This data protection declaration informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of the provision of our services as well as within our online offer and the websites, functions and contents connected with it contents as well as external online presences, such as our social media profiles on (hereinafter collectively referred to collectively referred to as "Online Offer"). With regard to the terminology used, such as "processing" or "responsible party", we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
Nicolas Janzen sole proprietorship
Business owner: Nicolas Janzen
Data Protection Officer: email@example.com
- Inventory data (e.g., personal master data, names or addresses).
- Contact data (e.g., email, phone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Visitors and users of the online offering (hereinafter we also data subjects collectively also as "users").
- Provision of the online offer, its functions and content.
- Responding to contact requests and communicating with users.
- Security measures.
- Reach measurement/marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); An identifiable natural person is one who can be identified, directly or indirectly, in particular by means of an association with an identifier such as a name, an identification number, to location data, to an online identifier (e.g. cookie) or to one or more specific characteristics that are an expression of the physical, physiological, genetic, mental, economic, social or genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed with or without the aid of automatic operation or set of operations which is performed upon personal data. The term is broad and includes virtually any handling of data.
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional specific data subject without the addition of further information, provided that the additional information is kept separate and is subject to technical and organizational measures to ensure that the personal measures to ensure that the personal data cannot be attributed to an identified or or identifiable natural person.
"Profiling" means any automated processing of personal data which consists in, that such personal data are used to evaluate certain personal aspects relating relating to a natural person, in particular to evaluate aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location of that natural person to analyze or predict.
A "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of of personal data, shall be designated.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
. The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;
The legal basis for processing in order to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b DSGVO;
The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;
In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 (1) lit. d DSGVO serves as the legal basis.
The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6 (1) lit. e DSGVO.
The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.
The processing of data for purposes other than those for which you were collected is determined by the requirements of Art 6 (4) DSGVO.
The processing of special categories of data (according to Art. 9 (1) DSGVO) is determined according to the requirements of Art. 9 (2) DSGVO.
We take security measures in accordance with legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying degrees of probability of occurrence and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures, in order to ensure a level of protection appropriate to the risk.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling of physical access to the data, as well as access concerning you, input, transfer, securing availability and their separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and reaction to risks to the data. Furthermore, we take the protection of personal data into account as early as the and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
If, in the course of our processing, we disclose data to other persons and companies (processors, jointly responsible parties or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of a contract), users have consented, a legal legal obligation provides for this or on the basis of our legitimate interests (e.g. when using Agents, web hosts, etc.).
If we disclose or transmit data to other companies in our group of companies, or otherwise grant them access this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis a basis corresponding to the legal requirements.
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or do so in the context of using third-party services or disclosure, or transfer of data to other persons or companies, this will only be done if it is necessary for the (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our or on the basis of our legitimate interests. Subject to explicit consent or contractually required transfer, we only process or allow the data to be processed in third countries with a recognized level of data protection, which include U.S. processors certified under the Privacy Shield, or on the basis of specific safeguards, such as a e.g. contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, Information page of the EU Commission).
You have the right to request confirmation as to whether data in question is being processed and to be informed about these data as well as to further information and a copy of the data in accordance with the legal requirements.
You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data be corrected. of the inaccurate data concerning you.
In accordance with the legal requirements, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with the legal requirements, to request restriction of the processing of the data.
You have the right to demand that the data concerning you, which you have provided to us in accordance with the statutory provisions Requirements to receive and to require their transfer to other responsible parties.
You also have the right to lodge a complaint with the competent supervisory authority, in accordance with the law.
You have the right to revoke given consents with effect for the future.
You may object to the future processing of data relating to you in accordance with the statutory provisions at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Cookies" are small files that are stored on users' computers. Within the cookies can different information can be stored. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. As temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes leaves an online offer and closes his browser. Such a cookie may contain, for example, the contents of a shopping cart in an online store or a login status can be stored in such a cookie. Permanent" or "persistent" cookies are those that remain stored even after the browser is closed. stored even after the browser is closed. For example, the login status can be stored if users visit it after several several days. Likewise, the interests of users can be stored in such a cookie, which can be used for reach measurement or marketing purposes. A "third-party cookie" is a cookie that is used by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as "first-party cookies"). "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to set the appropriate option to deactivate in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons must be retained.
In addition, we process
. - Contract data (e.g., subject matter of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)
From our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
We process the data of our customers in the context of the order processes in our online store, in order to facilitate their selection and the Order of the selected products and services, as well as their payment and delivery, or execution.
The processed data include inventory data, communication data, contract data, payment data and the data subjects of the processing affected persons include our customers, prospective customers and other business partners. The processing is carried out for the purpose of Provision of contractual services in the context of the operation of an online store, billing, delivery and customer services. In this we use session cookies for storing the shopping cart content and permanent cookies for storing the login status.
The processing is carried out for the fulfillment of our services and implementation of contractual measures (e.g. implementation of order transactions) and as far as it is required by law (e.g., legally required archiving of business transactions for commercial and tax purposes). In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations, as well as if this is done on the basis of our legitimate interests, about which we inform you within the framework of this data protection declaration. (e.g., to legal and tax advisors, financial institutions, freight companies and authorities).
Users can optionally create a user account, in particular by viewing their orders. In the context of registration, the required mandatory information will be provided to users. The user accounts are not public and can not be indexed by search engines. not be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention being necessary for reasons of commercial or tax law. Information in the customer account remains until deletion and subsequent archiving in the event of a legal obligation or our legitimate interests (e.g., in the event of legal disputes). case of legal disputes). It is incumbent on users to back up their data in the event of termination before the end of the contract.
In the context of registration and renewed registrations and use of our online services, we store the IP address and the Time of the respective user action. The storage is based on our legitimate interests, as well as the users in protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is is necessary for the pursuit of our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after the expiry of statutory warranty and other contractual rights or obligations (eg, payment claims or performance obligations arising from contracts with customers), whereby the necessity of retaining the data is reviewed every three years; in the case of retention due to legal archiving obligations, the deletion takes place insofar after their expiry.
We process the data of our customers within the framework of our contractual services to which conceptual and strategic consulting, Campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
Here we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, phone numbers), Content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage data and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). Special categories of personal data are not processed by us, unless they are part of a commissioned processing operation. The data subjects include our customers, prospective customers as well as their customers, users, website visitors or employees as well as third parties. The purpose of the processing is in the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b DSGVO (contractual services), Art. 6 para. 1 lit. f DSGVO (analysis, statistics, optimization, security measures). We process data, which are necessary for the justification and fulfillment of the contractual services and point out the necessity of their indication. A disclosure to external parties only takes place if it is necessary in the context of an order. When processing the data provided to us within the scope of an order, we we act according to the instructions of the client as well as the legal requirements of a commissioned processing according to Art. 28 DSGVO and process the data for no other purposes than those specified in the order.
We delete the data after the expiry of legal warranty and comparable obligations. the necessity of the retention of the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (6 J, acc. to § 257 Abs. 1 HGB, 10 years, according to § 147 para. 1 AO). In the case of data that has been disclosed to us by the client within the scope of an order, we delete the data according to the specifications of the order, basically after the end of the order.
In the context of the performance of;contracts, we use the payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. For the rest we use external;payment service providers on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, in order to provide our Users effective and secure payment option to offer.
The, processed by the payment service providers include inventory data, such as the name and address, bank data, such as. Account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related details. The information are required to carry out the transactions. However, the data entered will only be processed by the payment service providers and stored by them. I.e. we do not receive any account or credit card related information, but only information with Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the AGB and data protection information of the;payment service providers.
For payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are within the respective websites, or transaction applications are available. We refer to these likewise for the purpose of further information and Assertion of revocation, information and other data subject rights.
We process data within the framework of administrative tasks as well as organization of our operations, financial accounting and compliance with legal Obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. From the processing are Customers, interested parties, business partners and website visitors concerned. The purpose and our interest in the processing lies in the Administration, financial accounting, office organization, archiving of data, i.e. tasks that are necessary to maintain our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and the contractual communication is the same as that specified in these processing activities.
In this context, we disclose or transfer data to the tax authorities, consultants, such as, for example, tax advisors or auditors, as well as other Fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This majority company-related data, we store in principle permanently.
For the completion of accounting, we use the service sevDesk of the cloud-based accounting software of sevDesk GmbH, Hauptstraße 115, 77652 Offenburg. SevDesk processes incoming and outgoing invoices as well as bank transactions of our company, if applicable, to automatically enter invoices, to the transactions and to create the financial accounting from this in a partially automated process. If personal data is also processed in this data is processed, the processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of our legitimate interest in efficient organization and documentation of our business transactions. For more information about sevDesk GmbH, the automated processing of data and the data protection provisions can be found at https://sevdesk.de/sicherheit-datenschutz/.
In order to run our business economically, to recognize market trends, wishes of contractual partners and users we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, Communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can compare the profiles of the registered users with information, for example, on their services used. The analyses serve us to increase the user-friendliness, the optimization of our offer and the economic efficiency. The analyses serve us alone and are not not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the user, otherwise after two years from the conclusion of the contract. years from the conclusion of the contract. In all other respects, the overall business analyses and general tendency analyses are, as far as possible anonymously created.
The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if, for example, links or third-party services are offered after a contract is concluded). The operators of the respective websites receive a commission if users follow the affiliate links and subsequently take advantage of the offers.
In summary, it is necessary for our online offer that we can track whether users who are interested in affiliate links and/or the offers available from us, subsequently take up the offers at the instigation of the affiliate links or our online platform, perceive. For this purpose, the affiliate links and our offers are supplemented with certain values that are part of the link or otherwise, e.g. in a cookie, can be set. The values include in particular the source website (referrer), time, an online identifier the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising media ID, affiliate ID and categorizations.
The online identifiers of the users used by us are pseudonymous values. I.e. the online identifiers themselves do not contain any personal data such as names or e-mail addresses. They only help us to determine whether the same user, who clicked on an affiliate link or was interested in an offer via our online offer, has taken advantage of the offer, i.e., for example, has concluded a contract with the provider. concluded a contract with the provider. However, the online identifier is personal to the extent that the partner company and we have the online identifier together with other user data. together with other user data. This is the only way the partner company can tell us whether the user has taken advantage of the offer and whether we can e.g. the bonus can pay out.
We process applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The processing of the applicant data is carried out for the fulfillment of our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1. lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany also applies § 26 BDSG).
The application procedure requires applicants to provide us with applicant data. The necessary applicant data are, if we offer an online form, can otherwise be found in the job descriptions and generally includes personal details, postal and contact addresses. Personal, postal and contact addresses and the documents belonging to the application, such as cover letter, resume and the certificates. In addition applicants can voluntarily provide us with additional information.
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are voluntarily communicated within the scope of the application procedure are communicated within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 lit. b DSGVO (e.g. health data, e.g. Severely disabled status or ethnic origin). Insofar as special categories of personal data are required in the context of the application procedure data within the meaning of Art. 9 (1) DSGVO are requested from applicants, their processing is additionally carried out in accordance with Art. 9 (2) lit. a DSGVO (e.g. health data, if these are necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data will be transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. However, please note that e-mails are generally not sent in encrypted form. encrypted and the applicants themselves must ensure the encryption. We can therefore not be held responsible for the transmission between the sender and the reception on our server and therefore recommend rather to use an online form or to send the application or to send the application by post. Instead of applying via the online form and e-mail, applicants still have the option of sending us the possibility to send us the application by mail.
The data provided by applicants may, in the event of a successful application for the purposes of the employment relationship be further processed by us. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time to are entitled to do so.
Subject to a legitimate withdrawal by applicants, deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions about the application and to satisfy our obligations to provide evidence under the Equal Treatment Act. Invoices about any reimbursement of travel expenses will be archived in accordance with tax law requirements.
Users can create a user account. As part of the registration process, the required mandatory information will be provided to users and will be processed on the basis of Art. 6 para. 1 lit. b DSGVO for purposes of providing the user account. The processed data includes in particular the login information (name, password as well as an email address). The data entered as part of the registration process is used for the purposes of using the user account and its purpose.
Users may be informed about information relevant to their user account, such as technical changes, by e-mail. If users have terminated their user account, their data relating to the user account will be deleted, subject to any statutory legal obligation to retain data. It is the responsibility of users to back up their data upon termination prior to the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO. The IP addresses are anonymized or deleted after 7 days at the latest.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information provided by the user will be for the processing of the contact request and its handling pursuant to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed... The user's details may be stored in a customer relationship management system ("CRM System") or comparable inquiry organization.
We delete the requests if they are no longer necessary. We review the necessity every two years; furthermore, the the statutory archiving obligations.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and the statistic Evaluation procedure as well as your objection rights on. By subscribing to our newsletter, you agree to the receipt and the described procedures.
Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter referred to as the "Newsletter") only with the consent of the recipients or a legal permission. If in the context of a registration for the newsletter its contents are specifically outlined, you are authoritative for the consent of the users. Otherwise, our newsletters contain information about our services and us.
Double-Opt-In and logging: The registration for our newsletter takes place in a so-called double-opt-in process. I.e. you will receive after registration an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise the changes to your data stored with the shipping service provider are logged.
Registration data: To sign up for the newsletter, it is sufficient to provide your email address. Optionally, we ask you a name, for the purpose of personal address in the newsletter to indicate.
The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients pursuant to Art. 6. Paragraph 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para 2 No. 3 UWG or if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. DSGVO in conjunction with. § Section 7 (3) UWG.
The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is the use of a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users. as well as the expectations of the users and furthermore allows us to prove consent.
Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. A link to cancel of the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that at the same time the former existence of consent is confirmed.
We, respectively our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to the server on which this service is located (so-called server log files). The access data includes name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the operating system of the user, referrer URL (URL) user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (eg to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data, whose further storage is necessary for evidentiary purposes, are exempt from deletion until the final clarification the respective incident excluded from deletion.
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, prospects and users active there communicate and to be able to inform you there about our services.
We point out that this may involve processing user data outside the area of the European Union. This may result in risks for users, because this could, for example, make it more difficult to enforce the rights of users. With regard to U.S. providers that are are certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data is usually processed for market research and advertising purposes. Thus, for example, from the usage behavior and resulting interests of users can be created usage profiles. The usage profiles can, in turn, be used to, for example. Place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (in particular if the users are members of the respective platforms and are logged in to them).
The processing of the users' personal data is based on our legitimate interests in providing effective information to the Users and communication with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for a consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.
For a detailed presentation of the respective processing and the objection options (opt-out), we refer to the following linked information of the providers.
Also in the case of information requests and the assertion of user rights, we point out that these can be asserted most effectively at the providers can be asserted. Only the providers have access to the data of the users and can directly take appropriate measures and give measures and provide information. If you still need help, then you can contact us.
We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest ( article) 6 (1) subparagraph (f) GDPR). A CDN is a network of [globally] distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare. Please compare the explanations under "Collection of access data and log files".
Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of article 6 paragraph 1 p. 1 letter f of the German Data Protection Act (GDPR) not to operate a content delivery network ourselves.
You have the right to object to the processing. Whether the objection is successful is to be determined in the context of a balancing of interests.
The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.
Your personal data will be stored by Cloudflare for as long as it is necessary for the purposes described.
Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: ; https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf
We use the self-hosted variant of the live chat solution Rocket Chat(https://docs.rocket.chat/legal/privacy).
Rocket Chat is a DSGVO compliant solution: https://docs.rocket.chat/legal/gdpr