Introduction

With the following privacy policy we would like to inform you about which types of your personal We process data (hereinafter also referred to as "data" for short) for what purposes and to what extent Privacy policy applies to all processing of personal data carried out by us, both in the Framework of the rendering of our services as well as in particular on our web pages, in mobile applications as well as within external online sites, e.g. our social media profiles (summarized below) referred to as "online offer").

As of: September 9, 2019

Contents

Responsible

Contact options

Phone: +49 1515 2055743

Processing Overview

The table below summarizes the types of data processed and the purposes of their processing, and refers to the persons concerned.

Types of processed data

• inventory data (e.g., names, addresses).
• Content data (e.g., text input, photographs, videos).
• Contact information (e.g., e-mail, phone numbers).
• Meta / communication data (e.g., device information, IP addresses).
• Usage data (e.g., websites visited, interest in content, access times).
• Contractual data (e.g., contract, term, customer category).
• Payment details (e.g., bank details, invoices, payment history).

Categories of affected persons

• Business and Contracting.
• prospects.
• communication partner.
• customers.
• Users (e.g., website visitors, online service users).

Purposes of processing

• Providing our online offering and usability.
• Visit Action evaluation.
• Office and Organization Procedures.
• Content Delivery Network (CDN).
• Direct marketing (e.g., by e-mail or by mail).
• Feedback (e.g., collecting feedback via online form).
• Interest-based and behavioral marketing.
• Contact requests and communication.
• Conversion measurement (measuring marketing effectiveness).
• Profiling (creating user profiles).
• Remarketing.
• Range measurement (e.g., access statistics, recurring visitor detection).
• security measures.
• Tracking (e.g., interest / behavioral profiling, use of cookies).
• Contractual Services and Service.
• Manage and respond to requests.

Relevant legal bases

In the following, we share the legal basis of the General Data Protection Regulation (DSGVO), on the basis of which we process personal data with. Please note that in addition to the regulations of the DSGVO the national privacy policy in your home or country of residence.

• Consent (Art. 6 Abs. 1 S. 1 lit. a DSGVO) - The data subject has his or her own name consent the processing of personal data concerning them for a specific purpose or more given certain purposes.
• Performance of contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b. DSGVO) - The Processing is for the performance of a contract to which the data subject is a party, or Carrying out of pre-contractual measures, which are carried out at the request of the data subject.
• Legal obligation (Art. 6 Abs. 1 S. 1 lit. c. DSGVO) - The processing is for Fulfillment of a legal obligation to which the controller is subject.
• Protection of vital interests (Article 6 (1) (1) (d) of the GDPR) - Processing is necessary to vital interests of the affected person or another natural person protect.
• Legitimate interests (Art. 6 Abs. 1 S. 1 lit. d. DSGVO) - The processing is for Currency the legitimate interests of the controller or a third party, unless the Interests or fundamental rights and fundamental freedoms of the data subject who protect personal data require, predominate.

National Data Protection Regulations in Germany: In addition to the privacy policies of General Data Protection Regulation is subject to national data protection regulations in Germany. Which also includes especially the law for protection against misuse of personal data in data processing (Bundesdatenschutzgesetz - Act). In particular, the BDSG contains special rules on the right to information, the right to cancellation, the Right to object, to process special categories of personal data, to process for others Purposes and for transmission as well as automated decision making in individual cases including profiling. Of Furthermore, it regulates the data processing for purposes of the employment relationship (§ 26 BDSG), in particular in the With regard to the establishment, implementation or termination of employment and consent from Employees. Furthermore, state data protection laws of the individual federal states can be applied.

Precautions

We meet in accordance with the legal requirements taking into account the state of the art, the Implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different likelihoods of occurrence and the extent of threats to rights and freedoms naturally Appropriate technical and organizational measures to ensure a level of protection appropriate to the risk guarantee.

Measures include securing the confidentiality, integrity and availability of data by Control of the physical and electronic access to the data as well as their access, the Input, disclosure, securing availability and their separation. We also have procedures established a perception of data subjects, the deletion of data and reactions to the endangering to ensure the data. We also take into account the protection of personal data already at the development or selection of hardware, software and procedures according to the principle of data protection, by Technique design and privacy-friendly presets.

Reduction of the IP address: If we can not or if the IP address is not stored is required, we can shorten or shorten your IP address. In the case of shortening the IP address, also called "IP Masking", the last octet, i.e. the last two numbers of an IP address, is deleted (the IP address in this context is an Internet connection through the online access provider individually assigned identifier). With the shortening of the IP address, the identification of a person should be based on their IP address prevented or significantly impeded.

SSL Encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You will recognize such encrypted connections with the prefix https: // in of the Address bar of your browser.

Use of cookies

"Cookies" are small files that are stored on users' devices via cookies can different information is stored. The indications may be e.g. the language settings on one Website, the login status, a shopping cart, or the location where a video was viewed.

Cookies are usually used even if the interests of a user or his behavior (e.g. Viewing specific content, use of features, etc.) on individual web pages in a user profile saved become. Such profiles serve to provide users with e.g. View content that matches their potential interests correspond. This method is also called "tracking", that is, tracking the potential interests of user designated. In addition to the concept of cookies, we also include other technologies that perform the same functions Cookies (for example, if users' information is stored using pseudonymous online identifiers, also as "User IDs").

As far as we use cookies or "tracking" technologies, we will inform you separately in our Data protection.

Legal advice:On what legal basis we use your personal information Processing cookies depends on whether we ask for your consent. If so, and she consent to the use of cookies, the legal basis of the processing of your data is the declared Consent. Otherwise, the data processed by means of cookies will be based on our legitimate Interests (for example in a business operation of our online offer and its improvement) processed or, if the use of cookies is required to meet our contractual obligations meet.

Withdrawal and opposition (opt out):Regardless of whether the processing is based on a Consent or legal permission is granted, you have the option at any time, an issued Consent to revoke or object to the processing of your data through cookie technologies (collectively referred to as "Opt-Out").

You can first explain your disagreement using the settings of your browser, for example by using the use disable cookies (which also limits the functionality of our online service become can).

Commercial and Business Services

We process data of our contract and business partners, e.g. Customers and prospects (in summary referred to as "contracting party") in the context of contractual and comparable legal relationships and thus related actions and in the context of communication with the contractors (or pre-contractual), for example To answer inquiries.

We process these data to fulfill our contractual obligations, to secure our rights and to Purpose of the administrative tasks associated with these disclosures and the business organization. The Within the scope of the applicable law, we only pass data on the contracting parties to third parties to the extent that this is the case the or for the fulfillment of legal obligations or with the consent of Contractor (for example, to any telecommunications, transport and other auxiliary services involved) Subcontractors, banks, tax and legal advisers, payment service providers or tax authorities). About more Processing forms, e.g. For purposes of marketing, the contracting parties are under this Privacy policy informed.

What data is required for the above purposes, we communicate to the contractors before or in the context of the Data collection, e.g. in online forms, by special labeling (e.g., colors) or symbols (e.g. asterisk or similar), or personally with.

We delete the data after the expiration of legal warranty and comparable obligations, that is, basically after 4 years, unless the data is stored in a customer account, for example, as long as they are out for legal reasons of archiving (for example, for tax purposes usually 10 years). Dates, which have been disclosed to us in the context of an order by the contracting party, we delete accordingly Requirements of the order, basically after the end of the order.

Insofar as we use third-party providers or platforms for the provision of our services, we shall apply proportionally between the users and the providers the terms and conditions and privacy notices of the respective third party or Platforms.

Project and Development Services: We process the data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase or commission the chosen services or works and related activities as well as their payment and provision respectively. To allow execution or provision.

The required information is as such within the scope of the order, order or comparable conclusion of the contract and include the information required for provision of services and billing as well as Contact information to hold any consultations. As far as we have access to information of the end customers, Employees or other persons, we process them in accordance with the legal and contractual specifications.

Publishing Activity: We process the data from our contact partners, interview partners as well as other persons, the subject of our journalistic, editorial and journalistic as well as related activities. In this context, we refer to the application of protective provisions of the Opinion and press freedom acc. Art. 85 GDPR in conjunction with the respective national laws. The Processing serves the fulfillment of our order activities and, moreover, is based in particular of Public interest in information and media services.

Travel Related Services: We process the data of our customers and prospects (uniformly referred to as "customer") according to the underlying contractual relationship the Properties and circumstances of persons or things belonging to them, if this is part of the Contractual relationship is required. This can e.g. Details about personal living conditions, about mobile Goods and the financial situation.

In the context of our assignment, we may need special categories of data in the sense of Art. 9 Paragraph 1 DSGVO, in particular to process information on the health of a person. Processing takes place to the protect the health interests of customers and otherwise only with the consent of customers.

Unless required for performance of the contract or required by law, or by customer consent or based on on In our legitimate interests, we disclose or transmit customer data, e.g. to the at the fulfillment service providers involved in the travel services.

Software and Platform Services Offering: We process the data of our users, logged in and any test user (hereinafter referred to as "user") to them our contractual obligations and on the basis of legitimate interests, for safety our Guarantee and develop it further. The required information is as such in the frame of Order, order or comparable conclusion of contract and include the to performance and billing information as well as contact information to hold any consultations.

Technical Services: We process the data of our customers as well as clients (hereinafter collectively referred to as "customers") to enable them to select, purchase or commission the chosen services or works and related activities as well as their payment and provision respectively. To allow execution or provision.

The required information is as such within the scope of the order, order or comparable conclusion of the contract and include the information required for provision of services and billing as well as Contact information to hold any consultations. As far as we have access to information of the end customers, Employees or other persons, we process them in accordance with the legal and contractual specifications.

Events and Events: We process the data of the participants of the services we offer or aligned events, events and similar activities (hereinafter referred to collectively as "Participants" and "Events") to them to participate in the events and use of the with the To enable participation related services or actions.

Provided that we include health-related data, religious, political or other special categories from Processing data, this is done in the context of public knowledge (e.g. Events or serves the health care, security or with the consent of the Affected).

The required information is as such within the scope of the order, order or comparable conclusion of the contract and include the information required for provision of services and billing as well as Contact information to hold any consultations. As far as we have access to information of the end customers, Employees or other persons, we process them in accordance with the legal and contractual specifications.

Learn more about commercial services: We process our data Customers and Principal (hereinafter collectively referred to as "Customer") to assist them in the selection, acquisition or Commissioning the chosen services or works as well as related activities as well as their payment and Delivery or execution or provision.

The required information is as such within the scope of the order, order or comparable conclusion of the contract and include the information required for provision of services and billing as well as Contact information for any consultation.

• Processed data types:inventory data (e.g., names, addresses), payment data (e.g. Bank details, invoices, payment history), contact details (e.g., e-mail, telephone numbers), contract data (E.g. Subject matter, term, customer category).
• Affected individuals:prospects, business and contractors, customers.
• Purposes of Processing:Contractual Services and Service, Contact Inquiries and Communication, office and organizational procedures, administration and response to inquiries.
• Legal basis:Contract performance and pre-contractual requests (Art. 6 Abs. 1 S. 1 lit. c. DSGVO).

Providing Online Services and Web Hosting

To provide our online offer safely and efficiently, we take the services of one or more multiple web hosting providers from their servers (or servers managed by them) Online offer can be retrieved. For these purposes, we can provide infrastructure and platform services, Computing capacity, Storage and database services, as well as security and technical maintenance services take.

The data processed as part of the hosting service can be used by all of our users Information contained in the context of use and communication. For this regularly include the IP address that is necessary to deliver the content of online offers to browsers to and all entries made within our website or web pages.

Email delivery and hosting: We use the web hosting services we use likewise the dispatch, the receipt as well as the storage of E-Mails. For these purposes, the addresses of the Recipient and sender, as well as other information regarding e-mailing (e.g. provider) as well as the contents of the respective e-mails. The aforementioned data may also be used for the purposes of recognition processed by SPAM. We ask you to note that e-mails on the Internet are not be sent encrypted. As a rule, e-mails are encrypted on the transport route, but (provided no so-called end-to-end encryption method is used) not on the servers of which they are sent and received. We can therefore for the transmission of the emails between the sender and the Receive no responsibility on our server.

Collection of access data and log files: We (or our web hosting provider) collect Data too every access to the server (so-called server log files). The server logfiles can have the address and name of the server retrieved web pages and files, date and time of retrieval, transmitted data volumes, message about successful Call, browser type and version, the user's operating system, referrer URL (the previously visited page) and Normally IP addresses and the requesting provider belong.

Content Delivery Network: We use a Content Delivery Network (CDN). A CDN is a Service, with the help of which content of an online offer, especially large media files, such as graphics or Program scripts faster and more secure using regionally distributed and Internet-connected servers can be delivered.

• Processed data types:content data (e.g., text input, photographs, videos), Usage data (e.g., websites visited, interest in content, access times), meta / communication data (E.g. Device information, IP addresses).
• Affected Persons:Users (e.g., website visitors, online service users).
• Purposes of Processing:Content Delivery Network (CDN).
• Legal basis:Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f. DSGVO).

Deployed services and service providers:

Web analysis and optimisation

Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimisation.

In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offer or its components.

For these purposes, so-called user profiles may be created and stored in a file (so-called "cookie") or similar procedures may be used with the same purpose. This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal basis:If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

• Data subjects:Users (e.g. website visitors, users of online services).
• Purposes of processing:Reach measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behaviour-related profiling, use of cookies), visit action evaluation, profiling (creation of user profiles).
• Security measures:IP masking (pseudonymisation of the IP address).
• Legal basis:Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Online marketing

We process personal data for online marketing purposes, including but not limited to the display of promotional and other content (collectively, "Content") based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of users are also stored. However, we use IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear data of the users (such as e-mail addresses or names) are stored within the scope of the online marketing procedure, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing procedure we use and the network links the profiles of the users in the aforementioned data. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.

In principle, we only receive access to summarised information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Notes on legal basis:If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements, as soon as their processing Permits granted may be revoked or other permissions abolished (for example, if the purpose of the Processing of this data is omitted or they are not necessary for the purpose).

Unless the data is deleted because it is required for other and legitimate purposes, becomes whose processing is limited to these purposes. That is, the data is locked and not for other purposes processed. This applies, for example for data that must be kept for commercial or tax reasons or their storage for the assertion, exercise or defense of legal claims or for the protection of rights another natural or legal person is required.

Changing and Updating the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We fit the Privacy Policy as soon as the changes in the data processing we do so required do. We will inform you as soon as the changes result in a co-operation on your part (eg consent) or any other individual notification is required.

Rights of data subjects

You are entitled to various rights under the GDPR, in particular from Art. 15 to 18 and 21 DS-GVO result in:

• Right to object: You have the right, for reasons that arise from your particular situation yield, at any time against the processing of personal data concerning you, which, pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to one of these provisions supported Profiling. If the personal data relating to you are processed in order to operate direct mail, to have You have the right at any time to object to the processing of personal data concerning you To insert purposes of such advertising; this also applies to the profiling, as far as such direct mailings in Connection.
• Right of Withdrawal: You have the right to give consent at any time to withdraw.
• Right to information: You have the right to ask for confirmation as to whether or not you are interested Data will be processed and information about these data as well as further information and copy of the dates according to the legal requirements.
• Right of rectification: You have the legal right to the Completing the data concerning you or correcting the incorrect data concerning you desire.
• Right to Deletion and Restriction of Processing:You have the right to delete and limit processing statutory The right to demand that data concerning you be deleted immediately, or alternatively to In accordance with the legal requirements to require a restriction of the processing of the data.
• Data Transferability: You have the right to receive data relating to us provided in accordance with the legal requirements in a structured, common and To obtain machine-readable format or to request their transmission to another person responsible.
• Complaints to the supervisory authority: You also have to comply with the legal requirements the Law, with a supervisory authority, in particular in the Member State of your habitual residence, your Workplace or place of alleged infringement if you consider that the processing of the Personal data in violation of the GDPR.

Regulatory authority responsible for us:

Definitions

This section provides an overview of the terms used in this privacy policy Terms. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations should, however, especially the understanding serve. The terms are sorted alphabetically.

• Visit Action Evaluation:"Visit Action Evaluation" means a procedure that can be used to determine the effectiveness of marketing activities. This will be in the Usually a cookie on the devices of the users within the web pages on which the marketing measures done, saved and retrieved again on the destination website. For example, we can do that understand if the advertisements posted by us on other websites have been successful).
• Content Delivery Network (CDN):A Content Delivery Network (CDN) is a service with the help of which content of an online offer, especially large media files, such as graphics or Program scripts faster and more secure using regionally distributed and Internet-connected servers can be delivered.
• IP-Masking:"IP-Masking" refers to a method in which the last octet, i. the last two numbers of an IP address, is deleted, so that the IP address is no longer the unique one Identification of a person can serve. Therefore, IP masking is a means of pseudonymizing Processing methods, in particular in online marketing
• Interest-based and behavioral marketing:Of interest and / or Behavioral marketing is when potential interests of users in ads and other Content as accurately as possible be predetermined. This is done on the basis of information on their Vorverhalten (e.g. Searching for specific websites and lingering on them, buying behavior or interacting with others Users), which are stored in a so-called profile. As a rule, cookies are used for these purposes used.
• Conversion Measurement:Conversion Measurement is a technique that evaluates the effectiveness of Marketing measures can be found. This is usually a cookie on the devices of the users stored within the websites where the marketing activities are carried out and then re-launched on the Destination website. For example, we can thus understand if that of us on other websites switched ads were successful.
• Personal information:"Personal information" is all information that relates to one identified or identifiable natural person (hereinafter referred to as the "affected person"); a natural person is considered to be identifiable, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or can be identified to one or more particular features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of these natural person are.
• Profiling:As a profiling, every type of automated processing becomes more personal Data, which is that this personal information is used to identify certain Personal aspects that relate to a natural person (depending on the type of profiling involved Information regarding age, gender, location data and movement data, interaction with Web pages and their content, shopping behavior, social interactions with other people) assess or, to predict them (e.g., interest in particular content or products, click behavior) on a website or the whereabouts). For purposes of profiling, cookies and web beacons are commonly used used.
• Reach Measurement:Reach Measurement (also known as Web Analytics) is for Evaluation of the flow of visitors to an online offer and the behavior or interests of the visitors certain information, such as Content of web pages. With the help of range analysis can Website owner e.g. recognize at what time visitors visit their website and what content they use yourself interested. Thereby they can e.g. the content of the website better meets the needs of its visitors to adjust. For purposes of reach analysis, pseudonymous cookies and web beacons are often used to Recognize returning visitors and get more accurate analysis on how to use an online offer.
• Remarketing:Remarketing or retargeting is when, for example, for advertising purposes is noted for which products a user has been interested in a website to the user other websites to these products, e.g. in advertisements, to remember.
• Tracking:Tracking is when the behavior of users is more than one Online offers can be understood. As a rule, with regard to the used Online offers Behavioral and interest information in cookies or on servers of the providers of the Tracking technologies stored (so-called profiling). This information can then be sent e.g. be used to display advertisements to users who are likely to be their interests correspond.
• Responsible:"Responsible" is the natural or legal person, Authority, Institution or other entity acting alone or together with others on the purposes and means of Processing of personal data.
• Processing:"Processing" is anyone with or without the help of automated procedures process or series of actions related to personal data. The term extends far and includes virtually every handling of data, be it the collection, the evaluation, the storage, the Submit or delete.