Privacy policy

Status: 30.09.2022

Introduction

In this document you will find all the necessary information in accordance with Articles 13 and 14 of the General Data Protection Regulation.

What might interest you most

Contact us at contact@skulp.de with questions about privacy.

This policy applies to more than one group of individuals (data subjects):

• Website visitors
• Skulp users
• Business partners & customers
• Applicant

Skulp is responsible for the processing of your personal data. More here [= link in the document to the relevant definition / explanation]..

Details about cookies and other tools used on our websites can be found here: Technical notes [= link in the document to the corresponding definition / explanation]..

Table of contents

• Information for website visitors
• Information for Skulp users
• Information for business partners & customers
• Information for applicants
• Your rights

Important definitions

GDPR: The EU General Data Protection Regulation. This privacy statement uses terms such as data subject, personal data, processing, controller, processor and recipient within the meaning of Article 4 DSGVO.

Consent: Refers to the legal basis of Article 6 1. (a) of the GDPR.

Contract performance and Contract initiation at the request of the data subject.: Refers to the legal basis of Article 6 1. (b) of the GDPR.

Compliance with a legal obligation: Refers to the legal basis in Article 6 1. (c) of the GDPR.

(Our) Legitimate Interest: Refers to the legal basis in Article 6 1. (f) of the GDPR.

Skulp: Skulp GmbH with the business address Am Wissenschaftspark 9, 54296 Trier, Germany. Also referred to as "We", "Us"and "Our".

Skulp employees: Skulp employees.

Skulp Processor: Processors (as defined in Article 4, GDPR) that are under contract with Skulp. A list of the current Skulp processors can be found here [= link in the document to the relevant definition / explanation]..

Skulp websites: websites provided by Skulp, such as www.skulp.com (or country-specific domains like www.skulp.at and www.skulp.de)

Skulp Platform: The software operated by Skulp online, in its apps and on its websites to organize and invoice personal training.

Training offers: Various offers from training providers in the field of sports and leisure activities that can be booked, managed and invoiced via the Skulp platform.

User: Persons who have registered online with Skulp in order to be able to use the Skulp platform for the organization and payment of training offers.

Training providers: Partner companies that provide the training offers and organize and invoice them through the Skulp platform.

Skulp service: Provision of the Skulp platform and management and invoicing of the associated training offers between user and training provider.

Contact

If you have any questions regarding data protection, please contact us at contact@skulp.de.

Who is responsible for data processing?

Skulp is " Controller" with respect to the processes described in this Privacy Policy. This means that Skulp is responsible for how, why and for how long your personal data is processed. Skulp employees are used for this purpose. Members have signed a written agreement between them (in accordance with Article 26 of the GDPR) to manage their respective responsibilities. You have the right to contact any of the members with your data protection concerns, but is contact@skulp.de a common point of contact to which your concerns will be forwarded to Skulp and/or the relevant department.

Who has access to or receives my data?

Access to your data is handled according to the need-to-know principle. This means that only Skulp employees, Skulp processors and/or third parties have access to or receive your personal data for as long as and to the extent necessary for processing that has a legal basis. More details about who these recipients are and what data they receive are listed at the end of each processing activity below.

What exactly is a processor?

We engage external service providers to perform various tasks for us. If one of these tasks involves the processing of your personal data, each of these service providers is a processor within the meaning of the GDPR. We have written agreements with them (pursuant to Article 28 of the GDPR) that govern the handling of personal data and require the processors to maintain reasonably high security standards. You can find a current table with all of Skulp's processors here [= link in the document to the corresponding definition / explanation]..

Other responsible parties:

Some recipients are controllers in their own right with respect to the data transferred to them, so this processing does not constitute commissioned processing. Payment service providers, for example, are controllers in their own right. Training providers are also data controllers in their own right with respect to the data transferred to them (e.g. to manage your booking). You can view which personal data is transferred as well as the training provider's privacy policy before completing a booking.

Third countries:

When transferring data to recipients in third countries (countries outside the EU/EEA), either an Adequacy Decision of the EU Commission [e.g., link to: https://datenschutz.hessen.de/datenschutz/internationales/angemessenheitsbeschl%C3%BCsse] is available for the country in question, or we have concluded with the recipients Standard Contractual Clauses to ensure an adequate level of protection for your data.

Links to third party websites

Skulp's websites contain links to websites of training providers and others. Skulp is not responsible for the privacy or data protection practices of these websites. If you click on a link to visit one of these websites, please read the privacy policy of the website owner.

Information for website visitors

If you visit any of the Skulp websites, the following information is relevant to you.

Note: The Skulp websites are hosted on servers in Germany. Our email servers are located within the EU. More details about information security at Skulp can be found here.

Content:

• Website visit
• Contact us

Website visit

When you visit one of our websites, the following processing takes place.

What data we collect:

Visitation Data

• The IP address of the device
• Date and time of your request
• Name of the page you requested
• Whether your request was successful or not
• Which web browser, operating system and device you have used
• Amount of data transferred
• Country of origin of the request (derived from the first digits of the IP address).

Required cookie data

Analytics Cookie Data

Advertising cookie data

Error & Crash Report Data:

• The IP address of the device
• Your username (if you were logged in during the incident)
• Date and time of the request
• Requested URL
• Which web browser and operating system you have used
• Error message, error codes, stack trace

Why and how we use this data:

Purpose: Operation of a commercial website.

Legal basis: Our legitimate interest in operating a commercial website.

• Visit data is automatically processed by our servers in the manner necessary to provide you with the requested web page.
• Data of necessary cookies are read from and written to your device to personalize the content you see, for example, to display content on all pages in the language you choose.

Purpose: To ensure information security.

Legal basis: Our legitimate interest to ensure information security.

• The visit data is logged in our log files. These log files are only accessed in the event of a security incident (e.g. unauthorized access attempts).
• Visit data is processed and data from necessary cookies is read from and written to your device for security purposes: Every device that visits one of our websites is automatically checked to detect and prevent possible security incidents (e.g. a denial of service attack). If a device passes this test, a cookie is stored on it so that it does not have to be tested again on each new visit.

Purpose: Optimization of our online offer by detecting and solving technical problems.

Legal basis: Our legitimate interest in providing a functioning, error-free product.

• If an error or crash occurs while using one of our services, a report is generated and the data is used to identify and resolve technical issues that may have caused the problem.

Purpose: Optimization of our services.

Legal basis: Your consent to analyses.

• The data collected through analytics cookies helps us understand how our visitors interact with and use our websites and services. These cookies and the data they provide are used solely for internal research purposes so that we can improve our services. They help us count the number of visitors, where visitors come from, what pages they navigate, and how they use them.

Purpose: Personalization of advertising for our own products on third-party websites.

Legal basis: Your consent to personalized advertising.

• Advertising cookies and the data they collect are used to show visitors relevant advertising (for our own products) on third-party websites. To tailor advertising to visitors' preferences, these cookies track visitors on our websites and collect information about the pages they visit and the products they view. Our advertising partners also track visitors on third-party websites to show them personalized advertising.

Note: You are not obliged to agree to this! If you did, you can withdraw your consent at any time by reopening the consent options and unchecking the boxes. You will find a link to these options at the bottom of each page. Withdrawing your consent will not affect the lawfulness of the processing that was based on your consent prior to the withdrawal. Failure to provide or revocation of your consent will not affect your continued relationship with Skulp or the Training Providers.

You can find more information about cookies and other tools we use here.

How we store this data:

• Log files are automatically deleted after 30 days.
• Cookies are on your device stored on your device. You can find information about cookies and their storage duration here. You can delete cookies at any time in your browser settings. You can revoke your consent at any time by reopening the cookie options at the bottom of each page and removing the checkmarks.
• The data collected for analyses is immediately anonymized, so no personal data is stored.
• Advertising data will be deleted if you withdraw your consent.
• Error & crash report data is deleted after 90 days from its creation.

Who receives this data:

• Skulp Processor
• Skulp Information Security Department (log files in the event of a security incident)
• Skulp product and development department (Error & & Crash Report data)

Third parties:

• With your consent: Our advertising partners read and use advertising cookie data

Contact

If you contact us by e-mail, the following data processing takes place.

What data we collect:

• E-mail data (message, sender, date, time)

Why and how we use this data:

The purpose of processing depends on the content of your message and is (in most cases) customer support or business initiation.

Purpose: To provide support to customers upon request.

Legal basis: Our legitimate interest in the operation of a business.

Purpose: To initiate business at the request of the data subject.

Legal basis: Initiation of a contract at the request of the data subject.

In any case, we will forward your email to the appropriate Skulp employee so that your question, inquiry or other message can be properly addressed.

How we store this data:

• As a rule, email data is stored for 12 months after receipt.
• If the message is a business letter, we are required by law to store it for longer. In Germany, this period is 6 years after the end of the year in which the message was received.

Who receives this data:

• Sculp processor
• Employees of Skulp, if applicable

Information for Skulp users

If you have or want to have a Skulp user account in order to use Skulp services (e.g. by booking a course), the following information is relevant for you. Since you (as a user) are of course also visiting our websites, please also read the section "Information for website visitors" carefully.

Information for App Users: If you use the Skulp App to access our services, the same information applies as for website visitors, except that cookies are not used.

Note: The Skulp platform is hosted on servers in Germany. More details about information security at Skulp can be found here.

Content:

• Create a Skulp account
• Your sculp profile
• Log in
• Booking
• Evaluation of a training provider
• Subscription to our news and offers

Create a Skulp account

You can join the Skulp Platform by creating a user account with your email address and a password (email login) or by signing up and logging in with one of your existing accounts (e.g. Facebook, Apple, Google) ("Single Sign-On", "SSO" or also "Social Login"). When you do this, the following data processing takes place. You can find more information about social logins at Skulp in the technical notes.

What data we collect:

If you use the e-mail login:

• First and last name
• E-mail address
• Hash of the sculp password you have chosen

When you use Social Login, the provider transmits the following of your data to us:

• First and last name
• E-mail address
• User ID

The following data is collected automatically:

• Metadata (date and time of account creation, last login, email verification status).

Why and how we use this data:

Purpose: To provide you with a Skulp account

Legal basis: Fulfillment of a contract (contract of use between you and Skulp).

• The data is stored in our database.

Purpose: To ensure information security

Legal basis: Our legitimate interest to ensure information security.

• A confirmation email will be sent to the email address provided.

How we store this data:

• The data will be stored until you delete your account.

Who receives this data:

• Sculp processor
• Skulp Support Team on your request

Your sculp profile

You can add, edit or delete certain information in your Skulp profile. Here you can find information on how to edit them.

What data we collect::

• Activities (upcoming and previous bookings)
• Credits (the cards and memberships you have with various training providers).
• Profile data (first and last name, date of birth, e-mail address, phone number, postal address)
• Payment methods

Why and how we use this data:

Purpose: To provide you with the regular functionalities of a Skulp account.

Legal basis: fulfillment of a contract (the usage agreement between you and Skulp).

• Activities and payment methods are only stored for your benefit.

Purpose: To provide you with the regular functionalities of a Skulp account.

Legal basis: fulfillment of a contract (the usage contract between you and the training provider).

• Credits are stored in your Skulp profile for your information. The relevant training provider can access and devalue your credit whenever you decide to use it.
• Some of your profile data and payment methods are processed when you book a sports offer. See booking below.

How we store this data:

• Each activity and your credit will be stored in your profile until the activity has taken place or is used up, after which you can delete it manually.
• You can delete the personal data (except for your email address) and payment methods in your Skulp profile at any time.

Who receives this data:

• Sculp processor

Log in

Whenever you log in to your Skulp account, the following data processing takes place.

What data we collect:

Depending on how you log in, the following data is collected:

• Email login authentication credentials (email address, hashed password).
• Social login authentication data (email address, ID token)

In addition, the following data is collected:

• Metadata (date and time of login)

Why and how we use this data:

Purpose: To ensure information security

Legal basis: Our legitimate interest to ensure information security.

• The authentication data is used to authenticate you and grant you access.
• The metadata is stored in our database to identify inactive accounts.

How we store this data:

• The authentication data will be stored until your account is deleted.
• The data entered during login will not be saved.
• The metadata is overwritten every time you log in and deleted when your account is deleted.

Who receives this data:

• Sculp processor
• Skulp Information Security Department

Booking

Whenever you use the Skulp Platform to book a sports offer (book a course, book a personal training, etc.), you enter into a service contract with the training provider of that offer and the following data processing takes place.

What data we collect:

• Booking details (training provider, sport, product, date and time, first booking (optional))
• Additional booking details (product details, additional products)
• Optional information for training providers
• Billing details (price) and payment confirmation

Why and how we use this data:

Purpose: To enable you to book a sports offer.

Legal basis: Fulfillment of a contract (the service contract between you and the training provider).

• If you use one of the payment methods stored in your Skulp profile to pay for the service, the necessary payment information is transmitted to a payment service provider (currently Stripe). If you use a new payment method, you will be redirected to the payment service provider where you can enter your data directly. If the transaction was successful, we receive a payment confirmation from the payment service provider.
• All booking details, optional information, payment confirmation and some of your profile data (e.g. name, email address and phone number. This depends on what information the training provider needs. Exactly which data is transferred will be displayed during the booking process.) will be transferred to the training provider.
• An activity or entry will be created in your credit register and saved in your sculp profile.

How we store this data:

• The payment confirmation will be stored in accordance with legal requirements.

Who receives the data:

• Sculp processor

Third parties:

• Payment information: Payment provider you have chosen
• Booking Details & Optional Information: Training provider you have booked

Evaluation of a training provider

When you review or rate one of our training providers, the following processing takes place:

What data we collect:

Evaluation data:

• Your written evaluation of the training provider
• Metadata (date and time of the assessment)
• Data that you have previously specified: Profile data (first name, first letter of last name, profile picture).

Evaluation data:

• Your evaluation(s) of the training provider

Why and how we use this data:

Purpose: Publication of your rating

Legal basis: Consent

• Your rating data will be stored in our database and published on our website.

Note: This means that data is effectively transferred to anyone who visits our website, including parties in non-EU/ECR countries. Whether or not personal data is actually published, i.e. whether you can be identified by someone visiting our website, depends heavily on two factors: who reads your review and what information you have provided. We (Skulp) can always attribute the rating to you personally. Others only see the rating information, which can be anonymous. However, someone who already knows you could identify you based on your profile picture alone, for example, or the content of your written review.

• Your rating data is stored and used to calculate the average rating of all users on a particular training provider.

Note: You are not obliged to consent! If you have done so, you can withdraw your consent at any time by contacting us. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Not giving or revoking your consent will not affect your further dealings with Skulp or the training providers, but your rating will not be published without your consent.

Purpose: Content moderation

Legal basis: fulfillment of a contract (the Skulp terms of use).

• Your rating will be deleted if its content violates the Skulp Terms of Use.

How we store this data:

• The rating and assessment data will be stored until you withdraw your consent or the training provider deletes its profile, whichever comes first.

Who receives this data:

• Sculp processor
• Evaluation data: Anyone who visits our website

Subscribe to our news and offers

If you choose to receive marketing-related messages from us (for example, by checking the box when you register), we will send you messages about upcoming offers and events to your email address. At the bottom of each of these emails, you will find a link that allows you to unsubscribe from these messages.

What data we collect:

As a user, you have already provided us with the data we use: Your email address and name.

Why and how we use this data:

Purpose: Advertising (promotion of our own products).

Legal basis: Consent

• We use your data to send you regular marketing emails.

Note: You are not obliged to agree to this! You can withdraw your consent at any time by clicking on the unsubscribe link that you will find at the bottom of each marketing email. The withdrawal of your consent does not affect the lawfulness of the processing that was based on your consent before the withdrawal. Failure to provide or withdrawal of your consent will not affect your further relationship with Skulp or the Training Providers.

Who receives this data:

• Sculp processor
• The marketing department of Skulp

Information for business partners & customers

If you are a business partner or business customer of Skulp, or an employee of someone who is, the following information is relevant to you. If you also visit our websites, please read the section "Information for website visitors" carefully.

Content:

• Doing business with sculp
• Filling out a form
• Use of the Skulp platform
• Using the Skulp admin area
• The Skulp Webshop

Doing business with sculp

If you or your employer wish to enter into or have entered into a contract with a member of the Skulp Group, some (standard) business transactions involve the processing of personal data and the following information is relevant to you.

What data we collect:

• Basic data (name, e-mail address and telephone number of the contact person; company, country, industry)
• Business correspondence (name, (email / phone / postal) address, message, metadata)
• Other correspondence (name, (email / phone / postal) address, message, metadata)
• Business documents (invoices, contracts, payment orders, offers)

Why and how we use this data:

Purpose: Regular business processing

Legal basis: performance or preparation of a contract at the request of the data subject (contract between you and Skulp, or, if you are an employee, your employment contract).

• The data will be stored and otherwise processed to the extent necessary for the performance or preparation of the contract between you/your employer and Skulp. This includes communication, invoicing and accounting.

How we store this data:

• The data will be deleted 12 months after the last contact and if there is no other legal basis for further processing (such as an active contract or a legal obligation to retain data).

Who receives this data:

• Skulp Processor
• Employees of Skulp, if applicable
• Accountant/tax consultant from Skulp

Filling out a form

If you decide to contact us by filling out a form (on one of our websites, e.g. the free online demo form), the following processing takes place.

What data we collect:

• Data you enter in the form (your name and contact information, etc.)
• Date and time of contact

Why and how we use this data:

Purpose: To initiate business at the request of the data subject.

Legal basis: Initiation of a contract at the request of the data subject.

• The data is stored.
• The data will be used by our sales department to contact you.

Purpose: Advertising (promotion of our own products).

Legal basis: Our legitimate interest in doing business with you.

• You will receive marketing emails.

Note: You have the right to object to this processing without giving any reason. You can object by clicking on the link you will find at the bottom of each email.

How we store this data::

• The data will be deleted 30 months after the last contact and if there is no other legal basis for further processing (such as an active contract).

Who receives this data:

• Skulp Processor
• Skulp sales department

Use of the Skulp platform

If you offer your sports services on the Skulp platform, the following information is relevant for you.

Note: The data you enter in your Skulp training provider profile (company name and address, names and pictures of employees, etc.) are processed by Skulp on your behalf. That is, you are the controller and Skulp is the processor (for the process of storing and publishing your training provider profile data on the Skulp platform). This processing is covered by the processing agreement you have signed with Skulp. Other data processing that falls under the responsibility of Skulp (Skulp is the controller and you are the data subject) is described here:

What data we collect:

Login data:

• Login authentication data (e-mail address, hashed password)
• Metadata (date and time of login)

Evaluation data:

• Reviews and ratings from Skulp users associated with your training provider profile.

Why and how we use this data:

Purpose: Publication of user reviews and ratings to improve the overall quality of the services offered on the Skulp platform.

Legal basisBasis: Our legitimate interest in operating an e-commerce platform.

• Reviews and ratings are published on your training provider profile page.

Purpose: To ensure information security

Legal basis: Our legitimate interest to ensure information security.

• Login authentication information is used to authenticate you and grant you access.
• The metadata is stored in log files and used in case of malicious behavior.

How we store this data:

• Authentication data is stored for the duration of your contract with Skulp.
• The data entered during login will not be saved.
• Metadata is overwritten every time you log in and deleted when your account is deleted.

Who receives the data:

• Skulp Processor
• Skulp Information Security Department

Third parties:

• Verification of data: anyone who visits our website

Using the Skulp Admin Area

If you use the Skulp admin area, the following information is relevant for you.

Note: The data you enter in Skulp Admin-Beriech (customer's name and contact details, employee's schedule, etc.) will be processed by Skulp on your behalf. That is, you are the controller and Skulp is the processor (for the process of storing your customer and employee data). This processing is covered by the processing agreement you have signed with Skulp. Other data processing that falls under Skulp's responsibility (Skulp is the controller and you are the data subject) is described here:

What data we collect:

Login data:

• Login authentication data (e-mail address, hashed password)
• Metadata (date and time of login)

Why and how we use this data:

Purpose: To ensure information security

Legal basis: Our legitimate interest to ensure information security.

• Login authentication information is used to authenticate you and grant you access.
• The metadata is stored in log files and used in case of malicious behavior.

How we store this data:

• Authentication data is stored for the duration of your contract with Skulp.
• The data entered during login will not be saved.
• Metadata is overwritten every time you log in and deleted when your account is deleted.

Who receives this data:

• Sculp responsible
• Skulp Information Security Department

Information for applicants

So you want to be part of the Skulp team! That's great! Here's what you need to know about data protection.

Content:

• Filling out an application form

Filling out an application form

When you fill out an application form on one of our websites, the following data processing takes place.

What data we collect:

Application data

• Data you provide with the application form (name, contact details, qualifications, certificates, etc.)

Subsequent data (if the application process is continued)

• Evaluation and decision on your application
• Test results
• Memos and correspondence with or about you

Why and how we use this data:

Purpose: Applicant management

Legal basis: Preparation of a contract at the request of the data subject.

• The application data is evaluated by employees of Skulp.
• You will be contacted.
• The data will be used to make a decision about your application.

Purpose: Storage of the application

Legal basis: Consent (when filling out your application, you can opt for an extended retention period so that we can contact you when a position becomes available).

• Your data will be stored for two years, during which time you will be informed about new vacancies at Skulp that match your profile

Note: You are not obliged to consent! If you have done so, you can revoke your consent at any time by contacting us. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until the withdrawal. If you do not give or withdraw your consent, this will not affect your application or other relations with Skulp.

How we store this data:

• We keep the data for 6 months after the application process is completed.

Who receives this data:

• Sculp processor
• Skulp personnel department
• Other Skulp employees, if applicable

Your rights

In principle, you have the rights of access, rectification, erasure, restriction of processing, data portability and objection. To exercise these, you can contact Skulp or another member of the Skulp Group. For example, if you wish to delete your account, simply send an email to contact@Skulp.de.

Details on your right to object: Whenever "our legitimate interest" is the legal basis for processing, you have the right to object to this processing. If the processing is marketing activities in our legitimate interest, you can simply object without any further requirements. In all other cases, we ask you to specify the reasons (in relation to your particular situation) for your objection.

Details on withdrawing consent: If "consent" is the legal basis for the processing, you have the right to withdraw your consent at any time with future effect, either by contacting Skulp directly or by doing what is described above for each processing (e.g., clicking a link to unsubscribe from marketing messages). Withdrawing your consent will not affect the lawfulness of the processing that was based on your consent prior to the withdrawal.

Under the GDPR, you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. The Skulp Group does not subject you to such decisions.

If you believe that the processing of your data violates data protection law or otherwise infringes your privacy rights, please contact Skulp at contact@Skulp.de. We will always endeavor to resolve your concern to your satisfaction. You have the right to contact the supervisory authority and file a complaint at any time. In Germany, this is the respective state or federal data protection commissioner. A list of the responsible supervisory authorities can be found here. [Link to https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html]

Privacy policy on the use and application of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate and interact with each other in virtual space. A social network can serve as a platform for sharing opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By each call of one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Privacy policy on the use and application of Google Analytics (with anonymization function)

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and analysis of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is predominantly used for the optimization of a website and for the cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject's information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within the data subject's sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

Privacy policy on the use and application of Instagram

The controller has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data on other social networks.

The operating company of the Instagram services is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

By each call of one of the individual pages of this website, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives knowledge about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged into Instagram at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.

Further information and the applicable privacy policy of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Privacy policy on the use and application of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered individuals use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives knowledge of which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn provides the ability to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn's applicable privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Legal basis of processing

Article 6 I lit. a DS-GVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b DS-GVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO.
Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 DS-GVO).