Privacy Policy

As of: December 2025

Introduction

Privacy policies are often difficult to read. We understand that. And we want to do it differently.

With this privacy policy, we would like to provide you with an easy-to-understand explanation of how we process your personal data.

To this end, we present our privacy policy in a clearly structured manner and show you for each topic whether and how we process your personal data.

1. General information

The protection of your personal data and your privacy is extremely important to us. We therefore want to provide you with comprehensive transparency regarding the processing of your personal data (GDPR) as well as the storage of information on your device (TDDDG). Because only if the processing of personal data and information is understandable for you as the data subject are you sufficiently informed about the scope, purposes and benefits of the processing.

This privacy policy applies to all processing activities of personal data carried out by us as well as to the storage of information on your devices. It therefore applies both in connection with the provision of our services within our services and within external online presences, such as our social media fan pages.

The controller within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other data protection requirements is the

Controller
Verinox Forensik GmbH
De-Saint-Exupery-Straße 10
60549 Frankfurt am Main
Managing Partner: Philipp Korzendörfer
Email: p.korzendoerfer@verinox.io | Tel.: +49 178 4113825

Hereinafter referred to as the “Controller” or “we”.

2. General information on data processing

First of all, we would like to provide you with introductory information on what the protection of your personal data means, what personal data is, how we process it and which security measures we apply in this context.

2.1 Processing of personal data

Personal data (hereinafter also referred to as “data”) is information relating to the personal or factual circumstances of an identified or identifiable natural person.

Such information relating to personal or factual circumstances includes, for example:

  • Personnel data – name, age, marital status, date of birth
  • Communication data – address, telephone number, email address
  • Account data – bank account number, credit card number
  • Geo data – IP address & location data
  • Health data – state of health, illnesses

The “processing” of personal data includes, for example, the following measures:

  • Collection – e.g. via contact forms, by email or through processes and services used by us
  • Transfer – e.g. to service providers, integrated services or other third parties
  • Storage – e.g. in databases or on servers
  • Deletion – if we no longer have authorization to process it

2.2 Legal bases for processing your personal data

We process personal data only within the legally permitted limits. We are already obligated to do so by law, in particular the GDPR. Under it, we are required to always be able to rely on a legal basis for data processing operations. These legal bases are set out in Art. 6(1) GDPR. Below, we list the most common legal bases on which we process your personal data.

  • Consent - Art. 6(1)(a) GDPR: Your data is processed if you have actively consented to this processing—e.g. by an “opt-in”—after we have provided you with sufficient prior information about its scope and purposes. If you withdraw your consent or do not grant it, we will not (or no longer) process your data for purposes for which we require your consent.
  • Consent for special categories - Art. 9(2)(a) GDPR: Data that falls within special categories of personal data, such as health data, political opinions etc. (see also Art. 9(1) GDPR), is processed if you have actively consented to this processing—e.g. by an “opt-in”—after we have provided you with sufficient prior information about its scope and purposes. If you withdraw your consent or do not grant it, we will not (or no longer) process your data for purposes for which we require your consent.
  • For performance of a contract - Art. 6(1)(b): Your data is processed if it is necessary for the performance of a contract between us or for the implementation of pre-contractual measures. If processing is no longer necessary for performing the contract, we will no longer process your personal data.
  • Compliance with a legal obligation . Art. 6(1)(c) GDPR: Your data is processed if this processing is necessary for compliance with a legal obligation to which we, as the controller, are subject.
  • Legitimate interest - Art. 6(1)(f) GDPR: Your data is processed if this is necessary to safeguard a legitimate interest on our part and your interests or fundamental rights and freedoms, in particular with regard to the protection of your data, do not override it.

We process personal data only for specific purposes (Art. 5(1)(b) GDPR). As soon as the purpose of processing no longer applies, your personal data will be deleted or protected by technical and organisational measures (e.g. by pseudonymisation).

The same applies upon expiry of a prescribed retention period, subject to cases in which further storage is necessary for the conclusion of a contract or for contract performance. In addition, a legal obligation may arise requiring longer retention or disclosure to third parties (in particular law enforcement authorities). In other cases, the storage period and the type of data collected as well as the type of data processing depend on which functions you use in the individual case. We are also happy to provide you with information on this in individual cases in accordance with Art. 15 GDPR.

2.3 Categories of data we process

In particular, the following categories of data are processed:

  • Master data (e.g. names, addresses, dates of birth)
  • Contact data (e.g. email addresses, telephone numbers, messaging services)
  • Content data (e.g. text entries, photographs, videos, contents of documents/files)
  • Contract data (e.g. subject matter of the contract, terms, customer category)
  • Payment data (e.g. bank details, payment history, payment service providers)
  • Usage data (e.g. history within our services, use of certain content, access times)
  • Connection data (e.g. device information, IP addresses, URL referrer)

2.4 Security measures we take

In accordance with the legal requirements and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood of occurrence and the extent of the threat to your rights and freedoms, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

In particular, these measures include ensuring that your data is stored and processed confidentially, with integrity, and is available at all times. Furthermore, the security measures we implement include controls of access to your data as well as controls of access rights, input, disclosure, safeguarding availability and the separation of your data from data of other natural persons. In addition, we have established procedures to ensure the exercise of data subject rights (see section 5), the deletion of data and responses in the event of a threat to your data. Furthermore, we already take the protection of personal data into account when developing our software and by means of procedures that comply with the principle of data protection by design and data protection-friendly default settings.

2.5 How we transfer or disclose personal data to third parties

In the course of our processing of your personal data, it may occur that this data is transferred or disclosed to other entities, companies, legally independent organisational units or individuals. Such third parties may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that we have integrated into our services. If we transfer or disclose your personal data to third parties, we comply with the legal requirements and, in particular, conclude appropriate contracts and/or agreements with the recipients of your data that serve to protect your data.

2.6 How transfers to third countries take place

If this privacy policy states that we transfer your personal data to a third country, i.e. a country outside the EU or outside the EEA, the following applies. A transfer to a third country takes place only in accordance with the legal requirements. We assure you that we have contractual or statutory authorisation to transfer and process your data in the respective third country. In addition, we only have your data processed by service providers in third countries that, in our view, have a recognised level of data protection. This means, for example, that there is an adequacy decision between the EU and the country to which we transfer your personal data. An “adequacy decision” is a decision adopted by the European Commission pursuant to Art. 45 GDPR, which establishes that a third country (i.e. a country not bound by the GDPR) or an international organisation provides an adequate level of protection for personal data. Alternatively—e.g. if there is no adequacy decision—a transfer to a third country takes place only if, for example, contractual obligations between us and the service provider in the third country exist through so-called Standard Contractual Clauses of the European Commission and additional technical safeguards have been implemented that ensure a level of protection essentially equivalent to that in the EU, or the service provider in the third country can demonstrate data protection certifications and your data is processed only in accordance with internal data protection rules (Art. 44 to 49 GDPR. Information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Under the so-called “Data Privacy Framework” (“DPF”), the EU Commission has recognised the level of data protection for certain companies from the USA as safe under the adequacy decision of 10 July 2023. A list of the certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). Within this privacy policy, we inform you which of the services we use are certified under the Data Privacy Framework.

2.7 Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitting processing are withdrawn or other permissions cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

In this privacy policy, we may provide information on the deletion and retention of data that applies specifically to the respective processing operations.

2.8 Storage of and access to data on your device

If we do not obtain your consent for this, the storage of or access to information on your device takes place in accordance with Section 25(2) No. 2 of the Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG), as the storage of and access to this information is absolutely necessary in order to provide the desired functions of our services. If we obtain your consent for this, the legal basis is Section 25(1) TDDDG. Our services use cookies, tokens, beacons or other technologies that may be stored on your devices and without which the provision of our services would not be possible.

Cookies, tokens, beacons or other technologies are generally text files that are stored on your device and can be read by us and third parties when you access our services. Many of the aforementioned technologies contain their own ID. Such an ID is a unique identifier of the respective technology used. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser or the specific service or device used in which cookies, tokens, beacons or other technologies have been stored. This enables operators of websites and analytics services to identify you as a user and distinguish you from others.

2.9 Data processing on behalf

If we use external service providers to process your data, we select and commission them carefully. If the services provided by these service providers constitute processing on behalf within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our data processing on behalf agreements comply with the strict requirements of Art. 28 GDPR as well as the requirements of the German data protection authorities.

3. Data subject rights

If your personal data is processed, you are a “data subject” within the meaning of the GDPR, and you as the data subject have the following rights vis-à-vis us as the “Controller”:

3.1 Right of access

You may request confirmation from the Controller as to whether personal data concerning you is being processed by us.

Where such processing is taking place, you may request the following information from the Controller:

  • the purposes for which the personal data is processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  • the envisaged period for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the Controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information as to the source of the data where the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
  • You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

3.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the Controller if the personal data processed concerning you is inaccurate or incomplete. The Controller must carry out the rectification without undue delay.

3.3 Right to restriction of processing

Under the following conditions, you may request the restriction of processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
  • if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
  • if the Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
  • if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the Controller override your grounds.
  • If the processing of personal data concerning you has been restricted, such data—apart from being stored—may be processed only with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted under the above conditions, you will be informed by the Controller before the restriction is lifted.

3.4 Right to erasure

3.4.1. You may request from the Controller that the personal data concerning you be erased without undue delay, and the Controller is obliged to erase such data without undue delay where one of the following grounds applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • Erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the Controller is subject.
  • The personal data concerning you was collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

3.4.2. Where the Controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, that personal data.

3.4.3. Exceptions to the right to erasure

The right to erasure does not apply to the extent that the processing of your data is necessary for the following measures:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union law or the law of the Member States to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the establishment, exercise or defence of legal claims.

3.5 Right to be informed

If you have asserted your right to rectification, erasure or restriction of processing against the Controller, the Controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of that rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the Controller to be informed about those recipients.

3.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the Controller to which the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

3.7 Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.

The Controller shall no longer process the personal data concerning you unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for those purposes.

In connection with the use of information society services—and notwithstanding Directive 2002/58/EC—you may exercise your right to object by automated means using technical specifications.

3.8 Right to withdraw the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

Processing is lawful up to the point of your withdrawal—withdrawal therefore only takes effect for processing after receipt of your withdrawal. You may declare the withdrawal informally by post or email. Your personal data will then no longer be processed, subject to authorisation under another legal basis. If this is not the case, your data must be erased without undue delay after the withdrawal pursuant to Art. 17(2) GDPR. Your right to withdraw your consent subject to the above conditions is guaranteed.

Your withdrawal should be addressed to:

Verinox Forensik GmbH.

De-Saint-Exupery-Straße 10.

60549 Frankfurt am Main.

Managing Partner: Philipp Korzendörfer.

Email: p.korzendoerfer@verinox.io | Tel.: +49 178 4113825

3.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

3.10 Automated decisions in individual cases including profiling

Automated decisions in individual cases, including profiling, do not take place unless specifically addressed separately in this privacy policy.

3.11 Notification obligations of the Controller

If your personal data has been disclosed to other recipients (third parties) on a legal basis, we will inform those recipients of any rectification, erasure or restriction of processing of your personal data (Art. 16, Art. 17(1) and Art. 18 GDPR). The obligation to notify does not apply if it would involve disproportionate effort or is impossible. We will also inform you of the recipients upon request.

4. Information on the cookies and other technologies used

We use cookies and/or beacons or other technologies to provide and evaluate our Services and to use the evaluated data for marketing purposes. Cookies are, for example, small text files that contain data from visited websites or domains and are stored on your device (computer, tablet or smartphone). When you access a website, the cookie stored on your device sends information to the party that placed the cookie.

4.1 How we use cookies and other technologies

We want you to be able to make an informed decision for or against the use of cookies and other technologies that are not strictly necessary for the technical features of the Services. Therefore, if we use cookies and other technologies that require your consent, we enable you—on the basis of a voluntary decision [NB1.1]—to choose, when you first visit our Services and thereafter on a permanent basis in the relevant settings, which cookies and other technologies you allow. In this context, it applies that functional cookies and other technologies are mandatory for visiting our Services and are therefore already enabled via our default settings. Statistics and marketing cookies and other technologies are optional. You can allow them by providing your consent in the consent banner for the setting of these cookies and other technologies. Alternatively, you can reject statistics and marketing cookies and other technologies. Please note that you may still be shown advertising even if you reject the use of statistics and marketing cookies and other technologies. In that case, however, the advertising is less tailored to your interests. You can nevertheless continue to use the full functionality of the Services.

4.2 Storage period of cookies and other technologies

If we do not provide you with explicit information on the storage period of cookies and other technologies (e.g. as part of the consent banner), you may assume that the storage period can be up to two years. If cookies and other technologies were set on the basis of your consent, you have the option at any time to withdraw consent you have given or to object to the processing of your data by cookies / technologies (collectively referred to as an opt-out).

4.3 Types of cookies and other technologies

From an objective perspective, we distinguish between

  • Functional cookies / technologies: These are required for the basic technical functions of the Services. They enable, for example, secure login and the saving of progress during ordering processes. They also enable us, for example, to store your login data, the contents of the shopping cart and the consistent display of page content.
  • Statistics cookies / technologies: These enable us to analyse the Services so that we can measure and improve their performance. You can change your personal statistics settings by clicking the corresponding opt-out link.
  • Marketing cookies / technologies: These are used by us to present you with advertising that may be relevant to your interests. They enable, for example, sharing pages via social networks and posting comments. Likewise, offers that may match your interests are displayed. You can change your personal marketing settings by clicking the corresponding opt-out link.

4.4 Consent management

We use TOOL as a consent management tool of TOOL PROVIDER (“TOOL”) as part of the tracking and analytics activities in our Services. TOOL collects logfile and consent data by means of JavaScript. This JavaScript enables it to inform you about your consent to certain tags in our Services and to obtain, manage and document this consent.

In doing so, we process the following data: (1) consent data, i.e. consent-related data (anonymised logbook data (Consent ID, Processor ID, Controller ID), consent status, timestamp), (2) device data, i.e. data about the devices used (including shortened IP addresses (IP v4, IP v6), device information, timestamp), (3) user data (including email, ID, browser information, SettingIDs, changelog). The ConsentID (contains the data mentioned above) and the consent status including timestamp are stored in your browser’s local storage and at the same time on the cloud servers we use. Further processing takes place only if you submit an access request or withdraw your consent. The legal basis for processing personal data by means of TOOL in accordance with the provisions stated here results from our legitimate interest and for compliance with legal requirements and therefore from Art. 6(1)(f) and (c) GDPR. By means of TOOL, we seek to comply with legal requirements relating to data protection and tracking and thus to set up the functioning of our information technology systems in a legally compliant and user-centred manner.

5. Data processing in connection with the use of our Services

The use of our Services with all of their functions involves the processing of personal data. We explain here exactly how this takes place.

Informational use of our Services

The purely informational access of our Services requires the processing of the following personal data and information: browser type and browser version, operating system used, address of previously visited websites, IP address of the device with which you access our Services, as well as the time of access to our Services. All of this information is transmitted automatically by your browser, unless you have configured it in such a way that the transmission of information is suppressed.

This personal data is processed for the purposes of the functionality and optimisation of our Services, as well as to ensure the security of our information technology systems. These purposes are also legitimate interests pursuant to Art. 6(1)(f) GDPR, and the processing therefore takes place on a legal basis.

6. Communication Services

Contact form / contact via email

We process your personal data that you provide to us as part of contacting us for the purpose of responding to your enquiry, your email or your request for a callback. The categories of data processed in this context are master data, contact data, content data, where applicable usage data, connection data and where applicable contract data. In individual cases, we pass this data on to affiliated companies, or third parties whom we commission to process orders. The legal basis for the processing depends on the purpose of the contact. By submitting your enquiry in the contact form or contacting us by email, you declare that you would like responses or information on certain topics. For this purpose, you also provide your data. We respond to your enquiry as requested and process your data for this purpose. Therefore, the authorisation to process your data is based on Art. 6(1)(b) GDPR, because we process it to respond to your enquiry and thus to fulfil the contract relating thereto.

7. Web hosting

7.1 Provision of our Services

In order to be able to provide you with our Services, we use the services of a web hosting provider. Our Services are accessed from the servers of this web hosting provider. For these purposes, we use the web hosting provider’s infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed includes all data that you enter in the course of your use and communication in connection with your visit to our Services and/or that is collected from you in this context (e.g. your IP address). Our legal basis for using a web hosting provider to provide our Services results from Art. 6(1)(f) GDPR (legitimate interest).

7.2 Receiving and sending emails

The services we use from the web host may also include the sending, receiving and storage of emails. For these purposes, the addresses of recipients of your emails as well as the sender, as well as other information relating to email transmission (e.g. the providers involved) and the contents of the respective emails are processed. The above data is processed, among other things, for the purpose of detecting spam. Emails are generally not sent encrypted on the internet. As a rule, emails are encrypted during transport, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission path of emails between the sender and receipt on our server. Our legal basis for using a web hosting provider for receiving and sending emails results from Art. 6(1)(f) GDPR (legitimate interest).

7.3 Collection of access data and log files

We ourselves (or our web hosting provider) collect data about each access to the server (server log files). The server log files may include the address and name of the accessed Services and files, date and time of access, volumes of data transferred, message about successful retrieval, browser type and version, your operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

Server log files may be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (in particular in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure server utilisation and stability. Our legal basis for using a web hosting provider to collect access data and log files results from Art. 6(1)(f) GDPR (legitimate interest).

8. Tracking & tools

To ensure smooth technical operation and optimal user-friendly use of our Services, we use the following services:

Google Analytics

We use Google Analytics for the purpose of statistically evaluating your use of our Services. Your IP address is collected by us before Google anonymises it by truncation prior to permanent storage on its servers. Google Analytics enables us to understand how our Services are used by you and how we can improve and further develop them accordingly. For example, Google Analytics shows which content you click on or visit repeatedly. The data processed is usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g. the USA), this is done only in individual cases, on the basis of a data processing agreement concluded with Google and in accordance with EU standard contractual clauses agreed with Google and other security measures permitted by the GDPR, which ensure that the security of the processing of your personal data with a level of protection identical to that in the EU is ensured, in particular on the basis of the EU-US Data Privacy Framework (DPF). The legal basis for the use of Google Analytics is your consent (e.g. via an opt-in in the consent banner), provided that you have given us such consent during your visit to our Services, and therefore results from Art. 6(1)(a) GDPR. On the basis of your consent, cookies, so-called “beacons” or similar (text) files are stored on your device and personal data is read out in this way. If you have not given us your consent to use Google Analytics (no opt-in in the consent banner or withdrawal of your consent), we do not (or no longer) use Google Analytics as part of your visits to our Services.

9. Fan pages on social media websites

We maintain fan pages on the websites of social networks on the internet and process personal data in this context in order to communicate with users active there or to provide information about us. We would like to point out that your data may be processed outside the European Union when you visit our fan pages. The operators of the respective social networks are responsible for this. A detailed description of the respective forms of processing and the objection options (e.g. opt-out) can be found in the privacy policies of the operators of the respective social networks.

LinkedIn

We operate a LinkedIn fan page for our company on LinkedIn. When you visit and use the LinkedIn fan page, LinkedIn may analyse your usage behaviour and provide us with information obtained from this. The use of this information is for purposes of economic optimisation and needs-based design of our website/our Services. The categories of data processed are master data, contact data, content data, usage data and connection data. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in the manner described here results from our legitimate interest and therefore from Art. 6(1)(f) GDPR.

LinkedIn is responsible for implementing your data subject rights. LinkedIn informs you about your data subject rights at: https://de.linkedin.com/legal/privacy-policy. You can also assert your rights against us; we will then immediately forward your request to LinkedIn.

YouTube

We operate a channel for our company on YouTube. When you visit and use our YouTube channel, Google may analyse your usage behaviour and provide us with information obtained from this. The use of this information is for purposes of economic optimisation and needs-based design of our website. The categories of data processed are master data, contact data, content data, usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in the manner described here results from our legitimate interest and therefore from Art. 6(1)(f) GDPR.

YouTube is responsible for implementing your data subject rights. YouTube informs you about your data subject rights at: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/#privacy-guidelines. You can also assert your rights against us; we will then immediately forward your request to YouTube.

10. Plug-ins in our Services

In our Services, we integrate content such as videos, buttons, social media icons, etc. from social networks and other websites via plug-ins. The integration always works in such a way that the social networks learn and process your IP address via these plug-ins. The IP address is required to display the plug-in content, as it is needed so that the social networks whose plug-ins we have integrated can send information to your browser. Some social networks use pixel tags (invisible graphics, also referred to as web beacons) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic in our Services. Further information may also be stored in cookies on your device and may include, among other things, technical information about your browser and your operating system, the time of your visit to our Services, as well as other information about the use of our Services, and may be linked with information from other sources.