Interested in the current energy market scenario? Get the recording of our webinar Energy Markets in Turmoil

Privacy policy

Thank you for visiting our website and for your interest in our company. When processing your data, we strive to take the greatest possible care. The following information provides a compact and simple overview of what happens to your personal data when you visit our website. Your personal data will be processed in accordance with the relevant legal provisions.

Controller

The controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the EU as well as other data protection regulations is:
TWAICE Technologies GmbH
Joseph-Dollinger-Bogen 26
80807 Munich
Germany
+49 (0) 89 997 324 58
contact@twaice.com
https://twaice.com/

Contact information for questions about data protection

We have appointed a data protection officer. For questions on the subject of data protection, please contact: datenschutz@confidentdata.de

Validity and changes of the privacy policy

This privacy policy is valid and is dated from
03.02.2022
Due to the further development of our website or the implementation of new technologies and features, it may become necessary to change this privacy policy. We reserve the right to make appropriate changes at any time.

Data protection rights and information on the right to object


Your rights of access, rectification, restriction, erasure, data portability and to lodge a complaint with the supervisory authority
Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR.

With regard to the right of access and the right of erasure, the restrictions pursuant to §§34 and 35 BDSG apply.

You may object to the processing of your personal data at any time. This also applies to objections of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by it.

In addition, there is a right to lodge a compliant with the supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Information on the right to object pursuant to Art. 21 GDPR
Right to object to the collection of personal data in special cases and recipient of the request

You have the right to object at any time, based on reasons relating to your particular situation, to the processing of your personal data on the basis of Art. 6para. 1(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The objection can be made informally with the subject “Objection” stating your name, address or other identification features to the contact data stored in the imprint.

General information
Data security

We use technical and organizational security measures to protect your personal data against misuse, loss, destruction or access by unauthorized persons. The security measures taken into account (such as encryption procedures, firewall and virus protection, back-up and recovery procedures) correspond to the current state of the art and are continuously updated.

Nevertheless, we would like to point out that there is always a certain residual risk when communicating on the Internet, which depends on the user’s respective usage behavior and over which we consequently have no influence.

Scope (external links)

This privacy policy applies exclusively to visits to our own website.

At some points on our website, external websites of third parties are linked. These websites are subject to the liability of the respective operators. If you notice that links on the websites refer to Internet pages whose contents violate applicable law, please notify us via the e-mail address provided in the imprint.

We will then immediately remove these links from our website. The providers do not assume any liability for the topicality, correctness, completeness or quality of the information provided.

Data erasure routine

As a matter of principle, we only store your personal data for the period of time required to achieve the purpose of storage or if this is stipulated by national or European legislation.

In Germany there is an obligation to retain documents for 6 years in accordance with § 257 para. 1 HGB (Handeslgesetzbuch), which effects the e.g. the storage period of commercial books, inventories, opening balances, annual financial statements, business letters or accounting vouchers. And pursuant to § 147 para. 1 & 3 Abgabenordnung (AO), it is 10 years for books, records, management reports, accounting vouchers, documents relevant to taxation, and 6 years in particular for commercial and business letters.

If the purpose of storage no longer applies or if a legally prescribed storage period expires, your personal data will be deleted routinely and in accordance with the statutory provisions.

Please also be aware of the specific explanations on individual storage and deletion periods of the respective data processing in this data protection declaration.

Transfers to third countries

When browsing our website, personal data may be transferred to servers in third countries outside the European Union through the integration of individual plug-ins and tools. Details about these data transfers, if any, including the respective valid legal basis, can be found in the section of the respective third-party tool in this privacy policy.

Data processing by processors

Tools and plug-ins from third-party providers are used on our website as part of commissioned processing. A data processing agreement has been duly concluded with all commissioned processors used, which ensures an appropriate level of data protection.

You can find more information about the data processing by the processors used in the section of the third-party tool in this privacy policy.

Hosting
External hosting provider:

We use an external provider to host our website.

Provider:
For an efficient WordPress hosting our website is hosted by:
WP Engine
Irongate House, 22-30 Duke’s Place
London, EC3A 7LP
United Kingdom

In addition our website is hosted by:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Purpose:

Reliable accessibility and presentation of our website.

Legal basis:

The use of our hoster is based on our legitimate interest in the most reliable accessibility and presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Data processing agreement:

We have concluded a data processing agreement (DPA) with our hoster, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

SSL- / TLS:

To protect the security of your data during transmission, we use the SSL or TLS encryption method via HTTPS.

Server-Log-Files:

When you browse our website technical information of your browser session is automatically processed by our server. This data (so-called server log files) includes for example: the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

Purpose:

Ensuring a stable and smooth connection to the website, a responsive use of our website and the guarantee of system security and stability. We also reserve the right to check the server log files on a regular basis if there are concrete indications of illegal use.

Legal Basis:

The legal basis for the processing of the server log files is our legitimate interest in an error-free and secure presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.
Provision of your data voluntary or mandatory:
The provision of server log files is neither legally nor contractually required. However, without the collection of the log files, the functionality of our website is not guaranteed.

Storage period:

The server-log-files are deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended.

Content Delivery Networks (CDN):

To ensure the global accessibility and performance of our website, we use so-called Content Delivery Network (CDN) service providers. For more information on the data processing by the CDN service providers, please refer to the section on third-party tools used.


Cookies
Cookies

Cookies are pieces of information that are transmitted from our web server or third-party web servers to users’ web browsers, where they are stored for later retrieval. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

If you agree, cookies from third-party companies may also be stored on your end device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., reach measurement and evaluation of the usage behavior of our website, etc.)

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. saving your cookie preferences). Other cookies are used to evaluate user behavior or, for example, to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for storing your cookie preferences) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG); a given consent can be objected at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

As far as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, ask for your consent.

Borlabs Cookie
Provider:

Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.

Purpose:

Borlabs cookie is used to obtain consent from website users to store certain cookies and to use certain third-party tools, and to document this consent in compliant manner.

Description of data processing:

When you browse our website for the first time, you are asked for your cookie preferences in Borlabs’ consent manager. A cookie is then set in your browser, which stores your cookie preferences for further browsing on our site. No personal data is passed on to Borlabs in this process.

Legal basis:

Obtaining legally required consent for the use of cookies according to Art. 6 para. 1 lit. c GDPR.

Provision of data voluntarily or required:

Obtaining your cookie preferences is required by law.

Storage period:

The collected data is stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies.

Objection:

For information on your right to object under Art. 21 GDPR, please see the section about data subject rights of this privacy policy.

Borlabs is not a processor:

No personal data is transmitted to Borlabs. Borlabs is therefore not a processor in terms of GDPR.

Further notes on data protection:

https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Data processing on the website
Contact requests
Purpose:

Processing of the request.

Description of data processing:

Requests by e-mail, telephone or fax, including all resulting personal data, are stored and processed for the purpose of processing. A passing on of the data does not take place without your consent.

Legal basis:

The processing of your request is based on our legitimate interest of pursuing our business interests pursuant to Art. 6 para. 1 lit. f GDPR. If you contact us to request a contractual offer, the processing is carried out for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

Provision of data voluntarily or required:

The provision of your data is neither legally nor contractually required. However, without the information a processing of your request is not possible.

Storage period:

Your data will be deleted at the latest 6 months after processing the request. If a contractual relationship exists, we are subject to the statutory retention periods and delete your data after six or ten years.

Online contact form:

By providing an online contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions, taking into account the above-mentioned storage period.

Use of a third-party CRM-Tool:

The personal data resulting from your inquiry may be stored in our third-party Customer Relationship Management System (CRM). For more information on the CRM system that is used, please refer to the section Third-party tools.

Applications via the website
Purpose:

Processing of applications.

Description of data processing:

On our website, users have the possibility of applying to us either via our application form or directly by e-mail. In this context, we will inform you separately about the details of the processing of your application data with corresponding data protection information according to Art. 13, 14 and 21 GDPR.

Legal basis:

The processing of your application is primarily based on the decision on the establishment of an employment relationship (Art. 88 GDPR in conjunction with § 26 BDSG). Furthermore, we may process your data for the fulfillment of legal obligations if this is necessary (Art. 6 para. 1 lit. c GDPR) and on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), for example in the case of assertion of legal claims and defense in legal disputes.

Provision of data voluntarily or required:

The provision of your application is voluntary. However, we can only make a decision on the establishment of an employment relationship if you provide such personal data that is required for the execution of the application.

Storage period:

Your application documents will be deleted no later than six months after the end of the application process (e.g. notification of the rejection decision), unless longer storage is legally required or permitted.

Application pool:

In case we are unable to make you a job offer at the time of your application, we offer applicants the opportunity to be included in our applicant pool in order to be informed about suitable vacancies at a later date. Inclusion in the applicant pool is, of course, voluntary and has no effect on the current application process.

Legal basis and objection:

The processing is based on your consent in being part of our applicant pool according to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Storage period of personal data stored in our application pool:

Applications in our applicant pool will be irrevocably deleted no later than two years after consent has been given.

Newsletter mailing
Purpose:

Sending a newsletter for marketing purposes.

Description of data processing:

On our website visitors can sign up for a newsletter. If you decide to subscribe, your data will only be used to send you the newsletter you have subscribed to by e-mail and, if you have also consented to this, to evaluate how you use the newsletter and any content linked to it. To receive the newsletter, it is only mandatory to provide a valid e-mail address. All other information requested is voluntary.

Legal basis and objection:

The receipt of our newsletter requires your consent. This consent is obtained as part of the newsletter sign up process. Legal basis is therefore Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. You can object your given consent in every newsletter mail by clicking on unsubscribe. You then will no longer receive the newsletter.

Provision of data voluntarily or required:

The provision of your data is voluntary, based on your consent. However, without your consent, the receipt of our newsletter is not possible.

Storage period:

Your data will only be processed as long as we have your consent in receiving our newsletter.

Use of a third-party newsletter tool:

To ensure an efficient and performative newsletter mailing, we use a third-party newsletter tool. You can find more information about the newsletter tool we are using in the section about third-party tools.


Third-party tools
Adobe Fonts
Provider:

Adobe – Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA.

Purpose:

Optimizing our web presence through the integration of Adobe fonts.

Description of data processing:

Adobe provides a variety of fonts on its servers. We have integrated such fonts on our website. For this to work technically, no cookies are set. Instead, your browser establishes a connection to Adobe’s servers when you visit our website and requests the embedded fonts for display. This is referred to as “reloading” the Adobe fonts via an API when you visit our website. Adobe records, among other things, that your IP address is visiting our website. When loading the Adobe fonts, your browser data may be transmitted to servers in the USA.

Legal basis and objection:

The use of Adobe Fonts requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Storage period:

By embedding fonts from Adobe, we do not consciously collect user data. How long Adobe stores your data, on the other hand, can not be clearly quantified from our side.

Provision of data voluntarily or required:

The provision of your data is voluntary. If you do not want Adobe Fonts to be included, some parts of our website may not display as originally intended.

Further notes on data protection:

Adobe Fonts and data protection: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobes privacy policy: https://www.adobe.com/de/privacy/policy.html.

Contract data processing:

We have concluded Adobes data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Adobe’s order processing contract is not publicly available, but can be requested via their support.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Adobe’s SCCs can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

Calendly
Provider:

Calendly – Calendly LLC, 271 17th St NW. 10th Floor, Atlanta, Georgia 30363 USA

Purpose:

Scheduling, execution and follow-up of appointments via the website.

Description of data processing:

The data you provide for your desired appointment will be recorded via a corresponding form on our website. This data, including all resulting personal information, is then transmitted to us via Calendly’s servers. This may result in a data transfer to the USA.

Legal basis and objection:

The use of Calendly requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary. You are also welcome to send us an appointment request without using Calendly.

Storage period:

The data entered will remain with us until we are requested to delete the data, you revoke your consent to storage or the purpose of the data storage no longer applies. In the event that a contract is concluded, the statutory retention periods of six or ten years apply.

Further notes on data protection:

Calendly privacy policy: https://calendly.com/de/privacy/.

Contract data processing:

By accepting Calendlys terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Calendly’s DPA can be viewed here: https://calendly.com/dpa.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Calendlys SCCs can be found here: https://calendly.com/dpa.

Cloudflare CDN
Provider:

Cloudflare – Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Purpose:

Increase the global accessibility and performance of our website by using the Cloudflare Content Delivery Network (CDN).

Description of data processing:

A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected via the Internet. Simply put, a CDN creates a copy of our website on the network’s own servers and ensures that our website is accessible everywhere in the world through shorter transmission distances. This network thereby ensures that the content of the website is delivered quickly and reliably, even when there is a lot of web traffic. In the case of Cloudflare CDN, the data transfer between your browser and our website is routed through Cloudflare’s network. Cloudflare collects various access and log data in this process and also sets a cookie, which helps the provider to maintain a high level of security protection.

Legal basis and objection:

The use of Cloudflare CDN requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary. However, without the distribution via Cloudflares Network, the performance of our website may be severely limited.

Storage period:

Cloudflare assures to store the submitted user data for less than 24 hours.

Further notes on data protection:

Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

Contract data processing:

By accepting Cloudflares terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Cloudflares DPA can be viewed here: https://www.cloudflare.com/cloudflare_customer_DPAv3.pdf.

Transfers to third countries:

Processing also takes place outside the EU. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Cloudflares SCCs can be found here: https://www.cloudflare.com/cloudflare-customer-scc/.

Facebook Pixel
Provider:

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Purpose:

Optimization of our marketing measures in social networks.

Description of data processing:

We have integrated Facebook Pixel on our website. Facebook Pixel helps us to better align our advertising measures with the interests of our website visitors and thus optimize our social media marketing. If the user clicks on an ad on Facebook or Instagram and is subsequently redirected to our website, Facebook Pixel – in case of their consent – sets cookies on their device. The data collected in this process is anonymous for us as the provider of this website and does not allow any conclusions to be drawn about your identity. Facebook stores and processes this data and merges it with your active profile, so that a connection to the respective active profile is possible. Facebook may use this data for its own advertising purposes. We have no influence on this.

Legal basis and objection:

The use of Facebook Pixel requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

According to Facebook, the storage period of their cookies set in your browser is between 3-12 months. We cannot give any guarantee for this information, since an adjustment of the storage period of Facebook’s cookies can never be ruled out.

Joint controllership:

If you have come to our website by clicking on a Facebook or Instagram ad, we are in this case jointly responsible with Facebook (Meta) for this processing. This joint responsibility is limited exclusively to the collection of data and its transfer to Facebook (Meta). Any processing of their data by Facebook that takes place after the forwarding takes place outside of this agreement. The agreement with Facebook (Meta) can be viewed here: https://www.facebook.com/legal/controller_addendum.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Facebooks (Metas) SCCs can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further notes on data protection:

Facebook (Meta) privacy policy: https://de-de.facebook.com/about/privacy/.

If you have a Facebook account, you can deactivate the “Custom Audiences” remarketing function here (log-in required): https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
If you do not have a Facebook account: the following website offers a way to disable Facebook’s targeted advertising. Please note that you may need to set this on each of your devices: https://www.youronlinechoices.com/de/praferenzmanagement/.

Google Analytics
Provider:

Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:

Analysis of the behavior of website visitors by evaluating, for example, page views, dwell time, operating system, etc., in order to optimize the website.

Description of data processing:

Google Analytics helps us to analyze the traffic of our website. For this to work, a tracking code provided by Google Analytics and integrated via the Google Tag Manager is implemented on our website. If you consent to tracking by Google Analytics, a cookie is set on your device, which gives your device a unique identifier (tracking ID). This cookie is linked to Google Analytics. It records the surfing behavior of our website visitors and the resulting statistics may provide information about which target groups feel addressed by our website.

Legal basis and objection:

The use of Google Analytics requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Further notes on data protection:

Notes on data protection and Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de.
General information about Google Analytics: https://marketingplatform.google.com/about/analytics/terms/de/.
Googles privacy policy: https://policies.google.com/privacy.
Browser Plug-In to Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en.

Storage period 14 months:

We have configured Google Analytics so that the stored data at user and event level is automatically deleted after 14 months. You can find more information about the storage period of the tool here: https://support.google.com/analytics/answer/7667196?hl=de.

Anonymize IP:

We have activated the IP anonymization function. This means that no full IP addresses of visitors within the European Economic Area (EEA) are stored and transmitted unabbreviated to the USA. A transmission of unabbreviated IP addresses to servers in the USA can nevertheless not be completely ruled out and may occur in exceptional cases.

Data Processing Terms:

We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting their “Data Processing Addendum” in the Google Analytics settings. You can find more information about these data processing conditions here: https://privacy.google.com/businesses/controllerterms/mccs/.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Googles SCCs can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Cloud CDN
Provider:

Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:

Increase the global accessibility and performance of our website by using the Google Content Delivery Network (CDN).

Description of data processing:

A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected via the Internet. Simply put, a CDN creates a copy of our website on the network’s own servers and ensures that our website is accessible everywhere in the world through shorter transmission distances. This network thereby ensures that the content of the website is delivered quickly and reliably, even when there is a lot of webtraffic. In the case of Google Cloud CDN, the data transfer between your browser and our website is routed through Googles network. Google collects various access and log data in this process and also sets cookies, which helps the provider to maintain a high level of security protection.

Legal basis and objection:

The use of Google Cloud CDN requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary. However, without the distribution via Googles Network, the performance of our website may be severely limited.

Storage period:

The connection data is not stored beyond the website request. However, Google stores the connection data anonymously for security purposes. The duration of the processing for security purposes is variable and ends with the necessity of the security measures.

Further notes on data protection:

How Google Cloud CDN works: https://cloud.google.com/cdn/docs/overview?hl=de.
Information on GDPR and Google Cloud: https://cloud.google.com/security/gdpr/resource-center.

Data Processing and Security Terms:

By accepting Google Clouds terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Google Clouds processing terms can be viewed here: https://cloud.google.com/terms/data-processing-terms?hl=de.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Googles SCCs can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

Google Maps
Provider:

Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:

Optimization of our internet presence.

Description of data processing:

We have integrated the online map service Google Maps on our website. This helps interested parties with orientation and us with better findability in the Google search. In case you agree in the display of Google Maps on our website, then browser data is transmitted to Googles Servers and at least one cookie is set. This cookie stores data about your user behavior, which Google uses to improve its own services and, if necessary, to play individual, personalized advertising.

Legal basis and objection:

The display of Google Maps content requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

By integrating Google Maps we do not consciously collect user data The storage period of the NID cookie set by Google Maps is 6 months according to Google. We cannot give any guarantee for this information, since an adjustment of the storage period of Google cookies can never be excluded.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Googles SCCs can be found here: https://business.safety.google/adsprocessorterms/sccs/eu-c2p/.

Further notes on data protection:

Googles privacy policy: https://policies.google.com/privacy?hl=de.

Google Tag Manager
Provider:

Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:

Efficient organization and integration of Google tools on our website.

Description of data processing:

The Google Tag Manager allows us to centrally integrate and manage various Google tools. For this purpose, small sections of code (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies are integrated into the Google Tag Manager and managed from there. The Google Tag Manager itself does not store any personal data, so it only acts as an “intermediary”. The situation is different for the tools that are integrated via the Tag Manager. The data protection relevance of these tools is indicated in the corresponding text passages.

Legal basis and objection:

The use of the Google Tag Manager requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

The Google Tag Manager itself does not store cookies, user profiles, analyses, etc.. How long the analysis tools integrated via the Google Tag Manager store your data can therefore be found in the respective text passages.

Further notes on data protection:

How the Google Tag Manager works: https://support.google.com/tagmanager/?hl=de#topic=3441530.
Googles privacy policy: https://policies.google.com/privacy?hl=de.

Mailchimp
Provider:

Mailchimp – Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Purpose:

Efficient newsletter email marketing.

Description of data processing:

You can sign up for our newsletter. The registration is of course voluntary. Within the scope of your registration, we and our service provider Mailchimp, which is used for the newsletter dispatch, process the data provided by you. The only mandatory information is your e-mail address, everything else is voluntary. The registration process works by the so called “double opt-in” procedure. Mailchimp offers us the possibility to analyze our newsletter campaigns. For this purpose, so-called web beacons are integrated into Mailchimp’s emails, which connect to Mailchimp’s servers when the email is opened and transmit technical information (e.g. time of retrieval, IP address, browser type and operating system). These servers may be located in the USA. Mailchimp also sets cookies in order to technically manage the newsletter dispatch and to make your service secure and continuously improve it. You can find a link to Mailchimp’s cookie statement in the third-party provider’s privacy policy.

Legal basis and objection:

The receipt of our newsletter requires your consent. This consent is obtained as part of the newsletter sign up process. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG, if you agree to the use of third-party cookies by the provider. The consent can be revoked at any time. You can object your given consent in every newsletter mail by clicking on unsubscribe. You then will no longer receive the newsletter.

Provision of data voluntarily or required:

The provision of your data is voluntary. However, without your consent, the receipt of our newsletter is not possible.

Storage period:

Your data will only be processed as long as we have your consent in receiving our newsletter.

Further notes on data protection:

Mailchimps privacy policy: https://mailchimp.com/legal/privacy/.
Mailchimps cookie statement: https://mailchimp.com/legal/cookies/.

Contract data processing:

By accepting Mailchimps terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Mailchimps data processing terms can be viewed here: https://mailchimp.com/legal/data-processing-addendum/.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Mailchimps SCCs can be found here: https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

Microsoft Advertising (form. Bing Ads)
Provider:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Purpose:

Optimizing our online marketing campaigns and analyzing our web audience.

Description of data processing:

Microsoft Advertising helps us to make people aware of our products and services. To do so, we use the Microsoft advertising network. If a user clicks on one of our advertisements placed in Microsofts advertising network, Microsoft Advertising forwards the user to our website. If the user consents, a cookie is set on the users device using so-called conversion tracking technology, which informs us which keyword or ad was used to reach us, how many people in total reached us via the respective Microsoft Ad, what is clicked on our website and how long the visitor stays on our website. This only collects usage data of our website, but not personal data of the user. Microsoft also uses this data to improve their own experience. If you are logged into your Microsoft account while browsing a Microsoft Ad, it is also possible that Microsoft links data to your account and recognizes and stores your IP address in this way.

Legal basis and objection:

The use of Microsoft Advertising requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

How long Microsoft processes the collected personal data varies greatly and depends on the respective product. The cookie is valid for 30 days, the log data for 9 or 18 months.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Microsoft and the SCCs can be found here: https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

Further notes on data protection:

Microsoft privacy policy: https://privacy.microsoft.com/de-de/privacystatement?tid=331626852385.
Microsoft Advertising Opt-Out Link: https://account.microsoft.com/privacy/ad-settings/signedout.


Microsoft Clarity
Provider:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Purpose:

Optimization of our website by analyzing the behavior of our website visitors.

Description of data processing:

Clarity is a tool for analyzing user behavior on our website. This is done by recording the cursor movements. Based on the cursor movements, Clarity creates heat maps and graphical representations. We use these heat maps to show which parts of the website are particularly relevant to the visitor. For this purpose, Clarity sets cookies that recognize the user in the event of a return visit. The user data collected (IP address, browser data, device type, mouse and scroll movements) are stored in a pseudonymized user profile. The data is neither used by us nor by Clarity to identify users nor is it merged with other data. When using Clarity, personal data is stored on the servers of the Microsoft Azure Cloud in the USA.

Legal basis and objection:

The use of Microsoft Clarity requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

According to Microsoft the data is available for 3 months from the time of collection.

Further notes on data protection:

Microsoft privacy statement: https://privacy.microsoft.com/de-de/privacystatement.
FAQs about Microsoft Clarity: https://docs.microsoft.com/en-us/clarity/faq.

Contract data processing:

By accepting Microsofts terms of use of we have also concluded the providers online terms of use / Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. The DPA can be found via the following document search: https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=67.

Transfers to third countries:

Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Microsoft and the SCCs can be found here: https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

OpenStreetMap
Provider:

OpenStreetMap (OSM) – Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

Purpose:

Optimization of our internet presence.

Description of data processing:

We have integrated the free online map service OpenStreetMaps on our website. This helps interested parties to find their way around. If you agree to the display of OpenStreetMaps on our website, data is then transmitted to the provider and at least one cookie is set. This cookie then stores data about your user behavior, which the OpenStreetMap Foundation uses to improve its own services. In addition, your location may be collected if you have allowed this in your device settings. OpenStreetMap has no control over this data transfer.

Legal basis and objection:

The use of OpenStreetMap requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

By integrating the maps of OpenStreetMaps, we do not consciously collect user data. How long the cookie set by OpenStreetMaps is stored on your device can not be clearly determined by us. For more information, please refer to the privacy policy of the third-party provider.

Further notes on data protection:

OpenStreetMap Foundations privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Salesforce Sales Cloud
Provider:

Salesforce – salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.

Purpose:

Efficient customer communication and customer management.

Description of data processing:

To manage our customers, we use the customer relationship management system (CRM) Salesforce Sales Cloud. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Salesforce CRM system. There we can centrally manage your request and control and analyze customer-related processes. This happens in the Salesforce Sales Cloud, which means that personal data is transmitted to Salesforce’s servers. Salesforce has assured us that our customer data is hosted exclusively on servers in the EU. In exceptional cases – for example, in the event of technical problems – data may nevertheless be transferred to the parent company of Salesforce in the USA, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Legal basis and objection:

The processing of customer data with Salesforce Sales Cloud is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR. The storage of Salesforces`third-party cookies on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period:

The customer data transmitted to Salesforce is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Further notes on data protection:

Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/.

Contract data processing:

We have concluded Salesforces data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Salesforces DPA can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

Transfers to third countries:

In exceptional cases, processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of binding corporate rules (BCR) in accordance with Article 47 of the GDPR, to which Salesforce has committed itself and which have been approved by the French data protection authority and also in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Salesforces SCC Ammendment can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf.

Vimeo
Provider:

Vimeo – Vimeo Inc., 555 West 18th Street, New Yoirk 10011, USA.

Purpose:

Improving our website by displaying video content.

Description of data processing:

We have embedded videos from the video portal Vimeo on our website, using the “Do-Not-Track” setting. If you choose to play a Vimeo video on our website, a connection to the servers of Vimeo is established. Hereby the provider is informed about your IP address and the information on which of our pages you clicked on the video. The do-not-track setting of the tool, which we have deliberately chosen, ensures that Vimeo itself will not set any analysis cookies that track your user activity.

Legal basis and objection:

The use of Vimeo requires your consent. This consent is obtained via our Consent Management Tool, respectively will be obtained before clicking on the displayed Vimeo content. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

By embedding video content from Vimeo, we do not consciously collect user data. How long Vimeo stores your data, on the other hand, can not be clearly quantified from our side.

Transfers to third countries:

The processing also takes place outside the EU, namely in the USA. Vimeo relies here on its “legitimate business interests” as well as on appropriate safeguards in the form of standard contractual clauses, pursuant to Art. 46 para. 2 lit. c GDPR. You can find more information here: https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

Further notes on data protection:

Vimeo privacy policy: https://vimeo.com/privacy.

Youtube
Provider:

Google – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose:

Improving our website by displaying video content.

Description of data processing:

We have embedded YouTube videos on our website using the so called “extended data protection mode”. This embedding method ensures that YouTube does not store any information about our visitors before they watch the video on our website. However, the transfer of data to the Google DoubleClick network cannot necessarily be excluded by the extended data protection mode. As soon as you start a YouTube video on our website, your browser establishes a connection to YouTube’s servers. This tells YouTube which page you have visited. If you are logged into your YouTube account at this time, the data is merged. In addition, YouTube sets cookies on your end device when you start a video. In summary, it can be said that after starting a YouTube video, data processing operations are triggered over which we have no influence.

Legal basis and objection:

The use of YouTube requires your consent. This consent is obtained via our Consent Management Tool, respectively will be obtained before clicking on the displayed Vimeo content. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TTDSG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required:

The provision of your data is voluntary.

Storage period:

By embedding video content from YouTube, we do not consciously collect user data. How long Vimeo stores your data, on the other hand, can not be clearly quantified from our side.

Transfers to third countries:

A transfer of your data also takes place outside the EU, namely in the USA. The European Court of Justice is of the opinion that there is currently no adequate level of data protection for data transfers to the USA. The data transfer in case of viewing YouTube videos on our website is not secured by an effective transfer mechanism that would guarantee a data protection level which is adequate with GDRP. Thus, the transferred data may not be processed anonymously, may be viewed by U.S. government authorities, and may be linked to other Google services with which you have an account.

Further notes on data protection:

Googles privacy policy, as YouTubes parent company: https://policies.google.com/privacy?hl=de.
For owners of a Google Account:
Link to disable the recording of your YouTube history: https://myactivity.google.com/myactivity.
Link to the data and privacy settings: https://myaccount.google.com/data-and-privacy.


Notes on our presence on social media
Data processing resulting from our presence on social media platforms

We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Purpose:

We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Description of data processing:

The type of data processing differs from platform to platform. Social networks such as Facebook, Instagram, Twitter, etc. can comprehensively analyze user behavior when you visit the respective platform or a website with integrated social media content (e.g. share/ like buttons or banners). Visiting our profiles on the platforms triggers numerous processing operations relevant to data protection.

For example:
If you are logged into your account and visit our profile, the operator of the platform can assign this visit to your user account. Your personal data transmitted when you visit our profile may also be collected if you are not logged in or do not have an account with the respective social media platform. This is done, for example, via cookies that are stored on your terminal device or by recording your IP address.

The data collected in this way enables the platforms to create user profiles of the visitors, in which the preferences and interests of the users are stored. This helps the operators of the platforms to show you advertising tailored to your respective interests inside and outside platforms. This is how the platforms earn money. Provided you have an account with the respective platform, this advertising can be displayed on all devices on which you are or were logged in.

The data processing that takes place on the individual platforms is very difficult for outsiders to understand: It is therefore not possible for us to trace all the processing operations that actually take place on the individual networks. When visiting the platforms, it is therefore quite possible that further processing operations of your data are carried out by the operators. You can find more information on this in the terms of use and data protection provisions of the individual services.

Legal basis:

The legal basis is our legitimate interest in a comprehensive presence on social media platforms pursuant to Art. 6 para. 1 lit. f GDPR. The data processing on the social media platforms themselves is based on other legal bases for which the operators themselves are responsible.

Storage period:

Personal data that we have collected directly via the individual platforms will be deleted from our systems as soon as you request us to do so, revoke your consent to storage or the purpose for storing the data no longer applies. Cookies remain on your device until you delete them. We have no direct influence on the storage period of your data on the individual social media platforms.

We have profiles on the following platforms:


Facebook (Meta)
Provider:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irleand.

Joint controllership:

When you visit our Facebook page, Facebook and we are jointly responsible for the processing of your data under data protection law. Facebooks agreement of joint controllership has been concluded. It can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum.

Data transfers to the US:

When visiting our Facebook profile, personal data is transferred to Facebook’s server in the USA. The transfer of personal data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Information on Facebook and privacy:

Advertising settings in your Facebook profile: https://www.facebook.com/settings?tab=ads.
Facebooks privacy policy: https://www.facebook.com/settings?tab=ads.
Information on the Standard Contractual Clauses: https://de-de.facebook.com/help/566994660333381.

Instagram
Provider:

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfers to the US:

Whilst visiting our Instagram profile, personal data is transferred to servers of Facebook (Meta), as Instagram’s parent company, in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Information on Instagram and privacy:

Instagrams privacy policy: https://help.instagram.com/519522125107875.
Information on the Standard Contractual Clauses: https://de-de.facebook.com/help/566994660333381.

Twitter
Provider:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

Data transfers to the US:

Whilst visiting our Twitter profile, data is transmitted to Twitter’s server in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

Information on Twitter and privacy:

Twitters Privacy Policy: https://twitter.com/de/privacy.

YouTube
Provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Information on YouTube and privacy:

Googles privacy policy as YouTubes parent organisation: https://policies.google.com/privacy?hl=de.
For oweners of a Google account:
Link to disable YouTube History: https://myactivity.google.com/myactivity.
Link to the data and privacy account settings: https://myaccount.google.com/data-and-privacy.

LinkedIN
Provider:

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Contract data processing:

We have concluded LinkedIns’ Contract data processing: , which ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR. LinkedIn’s Contract data processing: can be found here: https://www.LinkedIn.com/legal/l/dpa.

Data transfers to the US:

Whilst visiting our LinkedIn profile, data is transferred to LinkedIn servers in the USA. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.linkedin.com/legal/l/eu-sccs.

Information on LinkedIn and privacy:

LinkedIns privacy policy: https://www.linkedin.com/legal/privacy-policy.
Opt-out cookie to disable LinkedIN retargeting: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.