DATA PROTECTION

1. Information on data protection

1.1 General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

1.2 Data collection on this website

Firstly, your data is collected by you providing it to us. This can be, for example, data that you enter into a contact form.

Other data is collected automatically or after your consent by out IT systems when visiting the website. This is mainly technical data (e.g. Internet browser, operating systems, or time of page view). The collection takes place automatically as soon as you enter this website.

1.3 What do we use your data for?

Part of the data is collected to ensure error-free operation of the website. Other data may be used to analyze your user behavior. This is done primarily with so-called analysis programs. You can find more detailed information about analysis tools and other third-party tools in the following privacy policy.

2. Responsible Party

The party responsible for the processing of your personal data on our website is

sanoctua GmbH & Co. KG
Wildstr. 20
D-89522 Heidenheim a. d. Brenz
Germany

Phone: +49 7321 757 8150
Email: info@sanoctua.com
Web: www.sanoctua.com

Amtsgericht Ulm | HRA 726 293
VAT ID: DE 321 684 648

Personally liable partner of sanoctua GmbH & Co. KG:
sanoctua Management GmbH
Wildstraße 20 | 89522 Heidenheim a. d. Brenz | Germany
Amtsgericht Ulm | HRB 743 523
Managing Directors: Tanja Reischl-Stenske, Christian Stenske, Michael Flach

3. General notes and obligatory information

3.1 Data protection

We take the protection of your personal data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data by which you can be personally identified. This privacy policy explains which data we collect, what we use it for, and for what purpose.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

3.2 Storage duration

Unless a specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.

If you assert a legitimate request for deletion or if you revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). If such reasons exist, the deletion will take place after they cease to exist.

3.3 General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a. GDPR. If you have consented to the storage of cookies or to the access to information in your terminal (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR.

In addition, we process your data, insofar as this is necessary for the fulfillment of a legal obligation, on the basis of Art. 6 (1) lit. c GDPR.

Furthermore, data processing may be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We inform you about the relevant legal basis in each individual case in the following paragraphs of this privacy policy.</p

3.4 Recipients of personal data

In the course of our business activities, we cooperate with various external parties. In some cases, this also requires the transmission of personal data to these external parties.

We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in disclosure according to Art. 6 (1) lit. f GDPR, or if another legal basis permits the disclosure of data.

When using third-party processors, we disclose personal data of our customers only on the basis of a valid contract on commissioned processing. In the event of joint processing, a joint processing agreement will be concluded.

3.5 Note on data transfer to the USA

Some of the tools we use are offered by companies based in the USA. If these tools are activated, your personal data may be transferred to the USA and processed there.

All of the companies we are using tools from are participating in the EU-U.S. Data Privacy Framework (DPF) and, as such, are self-certified at the US Department of Commerce. A full list of all participating organizations can be found here: https://www.dataprivacyframework.gov/s/participant-search.

Thus, these organizations fall within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

If we should decide to introduce further tools by US-based companies or other third countries that are unsafe according to the GDPR, we will include them in this privacy statement. We would like to point out that in such cases, no level of data protection comparable to the one in the EU can be guaranteed.

3.6 Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

4. Technical implementation

4.1 Hosting

The web server for the operation of our website is operated technically by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany ("Strato"). When you visit our website, Strato collects various log files including your IP address. All Strato products are hosted exclusively at Strato data centres in Germany (https://www.strato.de/sicherheit/).

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz

The use of Strato is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4.2 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the hosting of the website or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol on your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Data collection and use

5.1 Visit to this website

You can visit our website without giving any details about your person. When you visit our web pages, you transmit data via your Internet browser to the Strato AG web server for technical reasons. This data includes:

Date and time of the request
Name of the requested file
Page from which the file was requested
Web browser and operating system used
IP address of the requesting computer
Transferred data volume

This data is only used to provide the online service.

5.2 Cookies

This website uses cookies. Cookies make websites more user-friendly and efficient for the user. A cookie is a small text file that is used to store information.

When visiting a website, the website may place a cookie on the website visitor's terminal, which is stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal.

If the user visits a website again later, the website can read the data from previously stored permanent cookies and thus determine, for example, whether the user has visited the website before and which areas of the website the user was particularly interested in. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.

More information about cookies can be found on Wikipedia.

In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you, or to optimize the website are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimal availability of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.

Cookies on our website

Our website uses the following providers:

sanoctua GmbH & Co. KG: Cookie Consent – This is used to store the consent to the use of cookies.
WordPress.com: Our website is compiled with WordPress.com. WordPress uses cookies for various purposes. You can find out more here: https://automattic.com/cookies/
Insofar as further cookies from third-party providers or for analysis purposes are used, we will inform you separately within the scope of this data protection declaration and, if necessary, request your consent.

Changing cookie settings

How the web browser handles cookies, which cookies are allowed or rejected, can be defined by the user in the web browser settings. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

If the use of cookies is restricted, not all functions of this website may be fully functional.

5.3 Links to other websites

If we refer to or link to the websites of third parties through our website, we cannot assume any responsibility or liability for the accuracy or completeness of the contents and the data security of these sites. Since we have no influence on the compliance of third parties with data protection regulations, you should check the privacy policies of each site separately.

6. Communication

6.1 Request by email, fax, or phone

If you contact us by email, fax, or telephone, we will collect, process, and use your personal data solely for the purpose of processing your inquiry. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (para. 6 (1) lit. a GDPR), if this has been requested. This consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Legal provisions, in particular statutory retention periods, remain unaffected.

6.2 Communication via Microsoft Teams

We use Microsoft Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("MS Teams"), for internal and external communication. This includes the integrated chat program, telephony and video conferencing, online training and file sharing.

In the process, data, including personal data, is processed and stored by MS Teams. Depending on the settings, this can be:

User details, e.g. display name, email address, phone number, profile picture, department.
Company details, e.g. company name, address
Presence/absence status
Audio and video data, provided that the devices (microphone and camera) are enabled
Meeting metadata, e.g. participants, IP addresses, device/hardware information, title and description, call duration
For recordings: MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the chat.
If the screen is shared: all content of the corresponding shared screen or application
When dialing in by phone: additional information about the line, e.g. information about the phone number, country name, further connection data if necessary
When using additional functions: e.g. shared files and content, answers to surveys, calendar entries, status of tasks, technical usage data for providing the functionalities

The type and amount of personal data processed also depends on your own entries and settings. In the case of guest access, these are the personal details you provide prior to participation; in the case of accounts and in particular company accounts, the data depend both on your personal settings and on your administrator-controlled tenant settings.

The legal basis for the processing of personal data in this case is Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR. Recordings of an online meeting are only made with the consent of all participants and thus on the basis of Art. 6 (1) a) GDPR. For employees, Section 26 BDSG applies additionally as the basis for processing.

Personal data that is processed when using MS Teams is generally not passed on to third parties by us, unless it is explicitly designated or approved for passing on. In addition, Microsoft as the provider processes the aforementioned personal data insofar as this is necessary for the supply of the service and/or the associated support.

In principle, data collected via our MS Teams account is stored by Microsoft within the European Union. Since Microsoft also operates sites in the USA (Microsoft Corporation, One Microsoft Way. Redmond, Washington 98052-6399, USA), personal data (in particular diagnostic data) may also be transferred there. Microsoft Corporation is part of the EU-U.S. Data Privacy Framework (DPF), meaning that they’re self-certified at the US Department of Commerce (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active).

Thus, Microsoft Corporation falls within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

For more details on privacy, please see the MS Teams privacy policy: https://learn.microsoft.com/en-gb/microsoftteams/teams-privacy

7. Plugins and Tools

7.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). If you have consented to its use, we will use the resulting data to analyze website usage, compile reports on it, and optimize our website and advertisements.

Google Analytics uses cookies that enable an analysis of the use of our websites by the user. Google also uses artificial intelligence (AI) and machine learning to analyze the data.

When our website is visited, a connection to Google's servers is established via software and data is transmitted to Google's servers. User data is collected and transmitted to them. This includes usage data in the form of events, including:

Requested pages
First visit to the website
Beginning of session
Behaviour on pages (e.g., length of stay, click path, scrolling behaviour, download of files)
Achieving website goals
Language settings

Also captured are:

Approximate location of the user (country, region)
IP address of the user (in shortened form)
Technical information on the browser and devices used (e.g., language settings, screen resoluiton)
Internet provider of the user
Referrer URL (through which website/advertising medium did the user reach our website)

According to Google, Google will store and use the collected data for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. It is possible that Google will use the data for further purposes of its own. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

IP anonymization

We use Google Analytics 4 (GA4). In GA4 an automatic IP anonymization takes place, i.e. no full IP addresses are logged and stored. All data from devices located in the EU (based on the geographical location according to the IP address) is collected via domains and servers in the EU before the traffic is redirected to Analytics servers in the USA for processing. This also applies to the anonymization of the IP address. For accesses to our website from outside the EU, this does not necessarily apply and the IP address may first be forwarded to servers in the USA before being anonymized there.

Data transfer to third countries

Since Google also has servers in the US (Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA), personal data might be transferred there.

Data transfer to the USA is based on the EU-U.S. Data Privacy Framework, which Google LLC is a part of, meaning that they’re self-certified at the US Department of Commerce ( https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

Thus, Google LLC falls within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

Detailed information on the handling of user data by Google Analytics can be found in the data protection declaration (Privacy Policy) of Google ( https://www.google.com/intl/de/policies/privacy/) and Google Analytics (https://support.google.com/analytics/answer/6004245?hl=en.

Deactivating Google Analytics

You can generally prevent Google Analytics from collecting your user data on all websites by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You can also refuse the collection of your user data for this site via the cookie settings. You can do so via the following link: Verbiete Google Analytics, mich zu verfolgen/Forbid Google Analytics to track me An opt-out cookie is set which prevents the collection of your data on future visits to this website. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

7.2 Google Maps

This site uses the map service Google Maps via an API (application programming interface). The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA (Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA) and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the EU-U.S. Data Privacy Framework, which Google is a part of, meaning that they’re self-certified at the US Department of Commerce ( https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

Thus, Google falls within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

Further information about the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

7.3 Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

With Google Ads, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Since Google also has servers in the US (Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA), personal data might be transferred there. Data transfer to the USA is based on the EU-U.S. Data Privacy Framework, which Google LLC is a part of, meaning that they’re self-certified at the US Department of Commerce ( https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

For more information on how Google processes your data for ads, please see Google's privacy policy (https://policies.google.com/privacy?hl=en) and the Google Ads Support page (https://support.google.com/google-ads/).

7.4 Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. A connection to Google servers does not take place.

For more information about Google Fonts, see https://developers.google.com/fonts/faq and the Google privacy policy: https://policies.google.com/privacy?hl=en.

7.5 Font Awesome (local hosting)

This site uses Font Awesome, provided by Font Awesome Team, for the uniform display of fonts and symbols. Font Awesome is installed locally. There is no connection to the servers of Fonticons, Inc

For more information about Font Awesome, please see the Font Awesome Privacy Policy at: https://fontawesome.com/privacy.

7.6 YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established, provided that you have activated the corresponding cookies. This tells the YouTube server which of our pages you have visited. For a correct display, YouTube also uses Google Font in this context, for which your IP address is sent to Google.

Furthermore, YouTube may store various cookies on your terminal or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You could prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 (1) lit. a DSGVO and §25 ( 1 ) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Since YouTube also has servers in the US (Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA), personal data might be transferred there. Data transfer to the USA is based on the EU-U.S. Data Privacy Framework, which Google LLC is a part of, meaning that they’re self-certified at the US Department of Commerce ( https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en .

7.7 Meta Pixel

Our website uses the "Meta Pixel" of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). This allows the behavior of site visitors to be tracked after they have been redirected to our website by clicking on a Meta ad (e.g., on the Meta platforms Facebook or Instagram). This allows the effectiveness of the Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website. We can not draw any conclusions about the identity of the user. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

This allows Meta to enable the placement of advertisements on pages of Meta (e.g., Facebook, Instagram) as well as outside of Meta. Meta may also store a cookie on your terminal device for this purpose. The data processed within Meta and linked to cookies are automatically deleted after 90 days.

For more information about protecting your privacy, please see Meta’s privacy policy: https://www.facebook.com/about/privacy/

You can also disable the Custom Audiences remarketing feature in the Ads Settings section. To do this, you must be logged in to Facebook. If you don't have a Facebook account, you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website: https://www.youronlinechoices.com/ (URL exemplary for the UK, please select your respective location).

The legal basis for the data processing is Art. 6 para. 1 lit. a GDPR or § 25 (1) TTDSG.

With your consent you agree at the same time according to Art. 49 para. 1 lit. a of the GDPR that your data will be processed in the USA (Meta Platforms, Inc, 1601 Willow Road Menlo Park, CA 94025, USA).

Data transfer to the USA is based on the EU-U.S. Data Privacy Framework, which Meta Platforms, Inc is a part of, meaning that they’re self-certified at the US Department of Commerce (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active ).

Thus, Meta Platforms, Inc. falls within the scope of the European Commission's adequacy decision regarding the DPF, meaning a transfer of personal data to these organizations is regarded as safe by EU-GDPR standards.

7.8 Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). It is an auxiliary service that processes personal data itself only for technically necessary purposes. It takes care of loading other components, which in turn may collect data. Google Tag Manager does not access this data. We have concluded the data processing addendum for companies within the European Economic Area with Google.

When Google Tag Manager is accessed, the user's IP address may be transmitted to Google, some of whose servers are also located in the USA (Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA).

For more information about Google Tag Manager, please see Google's privacy policy: https://policies.google.com/privacy?hl=en

8. Newsletter subscription

We offer you a free newsletter in which we inform you about current offers and promotions, as well as information about us, our products and everything related to health and well-being. If you would like to subscribe to the newsletter, you must provide a valid email address.

By subscribing to the newsletter, you agree to receive the newsletter and the explained procedures. We thus process your personal data on the basis of Art. 6 (1) lit. a DSGVO. The data you enter (at least your e-mail address) will only be used to personalize the newsletter and will not be passed on to third parties.

The newsletter dispatch is carried out by the dispatch service provider CleverReach®, a dispatch platform of CleverReach GmbH & Co. KK, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach").

Further information about the privacy policy of CleverReach is available at: .

Withdrawal and cancellation

You can withdraw your consent to receive the newsletter at any time by sending an e-mail to info@sanoctua.com or by clicking on the link at the end of each newsletter and thus cancel the newsletter subscription. This will void your consent to receive the newsletter. After your cancellation, your personal data will be deleted, provided that the deletion does not conflict with any legal retention obligations.

reCAPTCHA

We use the service reCAPTCHA to determine whether a human or computer makes a certain entry in our newsletter form. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer:

IP address of the terminal device used
the website you visit with us on which the captcha is embedded
the date and duration of the visit
the recognition data of the browser and operating system type used
Google account if you are logged in to Google
mouse movements on the reCaptcha areas and tasks that require you to identify images.

By using reCAPTCHA, your data is transferred to the Google server. The location of these servers may also be in the U.S.

There are several reCAPTCHA variants that can be used:

No CAPTCHA reCAPTCHA: The user places a checkmark in a checkbox labeled "I am not a robot."
Image reCAPTCHA: The user is shown 9 image sections, some of which have the same content (e.g. traffic lights) and must be marked accordingly.
Text reCAPTCHA: The user must enter a superimposed text in a field.
Invisible reCAPTCHA: The user does not have to perform any action themselves. Google checks in the background of the website whether the user is a human or a bot. To do this, Google tracks, among other things, cursor movements and the IP address of the user.

In addition, reCAPTCHA also checks whether a cookie has already been created in the user's browser. If this is not the case, Google sets a cookie. Google thus creates a kind of fingerprint of the user for reCPATCHA, which is also recognized on other pages. This makes it possible for Google to track users across pages.

Legal basis for the described data processing is Art. 6 (1) lit. f DSGVO. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

9. Social Media Profiles

Our online presence on Facebook, Instagram, YouTube, and LinkedIn

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our company and our products there.

When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms.

These can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal for this purpose. In these cookies, the visitor behavior and the interests of the users are stored. This serves according to Art. 6 (1) lit. f. GDPR to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. by means of a checkbox, the legal basis for the data processing is Art. 6 (1) lit. a GDPR.

For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.

Facebook/Meta: https://www.facebook.com/about/privacy/ as well as https://www.facebook.com/settings?tab=ads
Instagram/Meta: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
XING: https://privacy.xing.com/en/privacy-policy
YouTube: https://policies.google.com/privacy?hl=en

The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR.

For Facebook/Meta, you can look up the specific agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.

10. Your rights

We take the protection of your personal data very seriously. We treat the personal data that we store for order processing confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Right to withdraw your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and in the case of direct marketing (Art. 21 GDPR)

If the data processing is not based on your consent, but on Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.

If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to information, deletion, and correction</6>

Within the scope of the applicable legal provisions, you have the right to information, correction, and deletion of the processing of your stored personal data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a member state.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right of appeal to the competent supervisory authority

You also have the right of appeal to a competent supervisory authority. The authority responsible for us is the "Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg", available at https://www.baden-wuerttemberg.datenschutz.de/

This privacy policy was created with the assistance of https://www.e-recht24.de.

As of: 2023-08-09

Verbiete Google Analytics, mich zu verfolgen/Forbid Google Analytics to track me