Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and extent of risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data as well as access, input, transmission, availability safeguarding, and segregation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, data deletion, and responses to threats to data security. Moreover, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by data protection-friendly default settings.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from those devices. For example, they can be used to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offer. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as generating analyses of visitor traffic.

Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except where not legally required. Consent is not necessary, in particular, if storing and reading the information (including cookies) is absolutely essential to provide the user with a telemedia service (i.e., our online offer) expressly requested by them. Typically, absolutely necessary cookies include those whose functions serve the display and operability of the online offer, load balancing, security, storing user preferences and choices, or similar purposes related to providing the primary and ancillary functions of the online offer requested by the users. The revocable consent is communicated clearly to users and contains information on the respective cookie usage.

Notes on Data Protection Legal Bases: The legal basis under data protection law on which we process users’ personal data with the help of cookies depends on whether we ask users for their consent. If users consent, then the legal basis for processing their data is the consent provided. Otherwise, the data processed via cookies is handled on the basis of our legitimate interests (e.g., in the economic operation of our online offer and the improvement of its usability) or, if carried out in the context of fulfilling our contractual obligations, when the use of cookies is necessary to meet those obligations. We explain the purposes for which cookies are processed by us later in this privacy policy or within our consent and processing procedures.

Storage Duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: session cookies): These are deleted at the latest after a user leaves an online offer and closes their end device (e.g., browser or mobile application).
• Permanent Cookies: These remain stored even after the end device is closed. For example, the login status may be saved or preferred content displayed immediately when a user revisits a website. Similarly, data collected via cookies can be used for measuring reach. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

General Notes on Revocation and Objection (so-called “Opt-Out”):

Users may revoke the consent they have given at any time and may object to processing in accordance with legal requirements. For example, users can restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Provision of the Online Offer and Webhosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or end device.

• Types of Data Processed: Usage data (e.g., visited webpages, interest in content, access times); metadata, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offer and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures.
• Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Information on Processing Procedures, Processes, and Services

Collection of Access Data and Logfiles: Access to our online offer is logged in the form of so-called “server logfiles.” These logfiles may include the address and name of the accessed webpages and files, the date and time of access, the amount of data transferred, a notification of successful access, browser type along with its version, the user’s operating system, the referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server logfiles can be used both for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks such as DDoS attacks), and to ensure server capacity and stability.

Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Deletion of Data: Logfile information is stored for a maximum of 30 days and is then deleted or anonymized. Data that needs to be retained further for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

Plugins and Embedded Functions as well as Content

We incorporate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third parties”). This may include, for example, graphics, videos, or city maps (hereinafter uniformly referred to as “content”).

The integration always presupposes that these third-party providers process the IP addresses of users, as they would not be able to send the content to the user’s browser without the IP address. Thus, the IP address is necessary for the display of this content or functionality. We strive to use only such content whose providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring webpages, time of visit, as well as further details on the use of our online offer, which may be linked with similar information from other sources.

• Types of Data Processed: Usage data (e.g., visited webpages, interest in content, access times); metadata, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offer and user-friendliness.