Skip to content
Contact

Data Privacy

I. Introduction and Definitions

1. GENERAL

We process personal data in connection with the operation of our website with the URL https://pcg.io (hereinafter referred to as the “Website”). We treat this data confidentially and process it in accordance with applicable laws, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it, and, if applicable, to whom we disclose it. In addition, we will explain what rights you have to protect and enforce your data protection.

2. TERMS

Our privacy policy contains technical terms that are used in the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple words in advance:

2.1 Personal data
“Personal data” is any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information about an identified person can be, for example, their name or email address. However, data is also considered personal if the identity is not immediately apparent but can be determined by combining your own or third-party information to find out who the person is. A person can be identified, for example, by providing their address or bank details, date of birth or user name, IP addresses, and/or location data. All information that in any way allows conclusions to be drawn about a person is relevant here.

2.2 Processing
Art. 4 No. 2 GDPR defines “processing” as any operation or set of operations performed on personal data. This applies in particular to the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

II. Responsible party and data protection officer

3. RESPONSIBLE PARTY

The responsible party for data processing is:

Company: Public Cloud Group GmbH (“we”)
Legal representative: Thorsten Raquet (Managing Director)
Address: Lise-Meitner Straße 3-1, 89081 Ulm, Germany
Phone: +49-731-7255-7400
Email: hello@pcg.io

4. DATA PROTECTION OFFICER

We have appointed an external data protection officer for our company. You can contact him at:

Company: HABEWI GmbH & Co. KG
Legal representative: General partner HABEWI Beteiligungs GmbH, represented by Arne Platzbecker (Managing Director)
Address: Palmaille 96, 22767 Hamburg, Germany
Phone: +49 (0)40/ 46008966
Fax: +49 (0)40/ 46008977
Email: datenschutz@habewi.de

III. Processing framework

5. PROCESSING FRAMEWORK: WEBSITE

Within the framework of the website, we process your personal data as detailed in section IV below. We only process data that you actively provide on the website (e.g., by filling out forms) or that you automatically provide when using our services.

Your data will be processed exclusively by us and will not be sold, lent, or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we, as the client, are authorized to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external provider Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany, at the data center location in Frankfurt am Main. Further information on data protection at Raidboxes can be found at https://raidboxes.io/legal/privacy/. If additional external service providers are used for individual processing operations listed in Section IV, they will be named there.

We do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing described below. Any data transfer to third countries is then carried out on the basis of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/) or the EU Standard Contractual Clauses.

IV. Processing in detail

6. PROVISION OF THE WEBSITE AND SERVER LOG FILES

6.1 Description of processing
Every time you visit the website, our hosting provider Raidboxes automatically collects information that your browser transmits to our server. This includes the following data:

  • Host name (IP address)
  • Browser software used
  • Operating system
  • The website from which visitors accessed the website (known as the referrer)

This information is also stored in our system’s log files. The temporary storage of your IP address by the system is necessary in order to deliver our website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. However, your IP address is not stored in the log files.

6.2 Purpose
The processing is carried out to enable access to the website and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offering.

6.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in the purpose stated in section 6.2.

6.4 Storage period
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 7 days.

7. COOKIES AND OTHER TRACKING TECHNOLOGIES

7.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s device when they visit a website. Cookies contain information that enables the recognition of a device and, if necessary, certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. Our website uses so-called “session cookies” and “persistent cookies.” Session cookies are automatically deleted when you end your Internet session and close your browser. Persistent cookies remain stored on your device for a longer period of time. In addition to cookies, we also use other tracking technologies, such as pixels or fingerprinting. If cookies are technically necessary for the operation of our site, your consent is not required. All other cookies and tracking technologies that are not technically necessary will only be set after you have actively consented to the use of cookies/tracking technologies via our consent tool.

To obtain and document consent, we use the “Cookiebot” service operated by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. The consent tool stores your selection in a cookie on your device. This means that you do not need to make a decision about cookies again when you visit our website again.

You can find out which cookies are used on our website, for what purpose, how long they are stored on your device, and what consents you may have already given in the settings of the Cookiebot consent tool at the bottom left of the screen.

7.2 Purpose
We use cookies/tracking technologies to make our website more user-friendly and to offer the functions described in section 7.1.

7.3 Legal basis
The processing is necessary with regard to technically necessary cookies and the use of the consent tool to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR in conjunction with § 25 (2) TDDDG). Our legitimate interest lies in the purpose specified in section 7.2. For processing with regard to all other cookies/tracking technologies that are not technically necessary, the legal basis is consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG). Such consent is voluntary.

7.4 Storage period, revocation of consent
Cookies are automatically deleted at the end of a session or when the specified storage period expires. Since cookies are stored on your device, you as the user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted. This can also be done automatically. If cookies/tracking technologies are deactivated, deleted, or restricted for our website, it is possible that individual functions of our website cannot be used or can only be used to a limited extent. You can revoke any consent you have given to the use of cookies at any time in the settings of the Cookiebot consent tool at the bottom left of the screen, with effect for the future.

7.5 Recipients
When cookies/tracking technologies are used, data may be transferred to the respective providers of these third-party services. In some circumstances, this may also involve a transfer to third countries outside the European Union or the European Economic Area. We provide information about the recipients of data and transfers to third countries in the settings of the consent tool or in the relevant section on the third-party service in these data protection provisions. Where applicable, personal data may also be transferred to the service provider of the consent tool “Cookiebot” – Cybot A/S.

8. CONTACT FORM AND CONTACT BY E-MAIL

8.1 Description of processing
We have provided a contact form on our website for you to contact us. In this form, you are asked to enter your e-mail address, your first name, your last name, and a message to us. When you click the “Send” button, the data is transmitted to us using SSL encryption (see section 27). The contact form can only be submitted if you confirm that you have read and understood this privacy policy by clicking the corresponding checkbox. A second checkbox gives you the option of subscribing to our newsletter (see section 9). You can also contact us via the email addresses provided on the website. In this case, we will process the personal data transmitted with the email.

8.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your email will be used exclusively for the purpose of processing and responding to your request.

8.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose stated in section 8.2. If the email contact is aimed at concluding or fulfilling a contract, the data processing is carried out for the purpose of fulfilling the contract (Art. 6 (1) (b) GDPR).

8.4 Storage period
We delete the data as soon as it is no longer necessary for the purpose for which it was collected. This is usually the case when the respective communication with you has ended. Communication ends when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, deletion will take place immediately after the statutory retention period has expired.

8.5 Recipients and transfer to third countries:

We use the services of Hubspot (see section 22) to implement the contact form. This is done within the framework of order processing. By using Hubspot, personal data is transferred to HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot also processes your personal data in the USA, where applicable by the group company Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA. Data is transferred to the USA on the basis of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/). Further information on data protection at Hubspot can be found at https://legal.hubspot.com/de/privacy-policy.

9. NEWSLETTER

9.1 Description of processing
We send out a newsletter at irregular intervals. The newsletter provides you with information about offers and promotions. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by filling out and submitting a newsletter registration form on our website. In addition, we offer the option of subscribing to the newsletter in our contact forms (see section 8) with an additional checkbox.

To subscribe to the newsletter, you only need to provide your email address. All other information (such as your first and last name) is voluntary and is used solely to personalize the emails. We use the double opt-in procedure to process and verify newsletter registrations. Registration takes place in several steps. First, you sign up for the newsletter on our website. You will then receive an email from us at the email address you provided. In this email, we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation is done by clicking on a confirmation link in the email. Only after successful confirmation will we add you to our newsletter distribution list and send you emails in the future. As part of the double opt-in procedure, we store the date, time, and your IP addresses both during registration and confirmation.

If you purchase goods or services on our website and provide your email address, we may use this address to send you a newsletter for existing customers. In such cases, the newsletter will only be used to send direct advertising for our own similar goods or services.

9.2 Purpose
Processing is carried out in order to offer the newsletter function and to send newsletter emails to subscribers and existing customers. The collection and storage of date, time, and IP addresses when registering for the newsletter serves to document consent given and to protect against the misuse of email addresses.

9.3 Legal basis
Processing for our subscriber newsletter is based on consent in accordance with Art. 6 (1) (a) GDPR. You can access the declaration of consent at any time on our website at https://hs.pcg.io/de/pcg-newsletter-registration. Your consent is voluntary. The collection and storage of date, time, and IP addresses when registering for the newsletter is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose specified in section 9.2.

The processing of our existing customer newsletter is based on Art. 6 (1) lit. f GDPR to safeguard the overriding interests of the controller. Our legitimate interest lies in direct marketing to existing customers. This is permissible within the framework of § 7 (3) UWG (German Unfair Competition Act), which we observe.

9.4 Storage period and revocation of consent
If you do not confirm your subscription to our newsletter within 24 hours of receiving the corresponding registration email, your data will be automatically deleted. We will otherwise process your personal data for the duration of your newsletter subscription. You can unsubscribe from our newsletter at any time by revoking your consent. You can also object to the use of your email address for sending our existing customer newsletter at any time. A simple statement (by email to hello@pcg.io or by post to Public Cloud Group GmbH, Lise-Meitner Straße 3-1, 89081 Ulm, Germany) is sufficient for this. You can also unsubscribe from the newsletter by clicking on the unsubscribe link in each newsletter email. Once you revoke your consent, you will no longer receive newsletters and your personal data will be removed from our active distribution list.

9.5 Recipients and transfer to third countries

We use the services of the newsletter provider Hubspot (see section 22) to manage our newsletter distribution list and send emails. This is done within the scope of order processing. By using Hubspot, personal data is transferred to HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot also processes your personal data in the USA, where applicable by the group company Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA. Data is transferred to the USA on the basis of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/). Further information on data protection at Hubspot can be found at https://legal.hubspot.com/de/privacy-policy.

10. SOCIAL NETWORKS

10.1 Description of processing
Our website does not use any social media plugins. The Facebook, Instagram, and LinkedIn logos displayed on our website are merely linked to our company’s corresponding profiles on social networks. No data is transferred to the social networks when the logos are integrated. If you click on one of the logos, you will simply be redirected to the external website of the respective social network.

However, our profiles within the social networks do constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g., comment on a post, “share,” “like,” or “retweet,” this information will also be stored in your user account. As a rule, your interactions with our profile are also visible to us.

On the social networks Facebook and Instagram, we have the option of obtaining statistical data about the use of our Facebook page or our Instagram profile via the “Insights” function. These statistics are provided by Facebook or Instagram. The “Insights” function cannot be disabled. We cannot decide to enable or disable this feature. It is available to all Facebook fan page operators and all operators of an Instagram business account, regardless of whether you use the Insights feature or not.

Facebook Insights provides us with the following data in anonymized form for a selectable period of time with regard to fans, subscribers, people reached, and interacting people: Total number of page views, likes including origin, page activity, post interactions, reach, post reach (divided into organic, viral, and paid interactions), comments, shared content, responses, and demographic evaluations, i.e., country of origin, gender, and age. The Insights statistics do not allow us to identify subscribers and fans of our page or view their profiles.

Furthermore, Instagram Insights provides us with anonymized data on the development and reach of our Instagram profile, as well as the posts, stories, and videos we publish there. Instagram Insights also provides us with statistical information on the location, gender, and age of our Instagram profile subscribers.

The social networks with which you communicate store your data using pseudonyms as user profiles and use them for advertising purposes and market research. For example, advertisements that correspond to your presumed interests may be displayed to you within the social network and on other third-party websites. Cookies are usually used for this purpose, which the social network stores on your device. You have the right to object to the creation of these user profiles, which you must exercise by contacting the social networks directly.

10.2 Purpose

We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the “Insights” function of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

10.3 Legal basis

The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose stated in section 10.2. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 (1) (a) GDPR. Data processing with regard to our presence on Facebook, Instagram, and LinkedIn is otherwise based on joint responsibility in accordance with Art. 26 GDPR.

10.4 Recipients and transfer to third countries

The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on social networks can be found in the linked privacy policies.

Social networks also process your personal data in the USA.

11. GOOGLE ANALYTICS

11.1 Description of processing

Our website uses “Google Analytics 4,” a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics 4 uses cookies (see section 7) that enable an analysis of your use of our website. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. Google Analytics 4 uses IP anonymization by default, which means that your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.

The IP address transmitted by your browser as part of Google Analytics 4 is not merged with other Google data. Google Analytics 4 collects information about your interactions with our website, including the pages you visit, the length of time you spend on them, the devices you use, your operating system, your browser, your approximate geographical location, and how you arrived at our website. Google Analytics 4 creates event-based analyses and can collect user journey data. The Google Analytics Terms of Service can be found at www.google.com/analytics/terms/de.html. An overview of data protection at Google Analytics is available at support.google.com/analytics/topic/2919631. Google’s privacy policy can be viewed at policies.google.com/privacy?hl=en.

11.2 Purpose
Processing is carried out in order to evaluate the use of our website. The information obtained in this way is used to improve and tailor our online presence to your needs.

11.3 Legal basis
Processing is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the consent tool (see section 7.1). Such consent is voluntary.

11.4 Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 7.4. You can revoke your consent to Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored by Google Analytics is automatically deleted by us after 14 months.

11.5 Recipients and transfer to third countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics acts as a joint controller in data processing on our behalf. Against this background, we have also entered into the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google also processes your personal data in the USA.

12. FONT REPLACEMENT

When displaying our website, the standard fonts on your device are replaced by fonts. This is done to make the text on our website more readable and aesthetically appealing. We have opted for a privacy-friendly solution for font replacement. We do not integrate any external services, such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced locally on our server. This has the advantage that when you visit our site, your browser does not send any requests to external font replacement services and therefore no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.

13. YOUTUBE

13.1 Description of processing
Our website uses services from “YouTube,” a video platform operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). YouTube is represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use YouTube by embedding individual videos from the platform on our website as so-called iFrames, so that they can be played directly on our website. The videos are embedded in the “extended data protection mode” offered by YouTube, i.e. no personal data about you is transferred to Google as long as you do not play the videos. Only when you play a video is data transferred to Google, over which we have no influence.

When you play a video embedded on a subpage of our website, Google receives information about which subpage you visited and which video you watched. Your IP address may also be transmitted to Google. If you are logged in as a YouTube or Google user, Google will assign this information to your user account. Google stores your data as usage profiles and uses it for advertising purposes, market research, and/or to tailor the Google websites to your needs. You have the right to object to the creation of these user profiles, which you must exercise by contacting Google directly. For more information about data protection at Google, please visit www.google.com/intl/de-DE/policies/privacy/.

13.2 Purpose
Processing is carried out in order to display videos on our website.

13.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the “Cookiebot” consent tool (see section 7.1) or as part of a content blocker at the point on our website where a YouTube video is to be displayed. Such consent is voluntary.

13.4 Revocation of consent
You can revoke your consent to the display of YouTube videos on our website at any time in the settings of the Cookiebot consent tool at the bottom left of the screen with effect for the future.

13.5 Recipients and transfer to third countries
Through the integration of YouTube, personal data may be transferred to YouTube LLC or Google. Google also processes your personal data in the USA.

14. VIMEO

14.1 Description of processing
Our website uses services from “Vimeo,” a video platform operated by Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as “Vimeo”). We use Vimeo by embedding individual videos from the platform on our website as so-called iFrames, so that they can be played directly on our website. When you visit a subpage of our website on which a video is embedded, a connection to the Vimeo servers is established and the video is displayed within the website. This transmits to Vimeo which website you have visited. Your IP address may also be transmitted to Vimeo. When you play an embedded video, this information is also passed on to Vimeo. If you are logged in as a Vimeo user, Vimeo assigns this data to your user account. For more information about data protection at Vimeo, please visit vimeo.com/privacy.

14.2 Purpose
Processing is carried out in order to be able to display videos on our website.

14.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the “Cookiebot” consent tool (see section 7.1) or as part of a content blocker at the point on our website where a Vimeo video is to be displayed. Such consent is voluntary.

14.4 Revocation of consent
You can revoke your consent to the display of Vimeo videos on our website at any time in the settings of the Cookiebot consent tool at the bottom left of the screen, with effect for the future.

14.5 Recipients and transfer to third countries
By integrating Vimeo videos, personal data may be transferred to Vimeo LCC. Vimeo also processes data in the USA.

15. GOOGLE MAPS

15.1 Description of processing
Our website uses “Google Maps,” a map display service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Maps by embedding a map with our business or event addresses on our website. The map is loaded directly from a Google server. To enable this, your browser sends a request to a Google server. This may also transmit your IP address to Google in connection with the address of our website.

However, Google Maps does not store cookies on your device. If you are logged into Google when you visit our site, Google Maps will assign this information to your Google user account. Google stores your data as usage profiles and uses it for advertising purposes, market research, and/or to tailor the Google websites to your needs. You have the right to object to the creation of these user profiles, which you must exercise directly with Google. For more information about data protection at Google, please visit policies.google.com/privacy?hl=en-US.

15.2 Purpose
The processing is carried out in order to be able to display an interactive map on our website.

15.3 Legal basis
Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the “Cookiebot” consent tool (see section 7.1) or as part of a content blocker at the point on our website where an interactive map is to be displayed. Such consent is voluntary.

15.4 Revocation of consent
You can revoke your consent to the display of Google Maps on our website at any time in the settings of the Cookiebot consent tool at the bottom left of the screen with effect for the future.

15.5 Recipients and transfer to third countries
Google also processes your personal data in the USA.

16. META PIXEL

16.1 Description of processing
Our website uses the remarketing service “Meta Pixel” (formerly “Facebook Pixel”), which is operated by Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, or Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). Meta Pixel enables us to place advertisements on the social networks Facebook and Instagram that are targeted specifically at those Facebook/Instagram users who have shown an interest in our offering, e.g., by previously visiting our website. With the help of the “Meta Pixel,” we can also track and evaluate the effectiveness and reach of our advertising on Facebook/Instagram by recording whether Facebook/Instagram users interact with our ads on the two social networks by clicking on the ads and being redirected to our website.

When you visit our website, a connection to Meta’s servers is established and the “Meta Pixel” is embedded in our website. In addition, Meta may store a cookie (see section 7 above) on your device. If you are logged in to Facebook or Instagram or log in to Facebook or Instagram later, your visit to our website will be associated with your respective user account. The data collected about you via the “Meta Pixel” is anonymous to us. It does not provide us with any conclusions about your person. However, Meta can establish a connection to your user profile. Data processing by Meta is carried out in accordance with the company’s data policy, which can be accessed for Facebook at www.facebook.com/policy.php and for Instagram at privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

16.2 Purpose
The processing is carried out in order to conduct targeted online advertising for our own offers on Facebook and Instagram and to evaluate their effectiveness and reach.

16.3 Legal basis
Processing is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the “Cookiebot” consent tool (see section 7.1). Such consent is voluntary.

16.4 Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies/tracking pixels in section 7. You can revoke your consent to the collection of data by the “Meta Pixel” and the use of your data for the display of Facebook advertisements at any time in the settings of the consent tool with effect for the future. www.facebook.com/settings?tab=ads You can also object to the collection of data by the “Meta Pixel” and the use of your data for the display of Facebook/Instagram advertisements at any time vis-à-vis Meta. You can decide which types of advertisements are displayed to you on Facebook in the settings of your Facebook account at www.facebook.com/settings?tab=ads. This setting is applied across all devices.

16.5 Recipients and transfer to third countries
By integrating the Meta Pixel, personal data may be transferred to Meta. Meta also processes your personal data in the USA.

17. TIKTOK PIXEL

17.1 Description of processing
Our website uses the remarketing service “TikTok Pixel,” which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively referred to as “TikTok”). TikTok Pixel enables us to place advertisements on the social network that are specifically targeted at TikTok users who have shown interest in our offerings, e.g., by previously visiting our website. With the help of the TikTok pixel, we can also track and evaluate the effectiveness and reach of our advertising on TikTok by recording whether TikTok users interact with our advertisements on the social network by clicking on the advertisements and being redirected to our website.When you visit our website, a connection to the TikTok servers is established and the TikTok pixel is embedded in our website. In addition, TikTok may store cookies (see section 7 above) on your device. If you are logged in to TikTok or log in to TikTok later, your visit to our website will be associated with your user account. The data collected about you via the TikTok pixel is anonymous to us. It does not provide us with any information about your identity. However, TikTok can link this data to your user profile. Data processing by TikTok is carried out in accordance with the company’s privacy policy, which can be found at https://www.tiktok.com/legal/privacy-policy?lang=de.

17.2 Purpose
Processing is carried out in order to conduct targeted online advertising for our own offers on TikTok and to evaluate their effectiveness and reach.

17.3 Legal basis
Processing is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. This is obtained by us via the consent tool (see section 7.1). Such consent is voluntary. Data processing is otherwise carried out on the basis of joint responsibility in accordance with Art. 26 GDPR. You can view the relevant agreement at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.

17.4 Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies/tracking pixels in section 7.4. You can revoke your consent to the collection of data by the TikTok pixel and the use of your data for the display of TikTok advertisements at any time in the settings of the consent tool with effect for the future.

17.5 Recipients and transfer to third countries
By integrating the TikTok pixel, personal data may be transferred to TikTok. TikTok also processes your personal data in third countries.

18. LINKEDIN ADS

18.1 Description of processing
Our website uses the advertising and remarketing service “LinkedIn Ads,” which is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, or LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). LinkedIn Ads enables us to place advertisements on the LinkedIn social network that are targeted specifically at LinkedIn users who have shown an interest in our offering, e.g., by visiting our website in the past. To do this, we add the LinkedIn Insight Tag to our website. This is a small piece of JavaScript code. With the help of the LinkedIn Insight Tag, we can also track and evaluate the effectiveness and reach of our advertising on LinkedIn by recording whether LinkedIn users interact with our advertisements on the social network and are redirected to our website by clicking on the advertisements. When you visit our website, a connection to the LinkedIn servers is established and the LinkedIn Insight Tag is embedded in our website.In addition, LinkedIn may store a cookie (see section 7.1 above) on your device. If you are logged in to LinkedIn or log in to LinkedIn later, your visit to our website will be associated with your user account. The data collected about you via the “LinkedIn Insight Tag” is anonymous to us. It does not provide us with any information about your identity. However, LinkedIn may link this data to your user profile. Data processing by LinkedIn is carried out in accordance with the company’s data policy, which can be accessed at de.linkedin.com/legal/privacy-policy.

18.2 Purpose
The processing is carried out in order to conduct targeted online advertising on the LinkedIn social network for our own offers and to evaluate their effectiveness and reach.

18.3 Legal basis
Processing is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the consent tool (see section 7.1). Such consent is voluntary.

18.4 Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies and other tracking methods, including the “LinkedIn Insight Tag,” in section 7.4. You can revoke your consent to the collection of data by the “LinkedIn Insight Tag” and the use of your data for the display of LinkedIn advertisements at any time in the settings of the consent tool with effect for the future. You can also decide which types of ads are displayed to you on LinkedIn and whether your visits to external websites may be used to display ads on LinkedIn in the settings of your LinkedIn account at https://www.linkedin.com/mypreferences/d/categories/ads.

18.5 Recipients and transfer to third countries
By integrating the “LinkedIn Insight Tag,” personal data may be transferred to LinkedIn. LinkedIn also processes your personal data in the USA. This data transfer to third countries is based on the so-called EU standard contractual clauses. Further information can be found at https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

19. GOOGLE ADS CONVERSION AND GOOGLE REMARKETING

19.1 Description of processing
Our website uses the advertising service “Google Ads Conversion,” which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). With the help of Google Ads Conversions, we can place advertisements on external websites to draw your attention to our offers. In addition, the service enables us to determine the reach and success of individual advertising measures. Our advertisements are delivered by Google via so-called “ad servers.” To do this, Google uses so-called “ad server” cookies, which measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your device (see section 7). According to Google, these cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicating that the user no longer wishes to be targeted) are usually stored as analysis values for this cookie. The cookies enable Google to recognize your Internet browser.

If you visit websites of a Google Ads customer and the cookie stored on your device has not yet expired, Google and the customer can recognize that you clicked on the ad and were redirected to our website. Each Google Ads customer is assigned a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. We ourselves do not process any personal data with our Google AdWords advertising measures. Google only provides us with statistical evaluations. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users based on this information. When you visit our website, a connection to the Google servers is therefore established. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads Conversion and therefore inform you according to our state of knowledge: By integrating Google Ads Conversion, Google receives information about which subpage of our website you have visited or which of our ads you have clicked on. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out and store your IP address.
Our website also uses the advertising service “Google Remarketing,” which is also operated by Google. With Google Remarketing, we can target you again with advertisements for our offers on other websites that are affiliated with the Google advertising network after you have visited our website. Google also uses cookies for this purpose, which are stored in your browser and used by Google to record and evaluate your usage behavior when visiting various websites.

This allows Google to detect your previous visit to our website and display advertisements for our offers on other websites. According to Google, the data collected in the context of remarketing is not merged with your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.
Further information on data protection at Google can be found here: policies.google.com/privacy?hl=en.

19.2 Purpose
Processing is carried out in order to conduct targeted online advertising for our own offers and to evaluate their effectiveness and reach.

19.3 Legal basis
Processing is carried out on the basis of consent in accordance with Art. 6 (1) (a) GDPR. This is obtained by us via the consent tool “Cookiebot” (see section 7.1). Such consent is voluntary.

19.4 Storage period and right to object, revocation of consent
We have explained the storage period and your control and setting options for cookies in section 7. You can object to data processing by Google Ads Conversion and Google Remarketing at any time via the following website: www.google.com/ads/preferences. You can revoke your consent to data collection by Google Ads Conversion and Google Remarketing at any time in the settings of the consent tool with effect for the future.

19.5 Recipients and transfer to third countries
Through the integration of Google Ads Conversion and Google Remarketing, personal data may be transferred to Google. Google also processes your personal data in the USA.

20. CONTENT DELIVERY NETWORK (CDN)/ GOOGLE CLOUD CDN

20.1 Description of processing
Our website uses so-called content delivery networks (CDN). CDNs reduce the loading time of our website and common JavaScript libraries because the files are transferred from fast, local, or underutilized servers of external service providers. Another advantage over local storage on our server is that the library files are regularly checked for security and kept up to date by the external service providers. We have integrated JavaScript libraries from the external service provider Google for the implementation of some programming functions on our website. When you visit our website, a connection to the servers of the aforementioned external services is established and the JavaScript libraries are loaded into our website. This transmits the website you have visited to the external service providers.

20.2 Purpose
Processing is carried out in order to reduce the loading time of our website and to be able to integrate JavaScript libraries quickly and securely.

20.3 Legal basis
Processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the purpose specified in section 21.2.

20.4 Recipients and transfer to third countries
By integrating the JavaScript libraries, your data is transferred to Google Cloud CDN, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. For more information about Google Cloud CDN, please visit: https://cloud.google.com/cdn?hl=de.

21. GOOGLE TAG MANAGER

Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Tag Manager does not collect any personal data and does not set any cookies. This service merely enables us to integrate and manage tags on our website. Tags are small code elements on our website that are helpful for measuring traffic and visitor behavior, tracking the impact of online advertising and social channels, using remarketing and targeting, and testing and optimizing the website. As a precautionary measure, Google Tag Manager is nevertheless integrated on the basis of consent in accordance with Art. 6 (1) (a) GDPR, which is obtained via the consent tool “Cookiebot” (see section 7.1) and can also be revoked there. For more information about Google Tag Manager, please visit policies.google.com/privacy?hl=en.

22. HUBSPOT

22.1 Description of processing

On our website, we use HubSpot, operated by HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, for several online marketing activities. For more information about data protection at Hubspot, please visit https://legal.hubspot.com/de/privacy-policy. Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include: email marketing (newsletters and automated mailings, e.g., to provide downloads), social media publishing & reporting, reporting (e.g., traffic sources, hits, etc.), contact management (e.g., user segmentation & CRM), landing pages, pop-ups, and contact forms. With regard to the individual functions of Hubspot, we refer to the processing explained in the privacy policy.

22.2 Purpose

Our registration service enables visitors to our website to learn more about our company and its offerings, download content, and provide their contact information. This information, as well as the content of our website, is stored on HubSpot servers. We may use it to contact visitors to our website and to determine which services are of interest to them. We use all collected information exclusively to optimize our marketing activities.

22.3 Legal basis

The legal basis for data processing depends on the respective function of HubSpot used. Insofar as HubSpot sends emails on our behalf and insofar as we carry out statistical website analysis via HubSpot, data processing is based on consent in accordance with Art. 6 (1) (a) GDPR. Consent is voluntary. Insofar as Hubspot services are necessary within the framework of the conclusion or fulfillment of a contract between us and customers or members, the legal basis is Art. 6 (1) lit. b GDPR. For the use of Hubspot’s services, the legal basis is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest in using this service is to optimize our marketing measures and improve the quality of our service on the website.

22.4 Storage period

The personal data we collect will be deleted as soon as it is no longer required for the purpose of its processing. We have indicated the storage period and the possibility of revoking consent, as well as the right to object to processing, in the individual processing operations.

22.5 Recipients of your data, disclosure of data to third parties, and transfer to third countries

Hubspot acts on our behalf within the scope of order processing. Through the use of Hubspot, personal data is transferred to HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot also processes your personal data in the USA, where applicable through the group company Hubspot Inc., 25 First Street, Cambridge, MA 02141 USA. Data is transferred to the USA on the basis of the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/). Further information on data protection at Hubspot can be found at https://legal.hubspot.com/de/privacy-policy.

23. SALESVIEWER

23.1 Description of processing

Our website uses “SalesViewer,” a service for identifying anonymous website visitors from the B2B sector provided by SalesViewer GmbH, Universitätsstraße 60, 44789 Bochum, Germany (hereinafter referred to as “SalesViewer”). SalesViewer is only activated after you have given your prior consent via our consent tool. SalesViewer enables us to identify which companies visit our website and are interested in our offers. The technology is completely cookie-free and is based on JavaScript code that is integrated into our website. When you visit our website and have consented to the use of SalesViewer, a connection to the SalesViewer servers is established. This involves the collection of company-related data, such as information about the company from which the access is made, subpages visited, length of stay, and referrer URLs. The collected data is immediately encrypted and pseudonymized using a non-reversible one-way function (known as hashing). Individual persons are not identified. SalesViewer only identifies companies and organizations, not the natural persons behind them.

23.2 Purpose

The processing is carried out for marketing, market research, and optimization purposes in order to identify potential B2B customers who have shown interest in our offers and to be able to align our sales and marketing activities accordingly.

23.3 Legal basis

Processing is based on consent in accordance with Art. 6 (1) (a) GDPR. We obtain this consent via the consent tool (see section 7.1). Such consent is voluntary.

23.4 Storage period and revocation of consent

The data stored within the scope of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations that prevent deletion. You can revoke your consent at any time with effect for the future. We have explained the storage period and your control and setting options for cookies/tracking pixels in section 7.4. You can revoke your consent to data collection by SalesViewer at any time in the settings of the consent tool with effect for the future. In addition, you can object to the collection of your data by SalesViewer at the following link: https://www.salesviewer.com/opt-out. After revocation or objection, your data will be excluded from further processing by SalesViewer.

23.5 Recipients

Data processing is carried out by SalesViewer GmbH within the scope of order processing. Data is not passed on to other third parties.

24. RECRUITMENT

24.1 Description of processing

We process the data you provide in connection with your application in order to assess your suitability for the position or, if applicable, other open positions in our company and to carry out the application process. This includes general data about you, such as your name, address, and contact details, information about your professional qualifications and education, information about professional training, knowledge, and skills, as well as other information that you disclose to us in connection with your application. This is usually done through your application letter, resume, references, correspondence, and information provided by you over the phone or in person.We use the Ashby application management system, operated by Ashby Inc., 548 Market Street, PMB 61734, San Francisco, CA 94104-5401, USA, to manage and carry out the application process. All data submitted via our application portal is stored and processed in this system. We want to evaluate all applicants solely on the basis of their qualifications and therefore ask that you refrain from including any “special categories of personal data” as defined in Article 9 of the General Data Protection Regulation in your application, such as a photo that reveals your ethnic origin, information about severe disabilities, or similar information. If your application is successful, we will transfer your data to your personnel file and use it to carry out and terminate your employment relationship. If we are currently unable to offer you employment, we will continue to process your data even after sending you a rejection letter in order to defend ourselves against any legal claims, in particular those relating to alleged discrimination in the application process. If you are not selected for the vacant position, we will transfer your data to our applicant pool, provided we have your consent to do so.

24.2 Purpose

The processing is carried out for the purpose of conducting the application process, deciding on the establishment of an employment relationship with us, and documenting compliance with legal provisions in the application process.

24.3 Legal basis

The legal basis for data processing in connection with the application process is § 26 (1) sentence 1 BDSG and Art. 6 (1) lit. b GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 (1) sentence 1 lit. b GDPR in conjunction with Art. 88 (1) GDPR in conjunction with Section 26 (1) BDSG for the purpose of establishing, implementing, and terminating the employment relationship. If you have given your consent, for example to include your data in our applicant pool or to process special categories of personal data, data processing will be carried out on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR. The legal basis for data processing after a rejection is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in defending ourselves against legal claims.

24.4 Storage period and revocation of consent

If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are unable to offer you employment at this time, we will continue to process your data for up to six months after sending you a rejection letter. If we transfer your data to our applicant pool after the application process has been completed, we will delete it in the event of a subsequent employment relationship or otherwise two years after it was added to the applicant pool. You can revoke your consent at any time with effect for the future. A simple declaration is sufficient for this. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

24.5 Recipients and transfer to third countries

Your application data will be reviewed by the Human Resources department upon receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. Within the company, only those persons who need your data for the proper execution of our application process have access to it. We use the “Ashby” application management system, operated by Ashby Inc., 548 Market Street, PMB 61734, San Francisco, CA 94104-5401, USA, to manage and carry out the application process. Ashby acts as a processor for us in this regard. For more information on data protection at Ashby, please visit https://www.ashbyhq.com/privacy-policy and https://trust.ashbyhq.com. When using Ashby, your applicant data will be transferred to the USA. Ashby bases the data transfer to the USA on the EU Commission’s adequacy decision on the EU-US Data Privacy Framework in accordance with Art. 45 GDPR. Ashby is certified by the U.S. Department of Commerce in accordance with the DPF principles and is therefore subject to a level of data protection comparable to that of the EU. For all sub-processors that are not themselves DPF-certified, our data processing agreement with Ashby also provides for the EU standard contractual clauses.In addition to this legal basis, extensive technical and organizational measures have been implemented to ensure the level of data protection even in the case of third-country transfers, in particular TLS 1.2+ for data in transit and AES-256 encryption at rest, role-based access rights, multi-factor authentication, SOC 2 Type II reports, regular penetration tests, and continuous monitoring and incident response processes.

25. CUSTOMER CHATBOT (AZURE OPENAI SERVICE)

25.1 Description of processing

Our website uses a customer chatbot based on the Azure OpenAI Service and OpenAI’s language model to process your inquiries efficiently and interactively. When using the chatbot, the following types of personal data may be processed: Text entries in the chat that contain information about your request, as well as technical data such as IP address, usage times, and browser information. Your entries and the chatbot’s responses are stored in the chatbot application. This is provided by the provider rrooaarr interactive solutions GmbH, Hämpfergasse 15, 89073 Ulm, Germany, with whom a corresponding data processing agreement exists. The data collected in this process is stored exclusively on servers in Germany. For the chatbot to function, your entries are transmitted to Microsoft’s Azure OpenAI Service for processing. Microsoft Azure acts as a bound processor and uses the transmitted data exclusively to provide the requested chatbot functionality. Microsoft Azure does not use the data for its own purposes.

25.2 Purpose

The processing is carried out in order to offer you interactive customer service, to understand your inquiries, to respond appropriately, and to continuously improve our service. The data processing serves to efficiently handle your concerns and optimize the user-friendliness of our website.

25.3 Legal basis

Processing is carried out on the basis of Art. 6 (1) lit. b GDPR (processing to fulfill your request) and on the basis of consent in accordance with Art. 6 (1) lit. a GDPR. We obtain this consent via the “Cookiebot” consent tool (see section 7.1). Such consent is voluntary.

25.4 Storage period and revocation of consent

We have explained the storage period and your control and setting options for cookies in section 7. The data collected in connection with the use of our chatbot will only be stored for as long as is necessary to process your request and for the duration of any customer relationship. Your data will be automatically deleted no later than six months after it is collected, unless statutory retention periods prevent earlier deletion.

25.5 Recipients and transfer to third countries

The chatbot functionality is provided by rrooaarr interactive solutions GmbH, Hämpfergasse 15, 89073 Ulm, Germany. This is done within the framework of order processing. Further information on data protection can be found at https://www.rrooaarr.com/datenschutz/.

26. AI-SUPPORTED CUSTOMER SERVICE (PINECONE)

26.1 Description of processing

To support our AI-supported customer service (Section 25. CUSTOMER CHATBOT (AZURE OPENAI SERVICE)), rrooaarr interactive solutions GmbH, Hämpfergasse 15 – 89073 Ulm, Germany, uses the vector database of the provider Pinecone Inc., 230 Park Avenue, New York, NY 10169, USA (hereinafter referred to as “Pinecone”). Pinecone enables us to efficiently structure and query content and provide you with relevant information. When you use our AI-supported customer service, your inquiries are processed by our system and compared with the knowledge data stored in the Pinecone vector database in order to provide you with appropriate answers and support.

No personal data or specific entries are transmitted to Pinecone. Only vectorized knowledge data for the chatbot is stored in the Pinecone database, which does not allow any conclusions to be drawn about individual persons. Your inquiries are processed and responses are generated using our own systems, utilizing the Pinecone infrastructure for efficient data retrieval.

26.2 Purpose

Processing is carried out to provide and optimize our AI-supported customer service. By using Pinecone technology, we can provide you with faster, more accurate, and more helpful responses to your inquiries and continuously improve the quality and performance of our customer service.

26.3 Legal basis

Processing is carried out to fulfill your service request on the basis of Art. 6 (1) lit. b GDPR. In addition, processing is carried out to safeguard our overriding legitimate interests (Art. 6 (1) lit. f GDPR). Our legitimate interest lies in improving the service quality and system performance of our AI-supported customer service.

26.4 Storage period

No personal data or your specific entries are stored in the Pinecone vector database; only vectorized knowledge data without personal references is stored. Therefore, specific deletion of your data from the Pinecone database is not necessary. Your requests are only processed by our system for the duration of the processing of your respective service request.

26.5 Recipients and transfer to third countries

As a subcontractor of rrooaarr interactive solutions GmbH, Hämpfergasse 15, 89073 Ulm, Pinecone Inc. processes the vectorized knowledge data for us. Although Pinecone Inc. is a US company, data processing takes place in data centers within the European Union. To ensure an adequate level of data protection, rrooaarr interactive solutions GmbH, Hämpfergasse 15, 89073 Ulm, has concluded a data processing agreement with Pinecone that includes the EU Standard Contractual Clauses (SCCs). Further information on data processing by Pinecone can be found in the provider’s privacy policy at: https://www.pinecone.io/privacy/.

V. Security measures

27. Security measures

To protect your personal data from unauthorized access, we have equipped our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s device. You can recognize active SSL or TLS encryption by a small lock logo displayed on the far left of the browser’s address bar.

VI. Your rights

28. Rights of data subjects

With regard to the data processing described above by our company, you have the following rights as a data subject:

28.1 Right of access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to obtain information about this personal data and the information specified in Art. 15 GDPR under the conditions set out in Art. 15 GDPR.

28.2 Rectification (Art. 16 GDPR)
You have the right to request that we immediately rectify any inaccurate personal data concerning you and, where applicable, complete any incomplete personal data.

28.3 Erasure (Art. 17 GDPR)
You have the right to request that we erase personal data concerning you without undue delay if one of the reasons listed in detail in Art. 17 GDPR applies, e.g., if your data is no longer required for the purposes we pursue.

28.4 Restriction of data processing (Art. 18 GDPR)
You have the right to request that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.

28.5 Data portability (Art. 20 GDPR)
You have the right to request the release of data concerning you in a structured, commonly used, and machine-readable format under the conditions listed in Art. 20 GDPR.

28.6 Withdrawal of consent (Art. 7(3) GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The withdrawal is effective from the time it is asserted. In other words, it takes effect for the future. The withdrawal of consent does not make the processing retroactively unlawful.

28.7 Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the EU member state of your residence, your place of work, or the location of the alleged violation.

28.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal consequences for you or significantly affect you may not be based solely on automated processing of personal data, including profiling. We would like to inform you that we do not use automated decision-making, including profiling, with regard to your personal data.

28.9 Right to object (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 (1) lit. f GDPR (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 GDPR. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. We are also not required to cease processing if it serves to assert, exercise, or defend legal claims. In any case—even independently of a particular situation—you have the right to object at any time to the processing of your personal data for direct marketing purposes.

As of December 2025