Purposes for which the personal data are to be processed

Data processing for the management of consents.

The period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.

1 year

Legal basis for the processing

Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO)

Purposes for which the personal data are to be processed

The purpose of processing personal data through a Content Delivery Network (CDN) is to speed up the delivery of the website. If there are many requests, the use of a CDN ensures that the website continues to be delivered and the CDN protects the web server from being overwhelmed by so-called DDoS attacks.

The period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.

Max. 7 days

Legal basis for the processing

Legitimate interest (Art. 6 para. 1 p. 1 lit. f. DSGVO)

Legitimate interests within the meaning of Art. 6 para. 1 lit. f pursued by the responsible person

To optimize and secure our online service and to optimally display the content we offer on different end devices and to reduce the loading speeds of our website.

Recipients or categories of recipients of the personal data

Cloudflare, 101 Townsend St, San Francisco, CA 94107, USA, (unpkg andnd Cloudflare CDN)

Intention of the controller to transfer the personal data to a third country or an international organisation

Personal data is transferred outside the EU/EEA (third country):

·       USA

Presence or absence of an adequacy decision by the Commission

The EU Commission has not issued an adequacy decision for the third country. It is therefore possible that the level of data protection in the third country is lower than that of the EU Commission.

Reference to appropriate or adequate safeguards and how to obtain a copy of them or where they are available

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with BootstrapCDN.

·       Standard contractual clauses have been concluded with Cloudflare. These standard contractual clauses can be viewed at Cloudflare Data Processing Addendum: Standard Contractual Clauses for Customers | Cloudflare.

Purposes for which the personal data are to be processed

Collection of personal data of website visitors to measure the use and type of use of websites, to optimise our own website and thereby increase the number and duration of users.

We also monitor the availability of our website through an external service (Pingdom, Sweden).

The period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.

Google: max. 2 years

Hotjar: max. 2 years

Microsoft: max 1 year, 25 days

Pingdom: max. 1 year

Pardot: max. 2 years

Legal basis for the processing

Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO)

Recipients (if applicable 2nd level) or categories of recipients (1st level) of the personal data

Google Ireland limited, Gordon House, Barrow Street Dublin 4, Ireland

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA

Intention of the controller to transfer the personal data to a third country or an international organisation (1st level)

Personal data is transferred outside the EU/EEA (third country):

·       USA

·       Singapore

·       Taiwan

·       Chile

Presence or absence of an adequacy decision by the Commission (2nd level, if applicable)

The EU Commission has not issued an adequacy decision for the third country. It is therefore possible that the level of data protection in the third country is lower than that of the EU Commission.

Reference to appropriate or adequate safeguards and how to obtain a copy of them or where they are available (2nd level if applicable).

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with Google. These standard contractual clauses can be viewed at Data transfer frameworks – Privacy & Terms – Google

·       Standard contractual clauses have been concluded with Microsoft. These standard contractual clauses can be viewed at Licensing Documents (microsoft.com).

·       Standard contractual clauses have been concluded with Pardot. These standard contractual clauses can be viewed at Privacy Policy - Salesforce.com.

Purposes for which the personal data are to be processed

Fonts from external providers are integrated in order to maintain the uniform company appearance (so-called corporate design).

Duration for which the personal data are stored or, if this is not possible, the criteria for determining this duration (if applicable 2nd level)

Adobe Fonts: According to Adobe, no cookies are stored when providing the fonts.

Google Fonts: max. 1 year

Legal basis for the processing (if applicable 2nd level)

The data collection and also the data transmission are carried out on the basis of a legitimate interest (Art. 6 para. 1 p. 1 lit. f. DSGVO)

Legitimate interests within the meaning of Art. 6 para. 1 lit. f pursued by the responsible person

A uniform presentation across devices, improved loading times and a smaller administrative effort.

Recipients or categories of recipients of the personal data

Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24Ireland

Google Ireland limited, Gordon House, Barrow Street Dublin 4, Ireland

Intention of the controller to transfer the personal data to a third country or an international organisation

Personal data is transferred outside the EU/EEA (third country):

·       USA

·       Singapore

·       Taiwan

·       Chile

Presence or absence of an adequacy decision by the Commission

The EU Commission has not issued an adequacy decision for the third country. It is therefore possible that the level of data protection in the third country is lower than that of the EU Commission.

Reference to appropriate or adequate safeguards and how to obtain a copy of them or where they are available

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with Adobe. These standard contractual clauses can be viewed at Adobe Privacy Centre.

·       Standard contractual clauses have been concluded with Google. These standard contractual clauses can be viewed at Data transfer frameworks – Privacy & Terms – Google

Purposes for which the personal data are to be processed

Map services are used for the geographic representation of places and advice on navigation is also given.

Duration for which the personal data are stored or, if this is not possible, the criteria for determining this duration (if applicable 2nd level)

Google: max. 2 years

Legal basis for the processing (if applicable 2nd level)

Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO)

Recipients (if applicable 2nd level) or categories of recipients (1st level) of the personal data

Google Ireland limited, Gordon House, Barrow Street Dublin 4, Ireland

Intention of the controller to transfer the personal data to a third country or an international organisation (1st level)

Personal data is transferred outside the EU/EEA (third country):

·       USA

·       Singapore

·       Taiwan

·       Chile

Presence or absence of an adequacy decision by the Commission (2nd level, if applicable)

The EU Commission has not issued an adequacy decision for the third country. It is therefore possible that the level of data protection in the third country is lower than that of the EU Commission.

Reference to appropriate or adequate safeguards and how to obtain a copy of them or where they are available

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with Google. These standard contractual clauses can be viewed at Data transfer frameworks – Privacy & Terms – Google.

Purposes for which the personal data are to be processed

Cloud services are used for the provision of videos and photos, so that the own internet infrastructure is relieved and a delivery of videos and photos can be guaranteed even with high numbers of requests.

The period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.

Youtube: max. 8 months

Google: max. 2 years

Legal basis for the processing

Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO)

Recipients or categories of recipients of the personal data

Google Ireland limited, Gordon House, Barrow Street Dublin 4, Ireland

YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Intention of the controller to transfer the personal data to a third country or an international organisation

Personal data is transferred outside the EU/EEA (third country):

·       USA

·       Taiwan

·       Singapore

·       Chile

Presence or absence of an adequacy decision by the Commission

The EU Commission has not issued an adequacy decision for the third country. It is therefore possible that the level of data protection in the third country is lower than that of the EU Commission.

Verweis auf geeignete oder angemessene Garantien und die Möglichkeit, wie eine Kopie von ihnen zu erhalten ist, oder wo sie verfügbar sind

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with Google (Youtube und Google Photos). These standard contractual clauses can be viewed at

Data transfer frameworks – Privacy & Terms – Google.

Purposes for which the personal data are to be processed

Advertising our own services. For this purpose, our service providers also measure what users do after they have clicked on our ads (e.g. use of services).

The period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.

Facebook: max. 2 years 

LinkedIn: max. 2 years

Google: max. 1 year

Microsoft: max. 2 years

Outbrain: max. 2 years

Legal basis for the processing

Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO)

Recipients or categories of recipients of the personal data

Facebook Meta Platforms Ireland Limited, 1601 South California Avenue, Palo Alto, CA 94304, USA („Facebook“)

LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland

Google Ireland limited, Gordon House, Barrow Street Dublin 4, Ireland

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (Bing Ads)

Outbrain UK Limited, 5th Floor, The Place, 175 High Holborn, London, WC1V 7AA, UK

Intention of the controller to transfer the personal data to a third country or an international organisation

Personal data is transferred outside the EU/EEA (third country):

·       UK

·       USA

·       Singapore

·       Chile

·       Taiwan

Presence or absence of an adequacy decision by the Commission

The EU Commission has not issued an adequacy decision for the third country USA. It is therefore possible that the level of data protection in the third country is lower than that in the EU.

Presence or absence of an adequacy decision by the Commission

Reference to appropriate or adequate safeguards and how to obtain a copy of them or where they are available

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with Facebook. These standard contractual clauses can be viewed at Facebook.

·       Standard contractual clauses have been concluded with Google (DoubleClick, Google AdServices). These standard contractual clauses can be viewed at Data transfer frameworks – Privacy & Terms – Google.

·       Standard contractual clauses have been concluded with LinkedIn. These standard contractual clauses can be viewed at EU, EEA, and Swiss Data Transfers | LinkedIn Help.

·       Standard contractual clauses have been concluded with Microsoft (Bing Ads). These standard contractual clauses can be viewed at Licensing Documents (microsoft.com).

·        

Purposes for which the personal data are to be processed

Purposes for which the personal data are to be processed Provision of a contact form for responding to inquiries of any kind.

Duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Legal basis for the processing

If your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, Art. 6 (1) lit. b) DS-GVO is the legal basis. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DS-GVO) or on your consent (Art. 6 para. 1 lit. a DS-GVO).

Purposes for which the personal data are to be processed

The purpose of data processing is communication with interested parties

Duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

Deletion of personal data at the latest with the deletion of the user's account.

Legal basis for the processing

Contract or contract initiation for students or interested parties with study-related inquiries (Art. 6 para. 1 p. 1 lit. a) DSGVO)

Recipients or categories of recipients of the personal data

WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Absicht des Verantwortlichen, die personenbezogenen Daten an ein Drittland oder eine internationale Organisation zu übermitteln

Personal data is transferred outside the EU/EEA (third country):

·       USA

Vorhandensein oder Fehlen eines Angemessenheitsbeschlusses der Kommission

The EU Commission has not issued an adequacy decision for the third country USA. It is therefore possible that the level of data protection in the third country is lower than required.

Presence or absence of an adequacy decision by the Commission.

The following measures have been taken to ensure that the level of data protection guaranteed by the GDPR is not undermined:

·       Standard contractual clauses have been concluded with WhatsApp. These standard contractual clauses can be viewed at

https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927?lang=en.