Privacy Policy DSG & GDPR with Certification
General Information
We respect your personal data!
I appreciate your interest in my website. The trust of my visitors and customers, the security of your data, and the protection of your privacy are very important to me and are applied in all business transactions.
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within my online offering and the associated websites, functions, and content, as well as external online presences, such as my social media profiles. Personal data is any data with which you can be personally identified, such as your real name, address, or phone number. All personal designations are to be understood as gender-neutral.
By using this website, you agree to the use of your personal data (hereinafter referred to as “data”) as described in this Privacy Policy.
Here you can find the DSG Privacy Policy
1. Introduction
Below, we provide information on the processing of personal data
on our website https://www.kb-company.com
in our social media profiles
within the scope of application procedures
outside the website (e.g., when disclosing to data recipients).
Personal data is any information that relates to an identified or identifiable natural person, e.g., their name or email address.
1.1. Contact Details
The controller pursuant to Art. 5 lit. j of the Federal Act on Data Protection (Data Protection Act, hereinafter “DSG”) is Katja Böning, Püntenstrasse 27, 8143 Stallikon, Switzerland, Email: contact@katjaboening.com.
Our Data Protection Officer can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.
1.2. Transfer Abroad
Insofar as we transfer personal data to service providers or other third parties outside Switzerland, decisions of the Federal Council pursuant to Art. 16 para. 1 DSG usually guarantee the security of the data during transfer. According to these decisions, the local legislation ensures an adequate level of protection. The Federal Council has determined such adequacy for the states, territories, specific sectors in a state, and international organizations listed in Art. 8 para. 1 of the Ordinance on Data Protection (Data Protection Ordinance, DSV) in conjunction with Annex 1. These are available at https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html.
This applies to the following countries:
Germany
Andorra
Argentina
Austria
Belgium
Bulgaria
Canada (Adequate data protection is considered guaranteed if the Canadian federal law “Loi sur la protection des renseignements personnels et les documents électroniques” of April 13, 2000, is applied in the private sector, or if the law of a Canadian province that largely corresponds to this federal law is applied. The federal law applies to personal data collected, processed, or disclosed in the course of commercial activities, regardless of whether it concerns organizations such as associations, partnerships, individuals, or trade unions, or federally regulated enterprises such as facilities, works, undertakings, or businesses that fall within the legislative authority of the Canadian Parliament. The provinces of Quebec, British Columbia, and Alberta have enacted legislation that largely corresponds to the federal law; the provinces of Ontario, New Brunswick, Newfoundland and Labrador, and Nova Scotia have enacted legislation that largely corresponds to this law in the area of health data. In all Canadian provinces, the federal law applies to all personal data collected, processed, or disclosed by federally regulated enterprises, including data about employees of these enterprises. The federal law also applies to personal data transferred to another province or country in the course of commercial activities.)
Cyprus
Croatia
Denmark
Spain
Estonia
Finland
France
Gibraltar
Greece
Guernsey
Hungary
Isle of Man
Faroe Islands
Ireland
Iceland
Israel
Italy
Jersey
Latvia
Liechtenstein
Lithuania
Luxembourg
Malta
Monaco
Norway
New Zealand
Netherlands
Poland
Portugal
Czech Republic
Romania
United Kingdom
Slovakia
Slovenia
Sweden
Uruguay
In other cases (e.g., if no adequacy decision exists), the legal basis for data transfer is generally, unless we provide a different indication, standard data protection clauses. These are a set of rules adopted by the Federal Data Protection and Information Commissioner (FDPIC) and are part of the contract with the respective third party. Pursuant to Art. 16 para. 2 lit. d DSG, they ensure the security of data transfer. Many providers have provided contractual guarantees extending beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses. These include, for example, guarantees regarding data encryption or an obligation of the third party to notify data subjects if law enforcement agencies wish to access data.
1.3. Rights of the Data Subjects
Data subjects generally have the following rights, among others, vis-à-vis us regarding their personal data:
Right of access as to whether personal data concerning them is being processed.
Right to data portability of their personal data that they have disclosed to us,
Right to rectification,
Right to object to the processing.
2. Newsletter
Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration for sending the newsletter. Registration is done by selecting the corresponding field on our website, by checking the corresponding box in a paper document, or by another clear action, whereby interested parties declare their Consent to the processing of their data. We process the data for direct marketing purposes. The Consent of the interested party can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or by notifying our email address provided above.
We use a service from the provider HOSTINGER UAB, Jonavos str. 60C, LT-44192 Kaunas, Lithuania for email marketing. The provider receives personal data as part of the aforementioned processing. Further information can be found in the provider’s Privacy Policy at https://www.hostinger.com/de/legal/datenschutz-bestimmungen
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
3. Data Processing on Our Website https://www.kb-company.com
3.1. Informational Use of the Website
When using the website for informational purposes, i.e., when website visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This serves to ensure the IT security of the website.
These data include, for example:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.
These data are also stored in log files.
3.2. Data on third-party devices
Through our website, we process data on third-party devices via telecommunication transmission within the scope described in the preceding and following sections.
Visitors can reject the processing, e.g., by making appropriate settings in their browser and thus blocking or deleting cookies.
3.3. Web Hosting and Website Provision
Our website is hosted by Hostinger. The provider is HOSTINGER UAB, Jonavos str. 60C, LT-44192 Kaunas, Lithuania. The provider processes personal data transmitted via the website, some of which are also mentioned in other sections of this Privacy Policy, e.g., content, usage, meta/communication data, or contact data. The provider is therefore the recipient of the data. Further information can be found in the provider’s Privacy Policy at https://www.hostinger.com/de/legal/datenschutz-bestimmungen. This processing is a prerequisite for us to be able to offer a website and present ourselves externally.
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
3.4. Contact Form
When contacting us via the contact form on our website, we process the data requested there and the content of the message to process the inquiry. To the extent legally permissible, we may also process the data for direct marketing purposes.
3.5. Technically Necessary Cookies
Our website uses cookies. Cookies are small text files that are stored in the web browser on a website visitor’s device. Cookies help make the offering more user-friendly, effective, and secure. Insofar as data is processed, this is done for the purpose of providing a functional website to customers and other website visitors.
Specifically, we use technically necessary cookies for the following purpose or purposes:
Cookies that adopt language settings and
Cookies that remember search terms
3.6. Third-Party Providers on the Website
3.6.1. Google Analytics
We use a service from the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (Privacy Policy: https://policies.google.com/privacy?hl=de) for analysis. The provider receives personal data as part of the aforementioned processing.
The provider processes personal data in the USA. Information on guarantees pursuant to Article 16 paragraph 2 DSG can be found in the section “Transfer Abroad”.
4. Payment Service Providers
For processing payments, we use payment processors who are predominantly themselves data controllers under data protection law. When they are used, they process payment data. The purpose of the processing is the execution of payments.
These payment service providers are:
Stripe Payments Europe, Ltd., Ireland
5. Data Processing on Social Media Platforms
We are represented on social media networks to present our organization and our services there. The operators of these networks regularly process data of their users for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements on the network pages and elsewhere on the internet that match the users’ interests. For this purpose, the operators of the networks store information about user behavior in cookies on the users’ computers. Furthermore, it cannot be ruled out that the operators combine this information with other data. Further information and instructions on how users can object to processing by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located abroad, so they process data there. This can result in risks for users, e.g., because the enforcement of their rights is made more difficult or government agencies access the data.
If users of the networks contact us via our profiles, we process the data communicated to us to answer the inquiries.
5.1. YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de.
5.2. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Privacy Policy can be found here: https://privacy.linkedin.com/de-de and at https://de.linkedin.com/legal/privacy-policy? An option to object to data processing is available via the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
6. Data Processing of Applicants
If individuals apply for open positions with us (which we have advertised ourselves or which we advertise on third-party websites) or submit unsolicited applications to us, we process their data for the purposes of the application procedure.
It may also be that we contact interesting applicants directly for a position. In this case, we process their basic data (e.g., name), contact data (e.g., email address), as well as other data that may be relevant for the specific position.
Recipients of the data include service providers used within the application procedure (e.g., processors within the scope of recruiting) and providers of cloud software that we use. Recipients that we can currently identify are listed by name below in the section “Recipients of Data”.
We ask applicants to refrain from providing information on political opinions, religious views, and similarly sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent its processing.
7. Data Processing Outside the Website
7.1 Contact
When contacting us, e.g., by email or phone, the data communicated to us (e.g., names and email addresses) are stored by us to answer questions. The legal basis for processing is our legitimate interest in answering inquiries directed to us. We delete the data arising in this context after storage is no longer necessary, or restrict processing if legal retention obligations exist.
7.2. Contests
Occasionally, we offer contests via our website or in other ways. We process the data requested for this purpose to determine and notify the winners. Afterward, we delete the data. It may also be that we offer contests only for existing customers. In that case, we only process the name to determine the winners and the contact data to notify the winners. It is our legitimate interest to offer contests for customer acquisition or interaction with our existing customers.
7.3 Customer Surveys
From time to time, we conduct customer surveys to better understand our customers and their needs. In doing so, we collect the respective requested data. It is our legitimate interest to better understand our customers and their needs. We delete the data once the survey results have been evaluated.
7.4. Further Processing Purposes
We process personal data for the purposes mentioned below or elsewhere in this document (e.g., under “Recipients of Data”):
Provision of contractual services and fulfillment of contractual obligations
Communication
IT security measures
Direct marketing
Request and consideration of feedback
7.2. Recipients of Data
Recipients of data are service providers employed by us (e.g., processors), providers of cloud software that we use, and other external entities. Recipients that we can currently identify are listed by name below. However, the list is not to be understood as exhaustive.
7.2.1. Google Cloud
We use a service from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland (Privacy Policy: https://policies.google.com/privacy?hl=de) as serverless computing environments, Infrastructure-as-a-Service, and Platform-as-a-Service. The provider receives personal data as part of the aforementioned processing. Affected persons include employees, users, third parties, and customers.
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
7.2.2. Zoom
We use a service from the provider Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA (Privacy Policy: https://zoom.us/de-de/privacy.html) for video conferencing. The provider receives personal data as part of the aforementioned processing. Affected persons include employees and third parties.
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
7.2.3. Microsoft Teams
We use a service from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement?culture=de-de&country=DE) for video conferencing. The provider receives personal data as part of the aforementioned processing. Affected persons include users.
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
7.2.4. Hostinger Mail
We use a service from the provider HOSTINGER UAB, Jonavos Str. 60C, LT-44192 Kaunas, Lithuania (Privacy Policy: https://www.hostinger.com/de/legal/datenschutz-bestimmungen) for email marketing. The provider receives personal data as part of the aforementioned processing. Affected persons include third parties and customers.
The provider processes personal data in the EU. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
7.2.5. CustomerCore Accounting
We use a service from the provider Coresection GmbH, Limmatstrasse 159, CH-8005 Zurich, Switzerland (Privacy Policy: https://customercore.ch/datenschutz) for accounting and invoice management. The provider receives personal data as part of the aforementioned processing. Affected persons include users.
The provider processes personal data in Switzerland. Information on guarantees according to Article 16 (2) DSG can be found in the section “Disclosure to Third Countries”.
8. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy with effect for the future. A current version is always available here.
9. Questions and Comments
For questions or comments regarding this Privacy Policy, please feel free to contact us using the contact details provided above.
You can find the GDPR Privacy Policy here
1. Introduction
In the following, we inform about the processing of personal data when using
our website https://www.kb-company.com
our social media profiles.
Personal data is any data that can be related to a specific natural person, e.g., their name or IP address.
1.1. Contact Details
The Controller according to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is Katja Böning, Püntenstrasse 27, 8143 Stallikon, Switzerland, Email: contact@katjaboening.com.
Our Data Protection Officer (DPO) can be reached via heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, Email: datenschutz@heydata.eu.
1.2. Scope of Data Processing, Purposes of Processing, and Legal Bases
We explain the scope of data processing, purposes of processing, and legal bases in detail below. The following are generally considered as legal bases for data processing:
Art. 6 (1) sentence 1 lit. a GDPR serves as our legal basis for processing operations for which we obtain Consent.
Art. 6 (1) sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the fulfillment of a contract, e.g., when a website visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing operations that are necessary for pre-contractual measures, such as inquiries about our products or services.
Art. 6 (1) sentence 1 lit. c GDPR applies when we fulfill a legal obligation with the processing of personal data, as may be the case, for example, in tax law.
Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis if we can invoke legitimate interests for the processing of personal data, e.g., for cookies that are necessary for the technical operation of our website.
1.3. Data Processing Outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission according to Art. 45 (3) GDPR guarantee the security of the data during transfer, where these exist, as is the case, for example, for Great Britain, Canada, and Israel.
For data transfer to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission if the service provider has additionally certified itself under the EU-US Data Privacy Framework.
In other cases (e.g., if no adequacy decision exists), the legal basis for data transfer is, as a rule, Standard Contractual Clauses, unless we provide a different indication. These are a set of rules adopted by the EU Commission and part of the contract with the respective third party. According to Art. 46 (2) lit. b GDPR, they ensure the security of data transfer. Many providers have provided contractual guarantees beyond the Standard Contractual Clauses that protect the data beyond the SCCs. These include, for example, guarantees regarding the encryption of data or an obligation of the third party to notify data subjects if law enforcement authorities wish to access data.
1.4. Storage Duration
Unless expressly stated otherwise within this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations prevent their deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax law reasons.
1.5. Rights of the Data Subjects
Data subjects have the following rights vis-à-vis us regarding their personal data:
Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability,
Right to withdraw a given Consent at any time.
Affected persons also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details of the data protection supervisory authorities can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
1.6. Obligation to Provide Data
Customers, prospective customers, or third parties only need to provide us with the personal data that is necessary for the establishment, execution, and termination of the business relationship or other relationship, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service, or will no longer be able to carry out an existing contract or other relationship.
Mandatory information is marked as such.
1.7. No Automated Decision-Making in Individual Cases
For the establishment and execution of a business relationship or other relationship, we generally do not use fully automated decision-making according to Article 22 GDPR. Should we use these procedures in individual cases, we will inform about this separately, if legally required.
1.8. Contact
When contacting us, e.g., by email or phone, the data communicated to us (e.g., names and email addresses) will be stored by us to answer questions. The legal basis for processing is our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) to answer inquiries addressed to us. We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist.
1.9. Contests
Occasionally, we offer contests via our website or in other ways. We process the data requested for this purpose to determine and notify the winners. Afterward, we delete the data. It may also be that we offer contests only for existing customers. In that case, we only process the name to determine the winners and the contact data to notify the winners. It is our legitimate interest to offer contests for customer acquisition or interaction with our existing customers. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
1.10. Customer Surveys
From time to time, we conduct customer surveys to better understand our customers and their needs. We collect the respective requested data. It is our legitimate interest to better understand our customers and their needs, so the legal basis for the associated data processing is Art. 6 (1) sentence 1 lit. f GDPR. We delete the data once the survey results have been evaluated.
2. Newsletter
Prospective customers have the option to subscribe to a free Newsletter. We process the data provided during registration exclusively for sending the Newsletter. Registration takes place by selecting the corresponding field on our website, by ticking the corresponding field in a paper document, or by another clear action, whereby prospective customers declare their Consent to the processing of their data, so the legal basis is Art. 6 (1) sentence 1 lit. a GDPR. Consent can be withdrawn at any time, e.g., by clicking the corresponding link in the Newsletter or by notifying our email address provided above. The processing of data until revocation remains lawful even in the event of revocation.
We send Newsletters using the Hostinger Mail tool from the provider HOSTINGER UAB, Jonavos str. 60C, LT-44192 Kaunas, Lithuania. The provider processes content, usage, meta/communication data, and contact data within the EU. Further information can be found in the provider’s Privacy Policy at https://www.hostinger.com/de/legal/datenschutz-bestimmungen.
3. Data Processing on Our Website
3.1. Note for Website Visitors from Germany
Our website stores information on the end device of website visitors (e.g., cookies) or accesses information already stored on the end device (e.g., IP addresses). Which information this is in detail can be found in the following sections.
This storage and access is based on the following provisions:
Insofar as this storage or access is absolutely necessary for us to provide the service of our website expressly requested by website visitors (e.g., for the operation of a chatbot used by the website visitor or to ensure the IT security of our website), it takes place on the basis of Section 25 (2) No. 2 of the Telecommunications-Digital Services Data Protection Act (TDDDG).
Otherwise, this storage or access takes place on the basis of the Consent of the website visitors (Section 25 (1) TDDDG).
The subsequent data processing takes place in accordance with the following sections and on the basis of the provisions of the GDPR.
3.2. Informational Use of the Website
During the informational use of the website, i.e., when website visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, so the legal basis is Art. 6 (1) sentence 1 lit. f GDPR.
This data includes:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.
These data are also stored in log files. They will be deleted when their storage is no longer necessary, at the latest after 14 days.
3.3. Web Hosting and Website Provision
Our website is hosted by Hostinger. The provider is HOSTINGER UAB, Jonavos str. 60C, LT-44192 Kaunas, Lithuania. The provider processes personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, within the EU. Further information can be found in the provider’s Privacy Policy at https://www.hostinger.com/de/legal/datenschutz-bestimmungen.
It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 (1) sentence 1 lit. f GDPR.
We use a Content Delivery Network that helps to provide our website. The provider is via Hostinger. The provider processes the personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data. It is our legitimate interest to provide a website, so the legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR.
3.4. Contact Form
When contacting us via the contact form on our website, we store the requested data and the content of the message.
The legal basis for processing is our legitimate interest to answer inquiries addressed to us. Therefore, the legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR.
We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist.
3.5. Payment Service Providers
For payment processing, we use payment processors who are themselves data controllers within the meaning of Art. 4 No. 7 GDPR. Insofar as they receive data entered by us and payment data during the order process, we thereby fulfill the contract concluded with our customers (Art. 6 (1) sentence 1 lit. b GDPR).
These payment service providers are:
Stripe Payments Europe, Ltd., Ireland
3.6. Technically Necessary Cookies
Our website uses cookies. Cookies are small text files that are stored in the web browser on a website visitor’s end device. Cookies help to make the offering more user-friendly, effective, and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter “Technically Necessary Cookies”), the legal basis for the associated data processing is Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in providing a functional website to customers and other website visitors.
Specifically, we use technically necessary cookies for the following purpose or purposes:
Cookies that adopt language settings and
Cookies that remember search terms
3.7. Third-Party Providers
3.7.1. Google Analytics
We use Google Analytics for analysis. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The provider processes usage data (e.g., visited websites, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) sentence 1 lit. a GDPR. Processing takes place on the basis of Consents. Data subjects can withdraw their Consent at any time, e.g., by contacting us using the contact details provided in our Privacy Policy. The withdrawal does not affect the lawfulness of processing until the withdrawal.
The transfer of personal data to a country outside the EEA takes place on the legal basis of an adequacy decision. The security of the data transferred to the third country (i.e., a country outside the EEA) is guaranteed because the EU Commission has decided, within the framework of an adequacy decision according to Art. 45 (3) GDPR, that the third country offers an adequate level of protection.
The data will be deleted when the purpose of their collection no longer applies and there is no retention obligation to the contrary. Further information can be found in the provider’s Privacy Policy at https://policies.google.com/privacy?hl=de.
3.7.2. heyData
We have integrated a privacy seal on our website. The provider is heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany. The provider processes meta/communication data (e.g., IP addresses) in the EU.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in providing website visitors with confirmation of our Privacy Policy compliance. At the same time, the provider has a legitimate interest in ensuring that only customers with existing contracts use its seals, which is why a mere image copy of the certificate is not a viable alternative for confirmation.
The data is masked after collection so that no personal reference remains. Further information can be found in the provider’s Privacy Policy at https://heydata.eu/datenschutzerklaerung.
4. Data Processing on Social Media Platforms
We are represented on social media networks to present our organization and our services there. The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to display advertisements on the network pages and elsewhere on the Internet that match the users’ interests. For this purpose, the network operators store information about user behavior in cookies on the users’ computers. It cannot be ruled out that the operators combine this information with other data. Further information and instructions on how users can object to processing by the site operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process data there. This can result in risks for users, e.g., because the enforcement of their rights is made more difficult or government agencies access the data.
If network users contact us via our profiles, we process the data provided to us to answer the inquiries. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
4.1. YouTube
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy can be found here: https://policies.google.com/privacy?hl=de.
4.2. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Privacy Policy can be found here: https://de.linkedin.com/legal/privacy-policy?. An option to object to data processing is available via the ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy with effect for the future. A current version is always available here.
6. Questions and Comments
For questions or comments regarding this Privacy Policy, please feel free to contact us using the contact details provided above.