PRIVACY POLICY

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or there is no further legal basis for the processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. There are exceptions to this rule if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection information contains additional information on the retention and erasure of data that applies specifically to certain processing operations.

 

If there is more than one indication of the retention period or deletion period for a date, the longest period is always decisive.

 

If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the deadline is the date on which the termination or other termination of the legal relationship takes effect.

 

We only process data that is no longer stored for the originally intended purpose, but due to legal requirements or other reasons, for the reasons that justify its storage.

 

Further information on processing processes, procedures and services:

• Retention and deletion of data: The following general periods apply to retention and archiving under German law:

• 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet as well as the work instructions and other organizational documents necessary for their understanding, accounting vouchers and invoices (§ 147 para. 3 in conjunction with para. 1 no. 1, 4 and 4a AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 and 4, para. 4 HGB).

• 6 years - Other business documents: commercial or business letters received, reproductions of commercial or business letters sent, other documents insofar as they are of significance for taxation, e.g. Hourly wage slips, company accounting sheets, calculation documents, price markings, but also payroll accounting documents, insofar as they are not already accounting documents and cash register strips (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 no. 2 and 3, para. 4 HGB).

• 3 years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights and to process related inquiries based on past business experience and standard industry practices are stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

​

Rights of the data subjects

​

Rights of data subjects under the DSGVO: As a data subject, you are entitled to various rights under the DSGVO, which arise in particular from Art. 15 to 21 DSGVO:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) DSGVO, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

• Right to withdraw consent: You have the right to withdraw your consent at any time.

• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this data and further information and a copy of the data in accordance with the legal requirements.

• Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you in accordance with the legal requirements.

• Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.

• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

• Complaint to the supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you are habitually resident, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the DSGVO.

​

​

Business services

​

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractual), for example to respond to inquiries.

​

We use this data to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organization. We also process the data on the basis of our legitimate interests both in the proper and efficient management of our business and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

​

We inform the contractual partners which data is required for the aforementioned purposes before or as part of the data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or personally.

​

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes, generally ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

​

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or telephone numbers); Contract data (e.g. subject matter of the contract, duration, customer category); Content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click intensity and frequency, device types and operating systems used, interactions with the website operator and the time of creation). B. information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved). Log data (e.g. log files relating to logins or the retrieval of data or access times).

• Data subjects: Service recipients and clients; interested parties; business and contractual partners; customers; communication partners; users (e.g. website visitors, users of online services). Third parties.

• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and business management procedures; security measures; provision of our online services and user-friendliness; marketing. Sales promotion.

• Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

• Legal basis: Fulfilment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) DSGVO). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

​

​

Further information on processing processes, procedures and services:

​

• Travel and tourism management: We process our customers' data to enable them to plan, book and carry out trips and related tourism services. The required information is marked as such in the context of travel booking, planning or comparable contract conclusions and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. Insofar as we receive access to information from customers or other persons, we process this in accordance with the legal and contractual requirements; legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) DSGVO), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) DSGVO).

• Travel-related services: We process the data of our customers and prospective customers (uniformly referred to as “customers”) in accordance with the underlying contractual relationship. We may also process information on the characteristics and circumstances of persons or items belonging to them if this is necessary in the context of the contractual relationship. This may include, for example, information on personal circumstances, movable property and the financial situation, and it may be necessary for us to process special categories of data within the meaning of Art. 9 para. 1 GDPR, in particular information on a person's health, as part of our assignment. Processing is carried out in order to protect the health interests of customers and otherwise only with the consent of the customer.if required for the fulfillment of the contract or by law, or consented to by customers or based on our legitimate interests, we disclose or transmit the customer's data, e.g. to the service providers involved in the fulfillment of the travel services; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO).

• Customer account: Customers can create an account within our online offering (e.g. customer or user account, “customer account” for short). If it is necessary to register a customer account, customers will be informed of this and of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process and subsequent logins and use of the customer account, we store the IP addresses of customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is stored for purposes other than provision in the customer account or must be stored for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the customer's responsibility to back up their data when the customer account is terminated; legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

• Customer management and customer relationship management (CRM): Procedures required in the context of customer management and customer relationship management (CRM) (e.g. Customer acquisition in compliance with data protection regulations, measures to promote customer loyalty and retention, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, administration of CRM systems, secure account management, customer segmentation and target group formation); legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

• Marketing, advertising and sales promotion: Procedures required in the context of marketing, advertising and sales promotion (e.g. market analysis and target group determination, development of marketing strategies, planning and implementation of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

​

Providers and services used as part of our business activities

​

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (“services” for short) in compliance with legal requirements. Their use is based on our interests in the proper, lawful and economic management of our business operations and our internal organization.

 

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions and the information relating to them, such as information on authorship or time of creation). Contract data (e.g. subject matter of the contract, term, customer category).

• Data subjects: Service recipients and clients; interested parties; business and contractual partners. Employees (e.g. employees, applicants, temporary staff and other employees).

• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Office and organizational procedures. Business processes and business management procedures.

• Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO). Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO).

​

Further information on processing processes, procedures and services:

​

• DATEV: Software for accounting, communication with tax advisors and authorities and with document storage; Service provider: DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.datev.de/web/de/mydatev/datev-cloud-anwendungen/; Privacy Policy: https://www.datev.de/web/de/m/ueber-datev/datenschutz/; Data processing agreement: Provided by the service provider. Basis for third country transfers: Switzerland - adequacy decision (Germany).

• HubSpot CRM: Management of customer contacts, tracking of sales activities, automation of marketing campaigns, analysis of sales data, creation and management of email campaigns, integration with other tools and platforms, management of customer support requests, AI-powered content generation, personalized email creation, predictive sales forecasting, automated workflow descriptions and AI chatbots for customer interaction; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/privacy-policy; Data processing agreement: https://legal.hubspot.com/dpa. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

​

​

Payment procedures

​

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively referred to as “payment service providers”).

​

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers' terms and conditions and data protection information.

​

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

​

• Processed data types: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, duration, customer category); Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved). Contact data (e.g. postal and email addresses or telephone numbers).

• Data subjects: Service recipients and clients. Business and contractual partners.

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; business processes and business management procedures. Office and organizational procedures.

• Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

​

Further information on processing processes, procedures and services:

​

• Saferpay: Payment services (technical connection of online payment methods); Service provider: Worldline Switzerland Ltd, Hardturmstrasse 201, 8021 Zurich, Switzerland; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://worldline.com/de-ch/home/main-navigation/solutions/merchants/solutions-and-services/e-commerce/saferpay-payment-solution.html; Privacy Policy: https://worldline.com/de-ch/compliancy/privacy.html. Basis for third country transfers: EU/EEA adequacy decision (Switzerland).

​

​

Provision of the online offer and web hosting

​

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

• Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); metadata, communication data and process data (e.g. IP addresses, time data, identification numbers, persons involved); log data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation).

• Data subjects: Users (e.g. website visitors, users of online services). Service recipients and clients.

• Purposes of processing: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures; Content Delivery Network (CDN). Provision of contractual services and fulfillment of contractual obligations.

• Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

​

Further information on processing operations, procedures and services:

​

• Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called “web host”); legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Collection of access data and log files: Access to our online offering is recorded in the form of so-called “server log files”. The server log files may include the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks), and to ensure the utilization of the servers and their stability; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). 

• Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

• Content delivery network: We use a “content delivery network” (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

• Cloudflare: Content Delivery Network (CDN) - Service that allows content of an online offer, in particular large media files such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet; Service provider: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy/; Data processing agreement: https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

• Sentry: Monitoring of system stability and detection of code errors - information on the device or time of error is collected pseudonymously and is subsequently deleted; service provider: Functional Software Inc, Sentry, 132 Hawthorne Street, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://sentry.io; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://sentry.io/privacy/; Data processing agreement: https://sentry.io/legal/dpa/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). 

• Cloudways: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Cloudways, Junction Business Centre, 1st Floor Sqaq Lourdes, St Julians STJ3334, Malta; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudways.com/de/; Privacy Policy: https://www.cloudways.com/en/terms.php#privacy. Basis for third country transfers: Switzerland - adequacy decision (Malta).

• Vercel: Services in the field of provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity) and development environment; Service provider: Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vercel.com; Privacy Policy: https://vercel.com/legal/privacy-policy; Data processing agreement: https://vercel.com/legal/dpa. Basis for third country transfers: EU/EEA - Standard Contractual Clauses (https://vercel.com/legal/dpa), Switzerland - Standard Contractual Clauses (https://vercel.com/legal/dpa).

• SendGrid: Email dispatch and communication platform for transactional and marketing emails; Service provider: Twilio Ireland Limited, 25 - 28 North Wall Quay, North Wall, Dublin 1, D01 H104, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://sendgrid.com; Privacy Policy: https://www.twilio.com/legal/privacy; Data processing agreement: https://www.twilio.com/legal/data-protection-addendum. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - adequacy decision (Ireland).

• Wix: Our website is hosted on the Wix.com platform. Wix is a cloud-based website builder that enables us to create and manage our site. In connection with the provision of this website, Wix processes data in accordance with Wix's privacy policy, which you can view at https://www.wix.com/about/privacy.

​

​

Use of cookies

​

The term “cookies” refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, for example to ensure the functionality, security and convenience of online services and to analyze visitor flows. We use cookies in accordance with the statutory provisions. If necessary, we obtain the user's consent in advance. If consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope and which cookies are used.

 

Information on the legal basis under data protection law: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

​

Storage duration: With regard to the storage duration, a distinction is made between the following types of cookies:

 

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).

Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), they should assume that they are permanent and that they may be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke the consents they have given at any time and also declare an objection to processing in accordance with the legal requirements, including by means of their browser's privacy settings.

​

Processed data types: Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).

Data subjects: Users (e.g. website visitors, users of online services).

Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO). Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO).

​

Further information on processing processes, procedures and services:

​

• Processing of cookie data on the basis of consent: We use a consent management solution in which user consent is obtained for the use of cookies or for the procedures and providers mentioned in the consent management solution. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. As part of this procedure, user consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid a new query and to be able to provide proof of consent in accordance with the legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, the system and the end device used; legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO).

• BorlabsCookie: Consent management: Process for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Execution on servers and/or computers under its own responsibility under data protection law; Website: https://de.borlabs.io/borlabs-cookie/. Further information: An individual user ID, language and types of consent and the time of their submission are stored on the server and in the cookie on the user's device.

​

Special notes on applications (apps)

​

We process the data of users of our application to the extent necessary to provide users with the application and its functionalities, to monitor its security and to develop it further. We may also contact users in compliance with legal requirements if communication is necessary for the purposes of administering or using the application. Otherwise, we refer to the data protection information in this privacy policy with regard to the processing of user data.

 

Legal basis: The processing of data required to provide the functionalities of the application serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly asked for their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.

​

• Processed data types: inventory data (e.g. full name, residential address, contact information, customer number, etc.); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved); payment data (e.g. bank details, invoices, payment history). Contract data (e.g. subject matter of the contract, term, customer category).

• Data subjects: Users (e.g. website visitors, users of online services).

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures. Provision of our online services and user-friendliness.

• Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.

• Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO

​

Further information on processing procedures, methods, and services:

​

• Commercial use: We process the data of our application users, registered users, and any test users (hereinafter collectively referred to as "users") in order to provide them with our contractual services, as well as on the basis of legitimate interests to ensure the security of our application and to further develop it. The required information is marked as such within the scope of the use, order, or similar contract conclusion and may include the information required for the provision of services and any billing, as well as contact information for any follow-up consultations. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

​

​

Registration, Login, and User Account

Users can create a user account. During registration, users are provided with the required mandatory information, which is then processed for the purpose of providing the user account based on contractual obligations. The data processed includes, in particular, login information (username, password, and email address).

When using our registration and login functions and the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests and those of the user in protecting against misuse and other unauthorized use. This data is generally not shared with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

​

Users can be informed by email about events relevant to their user account, such as technical changes.

​

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); log data (e.g., log files regarding logins or data retrieval or access times).

• Data subjects: Users (e.g., website visitors, users of online services).

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online offering and user-friendliness.

• Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section. Deletion after termination.

• Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) DSGVO). Legitimate interests (Art. 6 (1) (f) DSGVO).

​

Further information on processing procedures, methods, and services:

​

• Registration with real names: Due to the nature of our community, we ask users to use our services only using their real names. This means that the use of pseudonyms is not permitted. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) DSGVO).

​

​

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter "Publication Media"). Readers' data is processed for the purposes of the Publication Media only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. For further information, please refer to the information on the processing of visitors to our Publication Media in this Privacy Policy.

​

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, persons involved).

• Data subjects: Users (e.g., website visitors, users of online services).

• Purposes of processing: Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.

• Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

• Legal basis: Legitimate interests (Art. 6 (1) (f) DSGVO).

​

​

Contact and Inquiry Management

When you contact us (e.g., by mail, contact form, email, telephone, or via social media), as well as within the framework of existing user and business relationships, the information provided by the person contacting you will be processed to the extent necessary to respond to the contact inquiries and any requested actions.

​

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Communication partners.

• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.

• Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

• Legal basis: Legitimate interests (Art. 6 (1) (f) DSGVO). Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) DSGVO).

​

Further information on processing procedures, methods, and services:

​

• Contact form: When you contact us via our contact form, by email, or other communication channels, we process the personal data you provide to answer and process your request. This generally includes information such as your name, contact information, and, if applicable, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contacting and communicating with you; legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) DSVO), legitimate interests (Art. 6 (1) (f) DSGVO).

• HubSpot CRM: Managing customer contacts, tracking sales activities, automating marketing campaigns, analyzing sales data, creating and managing email campaigns, integrating with other tools and platforms, managing customer support requests, AI-powered content generation, personalized email creation, predictive sales forecasts, automated workflow descriptions, and AI chatbots for customer interaction; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) DSGVO), legitimate interests (Art. 6 (1) (f) DSGVO); Website: https://www.hubspot.de; Privacy policy: https://legal.hubspot.com/de/privacy-policy; Data processing agreement: https://legal.hubspot.com/dpa. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).

​

​

Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following information regarding the functionality of the messengers, encryption, the use of communication metadata, and your options for opting out.

You can also contact us via alternative means, e.g., by phone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure the encryption of the message content.

​

However, we would also like to point out to our communication partners that although the providers of the messengers cannot see the content, they can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is processed.

​

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in our relationship with our contractual partners and in the context of contract initiation as a contractual measure. In the case of other interested parties and communication partners, we use Messenger based on our legitimate interest in fast and efficient communication and in meeting the needs of our communication partners in communicating via Messenger. We would also like to point out that we will not transmit the contact details you have provided to us to Messenger for the first time without your consent.

​

Revocation, objection, and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete messages in accordance with our general deletion guidelines (e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have responded to any inquiries from the communication partners, provided that no reference to a previous conversation is expected and there are no statutory retention periods that prevent deletion.

​

Reservation of reference to other communication channels: To ensure your security, we ask for your understanding that for certain reasons we may not be able to respond to inquiries via messenger. This applies to situations in which, for example, contract details must be treated with particular confidentiality or a response via messenger does not meet formal requirements. In these cases, we recommend that you use more suitable communication channels.

​

• Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Communication partners.

• Purposes of processing: Communication. Direct marketing (e.g., by email or post).

• Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion."

• Legal basis: Consent (Art. 6 (1) (a) DSGVO); Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) DSGVO). Legitimate interests (Art. 6 (1) (f) DSGVO).

​

Further information on processing procedures, methods, and services:

 

• WhatsApp: Text messages, voice and video calls, sending images, videos, and documents, group chat function, end-to-end encryption for increased security; Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) DSGVO); Website: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

​

​

Video conferences, online meetings, webinars, and screen sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conferences"). When selecting conference platforms and their services, we comply with legal requirements.

​

Data processed by conference platforms: When participating in a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends on which data is required for a specific conference (e.g., providing access data or real names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' data may also be processed by the conference platforms for security purposes or to optimize the service. The data processed includes personal information (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional position/function, the IP address of the internet access, information about the participants' end devices, their operating system, the browser and its technical and language settings, information about the content of the communication processes, i.e., entries in chats as well as audio and video data, as well as the use of other available functions (e.g., surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users on the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

​

Logging and Recordings: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, participants will be transparently informed in advance and, where necessary, asked for their consent.

​

Participant data protection measures: Please refer to the conference platforms' privacy policies for details on how your data is processed and select the security and data protection settings that are optimal for you within the conference platform settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g., by informing roommates, locking doors, and, where technically possible, using the background blur function). Links to the conference rooms and access data must not be passed on to unauthorized third parties.

​

Notes on legal bases: If, in addition to the conference platforms, we also process user data and ask users for their consent to use the conference platforms or certain functions (e.g., consent to recording conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing call results, etc.). Furthermore, user data is processed based on our legitimate interest in efficient and secure communication with our communication partners.

​

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g., photographs or video recordings of a person); sound recordings. Log data (e.g., log files regarding logins or data retrieval or access times).

• Data subjects: Communication partners; users (e.g., website visitors, users of online services). Depicted persons.

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication. Office and organizational procedures.

• Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

• Legal basis: Legitimate interests (Article 6 (1) (f) DSGVO).

​

​

Further information on processing procedures, methods, and services:

​

• Google Hangouts / Meet: Conference and communication software; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://hangouts.google.com/; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://cloud.google.com/terms/data-processing-addendum. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

• Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications, real-time document collaboration, calendar functions, task management, screen sharing, optional recording; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-teams/; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

• Skype: Messenger and conference software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.skype.com/de/; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security Notice: https://www.microsoft.com/de-de/trustcenter. Basis for third-country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

• Zoom: Video conferencing, online meetings, webinars, screen sharing, optional session recording, chat function, integration with calendars and other apps; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://zoom.us; Privacy Policy: https://explore.zoom.us/de/privacy/;Dataprocessing agreement: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).

​

​

Advertising communication via email, mail, fax, or telephone

 

We process personal data for the purposes of advertising communication, which can be carried out via various channels, such as email, telephone, mail, or fax, in accordance with legal requirements. Recipients have the right to revoke consent granted at any time or to object to advertising communication at any time. After revocation or objection, we store the data required to prove previous authorization for contacting or sending for up to three years after the end of the year of the revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on our legitimate interest in permanently respecting the user's revocation or objection, we also store the data required to avoid further contact (e.g., depending on the communication channel, the email address, telephone number, name).

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Contact details (e.g., postal and email addresses or telephone numbers). Content data (e.g., textual or visual messages and contributions, as well as information relating to them, such as authorship or time of creation).

• Data subjects: Communication partners.

• Purposes of processing: Direct marketing (e.g., by email or post); Marketing. Sales promotion. Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion." Legal basis: Consent (Art. 6 (1) (a) DSGVO). Legitimate interests (Art. 6 (1) (f) DSGVO).

​