Legal Info and Privacy Policy

Privacy Policy

Preamble

With this privacy policy, we want to inform you about thetypes of personal data (hereinafter referred to as “data”) we process, thepurposes for which we process them, and the extent to which we process them.The privacy policy applies to all processing of personal data, both in thecontext of our services and in particular on our websites, in mobileapplications, and on external online presences, such as our social mediaprofiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Date: April 3, 2023

Table of Contents

Preamble Controller Overview of Processing Activities Legal Bases forProcessing Security Measures Transmission of Personal Data Data Processing inThird Countries Data Retention and Deletion Use of Cookies Business ServicesProvision of Online Offering and Web Hosting Contact and Inquiry ManagementAdvertising Communication via Email, Mail, Fax, or Telephone Social MediaPresences (Social Media) Plugins and Embedded Functions and Content Changes andUpdates to the Privacy Policy Rights of Data Subjects Definitions

Controller

Lukas Werling, Im Langen Grund, 74239 Hardthausen

Email: contact@isptech.space

Imprint: https://isptech.space/legal

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposesof the processing, and refers to the affected individuals.

Types of Data Processed

Inventory data. Payment data. Contact data. Content data. Contract data. Usagedata. Meta, communication, and process data.

Categories of Data Subjects

Prospects. Communication partners. Users. Business and contractual partners.

Purposes of Processing

Provision of contractual services and customer service. Contact inquiries andcommunication. Security measures. Direct marketing. Office and organizationalprocedures. Administration and response to inquiries. Feedback. Marketing.Profiles with user-related information. Providing our online offering anduser-friendliness. Information technology infrastructure.

Legal Bases for Processing

The following overview provides an overview of the legal bases of the GDPR onwhich we process personal data. Please note that in addition to the provisionsof the GDPR, national data protection regulations in your or our country ofresidence or domicile may apply. If, in specific cases, more specific legalbases are applicable, we will inform you of these in the privacy policy.

Consent (Art. 6 (1) (a) GDPR) – The data subject has given consent to the processingof his or her personal data for one or more specific purposes. Performance of acontract and pre-contractual inquiries (Art. 6 (1) (b) GDPR) – Processing isnecessary for the performance of a contract to which the data subject is partyor in order to take steps at the request of the data subject prior to enteringinto a contract. Legal obligation (Art. 6 (1) (c) GDPR) – Processing isnecessary for compliance with a legal obligation to which the controller issubject. Legitimate interests (Art. 6 (1) (f) GDPR) – Processing is necessaryfor the purposes of the legitimate interests pursued by the controller or by athird party, except where such interests are overridden by the interests orfundamental rights and freedoms of the data subject which require protection ofpersonal data.

In addition to the GDPR, national data protection regulations apply in Germany.This includes, in particular, the Federal Data Protection Act (BDSG). The BDSGcontains special regulations on the right to information, the right todeletion, the right to object, the processing of special categories of personaldata, the processing for other purposes, and transmission as well as automateddecision-making, including profiling, in individual cases. Furthermore, itregulates the processing of data for purposes of employment relationships (§ 26BDSG), in particular with regard to the establishment, implementation, ortermination of employment relationships, as well as the consent of employees.In addition, data protection laws of the individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures to ensure anappropriate level of protection that is appropriate to the risk, taking intoaccount the state of the art, implementation costs, the nature, scope,circumstances, and purposes of the processing, as well as the variousprobabilities of occurrence and the extent of the threat to the rights andfreedoms of natural persons.

Measures include, in particular, safeguarding the confidentiality, integrity,and availability of data by controlling physical and electronic access to thedata, as well as access, input, disclosure, availability, and separation.Furthermore, we have established procedures that guarantee the exercise of datasubjects’ rights, the deletion of data, and responses to data threats. We alsoconsider data protection in the development or selection of hardware, software,and procedures in accordance with the principle of data protection, throughtechnology design and through privacy-friendly default settings.

TLS encryption (https): To protect your data transmitted via our onlineoffering, we use TLS encryption.

Transmission of personal data In the context of our processing of personaldata, it may happen that the data is transmitted to other entities, companies,legally independent organizational units or persons, or is disclosed to them.Recipients of this data may include, for example, IT service providers orproviders of services and content integrated into a website. In such cases, wecomply with legal requirements, and in particular conclude appropriatecontracts or agreements with the recipients of your data to protect your data.Transmission of data within the organization: We may transmit personal data toother units within our organization or grant them access to this data. If thistransfer is for administrative purposes, the transfer of data is based on ourlegitimate business and economic interests, or it is carried out if it isnecessary to fulfill our contractual obligations, or if there is consent fromthe individuals concerned or a legal permit. Data processing in third countriesIf we process data in a third country (i.e., outside the European Union (EU) orthe European Economic Area (EEA)) or the processing takes place in the contextof third-party services or the disclosure or transfer of data to other persons,entities or companies, this is only done in accordance with legal requirements.Except for explicit consent or necessary transmission by contract or law, weonly process or allow data to be processed in third countries with anestablished level of data protection, contractual obligations by so-calledstandard data protection clauses of the EU Commission, in the presence ofcertifications, or binding internal data protection regulations (Art. 44 to 49of the GDPR, information page of the EU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).Deletion of data The data processed by us will be deleted in accordance withlegal requirements as soon as the consent for its processing is revoked, orother permissions fall away (e.g., if the purpose of processing the data nolonger exists, or the data is no longer necessary for the purpose). If the datais not deleted because it is required for other legally permissible purposes,its processing will be restricted to these purposes. This means that the datawill be blocked and not processed for other purposes. This applies, forexample, to data that must be kept for commercial or tax reasons or whosestorage is necessary for asserting, exercising, or defending legal claims orfor protecting the rights of another natural or legal person. Our dataprotection notices may also contain further information on the storage anddeletion of data, which are primarily applicable to the respective processing.

Use of Cookies

Cookies are small text files or other storage references that store informationon end devices and read information from end devices. For example, to storelogin status in a user account, shopping cart contents in an e-shop, onlinecontent accessed or functions used. Cookies can also be used for variouspurposes, such as functionality, security, and convenience of online services,as well as generating traffic analysis.

Consent Information: We use cookies in accordance with legal regulations.Therefore, we obtain prior consent from users except when it is not legallyrequired. Consent is not necessary if the storage and reading of information,including cookies, are absolutely necessary to provide users with a telemediaservice they explicitly request (i.e. our online service). Cookies that areabsolutely necessary usually include cookies with functions that serve thedisplay and operation of the online service, load balancing, security, storageof user preferences and choices, or similar purposes related to providing mainand ancillary functions of the online service requested by users. The revocableconsent is communicated clearly to the users and includes information about therespective cookie use.

Privacy Policy Related to Data Processing: The legal basis on which we processpersonal data from users using cookies depends on whether we ask for theirconsent. If users consent, the legal basis for processing their data is thedeclared consent. Otherwise, the data processed using cookies is based on ourlegitimate interests (e.g. in operating our online service on a business basisand improving its usability) or, if done during the fulfillment of ourcontractual obligations, if the use of cookies is necessary to fulfill ourcontractual obligations. We inform users about the purposes for which weprocess cookies during this privacy policy or as part of our consent andprocessing processes.

Storage Period: The following types of cookies are distinguished in terms ofstorage period:

Temporary cookies (also known as session cookies): Temporary cookies aredeleted at the latest after a user leaves an online service and closes theirdevice (e.g. browser or mobile application). Permanent cookies: Permanentcookies remain stored even after the end device is closed. For example, loginstatus can be stored, or preferred content can be displayed directly when theuser revisits a website. Similarly, data collected using cookies can be used tomeasure reach. If we do not provide users with explicit information about thetype and storage period of cookies (e.g. as part of obtaining consent), usersshould assume that cookies are permanent, and the storage period lasts up totwo years.

General Information on Revocation and Objection (Opt-Out): Users can withdrawtheir consent at any time and also object to processing in accordance with thelegal requirements set out in Art. 21 GDPR. Users can also declare theirobjections via their browser settings, such as by deactivating the use ofcookies (although this may also limit the functionality of our onlineservices). Objection to the use of cookies for online marketing purposes canalso be declared on the websites https://optout.aboutads.info andhttps://www.youronlinechoices.com/.

Legal Basis: Consent (Art. 6 Paragraph 1 S. 1 lit. a) GDPR).

Further Information on Processing, Procedures, and Services:

Processing of cookie data based on consent: We use a cookie consent managementsystem in which users’ consent for cookie use or processing and providersmentioned in the cookie consent management process are obtained and managed,and users can manage and revoke their consent. The consent declaration is savedto prevent it from being asked again and to be able to prove the consent incompliance with legal obligations. Storage can be done server-side and/or in acookie (so-called opt-in cookie or comparable technologies) to assign theconsent to a user or their device. These notes apply, subject to individualinformation about the providers of cookie management services: The duration ofconsent storage can last up to two years. A pseudonymous user identifier iscreated and stored in conjunction with the time of consent, information on theconsent range (e.g. which categories of cookies and/or service providers),browser, system, and device used.
Legal basis: Consent (Art. 6 Paragraph 1 S. 1 lit. a) GDPR).

Business Services

We process data from our contractual and business partners, i.e. customers andinterested parties (hereinafter referred to collectively as “partners”), in thecontext of contractual and comparable legal relationships, associated measures,and communication with partners (or pre-contractually), e.g., to answerinquiries.

We process this data to fulfill our contractual obligations. This includes inparticular the obligations to provide the agreed services, any updateobligations, and remedying warranty and other service disruptions. In addition,we process the data to protect our rights and for the purpose of administrativetasks associated with these obligations and company organization. Furthermore,we process the data based on our legitimate interests in proper and efficientbusiness management, as well as in security measures to protect our contractualpartners and our business operations from misuse, endangerment of their data,secrets, information, and rights (e.g. by involving telecommunications,transport and other auxiliary services and subcontractors, banks, tax, andlegal advisors, payment service providers or financial authorities). Inaccordance with applicable law, we only disclose contract partners’ data tothird parties to the extent necessary for the aforementioned purposes or to complywith legal obligations. Contract partners will be informed about further formsof processing, e.g. for marketing purposes, as part of this privacy policy.

We will inform the contract partners before or during data collection, e.g. inonline forms, by special labeling (e.g. colors) or symbols (e.g. asterisks orsimilar), or in person, which data is required for the aforementioned purposes.

We delete the data after the expiration of statutory warranty and comparableobligations, i.e. in principle after 4 years, unless the data is stored in acustomer account, e.g. if it must be kept for legal reasons for archivingpurposes. The statutory retention period is ten years for tax-relevantdocuments as well as for commercial books, inventories, opening balances,annual financial statements, and the respective management reports andaccounting records required to understand these documents, and six years forreceived commercial and business letters and representations of the sentcommercial and business letters, as well as records and other documentsrequired for taxation purposes. The period begins at the end of the calendaryear in which the last entry was made in the book or inventory, the openingbalance sheet, the annual financial statement, or the management report wasprepared or the commercial or business letter was received or sent or theaccounting document was generated or the respective records and other documentswere created.

Insofar as we use third-party providers or platforms to provide our services,the business terms and privacy policies of the respective third-party providersor platforms apply in the relationship between users and providers.

• Processed data types: inventory data (e.g. names, addresses); payment data(e.g. bank details, invoices, payment history); contact details (e.g. email,telephone numbers); contract data (e.g. subject matter of the contract,duration, customer category).
• Affected persons: interested parties; business and contractual partners.
• Purposes of processing: provision of contractual services and customerservice; contact inquiries and communication; administrative and organizationalprocedures; management and response to inquiries.
• Legal basis: fulfillment of a contract and pre-contractual inquiries (Art. 6Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c)GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:
• Project and development services: We process the data of our clients andcustomers (hereinafter uniformly referred to as “clients”) to enable them toselect, purchase, or commission the chosen services or works and relatedactivities as well as their payment and provision, execution, or performance.The necessary information is marked as such as part of the order, ordering, orcomparable contract conclusion and includes the information required forproviding and billing the services as well as contact information to be able tomake any queries. Insofar as we have access to information from end customers,employees, or other persons, we process this information in compliance withlegal and contractual requirements; Legal basis: fulfillment of a contract andpre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
• Technical services: We process the data of our clients and customers(hereinafter uniformly referred to as “clients”) to enable them to select,purchase, or commission the chosen services or works and related activities aswell as their payment and provision, execution, or performance. The necessaryinformation is marked as such as part of the order, ordering, or comparablecontract conclusion and includes the information required for providing andbilling the services as well as contact information to be able to make anyqueries. Insofar as we have access to information from end customers,employees, or other persons, we process this information in compliance withlegal and contractual requirements; Legal basis: fulfillment of a contract andpre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Provision of the online offering and web hosting

We process user data to be able to provide them with our online services. Tothis end, we process the user’s IP address, which is necessary to transmit thecontent and functions of our online services to the user’s browser or enddevice.
• Processed data types: usage data (e.g. visited websites, interest in content,access times); meta, communication and process data (e.g. IP addresses,timestamps, identification numbers, consent status); content data (e.g. entriesin online forms).
• Affected persons: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering and userfriendliness; Information technology infrastructure (operation and provision ofinformation systems and technical devices (computers, servers, etc.)); securitymeasures; Provision of contractual services and customer service.
• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).

Further information on processing procedures, methods and services:
• Provision of online offering on rented storage space: For the provision ofour online offering, we use storage space, computing power and software that werent or otherwise obtain from a corresponding server provider (also known as“web hoster”); Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1lit. f) DSGVO).
• Collection of access data and log files: Access to our online offering islogged in the form of so-called “server log files”. The server log files mayinclude the address and name of the accessed web pages and files, date and timeof access, transferred data volumes, message about successful retrieval,browser type and version, the user’s operating system, referrer URL (thepreviously visited page) and, as a rule, IP addresses and the requestingprovider. The server log files can be used for security purposes, e.g. to avoidoverloading the servers (especially in the case of abusive attacks, so-calledDDoS attacks) and to ensure the load and stability of the servers;
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO);Deletion of data: Log file information is stored for a maximum of 30 days andthen deleted or anonymized. Data whose further storage is necessary forevidentiary purposes is excluded from deletion until the respective incidenthas been finally clarified.
• E-mail dispatch and hosting: The web hosting services we use also include theprocessing of e-mails, including sending, receiving and storing them. For thesepurposes, the addresses of the recipients as well as senders and otherinformation concerning the sending of e-mails (e.g. the providers involved) aswell as the contents of the respective e-mails are processed. Theaforementioned data can also be processed for the purpose of recognizing SPAM.Please note that e-mails are generally not encrypted when sent over theInternet. In general, e-mails are encrypted during transport, but (unless anend-to-end encryption method is used) not on the servers from which they aresent and received. Therefore, we cannot accept any responsibility for thetransmission of e-mails between the sender and the recipient on our server;
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO).
• 1&1 IONOS: Services in the field of providing information technologyinfrastructure and related services (e.g. storage space and/or computingpower); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410Montabaur, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence1 lit. f) DSGVO); Website: https://www.ionos.de; Privacy policy:https://www.ionos.de/terms-gtc/terms-privacy; Order processing contract:https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Contact and inquiry management

When contacting us (e.g. by post, contact form, e-mail, telephone or via socialmedia) as well as in the context of existing user and business relationships,the information of the requesting persons is processed as far as this isnecessary to answer the contact inquiries and any requested measures.

• Processed data types: contact data (e.g. e-mail, telephone numbers); contentdata (e.g. entries in online forms); usage data (e.g. visited web pages,interest in content, access times); meta, communication and process data (e.g.IP addresses, timestamps, identification numbers, consent status).

• Affected persons: Communication partners.

• Purposes of processing: Contact inquiries and communication; management andresponse to inquiries; feedback (e.g. collecting feedback via online form);provision of our online offerings and user-friendliness.

• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence1 lit. b) GDPR).

Further information on processing procedures, procedures and services:

• Contact form: If users contact us via our contact form, email or othercommunication channels, we process the data communicated to us in this contextfor processing the respective concern; legal bases: performance of contract andpre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); legitimateinterests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Advertising communication via email, mail, fax or telephone

We process personal data for the purpose of advertising communication, whichcan be carried out via various channels, such as email, telephone, mail or fax,in accordance with legal requirements. Recipients have the right to revoke anygranted consents at any time or to object to advertising communications at anytime. After revocation or objection, we store the data required to proveprevious authorization for contact or delivery for up to three years after theend of the year of revocation or objection on the basis of our legitimateinterests. The processing of this data is limited to the purpose of possibledefense against claims. Based on the legitimate interest in permanentlyrespecting the revocation or objection of the users, we also store the datarequired to prevent further contact (e.g. email address, telephone number, namedepending on the communication channel).

• Data processed: Inventory data (e.g. names, addresses); contact data (e.g.email, telephone numbers). • Affected persons: Communication partners.

• Purposes of processing: Direct marketing (e.g. by email or postal).

• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); legitimateinterests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Social media presences (social media)

We maintain online presences within social networks and process user datawithin this framework in order to communicate with users active there or tooffer information about us. We would like to point out that data of users canbe processed outside the European Union in this context. As a result, there maybe risks for users, as the enforcement of user rights, for example, could bemore difficult. Furthermore, the data of users within social networks isusually processed for market research and advertising purposes. For example,usage profiles can be created based on usage behavior and resulting userinterests. The usage profiles can in turn be used, for example, to placeadvertisements within and outside the networks that are likely to correspond tothe interests of the users. Cookies are usually stored on the users’ computersfor these purposes, in which the usage behavior and interests of the users arestored. Furthermore, data can be stored in the usage profiles independently ofthe devices used by the users (especially if the users are members of therespective platforms and are logged in to them). For a detailed presentation ofthe respective processing methods and the possibilities of objection (opt-out),we refer to the data protection declarations and information of the respectivenetwork operators. We would also like to point out that applications forinformation and assertion of data subject rights can be most effectivelyasserted with the providers. Only the providers have access to the data of theusers and can take appropriate measures and provide information. If you stillneed help, you can contact us.

• Data processed: contact data (e.g. email, telephone numbers); content data(e.g. entries in online forms); usage data (e.g. visited websites, interest incontent, access times); meta, communication and procedure data (e.g. IPaddresses, time stamps, identification numbers, consent status).

• Affected persons: Users (e.g. website visitors, users of online services).

• Purposes of processing: Contact inquiries and communication; feedback (e.g.collecting feedback via online form); marketing.

• Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures and services:

• LinkedIn: Social network; Service provider: LinkedIn Ireland UnlimitedCompany, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: legitimateinterests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.linkedin.com; Privacy Policy:https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement:https://legal.linkedin.com/dpa; Standard Contractual Clauses (Ensuring dataprotection level for processing in third countries):https://legal.linkedin.com/dpa; Objection possibility (opt-out):https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube: Social network and video platform; service provider: Google IrelandLimited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis:legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy:https://policies.google.com/privacy; Objection possibility (opt-out):https://adssettings.google.com/authenticated.

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offering that areobtained from the servers of their respective providers (hereinafter referredto as “third-party providers”). This may include graphics, videos, or maps(hereinafter collectively referred to as “content”).

The integration always presupposes that the third-party providers of thiscontent process the IP address of the users, since they cannot send the contentto their browser without the IP address. The IP address is therefore necessaryfor the display of this content. We make every effort to use only content whoserespective providers use the IP address solely to deliver the content.Third-party providers may also use so-called pixel tags (invisible graphics,also known as “web beacons”) for statistical or marketing purposes. The “pixeltags” can be used to evaluate information such as visitor traffic on the pagesof this website. The pseudonymous information may also be stored in cookies onthe users’ device and may include technical information about the browser andoperating system, referring web pages, visit time, and other information aboutthe use of our online offering as well as being linked to such information fromother sources.

• Processed data types: usage data (e.g. visited web pages, interest incontent, access times); meta, communication and process data (e.g. IPaddresses, time data, identification numbers, consent status); inventory data(e.g. names, addresses); contact data (e.g. email, phone numbers); content data(e.g. entries in online forms).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering anduser-friendliness; Marketing; Profiles with user-related information (creatinguser profiles).
• Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• LinkedIn plugins and contents: LinkedIn plugins and contents – These mayinclude content such as images, videos, or texts and buttons with which userscan share content of this online offering within LinkedIn; service provider:LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legalbasis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website:https://www.linkedin.com; Privacy policy:https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement:https://legal.linkedin.com/dpa; Standard Contractual Clauses (Ensuring dataprotection level for processing in third countries):https://legal.linkedin.com/dpa; Objection possibility (opt-out):https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube videos: Video content; service provider: Google Ireland Limited,Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimateinterests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy;Objection possibility (Opt-Out): Opt-Out-Plugin:https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displayingadvertising: https://adssettings.google.com/authenticated.

Changes and Updates to Privacy Policy

We ask you to regularly inform yourself about the content of our PrivacyPolicy. We adapt the Privacy Policy as soon as changes to the data processingwe carry out make this necessary. We will inform you as soon as the changesrequire an action on your part (e.g. consent) or other individual notification.If we provide addresses and contact information of companies and organizationsin this Privacy Policy, please note that the addresses may change over time andplease verify the information before contacting them.

Rights of Data Subjects

As a data subject under GDPR, you have various rights, in particular underArticles 15 to 21 of the GDPR:
• Right to object: You have the right to object at any time, on groundsrelating to your particular situation, to the processing of personal dataconcerning you, which is based on Article 6(1)(e) or (f) GDPR; this alsoapplies to profiling based on these provisions. If the personal data concerningyou are processed for direct marketing purposes, you have the right to objectat any time to the processing of personal data concerning you for the purposeof such advertising; this also applies to profiling insofar as it is connectedwith such direct marketing.
• Right to withdraw consent: You have the right to withdraw your consent at anytime.
• Right to information: You have the right to obtain confirmation as to whetheror not personal data concerning you are being processed, and, where that is thecase, access to the personal data and further information regarding theprocessing in accordance with the legal requirements.
• Right to rectification: You have the right, in accordance with the legalrequirements, to obtain the rectification of inaccurate personal dataconcerning you or the completion of incomplete data.
• Right to erasure and restriction of processing: You have the right, inaccordance with the legal requirements, to demand the immediate erasure ofpersonal data concerning you, or alternatively, to demand a restriction ofprocessing of the data.
• Right to data portability: You have the right to receive the personal dataconcerning you, which you have provided to us, in a structured, commonly usedand machine-readable format and have the right to transmit those data toanother controller without hindrance from our side, where technically feasible.
• Right to lodge a complaint with a supervisory authority: Without prejudice toany other administrative or judicial remedy, you have the right to lodge acomplaint with a supervisory authority, in particular in the Member State ofyour habitual residence, place of work or place of the alleged infringement, ifyou consider that the processing of personal data relating to you infringes theGDPR.

Terms and Definitions

This section provides an overview of the terminology used in this privacypolicy. Many of the terms are derived from the law, especially defined in Art.4 GDPR. The legal definitions are binding. The following explanations areintended primarily to aid understanding. The terms are sorted alphabetically.
• Personal Data: “Personal data” means any information relating to anidentified or identifiable natural person (hereinafter “data subject”); anidentifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, anidentification number, location data, an online identifier (e.g. cookie), or toone or more factors specific to the physical, physiological, genetic, mental,economic, cultural or social identity of that natural person.
• Profiles with User-related information: The processing of “profiles withuser-related information,” or simply “profiles,” includes any type of automatedprocessing of personal data that involves the use of such personal data toanalyze, evaluate or predict certain personal aspects of a natural person(depending on the type of profiling, different information regardingdemographics, behavior and interests, such as interaction with websites andtheir content, etc.) are analyzed. These are often used for profiling purposes.Cookies and web beacons are commonly used for these purposes.
• Controller: The “controller” is the natural or legal person, publicauthority, agency or other body which, alone or jointly with others, determinesthe purposes and means of the processing of personal data.
• Processing: “Processing” means any operation or set of operations which isperformed on personal data, whether or not by automated means. The term isbroad and practically encompasses any handling of data, whether it iscollecting, evaluating, storing, transmitting or deleting.