(hereinafter referred to as “data”) within our online offer and the related websites, functions
and content, as well as external online sites, e.g. our social media profiles on. (together referred to below
as an “online offer”). With regard to the terminology used, e.g. “Processing” or “Responsible”
We refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Christian Els, Arkadius Gombos, Kai Lichtenberg und Maximilian Topp
For editorial content:
Responsible according to § 55 Abs.2 RStV
Types of processed data:
– Inventory data (e.g., names, addresses).
– contact information (e.g., e-mail, phone numbers).
Content data (e.g., text input, photographs, videos).
– usage data (e.g., websites visited, interest in content, access times).
Meta / communication data (e.g., device information, IP addresses).
Purpose of processing
– Provision of the online offer, its functions and contents.
– Answering contact requests and communicating with users.
– Safety measures.
– Reach Measurement / Marketing
“Personal Information” is any information that relates to an identified or identifiable natural
Person (hereafter referred to as the “affected person”); a natural person is considered to be identifiable
the direct or indirect, in particular by means of assignment to an identifier such as a name, to an identification number,
to location data, to an online identifier (e.g., cookie), or to one or more particular features
can be the expression of the physical, physiological, genetic, mental, economic, cultural
or social identity of this natural person.
“Processing” means any process performed with or without the aid of automated procedures or any such process
Series of operations related to personal data. The term goes far and includes virtually everyone
Dealing with data.
“Pseudonymization” means the processing of personal data in a way that the personal data
no longer be assigned to a specific data subject without the need for additional information
provided that such additional information is kept separate and technical and organizational
Are subject to measures that ensure that the personal information is not an identified or identifiable
assigned to natural person;
“Profiling” means any kind of automated processing of personal data that consists of these
Personal information is used to identify certain personal aspects that relate to a natural person
to assess, in particular, aspects relating to job performance, economic situation, health, personal
Preferences, interests, reliability, behavior, location or change of location of this natural person
to analyze or predict;
“Responsible person” is the natural or legal person, public authority, institution or other body,
alone or together with others about the purposes and means of processing personal data
‘Processor’ means a natural or legal person, public authority, body or body which:
personal data processed on behalf of the person responsible;
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the
Legal basis in the privacy statement is not mentioned, the following applies: The legal basis for obtaining
of consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for compliance
of our services and execution of contractual measures as well as answering of queries is Art. 6 para. 1
lit. b DSGVO, the legal basis for processing in order to fulfill our legal obligations
Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests
is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the person concerned or one
Article 6 (1) provides for the processing of personal data by another natural person
lit. d DSGVO as legal basis.
We meet in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs
and the nature, scope, circumstances and purposes of the processing and the different likelihood of occurrence
and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational
Measures to ensure a level of protection appropriate to the risk; The measures include in particular
Securing the confidentiality, integrity and availability of data by controlling physical access
to the data, as well as their access, input, disclosure, availability
and their separation. Furthermore, we have established procedures that
To ensure data erasure and data vulnerability. We also take protection into account
Personal data already in the development, or selection of hardware, software and procedures, accordingly
the principle of data protection through technology design and privacy-friendly default settings
(Art. 25 GDPR).
Collaboration with processors and third parties
Insofar as we process data in the context of our processing opposite other persons and enterprises (order processors
or third parties), convey them to them or otherwise grant them access to the data, this is done
only on the basis of a legal license (for example, if a transmission of the data to third parties, such as payment service providers,
gem. Art. 6 para. 1 lit. b DSGVO is required to fulfill the contract), you have consented to a legal
Commitment or on the basis of our legitimate interests (for example, in the use of agents,
If we commission third parties to process data on the basis of a so-called “contract processing contract”,
this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we have data in a third country (ie outside the European Union (EU) or the European Economic Area
(EEA)) or in the context of the use of third party services or disclosure, or transmission
of data to third parties, this will only be done if it is necessary to fulfill our (pre) contractual obligations,
on the basis of your consent, on the basis of a legal obligation or on the basis of our authorized persons
Interests happens. Subject to legal or contractual permissions, we process or leave
process the data in a third country only if the special conditions of Article 44 et seq. DSGVO apply.
That the processing is e.g. based on specific guarantees, such as the officially recognized finding
one of the EU equivalent data protection levels (for example for the USA by the “Privacy Shield”) or observance officially
recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to ask for confirmation of whether the data in question is being processed and for information
on this data as well as on further information and copy of the data according to Art. 15 GDPR.
You have accordingly. Art. 16 DSGVO the right, the completion of the data concerning you or the correction
to ask you for the incorrect data concerning you.
In accordance with Art. 17 GDPR, they have the right to demand that data be deleted without delay
or, alternatively, in accordance with Art. 18 GDPR, demand a restriction of the processing of the data.
You have the right to demand that the data concerning you that you have provided us in accordance with
of Art. 20 DSGVO and to request their transmission to other responsible persons.
You have gem. Art. 77 DSGVO the right to file a complaint with the competent supervisory authority.
You have the right to grant consent in accordance with. Art. 7 para. 3 DSGVO with effect for the future
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time.
The objection may in particular be made against processing for direct marketing purposes.
Cookies and right to object in direct mail
“Cookies” are small files that are stored on users’ computers. Within the cookies
Different information can be saved. A cookie is primarily used to provide information about a user
(or the device on which the cookie is stored) during or after your visit to an online offer
save. Temporary cookies, or “session cookies” or “transient cookies”, are cookies,
which are deleted after a user leaves an online offer and closes his browser. In such a
Cookie may e.g. the contents of a shopping cart are stored in an online store or a login jam. As
“Permanent” or “persistent” means cookies that are stored even after the browser has been closed
stay. Thus, e.g. the login status will be saved if users visit it after several days.
Likewise, in such a cookie the interests of the users can be stored, which for range measurement
or marketing purposes. “Third party cookies” are cookies that are used by other providers
as the person responsible for the online offer (otherwise, if it is only the cookies
are called “first-party cookies”).
If users do not want cookies stored on their machine, they will be asked to do so
Option in the system settings of your browser. Saved cookies can be found in the system settings
of the browser. The exclusion of cookies can lead to functional restrictions of this online offer
A general objection to the use of the cookies used for online marketing purposes can be found at
a variety of services, especially in the case of tracking, on the US side
http://www.aboutads.info/choices/ or the EU page
http://www.youronlinechoices.com/ be explained. Furthermore, the storage of cookies by means of their
Shutdown can be achieved in the settings of the browser. Please note that then may not be
all functions of this online offer can be used.
Deletion of data
The data processed by us are deleted or processed in accordance with Articles 17 and 18 GDPR
stored data deleted as soon as they are no longer required for their purpose and deletion
do not conflict with any statutory storage requirements. Unless the data is deleted because it is for
other and legally permissible purposes are required, their processing is restricted. That the data
are blocked and not processed for other purposes. This applies, for example for data arising from commercial or tax law
Reasons must be kept.
According to legal regulations in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs.
1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books,
for taxation of relevant documents, etc.) and 6 years pursuant to § 257 (1) no. 2 and 3, para. 4 HGB (commercial letters).
According to legal regulations in Austria, the storage takes place in particular for 7 years according to § 132 section 1 BAO
(Accounting records, supporting documents / invoices, accounts, supporting documents, business papers, statement of revenue and expenditure,
etc.), for 22 years in connection with land and for 10 years in documents related to electronic
provided services, telecommunications, broadcasting and television services to non-entrepreneurs in EU Member States
and for which the Mini-One-Stop-Shop (MOSS) is used.
In addition we process
– contract data (e.g., subject, term, customer category).
– Payment data (e.g., bank details, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service
and customer care, marketing, advertising and market research.
The hosting services we use serve to provide the following services:
Infrastructure and platform services, computing capacity, storage and database services, security services
and technical maintenance services we use to operate this online offer.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data,
Usage data, meta and communication data of customers, prospects and visitors of this online offer
based on our legitimate interests in an efficient and secure provision of this
Online offer acc. Art. 6 para. 1 lit. f DSGVO i.V.m. Art. 28 DSGVO (conclusion of contract processing contract).
Collection of access data and log files
We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para.
1 lit. f. DSGVO Data on every access to the server on which this service is located (so-called
Server log files). The access data includes name of the retrieved web page, file, date and time of the
Retrieve, transferred amount of data, message about successful retrieval, browser type and version, the operating system
of the user, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is used for security purposes (for example, to investigate abusive or fraudulent activities)
stored for a maximum of 7 days and then deleted. Data whose further storage is for evidence
is necessary until the final clarification of the incident.
Provision of our statutory and business services
We process the data of our members, supporters, prospects, customers or other persons accordingly
Art. 6 para. 1 lit. b. DSGVO, if we offer them contractual services or within existing ones
business relationship, e.g. towards members, acting or even receiving benefits and services
Contributions are. Incidentally, we process the data of affected persons in accordance with. Art. 6 para. 1 lit. f. DSGVO
based on our legitimate interests, e.g. if it is administrative tasks or public relations
The data processed, the nature, scope and purpose and necessity of their processing
are determined by the underlying contractual relationship. This basically includes inventory and master data
the persons (e.g., name, address, etc.) as well as the contact information (e.g., e-mail address, telephone, etc.),
the contract data (e.g., services used, content provided and information, names of
Contact persons) and if we offer paid services or products, payment data (e.g.
Bank details, payment history, etc.).
We delete data that is no longer required to perform our statutory and business purposes
are. This is determined according to the respective tasks and contractual relationships. In the case of business
We store the data for as long as they are used for business transactions, as well as for processing
any warranty or liability obligations may be relevant. The necessity of storage
the data is checked every three years; otherwise the statutory storage obligations apply.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operation, financial accounting
and compliance with legal obligations, such as archiving. Here we process the same data
which we process in the course of rendering our contractual services. The processing basics
Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. From the processing are customers, prospective customers,
Business partners and website visitors affected. The purpose and our interest in processing lies in
administration, financial accounting, office organization, archiving of data, ie tasks of maintenance
our business activities, perform our duties and provide our services. The
Deletion of data in terms of contractual services and contractual communications
the information specified in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax accountants
or auditors and other fee and payment service providers.
Furthermore, we store information on suppliers, organizers based on our business interests
and other business partners, e.g. for later contact. These are mostly business related
Data, we always store permanently.
When contacting us (for example by contact form, e-mail, telephone or via social media) the
Information of the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR
processed. The information provided by users can be found in a Customer Relationship Management System (“CRM System”)
or similar request organization.
We delete the requests, if they are no longer required. We check the necessity
every two years; Furthermore, the legal archiving obligations apply.
Integration of services and contents of third parties
We make use of our online offer on the basis of our legitimate interests (i.e., interest
the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1
lit. f. DSGVO) third-party content or service offerings in order to provide their content and services, e.g.
Include videos or fonts (collectively referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users
they could not send content to their browser without the IP address. The IP address is for the
Presentation of this content required. We endeavor to use only content whose respective
Providers only use the IP address to deliver the content. Third parties can also do so
called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes
use. Through the “pixel tags” can be information such as visitor traffic on the pages of this site
be evaluated. The pseudonymous information may also be stored in cookies on the users’ device
technical information about the browser and operating system, referring web pages,
Visiting time and other information on the use of our online offer included, as well as with such information
from other sources.
We bind the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View,
CA 94043, USA, a. Data protection:
Created with Datenschutz-Generator.de by RA Dr. med. Thomas Schwenke