Overview of Processing
The following overview summarizes the types of processed data, the purposes of their processing, and the affected individuals.

Types of Processed Data:
– Contact data
– Content data
– Usage data
– Meta, communication, and procedural data

Purposes of Processing:
– Handling contact requests and communication
– Measuring reach
– Providing our online services and ensuring user-friendliness

Applicable Legal Bases
The following section provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or business location. If more specific legal bases apply in individual cases, we will inform you in our privacy policy.

Consent (Art. 6(1) Sentence 1 lit. a GDPR) –
The data subject has given consent to the processing of their personal data for one or more specific purposes. Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b GDPR)–Processing is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures requested by the data subject.

Legal obligation (Art. 6(1) Sentence 1 lit. c GDPR) –
Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6(1) Sentence 1 lit. f GDPR) –
Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National Data Protection Regulations in Germany:

In addition to the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer of data, as well as automated decision-making in individual cases, including profiling. Additionally, the data protection laws of individual federal states may apply.

Note on the Applicability of GDPR and Swiss Data Protection Act (DSG):
This privacy policy serves to provide information in accordance with both the Swiss Federal Act on Data Protection (Swiss DSG) and the General Data Protection Regulation (GDPR). For broader applicability and better understanding, the terms of the GDPR are used. Specifically, instead of the terms „processing“ of „personal data,“ „overriding interest,“ and „particularly sensitive personal data“ used in the Swiss DSG, the corresponding GDPR terms are used: „processing“ of „personal data,“ „legitimate interest,“ and „special categories of data.“ However, the legal meaning of these terms continues to be determined by the Swiss DSG where applicable.

Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and severity of risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, availability security, and separation of the data. We have also established procedures that allow data subject rights to be exercised, data deletion to be carried out, and responses to data security threats to be implemented. Furthermore, we consider the protection of personal data in the development or selection of hardware, software, and processes, following the principles of data protection by design and default.

Transfer of Personal Data
In the course of processing personal data, we may transmit or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers responsible for IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and enter into appropriate contracts or agreements with recipients of the data to ensure their protection.

International Data Transfers

Processing of Data in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in the context of using third-party services or disclosure/transmission of data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the data protection level in the third country is recognized as adequate through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfers. Otherwise, data transfers occur only if the level of data protection is otherwise ensured, particularly through standard contractual clauses (Art. 46(2) lit. c GDPR), explicit consent, or where contractual or legally required transmission applies (Art. 49(1) GDPR). Further information on adequacy decisions can be found on the European Commission’s website: [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de](https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

EU-US Trans-Atlantic Data Privacy Framework:
Under the so-called „Data Privacy Framework“ (DPF), the European Commission recognized the level of data protection for certain US companies as secure in its adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce: [https://www.dataprivacyframework.gov/](https://www.dataprivacyframework.gov/) (in English). We inform you in our privacy policy which service providers we use that are certified under the Data Privacy Framework.

Rights of Data Subjects
Under the GDPR, you have the following rights as a data subject, particularly under Articles 15 to 21 GDPR:

– Right to Object: You have the right to object to the processing of your personal data based on Art. 6(1) lit. e or f GDPR at any time, including profiling based on these provisions.
– Right to Withdraw Consent: You have the right to withdraw your consent at any time.
– Right of Access: You have the right to request confirmation of whether your personal data is being processed and to receive information about this data.
– Right to Rectification: You have the right to request the completion or correction of incorrect personal data.
– Right to Erasure and Restriction of Processing: You have the right to request the immediate deletion or restriction of your data under legal requirements.
– Right to Data Portability: You have the right to receive your provided data in a structured, common, and machine-readable format or to request its transmission to another controller.
– Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

Use of Cookies
Cookies are small text files or other storage markers that store information on end devices and retrieve information from them. They can be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor flows.

– Temporary Cookies: Deleted when a user leaves an online service and closes their device.
– Permanent Cookies: Remain stored even after closing the device and can retain login statuses, display preferences, and enable analytics.

Processed Data Types:
Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category).

Affected Persons:
Interested parties; Business and contract partners.

Purposes of Processing:
Provision of contractual services and fulfillment of contractual obligations; Inquiry handling and communication; Office and organizational procedures; Management and response to inquiries.

Legal Bases:
Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Methods, and Services:

Processed Data Types:
Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected Persons:
Customers.

Purposes of Processing:
Provision of contractual services and fulfillment of contractual obligations; Marketing.

Legal Bases:
Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

Service Providers and Third-Party Services Used in Business Operations:
As part of our business operations, we use additional services, platforms, interfaces, or plugins from third-party providers (hereinafter referred to as “services”), while complying with legal requirements.

Processed Data Types:
Inventory data (e.g., names, addresses); Payment data; Contract data (e.g., contract subject, duration, customer category).

Affected Persons:
Customers; Interested parties; Users (e.g., website visitors).

Purposes of Processing:
Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures.

Legal Bases:
Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Contact and Inquiry Management:
When contacting us (e.g., via mail, contact form, email, phone, or social media) and as part of existing user and business relationships, we process the data provided by the requesting persons to the extent necessary to respond to their inquiries and any requested measures.

Processed Data Types:
Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected Persons:
Communication partners.

Purposes of Processing:
Inquiry handling and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via an online form); Provision of our online services and user-friendliness.

Legal Bases:
Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

Contact Form:
If users contact us via the contact form, email, or other communication channels, we process the data provided for handling the request.

Legal Bases:
Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Marketing Communication via Email, Mail, Fax, or Phone:
We process personal data for marketing communication purposes, which may be conducted through various channels (e.g., email, phone, mail, or fax) in accordance with legal requirements.

Recipients have the right to withdraw their consent at any time or object to marketing communication.

After withdrawal or objection, we store the data necessary to prove the previous authorization for contact or sending for up to three years after the end of the year of withdrawal or objection, based on our legitimate interests. The processing of this data is limited to defending against potential claims. Additionally, to ensure compliance with withdrawal or objection requests, we store the necessary data (e.g., email address, phone number, name) to prevent further contact.

Processed Data Types:
Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers).

Affected Persons:
Visitors 

Purposes of Processing:
Direct marketing and contact (e.g., via email or mail).

Legal Bases:
Consent (Art. 6(1) sentence 1 lit. a) GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Online Marketing:
We process personal data for online marketing purposes, which include advertising space marketing or the display of advertising and other content based on users’ potential interests and the measurement of their effectiveness.

For these purposes, user profiles are created and stored in a file (so-called “cookie”) or similar methods are used to store information relevant to displaying the mentioned content. This may include viewed content, visited websites, used online networks, communication partners, and technical details such as browser type, operating system, usage times, and used features. If users have consented to the collection of location data, this can also be processed.

IP addresses are also stored but are anonymized (IP masking) to protect users. Generally, no clear data (such as email addresses or names) are stored within online marketing processes, only pseudonymous data. This means neither we nor the providers know users’ actual identities, only the stored profile data.

Cookies used for online marketing are typically stored for a period of two years unless stated otherwise.

Processed Data Types:
Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).

Affected Persons:
Users (e.g., website visitors, users of online services).

Purposes of Processing:
Audience measurement (e.g., visitor statistics, recognition of returning visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Marketing; Creation of user profiles.

Security Measures:
IP masking (pseudonymization of the IP address).

Opt-Out Options:
We refer to the privacy policies of the respective providers and their provided opt-out options. If no explicit opt-out option is provided, users can disable cookies in their browser settings, though this may limit the functionality of our online services.

– Europe:[https://www.youronlinechoices.eu](https://www.youronlinechoices.eu)
– Canada: [https://www.youradchoices.ca/choices](https://www.youradchoices.ca/choices)
– USA:[https://www.aboutads.info/choices](https://www.aboutads.info/choices)
– Global:[https://optout.aboutads.info](https://optout.aboutads.info)

Social Media Presence:
We maintain online presences on social networks and process user data within this framework to communicate with active users or provide information about us.

We note that user data may be processed outside the EU, potentially leading to risks such as difficulties in enforcing user rights.

Data within social networks is usually processed for market research and advertising purposes, and usage profiles may be created. These profiles can be used to display interest-based advertising within and outside the networks.

For a detailed overview of processing methods and opt-out options, please refer to the privacy policies of the respective network operators.

Example Services:
– Instagram (Meta Platforms Ireland Ltd.) – [Privacy Policy](https://instagram.com/about/legal/privacy)
– LinkedIn (LinkedIn Ireland Unlimited Company) – [Privacy Policy](https://www.linkedin.com/legal/privacy-policy)