With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data" for short) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as e.g. our social media profiles (hereinafter collectively referred to as the "Online Offer").
The terms used are not gender-specific.
As of: 24. September 2023
Enrico Garten
Herbartstraße 1p
04318 Leipzig, Germany
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Relevant legal bases according to the GDPR: Below you will find an overview of the legal basis of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also be relevant in individual cases, we will inform you of these in the data protection declaration.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Law on the Protection against misuse of personal data in data processing (Bundesdatenschutzgesetz – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the endangerment of the data. Furthermore, we already take the protection of personal data into account during the development or processing of personal data. Selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and privacy-friendly presets.
TLS/SSL encryption (https): We use TLS/SSL encryption to protect the data of users transmitted via our online services. Secure Sockets Layer (SSL) is the standard technology for securing Internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
As part of our processing of personal data, it happens that the data is transmitted to other bodies, companies, legally independent organizational units or persons or they are disclosed to you. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or contracts. Agreements that serve the protection of your data with the recipients of your data.
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements. If the level of data protection has been recognised in the third country by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise secured, in particular by standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), express consent or, in the case of contractual or legally required transmission (Art. 49 para. 1 GDPR). In addition, we will inform you about the basics of third-country transmission with the individual providers from the third country, whereby the adequacy decisions are considered as the basics as a priority. Information on transfers to third countries and existing adequacy decisions can be found in the information provided by the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.