Skip to content

Privacy statement

Contact:

Data Protection Officer:

I. General

For data protection reasons, we like to give you the following explanations:

  • The provision of Personal Data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner).
  • Occasionally, the conclusion of a contract may require that a Data Subject provides us with Personal Data that must subsequently be processed by us.
  • The Data Subject is, for example, obliged to provide us with Personal Data when our company signs a contract with him or her.
  • The non-provision of the Personal Data would have the consequence that the contract with the Data Subject could not be concluded.

II. Privacy statement relating to our website and our services and performances

Our privacy statement is based on the General Data Protection Regulation (GDPR). It should be legible and understandable for the general public, as well as our customers and business partners. We hope that we have succeeded in doing so.

If you have any inquiries or suggestions to improve this privacy statement, please contact us.

III. Definitions

The terms contained in the GDPR are defined in its article 4. Since our privacy statement is based on the GDPR, we like to briefly describe the relevant terms as follows. In doing so, we have followed Article 4 of the GDPR.

  1. „Personal Data“ means any information relating to an identified or identifiable natural person (hereinafter called ‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. „ Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
  3. „Restriction of Processing“ means the marking of stored Persoal Data with the aim of limiting their Processing in the future;
  4. „Profiling“ means any form of automated Processing of Persoal Data consisting of the use of these Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  5. „ Pseudonymisation“ means the Processing of Personal Data in such a manner that these Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
  6. „Data System“ means any structured collection of Personal Data accessible according to specific criteria, irrespective of whether this collection is managed centrally, decentrally or according to functional or geographical aspects;
  7. „Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  8. „Processor“ means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
  9. „Recipient“ means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients; the Processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing;
  10. „Third Party“ means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorised to process Personal Data;
  11. „Consent“ of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by another clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
  12. „Personal Data Breach“ means a breach of security leading to the accidental or unlawful destruction, loss or alteration, whether unauthorised or unlawful, or disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
  13. „Cross-Border Processing“ means either
    • the Processing of Personal Data which takes place in the context of the activities of establishments in more than one Member State of a Controller or Processor in the Union where the Controller or Processor is established in more than one Member State; or
    • ethe Processing of Personal Data which takes place in the context of the activities of a single establishment of a Controller or Processor in the Union but which substantially affects or is likely to substantially affect Data Subjects in more than one Member State.

IV. Name and Address of Controllers

Controller:

V. Data collection on our website and data collected by third parties accessing our website

  • Google-Maps
  • reCAPTCHA
  • Google Analytics
  • Google Web Fonts and Google CDN

VI. Links to other websites

VII. Deletion and blocking of data with personal content

VIII. Your rights

    • the Processing purposes
    • the categories of Personal Data that are processed
    • the Recipients or categories of Recipients to whom the Personal Data have been or will be disclosed, in particular Recipients in third countries or international organizations
    • where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period
    • the existence of the right to request from the Controller rectification or deletion of Personal Data, or restriction of Processing of Personal Data concerning the Data Subject, or to object to such Processing
    • the existence of the right to lodge a complaint with a supervisory authority
    • where the Personal Data are not collected from the Data Subject any available information as to the source of these data
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such Processing for the Data Subject
    • The Personal Data are no longer required for the purposes for which they were collected or otherwise processed.
    • The Data Subject withdraws his or her consent on which the Processing is based pursuant to Article 6(1) lit. a of the GDPR, or Article 9(2) lit. a of the GDPR, and where there is no other legal ground for this Processing.
    • The Data Subject objects to the Processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Article 21(2) of the GDPR.
    • The Personal Data was processed unlawful.
    • The Personal Data has to be deleted for compliance with a legal obligation under Union or Member State law to which the Controller is subject.
    • The Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
    • The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data.
    • The Processing is unlawful and the Data Subject opposes the deletion of the Personal Data and requests instead the restriction of their use.
    • The Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims.
    • The Data Subject has objected to Processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

IX. Legal basis

  1. Art. 6 I lit. a of the GDPR: the Data Subject has given his or her consent to the Processing of his or her Personal Data for one or more specific purposes, e.g. when subscribing for our newsletter.
  2. Art. 6 I lit. b of the GDPR: The Processing is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the Data Subject’s request prior to enter into a contract, e.g. if you like to attend an event or book a room or make a reservation.
  3. Art. 6 I lit. c of the GDPR: The Processing is necessary for compliance with a legal obligation to which the Controller is subject, e.g. tax obligations to which our firm is subject.
  4. Art. 6 I lit. d of the GDPR: The Processing is necessary to protect vital interests of the Data Subject or another natural person.
  5. Art. 6 I lit. f of the GDPR: All Processing operations to which none of the aforementioned articles apply, these operations being necessary to keep a legitimate interest of our firm or any third party, provided there are no overriding interests, fundamental rights and fundamental freedoms of the Data Subject. Should the Processing of Personal Data rely on this Art. 6 I lit. f of the GDPR, our legitimate interest would be to carry out the activities of our firm in favor of the well-being of our clients.

X. Storage period for personal data

XI. Other information