Privacy Policy

Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Responsible Party” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may include, for example, data that you enter into a contact form.

Other data is collected automatically or after your consent when you visit the website through our IT systems. This mainly includes technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this or any other questions on the subject of data protection.

Analytics Tools and Third-Party Tools

When visiting this website, your browsing behavior may be statistically evaluated. This is mainly done using so-called analytics programs. Detailed information on these analytics programs can be found in the following privacy policy.

2. Hosting

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access data, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contractual obligations and ensuring the secure provision of our online services. Our hosting provider processes your data only to the extent necessary to fulfill its service obligations.

We use the following hosting provider:

Comprehensive Computer Services

Jan-Christoph Ihrens

Knooper Weg 57, 24103 Kiel

Phone: +49 431 736068

Fax: +49 431 7754504

Email: info@cc-services.de

Web: https://www.cc-services.de

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service, which ensures that personal data is processed only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.
When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

Scharpenberg Orthopädie-Technik GmbH

Neptunallee 1a, 18057 Rostock, Germany

Phone: 0381/800870

Email: zentrale@scharpenberg.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Name and Address of the Data Protection Officer

The data protection officer of the responsible party is:

Berrit Kamarys

Scharpenberg Orthopädie-Technik GmbH, Neptunallee 1a, 18057 Rostock, Germany

Phone: 0381/800870

Email: datenschutzbeauftragter@scharpenberg.com

Website: www.scharpenberg.com

Storage Period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons no longer apply.

General Information on the Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of personal data pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your end device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TDDDG. Consent may be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The respective legal bases applicable in each individual case are explained in the following sections of this privacy policy.

Notice on Data Transfers to Third Countries Not Considered Secure Under Data Protection Law and to US Companies That Are Not DPF-Certified

We use, among other things, tools from companies based in third countries that are not considered secure under data protection law, as well as US tools whose providers are not certified under the EU–US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We point out that no level of data protection comparable to that of the EU can be guaranteed in third countries that are not considered secure under data protection law.

We also point out that the United States is generally considered a secure third country with a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permissible if the recipient is certified under the “EU–US Data Privacy Framework” (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of Personal Data

In the course of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure of data. When using processors, we only pass on our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke consent already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, and to have it handed over to yourself or to a third party in a commonly used, machine-readable format. If you request direct transmission of the data to another controller, this will only be carried out to the extent technically feasible.

Access, Correction, and Deletion

Under applicable law, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of the data processing, and, if applicable, the right to correct or delete this data. You can contact us at any time regarding this or any other questions concerning personal data.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored with us, we generally need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request restriction of processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request restriction of processing instead of deletion.
If you have filed an objection under Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it is not yet determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may only be processed – apart from storage – with your consent, for the assertion, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the padlock symbol in your browser’s address bar.
When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packages and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, to provide certain functions requested by you (e.g., shopping cart functionality), or to optimize the website (e.g., cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for storing cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or generally, and activate automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookie Consent with Real Cookie Banner

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner.” Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

Providing personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide personal data, we cannot manage your consents.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

These data are not merged with other data sources.

The collection of these data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, the information provided in the form, including the contact details you provide, will be stored with us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal requirements – in particular retention periods – remain unaffected.

Inquiries via Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry, including all personal data contained therein (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The data you submit via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been fully processed). Mandatory legal requirements – in particular statutory retention periods – remain unaffected.

Privacy Notices for the “Prescription” Service

General Information

The following information provides an overview of what happens to your personal data when you use the “Prescription” service. Personal data is any data with which you can be personally identified.

Using the “Prescription” service is completely voluntary. You are under no legal or contractual obligation to provide your personal data through this service. You can also use/submit your prescription or medical order via other means. Profiling within the meaning of Art. 22(1) and (4) GDPR (General Data Protection Regulation) does not take place.

The controller (within the meaning of the GDPR) for data processing on this website, and for processing within the “Prescription” service form, is the company:
Scharpenberg Orthopädie-Technik GmbH, Neptunallee 1a, 18057 Rostock, 0381 800870, zentrale@scharpenberg.com. For questions regarding the collection, processing, or use of your personal data, for information, correction, blocking, or deletion of data, as well as revocation of given consent or objection to specific use of data, please contact our Data Protection Officer directly: Berrit Kamarys, datenschutzbeauftragter@scharpenberg.com.

In addition to the following notes (which specifically relate to the “Prescription” service), the following apply:

1. Regarding the website sani-aktuell.de, the privacy notices of Sanitätshaus Aktuell AG.
2. From the point at which your data is transmitted to us, our privacy notices apply.

Which data is processed?
For what purpose is the data processed?
On what legal basis is the data processed?
How long is the data processed?

Your data is collected in our “Prescription” service when you provide it to us. You are asked to enter your personal data into the provided form. This includes the data from your prescription or medical order, which primarily contains so-called health data (“health data” are special categories of personal data – according to Art. 4 No. 15 GDPR, “health data” are personal data relating to the physical or mental health of a natural person, including the provision of health services, from which information about their health status can be derived). These “prescription data” are either entered directly into the prescription input form or you can upload your prescription or medical order as a file (scan, photo, etc.).

In the input form, we ask you to provide at least your name, email address, and phone number. The data you provide with the prescription can be found in the input form or on your prescription/medical order itself.

By clicking the final button, in addition to the data you entered, your IP address registered by your Internet Service Provider (ISP) as well as the date and time of submission are recorded and stored by Sanitätshaus Aktuell AG. This is to trace any possible misuse of your data, especially your email address, at a later time.
By entering the data, checking the boxes, and clicking the final button, you submit the data and give your consent to email communication as well as the processing of your health data (Arts. 9(1), 9(2)(a), 6(1)(a) GDPR). This means that the submitted data is transmitted to the central “Prescription” service, initially stored by Sanitätshaus Aktuell AG, and then forwarded to the selected medical supply store.
After forwarding your data to us, Sanitätshaus Aktuell AG deletes your prescription data and provided phone number, at the latest within 30 days. Your name, first name, email address, IP address, date, and time of submission are retained by Sanitätshaus Aktuell AG to verify your consent; these data are deleted only after this purpose is fulfilled. Their processing is therefore not based on your consent but on Art. 6(1)(b) and (f) GDPR. No further transmission of the data occurs beyond what is described above.

What Do We Use Your Data For?

For the purpose of data collection, the above applies.
Specifically, your personal data is used by Sanitätshaus Aktuell AG – as described – to forward it to us and only partially – as also described – by Sanitätshaus Aktuell AG for the purpose of verifying your consents (to the extent described above).
We, as the medical supply store you selected, receive the email address and phone number you provided via Sanitätshaus Aktuell AG in order to contact you and discuss your individual care. Additional information can be found in our store’s previously mentioned privacy notice (link to be inserted).

What Rights Do You Have?

To the extent that we rely on your consent for processing – as explained above – you have the right to withdraw this consent at any time (Art. 7(3) GDPR). The revocation is possible at any time but only with effect for the future. The lawfulness of the data processing carried out until the revocation remains unaffected. In the event of revocation, we will delete the affected data immediately, unless further processing can be based on another legal basis for processing without consent.
Furthermore, you have extensive data subject rights vis-à-vis the controller regarding the processing of your personal data (rights to access and intervention), which we inform you of below:

You have, in particular, the right to access (Art. 15 GDPR) your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria used to determine it, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if not collected by us, the existence of automated decision-making including profiling, and, if applicable, meaningful information about the logic involved and the significance and consequences of such processing for you, as well as your right to be informed of the safeguards under Art. 46 GDPR in case of data transfer to third countries;
You have the right to immediate correction (Art. 16 GDPR) of incorrect data concerning you and/or completion of incomplete data stored with us;
You have the right to request deletion (Art. 17 GDPR) of your personal data if the conditions of Art. 17(1) GDPR are met. This right does not exist, however, if processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
You have the right to request restriction of processing (Art. 18 GDPR) of your personal data while the accuracy of your disputed data is verified, if you refuse deletion due to unlawful processing and instead request restriction, if you need your data for the assertion, exercise, or defense of legal claims after we no longer need it for the original purpose, or if you have objected for reasons of your particular situation and it is not yet clear whether our legitimate interests prevail;
If you have asserted the right to rectification, deletion, or restriction of processing vis-à-vis the controller (Art. 19 GDPR), the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, deletion, or restriction, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients;
You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller (Art. 20 GDPR), to the extent technically feasible;
If you believe that the processing of your personal data violates the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the Member State of your residence, workplace, or the place of the alleged infringement;
If we process your personal data based on a balancing of interests due to our overriding legitimate interest, you also have the right to object to this processing at any time with effect for the future if reasons in your particular situation oppose the processing. If you exercise your right to object, we will cease processing the affected data. Further processing is only permitted if we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of our legal claims.

5. Social Media

Facebook

This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data may also be transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection between your device and the Facebook server is established. Facebook thereby receives information that you visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This may allow Facebook to associate the visit to this website with your user account. We point out that, as the website operator, we do not receive any information about the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using this tool and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Facebook. The processing carried out by Facebook after the transmission is not part of the joint responsibility. Our joint obligations are documented in a joint controller agreement. The full text of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. Data subject rights (e.g., requests for information) regarding the data processed by Facebook can be exercised directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these requests to Facebook.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhere to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

Instagram

This website integrates functions of the social network Instagram.
The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
According to Instagram, the collected data may also be transferred to the USA and other third countries.

An overview of the Instagram social media elements can be found here: https://www.instagram.com/developer/.

When the social media element is active, a direct connection between your device and the Instagram server is established. Instagram thereby receives information that you visited this website with your IP address. If you click the “Instagram” button while logged into your Instagram account, you can link the content of this website to your Instagram profile. This may allow Instagram to associate the visit to this website with your user account. We point out that, as the website operator, we do not receive any information about the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using this tool and transmitted to Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Instagram. The processing carried out by Instagram after the transmission is not part of the joint responsibility.

Our joint obligations are documented in a joint controller agreement. The full text of the agreement can be found here: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing privacy information when using the Instagram tool and for the data protection-compliant implementation of the tool on our website. Instagram is responsible for the data security of its products.
Data subject rights (e.g., requests for information) regarding the data processed by Instagram can be exercised directly with Instagram. If you exercise your data subject rights with us, we are obliged to forward these requests to Instagram.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875, and https://www.instagram.com/legal/privacy/.

6. Analytics Tools and Advertising

Matomo

This website uses the open-source web analytics service Matomo.
With the help of Matomo, we can collect and analyze data on how visitors use our website. This allows us, for example, to determine when specific page views occurred and from which region. We also collect various log files (e.g., IP address, referrer, browser and operating system used) and can measure whether visitors perform certain actions on our website (e.g., clicks, purchases, etc.).

The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offerings and advertising. If consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Hosting

We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared.

7. Plugins and Tools

YouTube with Enhanced Privacy Mode

This website embeds videos from YouTube. The operator of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a website where YouTube is embedded, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. Videos played in enhanced privacy mode are, according to YouTube, not used to personalize your browsing on YouTube. Ads shown in enhanced privacy mode are also not personalized. In enhanced privacy mode, no cookies are set. Instead, so-called local storage elements are stored in the user’s browser, which can contain personal data and be used for recognition purposes.

Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.

Additional data processing may occur after activating a YouTube video, over which we have no control.

The use of YouTube serves the purpose of providing an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Further information about privacy on YouTube can be found in their privacy policy: https://policies.google.com/privacy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhere to these standards. Further information can be obtained here: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (Local Hosting)

This website uses so-called Google Fonts provided by Google to ensure a uniform presentation of fonts. The Google Fonts are installed locally. No connection to Google servers is made.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq
and in Google’s privacy policy: https://policies.google.com/privacy.

Font Awesome

This website uses Font Awesome for consistent display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you visit a page, your browser loads the required fonts into your browser cache to correctly display texts, fonts, and icons. For this purpose, your browser must connect to the Font Awesome servers. This allows Font Awesome to know that this website was accessed via your IP address. The use of Font Awesome is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the consistent appearance of the fonts on our website.

If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

If your browser does not support Font Awesome, a standard font from your computer will be used.

Further information on Font Awesome can be found in their privacy policy: https://fontawesome.com/privacy.

Google Maps

This website uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With this service, we can embed maps on our website.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The operator of this website has no influence on this data transmission. When Google Maps is activated, Google may use Google Fonts to ensure consistent font display. When accessing Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps serves the purpose of an appealing presentation of our online offerings and easy discoverability of the locations we display on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on how Google handles user data can be found in their privacy policy: https://policies.google.com/privacy.

The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA ensuring compliance with European data protection standards for data processing in the USA. Every DPF-certified company commits to these standards. Further information is available here: https://www.dataprivacyframework.gov/participant/5780.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether the data entry on this website (e.g., in a contact form) is performed by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as a visitor enters the website. reCAPTCHA evaluates different information (e.g., IP address, time spent on the website, or mouse movements performed by the user). The data collected during this analysis is transmitted to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scanning and spam. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.

Further information on Google reCAPTCHA can be found in the Google Privacy Policy and Google Terms of Service at the following links: https://policies.google.com/privacy and https://policies.google.com/terms.

The company is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA that ensures compliance with European data protection standards for data processing in the USA. Every DPF-certified company commits to these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Spotify

This website includes features from the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize Spotify plugins by the green logo on this website. An overview of Spotify plugins can be found at: https://developer.spotify.com.

When you visit this website, the plugin can establish a direct connection between your browser and the Spotify server. Spotify thereby receives information that you visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, the content of this website can be linked to your Spotify profile, allowing Spotify to associate your visit with your user account.

Please note that when using Spotify, Google Analytics cookies may be used, meaning your usage data while using Spotify can also be transmitted to Google. Google Analytics is a tool from the Google Group for analyzing user behavior, based in the USA. Spotify alone is responsible for this integration. We as the website operator have no influence over this processing.

The storage and analysis of data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in providing an engaging audio experience on the website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.

Further information is available in Spotify’s Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/.

If you do not want Spotify to associate your visit to this website with your Spotify account, please log out of your Spotify account.