Privacy agreement
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific.
Status: 26 March 2022
GroomRoom Berlin GmbH
Mr Hellmann
Mühlenstraße 8a
14167 Berlin
The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.
Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or allow data to be processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).
If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
Our privacy notices may also contain further information on the retention and deletion of data, which will take precedence for the respective processing operations.
Cookies are small text files or other memory notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping basket in an e-shop, the contents called up or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for the purpose of functionality, security and comfort of online offers as well as the creation of analyses of visitor flows.
Consent notices: We use cookies in accordance with the law. We therefore obtain prior consent from users, except where this is not required by law. In particular, consent is not required if the storage and reading of information, i.e. including cookies, is absolutely necessary in order to provide the user with a telemedia service (i.e. our online offer) expressly requested by the user. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.
Notes on legal bases under data protection law: The legal basis under data protection law on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and improvement of its usability) or, if this is done in the context of the performance of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We explain the purposes for which we process the cookies in the course of this data protection declaration or as part of our consent and processing procedures.
Storage duration: With regard to the storage duration, the following types of cookies are distinguished:
General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Art. 21 DSGVO (further information on the objection is provided within the scope of this data protection declaration). Users can also declare their objection using the settings of their browser.
Further guidance on processing operations, procedures and services:
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer enquiries.
All treatments are documented by means of video cameras in order to be able to clarify any misunderstandings beyond doubt afterwards. All video recordings are always irretrievably deleted after 30 calendar days.
We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations as well as the company organisation. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.
We inform the contractual partners of the data required for the above-mentioned purposes before or in the course of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e., in principle after the expiry of 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes, usually 10 years). We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications of the order, in principle after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Craft services
The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for delivery and invoicing as well as contact information in order to be able to hold any consultations.
Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer efficient and secure payment options to data subjects and use other service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers").
The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers (SumUp) and stored with them. I.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.
The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights.
Further guidance on processing operations, procedures and services:
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that is generated as part of the use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.
Further guidance on processing operations, procedures and services:
We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.
When contacting us (e.g. by contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.
The answering of contact enquiries as well as the administration of contact and enquiry data within the framework of contractual or pre-contractual relationships is carried out in order to fulfil our contractual obligations or to answer (pre-)contractual enquiries and, moreover, on the basis of the legitimate interests in answering enquiries and maintaining user or business relationships.
Further guidance on processing operations, procedures and services:
We offer online chats and chatbot functions (collectively referred to as "chat services") as a communication option. A chat is an online conversation conducted with some degree of timeliness. A chatbot is software that answers users' questions or notifies them of messages. When you use our chat features, we may process your personal data.
If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. Furthermore, we store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove these in accordance with legal requirements.
We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as collect technical information about the device used by the users and, depending on the settings of their device, also location information (so-called metadata) for the purpose of optimising the respective services and for security purposes. Likewise, the metadata of the communication via chat services (i.e. e.g. information on who communicated with whom) could be used by the respective platform providers in accordance with their regulations, to which we refer for further information, for marketing purposes or to display advertising tailored to users.
If users agree with a chatbot to activate information with regular messages, they have the option to unsubscribe from the information at any time in the future. The chatbot informs users how and with which terms they can unsubscribe from the messages. Unsubscribing from chatbot messages deletes user data from the list of message recipients.
We use the aforementioned information to operate our chat services, e.g. to address users personally, to answer their queries, to transmit any requested content and also to improve our chat services (e.g. to "teach" chatbots answers to frequently asked questions or to identify unanswered queries).
Notes on legal basis: We use chat services on the basis of consent if we have previously obtained users' permission to process their data within the scope of our chat services (this applies to cases where users are asked for consent, e.g. for a chatbot to send them messages on a regular basis). If we use chat services to answer users' enquiries about our services or our company, this is done for contractual and pre-contractual communication. Furthermore, we use chat services on the basis of our legitimate interests in optimising the chat services, their operational efficiency and increasing the positive user experience.
Revocation, objection and deletion: You can revoke a given consent or object to the processing of your data within the scope of our chat services at any time.
We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described in the course of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of a personal address in the newsletter, or further details if these are required for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter is always carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.
Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data will be limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list (so-called "block list") for this purpose alone.
The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Notes on legal basis: The newsletter is sent on the basis of the recipients' consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and insofar as this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in efficient and secure dispatch. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.
Information about us, our services, promotions and offers.
Further guidance on processing operations, procedures and services:
In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
Further conditions such as the performance of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
If other regional or national laws apply, we will inform you about them in the following sections.
According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:
In short: You have rights - do not hesitate to contact the responsible body listed above with us!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection commissioner for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
State Commissioner for Data Protection: Maja Smoltczyk
Address : Friedrichstraße 219, 10969 Berlin
Telephone: 030/138 89-0
E-mail address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/
We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason for us to have data processed in third countries. Processing personal data in third countries such as the US, where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, it is possible that collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will provide you with more detailed information about data transfers to third countries, where applicable, at the appropriate points in this privacy policy.
To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.
Article 25 of the GDPR speaks of "data protection through technical design and through data protection-friendly default settings" and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and that appropriate measures should be taken. In the following, we will go into more detail on specific measures, if necessary.
TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof on the internet.
This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".
In this way, we have introduced an additional layer of security and fulfil data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol
at the top left of the browser, to the left of the internet address (e.g. beispielseite.de) and the use of the https scheme (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.
Communication summary👥Data subjects: All those who communicate with us by telephone, e-mail or online form📓 Data processed: e.g. telephone number, name, e-mail address, form data entered. More details can be found in the respective type of contact used🤝 Purpose: Processing of communication with customers, business partners, etc.📅 Storage period: Duration of the business case and legal requirements⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. b DSGVO (Contract), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).
When you contact us and communicate by phone, email or online form, personal data may be processed.
The data is processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law.
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been terminated and legal requirements permit.
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server. The data is deleted as soon as the business case has been completed and legal requirements permit.
If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an e-mail address of ours. The data is deleted as soon as the business case has been terminated and legal requirements permit.
The processing of data is based on the following legal bases:
Cookies Summary👥Data subject: visitors to the website🤝 Purpose: depends on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.📓 Data processed: Depending on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.📅 Storage period: depends on the cookie in question, can vary from hours to years⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.
Cookie data, for example, can look like this:
Name: _ga
Value: GA1.2.1326744211.152311985527-9
Purpose: to distinguish website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
One can distinguish between 4 types of cookies:
Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.
Purposeful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers.
Target-oriented cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are saved.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually adapted advertising to the user. This can be very practical, but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these cookie types you would like to allow. And of course, this decision is also stored in a cookie.
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".
The purpose ultimately depends on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.
Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise about what data is stored in cookies, but we will inform you about the data processed or stored within the framework of the following data protection declaration.
The storage period depends on the cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right of objection" below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, activate and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer.
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term "Delete Cookies Chrome" or "Deactivate Cookies Chrome" in the case of a Chrome browser.
The so-called "Cookie Guidelines" have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 para. 1 lit. a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 96 para. 3 of the Telecommunications Act (TKG). In Germany, the Cookie Directive has not been implemented as national law. Instead, this directive was largely implemented in § 15 para.3 of the Telemedia Act (TMG).
For absolutely necessary cookies, even where there is no consent. there are legitimate interests (Article 6(1)(f) DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.
If cookies are used that are not absolutely necessary, this only happens in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.
In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.
Web hosting summary👥Data subject: visitors to the website🤝 Purpose: professional hosting of the website and safeguarding of operations📓 Data processed: IP address, time of website visit, browser used and other data. More details can be found below or with the respective web hosting provider used.📅 Storage period: depends on the respective provider, but usually 2 weeks⚖️ Legal basis: Art. 6 para. 1 lit.f DSGVO (Legitimate Interests)
When you visit websites nowadays, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or example.com.
If you want to view a website on a screen, you use a programme called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
This web browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and costly task, which is why it is usually done by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data.
When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.
To illustrate:
The purposes of the data processing are:
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.
In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
As a rule, there is a contract on commissioned processing between us and the hosting provider in accordance with Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.
Website Building Block Systems Privacy Policy Summary👥Data subject: Visitors to the website🤝 Purpose: Optimisation of our service performance📓 Data processed: Data such as technical usage information such as browser activity, clickstream activity, session heatmaps as well as contact details, IP address or your geographical location. More details can be found below in this privacy policy and in the privacy policy of the providers.📅 Storage period: depends on the provider⚖️ Legal basis: Art. 6 para. 1 lit. f DSGVO (Legitimate Interests), Art. 6 para. 1 lit. a DSGVO (Consent).
We use a website construction kit system for our website. Modular systems are special forms of a content management system (CMS). With a modular system, website operators can create a website very easily and without programming knowledge. In many cases, web hosts also offer building block systems. By using a modular system, personal data of you may also be collected, stored and processed. In this data protection text, we provide you with general information about data processing by modular systems. You can find more detailed information in the data protection declarations of the provider: https://webflow.com/legal/eu-privacy-policy
The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple and concise website that we can easily operate and maintain ourselves - without external support. A modular system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and to offer you an informative and pleasant time on our website.
Exactly what data is stored depends, of course, on the website construction system used. Each provider processes and collects different data from the website visitor. But as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Tracking data (e.g. browser activity, clickstream activity, session heatmaps, etc.) may also be processed. In addition, personal data may also be collected and stored. This is mostly contact data such as email address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly what data is stored in the provider's privacy policy.
We will inform you about the duration of the data processing below in connection with the website construction kit system used, provided we have further information on this. You will find detailed information about this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own specifications, over which we have no influence.
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website construction kit system used at any time. You can find contact details either in our privacy policy or on the website of the relevant provider.
You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.
We have a legitimate interest in using a website construction kit system to optimise our online service and to present it to you in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). However, we only use the modular system if you have given your consent.
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.
With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information, you will find further information - if available - in the following section or in the privacy policy of the provider.
Email marketing summary👥Data subject: Newsletter subscribers🤝 Purpose: Direct advertising by email, notification of system-relevant events📓 Data processed: Data entered during registration but at least the e-mail address. More details can be found in the respective email marketing tool used.📅 Storage period: Duration of the existence of the subscription⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
In order to keep you up to date, we also use the possibility of e-mail marketing. If you have agreed to receive our e-mails or newsletters, your data will also be processed and stored. E-mail marketing is a sub-area of online marketing. It involves sending news or general information about a company, products or services by e-mail to a specific group of people who are interested in them.
If you want to take part in our email marketing (mostly via newsletter), you usually just have to register with your email address. To do this, you fill out an online form and send it off. However, it may also happen that we ask you for your title and name so that we can write to you personally.
In principle, the registration for newsletters works with the help of the so-called "double opt-in procedure". After you have registered for our newsletter on our website, you will receive an email to confirm your newsletter registration. This ensures that the e-mail address belongs to you and that no one has registered with a third-party e-mail address. We or a notification tool we use logs each individual subscription. This is necessary so that we can prove that the registration process is legally correct. As a rule, the time of registration, the time of the registration confirmation and your IP address are saved. In addition, it is also logged when you make changes to your stored data.
Of course, we want to stay in touch with you and always present you with the most important news about our company. To do this, we use, among other things, email marketing - often just referred to as "newsletters" - as an essential part of our online marketing. Provided you agree to this or it is legally permitted, we will send you newsletters, system e-mails or other notifications by e-mail. When we use the term "newsletter" in the following text, we mainly mean regularly sent e-mails. Of course, we do not want to annoy you in any way with our newsletters. That is why we really always try to offer only relevant and interesting content. For example, you can learn more about our company, our services or products. Since we are always improving our offers, you will also always find out through our newsletter when there is news or when we are offering special, lucrative promotions. If we use a service provider who offers a professional mailing tool for our email marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our corporate goals.
If you become a subscriber to our newsletter via our website, you confirm membership of an e-mail list by e-mail. In addition to your IP address and e-mail address, your title, name, address and telephone number may also be stored. However, only if you agree to this data storage. The data marked as such are necessary so that you can participate in the service offered. Providing this information is voluntary, but failure to provide it will result in you not being able to use the service. In addition, information about your device or your preferred content on our website may be stored. You can find out more about the storage of data when you visit a website in the section "Automatic data storage". We record your consent so that we can always prove that it complies with our laws.
If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at the time. We may only process this data if we need to defend ourselves against any claims.
However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your email address.
You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks. In most cases, you will find a link to cancel your newsletter subscription directly at the end of each email. If you really can't find the link in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately.
The sending of our newsletter is based on your consent (Article 6 para. 1 lit. a DSGVO). This means that we may only send you a newsletter if you have actively registered for it beforehand. If necessary, we may also send you advertising messages on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), provided you have become our customer and have not objected to the use of your email address for direct advertising.
Information on specific email marketing services and how they process personal data, if any, is provided in the following sections.
Push Messages Summary👥Data subject: Push Messages subscribers🤝 Purpose: Notification of system-relevant and interesting events📓 Data processed: Data entered during registration, usually also location data. More details can be found in the respective push message tool used.📅 Storage period: Data usually stored for as long as necessary for the provision of the services.⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract).
We also use so-called push notification services on our website, with which we can always keep our users up to date. This means that if you have agreed to the use of such push messages, we can send you short news items with the help of a software tool. Push messages are a form of text messaging that appear directly to you on your smartphone or other devices such as tablets or PCs if you have signed up for them. You will receive these messages even if you are not on our website or not actively using our services. Data about your location and your usage behaviour may also be collected and stored.
On the one hand, we use push messages to be able to fully provide the services we have contractually agreed with you. On the other hand, the messages also serve our online marketing. We can use these messages to give you an understanding of our service or our products. Especially when there are news in our company, we can inform you about it immediately. We want to get to know the preferences and habits of all our users as well as possible in order to continuously improve our offer.
In order to receive push messages, you must also confirm that you want to receive these messages. The data accumulated during the consent process is also stored, managed and processed. This is necessary so that it can be proven and recognised that a user has agreed to receive the push messages. For this purpose, a so-called device token or push token is stored in your browser. Usually, the data of your location or the location of the terminal device you are using is also stored.
To ensure that we always send interesting and important push messages, the handling of the messages is also statistically evaluated. For example, we can then see whether and when you open the message. With the help of these insights, we can adapt our communication strategy to your wishes and interests. Although this stored data can be assigned to you, we do not want to check you as an individual. Rather, we are interested in the collected data of all our users so that we can make optimisations. You can find out exactly what data is stored in the data protection declarations of the respective service providers.
How long the data is processed and stored depends primarily on the tool we use. You can find out more about the data processing of the individual tools below. The privacy statements of the providers usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as it is necessary for the provision of our services. When data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after leaving a website, but it can also remain stored for several years. You should therefore look at each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the data protection declarations of the individual providers.
It may also be that the push messages are necessary so that certain obligations that are in a contract can be fulfilled. For example, so that we can provide you with technical or organisational news. In this case, the legal basis is Art. 6 para. 1 lit. b DSGVO.
If this is not the case, the push messages will only be sent on the basis of your consent. In particular, our push messages may have promotional content. The push messages may also be sent depending on your location, which your end device displays. The above-mentioned analytical evaluations are also based on your consent to receive such messages. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO. Of course, you can revoke your consent or change various settings in the settings at any time.
Messenger & Communication Privacy Policy Summary👥Data subject: Visitors to the website🤝 Purpose: Contact requests and general communication between us and you📓 Data processed: Data such as name, address, email address, telephone number, general content data, IP address if applicableMore details can be found in the respective tools used.📅 Storage period: depending on the messenger & communication functions used⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests), Art. 6 para. 1 p. 1 lit. b. DSGVO (contractual or pre-contractual obligations)
We offer various options on our website (such as messenger and chat functions, online or contact forms, e-mail, telephone) to communicate with us. In doing so, your data will be processed and stored to the extent necessary to respond to your enquiry and our subsequent measures.
In addition to classic means of communication such as e-mail, contact forms or telephone, we also use chats or messengers. The most commonly used messenger function is currently WhatsApp, but there are of course many different providers that offer messenger functions specifically for websites. If content is encrypted end-to-end, this is indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption means nothing other than that the content of a message itself is not visible to the provider. However, information about your device, location settings and other technical data can still be processed and stored.
Communication possibilities with you are of great importance to us. After all, we want to talk to you and answer all possible questions about our service in the best possible way. Well-functioning communication is an important part of our service. With the practical messenger & communication functions, you can always choose the ones you prefer. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In this case, we recommend other communication options such as e-mail or telephone.
We generally assume that we remain responsible under data protection law even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 of the GDPR. Where this is the case, we point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is set out below under the platform concerned.
Please note that when using our built-in elements, data of you may also be processed outside the European Union, as many providers, for example Facebook Messenger or WhatsApp are American companies. This may make it less easy for you to claim or enforce your rights in relation to your personal data.
The exact data that is stored and processed depends on the respective provider of the messenger & communication functions. Basically, it is data such as name, address, telephone number, email address and content data such as all the information you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the providers' servers.
If you want to know exactly what data is stored and processed by the respective providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company.
How long the data is processed and stored depends primarily on the tools we use. You can find out more about the data processing of the individual tools below. The privacy statements of the providers usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as it is necessary for the provision of our services. If data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after leaving a website, but it can also remain stored for several years. You should therefore look at each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the data protection declarations of the individual providers.
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. For more information, please refer to the consent section.
As cookies may be used in messenger & communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
If you have consented that data from you can be processed and stored through integrated messenger & communication functions, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO). We process your enquiry and manage your data in the context of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer enquiries. The basis for this is Art. 6 para. 1 p. 1 lit. b. DSGVO. In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners if consent has been given.
We use the communication tool Facebook Messenger on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.
Facebook also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.
Facebook uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Facebook data processing condition, which complies with the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.
You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy.
We use the instant messaging service WhatsApp on our website. The service provider is the American company WhatsApp Inc. a subsidiary of Meta Platforms Inc. The company WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the European area.
WhatsApp also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.
WhatsApp uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find information on WhatsApp data transfer, which complies with the standard contractual clauses, at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927.
You can find out more about the data processed through the use of WhatsApp in the Privacy Policy at https://www.whatsapp.com/privacy.
All texts are protected by copyright.
Source: Created with the privacy generator from AdSimple
We process personal data for the purposes of promotional communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.
Recipients have the right to revoke consent given at any time or to object to promotional communication at any time.
After revocation or objection, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
Web analytics (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimisation.
In addition to web analysis, we may also use testing procedures, e.g. to test and optimise different versions of our online offer or its components.
Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.
The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.
Notes on legal bases: Where we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
Further guidance on processing operations, procedures and services:
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "Content") based on users' potential interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data may be associated with the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users' profiles with the aforementioned data. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.
In principle, we only receive access to summarised information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyse the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes on legal bases: Where we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
Further guidance on processing operations, procedures and services:
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, the enforcement of the users' rights could be made more difficult.
Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Further guidance on processing operations, procedures and services:
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").
The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus required for the display of this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
Notes on legal bases: Where we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.
Further guidance on processing operations, procedures and services:
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Where we provide addresses and contact details of companies and organisations in this privacy statement, please note that the addresses may change over time and please check the details before contacting us.
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
