the US website of the Digital Advertising Alliance (DAA) "aboutads": www.aboutads.info/choices.
IV. Accessing the website (log files)
Each time www.campoint.net is accessed, our system automatically collects data and information from the system of the accessing device. The following data is stored in the log files of our system:
- the user's operating system
- browser type and browser version
- the user's Internet service provider
- the user's Internet Protocol address ("IP address")
- Date and time of the website visit
- Websites from which the user's system accesses our website (called "referrers")
- Websites accessed by the user's system via our website
- Other similar data and information that serves to avert the risk of an attack on our information technology systems.
This data is not directly related to any individual, and we therefore cannot draw any direct conclusions about your person from it. The storage of this data is necessary in order to
- correctly transmit the content of our web pages
- continuously optimize our websites
- analyze errors
- to ensure the long-term functionality of our IT systems and website technology, and
- provide law enforcement agencies with the information necessary for criminal prosecution in the event a cyberattack.
We evaluate the data statistically. In addition, an evaluation is carried out to ensure data protection and data security on the website and the level of protection for the personal data we process. This data is not merged with other data sources. It is stored separately from other personal data you have provided.
We have a legitimate interest in the technically error-free presentation and optimization of our website, as well as in protecting our equipment and systems from attacks. This data is therefore collected on the basis of Art. 6 (1) lit. f) GDPR.
V. Contacting us
You can contact us by telephone, post, email, or via our contact form. The following applies to all types of contact:
The data will be deleted (taking into account any statutory retention periods that may apply) as soon as the purpose of the correspondence has been achieved.
The legal basis for processing is, provided you have given your consent, Art. 6 (1) (a) GDPR, otherwise (b), if the processing of your request is for the preparation or execution of a contractual relationship, and (f), if there is no contractual relationship, whereby our legitimate interest in this case is to improve and accelerate our customer and user service and to respond to your request efficiently.
The following details apply to the respective type of contact:
Contact by telephone
If you call us, we will process the information you voluntarily provide during the call (e.g., last name, first name, street, city, postal code), as well as the date and time of the call, the phone number sent with the call, and the content of the conversation. This data is used to process the request you have communicated to us.
Contact by mail
If you write to us by post, we will process the address data provided in your letter (e.g., last name, first name, street, city, postal code), the date of the letter and the date of receipt, as well as the content of your message and any attachments sent with it. Depending on the data you provide here, we may then contact you again by mail or email to respond to your inquiry.
Message by email
You can send us an email by clicking on one of our email addresses on our website. This service uses your email application. You also have the option of sending us an email directly via your email program. We receive, process, and store your email address, the content of your message, any email attachments sent, the subject line, the date of the message, and the time of receipt. This data is used to process your request. We may contact you again by email to respond to your inquiry.
We may use the CRM system "Zendesk" from Zendesk, Inc., 989 Market Street, San Francisco, CA 94102, USA, to respond to email inquiries. Details on the transfer of data to Zendesk can be found in this privacy policy under "Data transfer to third parties/third country transfer" and there under "Zendesk." If you do not agree to this data processing, you can use our alternative contact options to submit service requests by telephone or mail.
Message via the contact form
Our website has a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. This data includes: your name, your email address, the subject and your message, and the date and time the contact form was sent. This data will be used solely to process your request and to respond to you. We may contact you by email to respond to your inquiry. When you submit the completed contact form, your IP address will also be stored. This serves to prevent misuse of the contact form and to ensure the security of our information technology systems, which is in line with our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
We may use the CRM system "Zendesk" from Zendesk, Inc., 989 Market Street, San Francisco, CA 94102, USA, for responding to inquiries submitted via the contact form. Details on the transfer of data to Zendesk can be found in this privacy policy under "Data transfer to third parties/third country transfer" and there under "Zendesk." If you do not agree to this data processing, you can use our alternative contact options to submit service requests by telephone or mail.
VI. Data processing for payment transactions
If you make payments on a website whose operator uses our service for the technical and organizational integration of payment processing
- initiate payments
- receive refunds from it
- initiate a purchase or
- do not fulfill its claim.
we receive transaction data.
We also receive transaction data when a website operator who uses our services assigns the claim they have against you to us for collection in their own name and on their own account. Transaction data may include the following information:
- name
- billing address
- phone
- merchant
- location
- subject matter of the contract
- date of contract
- contract term
- customer category
- transaction amount
- transaction date
- payment history
- phone number
- payment method information, e.g., credit or debit card number, bank account information.
We may also receive information that you enter into a checkout form (information entered into the form during the purchase process), even if you later cancel the transaction. We use your transaction data to provide our service to the website operator or to pursue the claim against you that has been assigned to us.
Our services for website operators may include the following:
- invoicing
- calculation of applicable sales tax
- processing of online payment transactions
- calculation of revenue
- collection of invoice amounts
- accounting tasks
- debt collection
As we act as a processor within the scope of our services, we pass on your personal data on behalf of the website operator who commissioned us to the operator of your chosen payment method and/or our technical service provider, who integrates the payment method for us and provides the technical support, in order to carry out the desired payment transaction.
Please note that the website operators who commission us are responsible for ensuring that your data protection rights are respected. All data protection-related details regarding the payment methods offered by the respective website operators can be found in their privacy policies. There you will also find links to the privacy policies of the individual payment methods.
We do not use, sell, or share any personal data from end customers for marketing or advertising purposes or for the marketing and advertising purposes of third parties.
Data processing is carried out for the purpose of executing the contract to which you are a party or for the purpose of implementing pre-contractual measures. The transfer and processing of data is also necessary in order to execute the payment for the transaction you have made on the respective website using your chosen payment method and thus to complete the transaction. Data processing is therefore carried out on the legal basis of Art. 6 (1) (b) GDPR.
Connecting many different payment methods is also complex and cost-intensive. The website operator therefore has a legitimate interest under Art. 6 (1) (f) GDPR in using a service provider for the technical and organizational connection. We also use service providers ourselves for the technical execution of payment transactions in some cases (see VIII.2.).
VII. Data processing during verification processes
If a website operator uses our service for the technical and organizational integration of verification measures, including age verification, we receive personal data from you, such as
-
you enter yourself for verification purposes, such as:
- name
- address
- date of birth
- telephone number
-
image and/or video recording of your identity document, including the data visible therein
-
image and/or video recording of your face.
This data is processed on behalf of the website operator to prevent fraud and ensure compliance with legal and internal website regulations for the protection of minors.
In addition, we may receive information that you entered or uploaded during a verification process, even if you later cancel the process.
We may compare this information with information about you that we collect from business users, financial partners, business partners, identity verification services, publicly available sources, and other third-party providers to verify that you are likely to be the person you claim to be.
As we act as a data processor, we will pass on your personal data to the operator of your chosen verification method and/or our technical service provider on behalf of the website operator who commissioned us to carry out the desired verification process.
Please note that the website operators who commission us are responsible for ensuring that your data protection rights are respected. All details relevant to data protection regarding the verification services offered by the respective website operators can be found in their privacy policies. There you will also find links to the privacy policies of the individual verification services.
We do not use, sell, or share any personal data from end customers for marketing or advertising purposes or for the marketing and advertising purposes of third parties.
Data processing is carried out for the purpose of executing the contract to which you are a party or for the purpose of implementing pre-contractual measures. The transfer and processing of data is also necessary in order to carry out verification on the respective website using the verification method you have chosen, thereby completing the verification required for the protection of minors.
Data processing is therefore carried out on the legal basis of Art. 6 (1) lit. b) GDPR. The integration of various verification methods is also complex and cost-intensive. The website operator therefore has a legitimate interest under Art. 6 (1) (f) GDPR in using a service provider for the technical and organizational connection. We also use service providers ourselves for the technical implementation of verification measures, including age verification (see VIII.2.).
VIII. Data pcessing in connection with support services
If a website operator uses our service for support, they forward us the user inquiries they receive through various channels so that we can process and respond to them on their behalf. In doing so, personal data is transmitted to us.
To process your request, the website operator grants us access to the data stored with them regarding your account there that is relevant to the inquiry. We retrieve, process, and store this data only to the extent necessary to respond to your request.
Depending on the inquiry, this may include, for example, the contract and transaction data stored by the operator for your account there, or your additional contact information.
If, in the course of our support activities, we receive declarations of intent concerning the website operator, we will forward these to the operator on your behalf.
Specifically, the following data is processed in connection with the various support services:
Phone support
If the operator has set up phone support, incoming calls can be forwarded to us. We answer the calls on behalf of the operator and process the information you voluntarily provide during the call (e.g., last name, first name, street, city, ZIP code), as well as the date and time of the call, the phone number provided during the call, and the content of the conversation. In addition, we store the data retrieved from the website operator for processing purposes. All processed data is forwarded to the operator after the call ends. If your matter has not yet been resolved during the call, the operator may also instruct us to continue processing the inquiry.
Support for inquiries sent by mail
If a website operator has set up support for inquiries sent by mail, they may provide us with the address information you included in your letter (e.g., last name, first name, street, city, ZIP code), the date of the letter, the date and time it was received, the content of your message, and any attachments you may have included. We process this information to respond to your inquiry by mail or email and, if necessary, request any data required to respond from the website operator. Our response and the data retrieved for this purpose are stored by us and forwarded to the operator.
E-mail support
If we have been entrusted with email support by a website operator, we will receive, process, and store your email address, the content of your message, and any email attachments you may have included, as well as the subject line, date of the message, and time the email was received. If additional data is required to address your inquiry, this data will be retrieved from the operator. All data is used exclusively to process your inquiry. If necessary, we may contact you via email to respond to your inquiry. Our response and the data retrieved for this purpose are stored by us and forwarded to the operator.
We may use the CRM system “Zendesk,” provided by Zendesk, Inc., 989 Market Street, San Francisco, CA 94102, USA, to respond to the email inquiry. Details regarding the transfer of data to Zendesk can be found in this Privacy Policy under “Data Disclosure to Third Parties/Transfer to Third Countries” and specifically under “Zendesk.”
Support for inquiries via contact forms
If you use a contact form provided by the operator, the data you enter in the form will be transmitted to us and stored. This data includes: your name, your email address, the subject line, and your message, as well as the date and time the contact form was submitted. In addition, we will retrieve the data necessary to respond from the operator. If necessary, we may contact you via email to respond to your inquiry. Our response and the data retrieved for this purpose will be stored by us and forwarded to the operator.
Additional information
Please note that, in addition to us, the website operators who commission us are also responsible for ensuring that your data protection rights are respected. You can find all details regarding data protection and the contact options offered by the respective website operators in their privacy policies.
We do not use, sell, or share personal data of end customers for marketing or advertising purposes, or for the marketing and advertising purposes of third parties.
Data processing is carried out for the effective fulfillment of the contract to which you are a party, or for the implementation of pre-contractual measures. Due to the large volume of daily support requests, website operators have a legitimate interest under Article 6(1)(f) of the GDPR in using a service provider to ensure customer-oriented and, above all, timely processing of inquiries.
IX. Data transfer to third parties/third countries
Terms
Third party = A natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Third country = A country outside the European Economic Area in which the GDPR is not directly applicable.
Unreliable third country = Third country for which the EU Commission has not issued an adequacy decision pursuant to Art. 45 (1) GDPR confirming that adequate protection for personal data exists in that country.
Consent = Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Recipient = A natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
We only share your personal data with third parties if:
- you have given your express consent in accordance with Art. 6 (1) (a) GDPR
- the transfer is necessary for the establishment, exercise, or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
- in the event that there is a legal obligation for disclosure pursuant to Art. 6 (1) (c) GDPR, and
- this is legally permissible and necessary for the performance of contractual relationships with you pursuant to Art. 6 (1) (b) GDPR.
Insofar as the transfer of data involves order processing, we have concluded a contract for order processing with the service providers and complied with all other legal requirements for order processing.
Our service providers are mainly based in the European Union, as well as in Switzerland and the USA. The level of data protection in Switzerland has been deemed adequate by the European Commission and this has been laid down in an adequacy decision pursuant to Art. 45 GDPR. An adequacy decision also applies to data transfers to the USA under the EU-US Data Privacy Framework, provided that the companies are certified under the Data Privacy Framework. Certificates are available here: https://www.dataprivacyframework.gov/s/participant-search
If no such certificate is available or if data is transferred to an unsafe third country, standard contractual clauses (SCC) in accordance with Art. 46 GDPR are concluded as suitable safeguards in order to ensure a level of data protection comparable to that of the European Union in this regard as well. Further information on this can be found here: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de
1. Google services
For the purpose of designing our pages in line with user needs and continuously optimizing them, we use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on our website. Within the EU, Google Ireland Limited (hereinafter "Google"), Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for all Google services.
If you have given your consent, pseudonymized usage profiles will be created and cookies (see above in this privacy policy under "Use of cookies") will be used in this context. So-called web beacons (invisible graphics) may also be used to evaluate information such as visitor traffic on websites. The information generated by the cookie and the beacons about your use of this website, such as
- browser type/version
- Operating system used
- referrer URL (the previously visited page)
- host name of the accessing computer
- time of the server request
- the pages you visited
- your "click path"
- achievement of "website goals" (conversions, e.g., newsletter registrations, downloads, purchases)
- your user behavior (e.g., clicks, dwell time, bounce rates)
- your approximate location (region).
are transferred to Google Ireland Limited in Ireland on the basis of a data processing agreement between us and Google.
The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purposes of market research and the design of this website in line with user needs. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with other Google data.
We have no influence on what data Google collects and processes beyond this. However, Google states that, among other things, the following information (including personal data) may be processed:
- log data (in particular the IP address)
- location-related information
- unique application numbers
- cookies and similar technology
Information about the types of cookies used by Google can be found at: https://policies.google.com/technologies/types
If you are logged into your Google account, Google may add the processed information to your account, depending on your account settings.
You can prevent this data from being added directly by logging out of your Google account or by adjusting the relevant account settings in your Google account.
Tracking measures with Google Analytics are carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating the cookie, without this affecting the lawfulness of the processing of your data that has taken place up to that point.
Details on deactivating cookies and changing your cookie settings can be found above under III. of this privacy policy.
You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Google, by downloading and installing a browser add-on https://tools.google.com/dlpage/gaoptout?hl=de. Google provides information about its data protection practices in connection with Google Analytics in the Google Analytics Help Center at: https://support.google.com/analytics/answer/6004245?hl=de.
Google reserves the right to make the information available to affiliated companies. This includes the parent company Google LLC in the USA. This does not exclude the possibility that data may be transferred to a server in the USA as a third country. An adequacy decision by the European Commission pursuant to Art. 45 GDPR has been issued for this country. This is based on the EU-U.S. Data Privacy Framework, under which Google LLC is certified. The certificate is available here: https://www.dataprivacyframework.gov/list
Further information from Google can be found at: https://policies.google.com/privacy/frameworks?hl=de.
You can access Google's general privacy policy here: https://www.google.com/policies/privacy/.
Information about Google's privacy settings can be found at: https://privacy.google.com/take-control.html.
2. CommuniPay
We use "CommuniPay," a service provided by EDEV Media AG (EDEV), Sennweidstrasse 45, 6312 Steinhausen, Switzerland, to process payments and verify age and identity.
Depending on the payment method, the following data is first passed on to EDEV and then to the respective payment system and its service provider for processing the payments:
- master data (e.g., names, addresses)
- payment data (e.g., bank details, invoices, payment history)
- contract data (e.g., subject matter of the contract, date of conclusion of the contract, term)
Under certain circumstances, EDEV may transfer the data to credit agencies. The purpose of this transfer is to verify identity and creditworthiness.
All payment data and data relating to any chargebacks will only be stored by EDEV for as long as is necessary for payment processing (including the processing of possible chargebacks and debt collection) and to combat fraud.
As part of age and identity verification, we collect and process the following data and pass it on to EDEV or have it retrieved directly by EDEV on our behalf:
- master data (e.g., name, address)
- date of birth
- image and/or video recording of the face
- image and/or video recording of the identity document.
Connecting many different payment methods and age and identity verification services is complex and costly. We therefore have a legitimate interest under Art. 6 (1) (f) GDPR in using a service provider for the technical connection.
We would like to point out that you have the right to request information from EDEV about your stored personal data. We have concluded a contract with EDEV for commissioned data processing. Through this contract, EDEV assures that the data will be processed in accordance with the GDPR and that the rights of the data subject will be protected.
All of the above data is transferred to EDEV in Switzerland, i.e. a third country. With regard to Switzerland, there is an adequacy decision by the European Commission pursuant to Art. 45 GDPR, which states that personal data in Switzerland enjoys adequate protection comparable to European data protection law.
Further information can also be found in EDEV's privacy policy for CommuniPay at https://www.communipay.net/privacy.
3. Zendesk
We may use the CRM system "Zendesk" from Zendesk, Inc., 989 Market Street, San Francisco, CA 94102, USA, to respond your inquiries via email and through the contact form.
Zendesk uses:
- the email address you use
- the content of your message
- any email attachments sent with the message
- subject, date, and time of receipt
only for the technical processing of inquiries and does not pass them on to third parties.
We have concluded a contract with Zendesk for order data processing. Through this contract, Zendesk assures that the data will be processed in accordance with the GDPR and that the rights of the data subject will be protected.
Users can find further information in Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
It cannot be ruled out that data may be transferred to the USA during processing by Zendesk. The European Commission has issued an adequacy decision for this country in accordance with Art. 45 GDPR. This is based on the EU-U.S. Data Privacy Framework, under which Zendesk is certified. The certificate is available here: https://www.dataprivacyframework.gov/s/participant-search.
If you do not agree to this data processing, you can use our alternative contact options to submit service requests by telephone or post.
X. Prevention of abuse and fraud
Your name, email address, bank details, IP address, and message texts are evaluated to protect us from misuse of our site, immoral behavior, abuse of services, fraud, and other criminal offenses that are detrimental to us or our clients. There is a legitimate interest in this protection, so the legal basis for data processing is Art. 6 (1) lit. f) GDPR.
The data will not be passed on to third parties unless this is necessary for the prosecution of a criminal offense or there is a legal obligation to pass it on.
XI. Security
For security reasons and to protect the transmission of confidential content, we use state-of-the-art encryption (e.g., SSL) via HTTPS. This encryption is designed to prevent the data you transmit from being read by unauthorized third parties.
However, data transmission over the Internet can always have security gaps (e.g., in email contact). Despite our best efforts, we cannot guarantee complete protection of your data from access by third parties. Therefore, please do not forget to protect your user account login details from access by third parties and to log out of your user account at the end of each session.
XII. Storage period/routine deletion
We process and store your personal data only for the period necessary to achieve the storage purpose or as provided for by European directives and regulations or other legislators in laws or regulations to which we are subject.
If the purpose for storage no longer applies or if a legally prescribed storage/retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
XIII. Rights of the data subject
Term
Data subject = Any identified or identifiable natural person whose personal data is processed by the controller.
You have the right to:
Confirmation
As a data subject, you have the right to request confirmation from us as to whether we are processing personal data relating to you. If you, as a data subject, would like such confirmation, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy) at any time.
Information
As a data subject, you are entitled under the GDPR to request information about your personal data processed by us at any time free of charge and to receive a copy of this information. In particular, you can request information about
- the purposes of processing
- the category of personal data
- the categories of recipients to whom your data has been or will be disclosed
- the planned storage period
- the existence of a right to rectification, erasure, restriction of processing, or objection
- the existence of a right to lodge a complaint
- the origin of your data, if it was not collected by us, and
- the existence of automated decision-making, including profiling (Art. 22 (1) and (4) GDPR) and, where applicable, meaningful information about its details, scope, and effects
- whether personal data has been transferred to a third country or to an international organization and, if so, to obtain information about the appropriate safeguards in connection with the transfer.
If you, as the data subject, wish to exercise this right to information, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy) at any time.
Rectification
As a data subject, you may, in accordance with the GDPR, request the immediate rectification of inaccurate or incomplete personal data stored by us about you. If you, as the data subject, wish to request rectification or completion, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy) at any time.
Deletion
As a data subject, you can request the immediate erasure of your personal data stored by us in accordance with the GDPR if
- the processing of personal data has been carried out for a specific purpose and this purpose has been achieved or storage is no longer necessary for this purpose
- the processing of personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, you withdraw that consent, and there is no other legal basis for the processing
- you object to the processing of personal data pursuant to Section 21 (1) GDPR and there are no overriding legitimate grounds for the processing
- you may object to the processing of personal data pursuant to Section 21 (2) GDPR
- the personal data has been processed unlawfully
- the deletion of the personal data is necessary to fulfill an obligation under the data protection rules applicable to us
- the personal data was collected in relation to services offered in the information society pursuant to Art. 8 (1) GDPR
If you, as the data subject, wish us to erase your personal data, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy) at any time.
If the personal data has been made public and we are obliged to delete this personal data in accordance with Art. 17 (1) GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other controllers who process the personal data that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.
We or our data protection officer will take the necessary steps in individual cases.
Restriction of processing
According to the rules of the GDPR, you, as the data subject, have the right to request the restriction of the processing of your personal data if one of the following conditions is met:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
- we no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
- if you have objected to the processing pursuant to Art. 21 GDPR, as long as it is not yet clear whether our legitimate reasons outweigh yours.
If one of the above conditions applies and you, as the data subject, wish to request the restriction of the data stored by us, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy).
Data portability
As a data subject, you have the right under the GDPR to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us. These rights exist if the following conditions are met
- the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (b) or on a contract pursuant to Art. 6 (1) (b), and
- the processing is carried out using automated means, and
- the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right of withdrawal in the case of consent
As the data subject, you can revoke your consent to the processing of your personal data at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The revocation has no influence on the legality of the processing of your data that has taken place on the basis of your consent up to that point.
To revoke your consent, you can contact us or our data protection officer (see "Responsible body" and "Data protection officer" in this privacy policy) at any time.
Right to object to the processing of data in accordance with Art. 6 (1) (f) GDPR
Insofar as we process personal data on the grounds that this is necessary to safeguard our legitimate interests pursuant to Art. 6 (1) (f) GDPR, you as the data subject have the right to withdraw your consent at any time in accordance with the GDPR. This also applies to profiling based on these provisions.
If you exercise your right of withdrawal, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims (see, for example, Art. 21(1) GDPR, known as the "restricted right to object"). In this case, you must provide reasons for the objection that arise from your particular situation.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.
To revoke your consent, you can contact us or our data protection officer (see "Responsible body" and "Data Protection Officer").
Automated decision-making does not take place on our website.
Right to lodge a complaint
If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a data protection supervisory authority in accordance with the GDPR, without prejudice to any other administrative or judicial remedy. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
XIV. Changes to the privacy policy
Due to the further development of our website and offers on it, or due to changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy at any time on this website.
June 2026
