Privacy policy

Introduction
With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as 'data') we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as 'online offer').

Table of contents
- Introduction
- Person responsible
- Overview of processing
- Relevant legal bases
- Security measures
- Definitions of terms

Person Responsible
13MAD86, Martin

Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed
- Contact details.
- Content data.
- Usage data.
- Meta/communication data.

Categories of data subjects
- Communication partners.

Purposes of processing
- Contact requests and communication.
- Administration and response to requests.
- Feedback.
- Provision of our online offering and user-friendliness.

Relevant legal bases
Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

Contract performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures taken at the request of the data subject. Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing the availability and their separation. Furthermore, we have set up procedures that ensure the exercise of the rights of those affected, the deletion of data and reactions to threats to the data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

TLS encryption (https): In order to protect the data you transmit via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Contact and inquiry management
When you contact us (e.g. via contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the person making the inquiry is processed to the extent necessary to answer the contact inquiries and any requested measures.

Types of data processed: Contact data (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).

Affected persons: Communication partners.

Purposes of processing: Contact requests and communication; administration and response to requests; Feedback (e.g. collecting feedback via online form); provision of our online offer and user-friendliness.

Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

Contact form: If users contact us via our contact form, email or other communication channels, we process the data communicated to us in this context to process the communicated request; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Definitions of terms
This section provides you with an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and are defined primarily in Art. 4 GDPR. The legal definitions are binding. The following explanations, however, are primarily intended to help you understand. The terms are sorted alphabetically.

Personal data: 'Personal data' is all information relating to an identified or identifiable natural person (hereinafter 'data subject'); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Responsible person: The 'responsible person' is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of processing personal data.

Processing: 'Processing' is any operation or series of operations carried out on personal data or on sets of personal data, with or without the aid of automated procedures. The term is broad and covers virtually every handling of data, be it collecting, evaluating, storing, transmitting or deleting.