Privacy Policy

aspion.de

 

Below you will find information about what personal data we process, for what purpose, on what legal basis, and for how long when you use this website:

Overview / Table of Contents

In our privacy policy, you will find the following information:

A. Our contact information and general information about our data processing practices

A.1      Name and contact information of the data controller

A.2       Contact information for the data protection officer

A.3      General information on the legal basis for the processing of personal Data

A.4      General information on data deletion and retention periods

A.5      General information on the sources of personal data

A.6      General information about recipients or categories of recipients of personal data

A.7      Contact via email and phone call

 

B. Scope of the processing of personal data via our website

B.1      Website hosting and creation of log files

B.2      Contact forms (including consent to receive promotional materials)

B.3       Use of Cookies

B.4      Website login

B.5      Use of the Matomo analytics tool

B.6      Website protection by WP Cerber

B.7    Multilingual website with WPML

B.8     Encryption of the website and communications

B.9     Transfer of personal data to a third country

 

C. Your rights as a data subject

C.1      Right of disclosure

C.2      Right to rectification

C.3      Right to erasure

C.4      Right to restriction of processing

C.5       Right to information

C.6      Right to data portability

C.7      Right to object to processing based on legitimate interests, as well as to direct marketing

C.8      Right to withdraw consent

C.9      Automated decision-making, including profiling

C.10    Voluntary nature of the provision of data

C.11    Right to file a complaint with a supervisory authority

 

A. Our contact information and general information about our data processing practices

 

A.1  Name and contact information of the data controller

The entity responsible for the collection and use of personal data under data protection law is

 

ASPION GmbH

Ohiostraße 11

D-76149 Karlsruhe

 

Phone: +49 721 85149-122

 

Internet: www.aspion.de

E-mail: info@aspion.de

 

A.2  Contact information for the data protection officer

We are not obliged to appoint a data protection officer. If you have any questions regarding data protection, please contact us using the contact information provided above.

 

A.3  General information on the legal basis for the processing of personal Data

In general, the following applies to our processing of personal data:

• To the extent that we obtain your consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
• When processing personal data necessary to fulfill a contract with you, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies when the processing is necessary to take steps prior to entering into a contract, such as in the case of orders, quotes, or contract negotiations.
• To the extent that the processing of personal data is necessary to comply with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
• If the processing of personal data is necessary to protect your vital interests or those of another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
• If the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, this is based on the legal basis set forth in Article 6(1)(e) of the GDPR.
• If processing is necessary to safeguard a legitimate interest of ours or of a third party, and your interests, fundamental rights, and fundamental freedoms do not override that interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

 

Depending on the category of data in question, we process personal data for the following purposes and on the legal basis specified in the General Data Protection Regulation (GDPR):

 

User data
We collect and process data from users of our website in a non-personal manner. We are unable to link this data to specific individuals. IP addresses are processed exclusively in an anonymized form. In the rare event that personal data is involved, we process it to safeguard our legitimate interests pursuant to Article 6(1)(f) of the GDPR. Our legitimate interests in this context include our interest in the security and integrity of our website and the data on our web server (in particular, the detection of malfunctions and errors, as well as the tracking of unauthorized access), as well as marketing interests and interests related to statistical surveys (to improve our website and our services and offerings). After weighing the interests involved, we have concluded that the data processing is necessary to safeguard the aforementioned legitimate interests and does not override your interests or fundamental rights and freedoms that require the protection of personal data.

 

Prospect data/media representative data
To the extent that we process data from individuals interested in our services or from members of the press, we do so only if they enter this data into an input field or send it to us via email for the purpose of making an inquiry. Providing this information is voluntary. We then process this data exclusively for the purpose of handling the inquiry. The processing of this data, which is voluntarily provided to us for the purpose of providing information about our services, is carried out as pre-contractual processing pursuant to Article 6(1)(b) of the GDPR and/or on the basis of the consent you have provided by submitting the data pursuant to Article 6(1)(a) of the GDPR.

 

Supplier data/data from business partners
We process the data of our suppliers and business partners for the purpose of contract fulfillment in accordance with Article 6(1)(b) of the GDPR and/or on the basis of consent provided in accordance with Article 6(1)(a) of the GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures (e.g., in connection with the preparation and negotiation of offers).

 

A.4  General information on data deletion and retention periods

We generally delete or block personal data as soon as the purpose for which it was stored no longer applies. Data may also be stored if this is required by European or national legislation in EU regulations, laws, or other provisions to which we, as the data controller, are subject. Data will also be blocked or deleted when a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

 

Specifically, this means:

If we process personal data based on consent to data processing (Article 6(1)(a) of the General Data Protection Regulation, or GDPR), the processing ends upon your revocation, unless there is another legal basis for processing the data, which is the case, for example, if we are still entitled to process your data for the purpose of fulfilling the contract at the time of revocation (see below for more details).

 

If we process the data on the basis of our legitimate interests (Art. 6(1)(f) GDPR) following a prior balancing test, we will store it until the legitimate interest no longer exists, the balancing test yields a different result, or you have effectively objected in accordance with Art. 21 GDPR (see the visually highlighted “Notice of Special Right to Object” under C.).

 

If we process the data for the purpose of fulfilling a contract, we will store the data until the contract has been fully fulfilled and settled and no further claims can be asserted under the contract, i.e., until the statute of limitations expires. The general statute of limitations under Section 195 of the German Civil Code (BGB) is three (3) years. However, certain claims, such as claims for damages, are not subject to the statute of limitations until 30 years have elapsed (see Section 197 of the German Civil Code (BGB)). If there is reasonable cause to believe that this is relevant in a specific case, we will store the personal data for this period. The aforementioned limitation periods begin at the end of the year (i.e., on December 31) in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and the identity of the debtor, or should have become aware of them in the absence of gross negligence.

 

Please note that we are also subject to statutory retention requirements for commercial, tax, and accounting purposes. These requirements oblige us to retain certain data—which may include personal data—for a period of six (6) to ten (10) years as evidence of our proper business operations and accounting practices. These retention periods take precedence over the aforementioned deletion obligations. The retention periods also begin at the end of the relevant year, i.e., on December 31.

 

A.5  General information on the sources of personal data

The personal data we process comes primarily from the data subjects themselves, for example when they

 

• as users of our website, transmit information - such as their IP address - to us or our web server via their web browser and device (such as a PC, smartphone, tablet, or laptop),
• as a prospective customer, request information or a quote from us,
• request information materials, press releases, statements, or similar items as members of the press, or
• are in contact with us as a supplier or business partner.

 

In exceptional cases, the personal data we process may also come from third parties, for example when a person is acting on behalf of a third party.

 

A.6  General information about recipients or categories of recipients of personal data

Your personal data will only be disclosed or transferred to third parties if this is strictly necessary and permissible for the specific purpose. We explain to whom we disclose data and for what purpose in connection with the data processing activities described below; in the case of transfers to other EU countries, we also provide additional details in this Privacy Policy.

 

Categories of recipients can generally include:

 

• Service providers,
• suppliers, business partners,
• accounting department, tax advisors.

 

A.7  Contact via email and phone call

You can contact us through various channels if you wish. You will find our email address and phone number on our website. Even if you send us an email or call us we will inevitably process your personal data. This is because at a minimum, the personal data transmitted via email or telephone is stored by us or our systems.

 

No data will be shared with third parties in this context. The data will be used exclusively for the purpose of processing the conversation.

 

Purposes of data processing
We process personal data provided via email or telephone in order to respond to your inquiry and address your request. We absolutely need your email address or phone number in order to be able to respond at all. This also constitutes our legitimate interest in processing the data.

 

Legal basis for data processing
The legal basis for the processing of your data is your consent under Article 6(1)(a) of the GDPR, which you have provided by actively contacting us.

If the purpose of your contact or inquiry is to enter into a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR (implementation of pre-contractual measures).

 

Data retention period
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.

 

For personal data sent via email, this is the case once the relevant conversation with you has ended and we have waited for a period of up to 3 months to see if we might need to refer back to your inquiry or the details of the communication. The conversation is considered concluded when it is clear from the circumstances that the matter in question has been definitively resolved.

 

When you receive a call from us or make a call to us, your phone number or the name/company name on file with your phone provider, as well as the date and time of the call, are stored in our phone system in a so-called ring buffer, which overwrites the oldest data with new data. As a rule, this results in the automatic deletion of the data from the telephone system after approximately 3–4 months.

 

Depending on the circumstances, such communications may be subject to a retention requirement under commercial or tax law, which would then take precedence (see the discussion above regarding “Data Deletion and Retention Periods”).

 

Right to object and right to rectification
You may at any time revoke your consent to the processing of your personal data or object to further processing based on a legitimate interest (see the note regarding the specific right to object under C. of this Privacy Policy). In such a case, the conversation cannot continue.

You may withdraw your consent or object to further processing of your data by sending us an informal notice (e.g., via email). In this case, all personal data collected during the contact process will be deleted.

 

B. Scope of the processing of personal data via our website

 

We generally collect and use users’ personal data in connection with the use of our website only to the extent necessary to provide a fully functional website and to deliver our content and services. The collection and use of our users’ personal data generally takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and/or the processing of the data is permitted by law.

 

The web hosting provider that hosts the website on its server is ALL-INKL.COM - Neue Medien Münnich, owned by René Münnich, Hauptstraße 68, D-02742 Friedersdorf. We have entered into a data processing agreement with the web hosting provider in accordance with Article 28(3) of the GDPR.

 

B.1  Website hosting and creation of log files

For technical reasons, our system automatically collects data and information every time the website is accessed. This data is stored in the server’s log files. It includes:

 

• date and time of access,
• URL (address) of the referring website (referrer),
• web pages accessed by the user’s system via our website,
• user’s screen resolution,
• file(s) accessed and notification of whether the access was successful,
• amount of data transmitted,
• the user’s Internet service provider,
• browser, browser type and browser version, browser engine and engine version,
• operating system, operating system version, operating system type, as well as
• the anonymized IP address and the user’s Internet service provider.

 

This data is processed separately from other data. This data is not processed together with the user’s other personal data. We are unable to link this data to a specific individual.

 

Purposes of data processing
The system must temporarily process the data in order to deliver the content of our website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

 

Data is stored in log files to ensure the proper functioning of the website. The data is also used to ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context.

 

Legal basis for data processing
The temporary storage of data and log files is based on Article 6(1)(f) of the GDPR. Our legitimate interest in this data processing lies in the purposes mentioned above.

 

Data retention period
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the purpose of providing the website, this occurs when the respective session ends. In the case of data stored in log files, this occurs after 7 days at the latest. Further storage is possible. In this case, the users’ IP addresses are deleted or anonymized so that the client making the request can no longer be identified.

 

Right to object and right to rectification
The collection of data for the purpose of providing the website and the storage of such data in log files is essential for the operation of the website. Consequently, users have no option to object to this. However, users may discontinue their use of the website at any time, thereby preventing the further collection of the aforementioned data.

 

B.2  Contact forms (including consent to receive promotional materials)

Our website includes at least one contact form that can be used to send us messages and get in touch with us electronically. If you use this option, the data you enter in the form will be transmitted to us and stored.

 

This data includes:

 

* = compulsory field

 

General contact form:

- First name and last name*

- Email address*

- Subject

- Message

 

The following data is also stored at the time the message is sent:

 

• the user's IP address,
• date and time of dispatch.

 

Alternatively, you may contact us via the email address we have provided. In this case, the personal data transmitted in the email will be stored (see A.7 above).

 

In this context, your data will not be shared with third parties. The data will be used exclusively for the purpose of handling the conversation or resolving your inquiry.

 

Purposes of data processing
We use the personal data you provide in the form to process your inquiry and address your request.

With regard to the linked consent to receive marketing communications, we will process your data until you revoke your consent in order to send you information about ASPION’s products, services, and offers.

The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

 

Legal basis for data processing
The legal basis for the processing of your data is the consent you provided by submitting your data, in accordance with Article 6(1)(a) of the GDPR, and, in all other respects, our legitimate interest in data processing, in accordance with Article 6(1)(f) of the GDPR. This legitimate interest consists of the purposes mentioned above for handling your request.

If the purpose of your contact or inquiry is to enter into a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR (implementation of pre-contractual or contractual measures).

 

Data retention period
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data entered in the contact form for the purpose of establishing contact, this is the case once the relevant conversation with you has ended. The conversation is considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

With regard to the consent you have given for advertising purposes, we will retain your data until you revoke it (see Section C below).

Any additional personal data collected during the submission process will be deleted no later than seven days after submission.

 

Right to object and right to rectification
You can avoid this specific data processing by contacting us through other means.

You have the right to object to further data processing based on legitimate interests at any time (see the note above regarding the specific right to object). In such a case, the conversation cannot be continued. You may object to further data processing by sending us an informal notice (e.g., via email).

You may also revoke your consent to receive advertising at any time by sending us an informal notice (see Section C below).

 

B.3  Use of cookies by us and by third-party providers

When you use our website, we may use so-called cookies. These are small text files that are stored on your device (PC, smartphone, tablet, etc.). When you visit a website, your browser may save a cookie. This cookie contains a unique string of characters that allows the browser to be uniquely identified when you visit the website again.

Cookies are used to make our website usable in the first place, to ensure the security and integrity of the website (strictly necessary cookies), or to make the website more user-friendly (non-strictly necessary cookies).

 

Our content management system, WordPress, uses cookies that are technically necessary and therefore essential. Otherwise, the content management system would not function. Only system-essential cookies are used. By default (with one exception, see below), WordPress uses so-called session cookies. These are not intended for tracking or similar purposes, but rather ensure the system functions correctly. As the name suggests, these cookies are stored only for the duration of a session and expire afterward.

 

WordPress Session Cookies sind:

• wordpress_[hash]
  When logging in, WordPress uses this cookie to store WordPress users' authentication data. Its use is limited to the administration screen, /wp-admin/.
• wordpress_logged_in_[hash]
  After logging in, WordPress sets the wordpress_logged_in_[hash] cookie, which indicates that the user is logged in - and who the user is. The latter information is relevant for some interface applications.
• wordpress_test_cookie
  This cookie is set when you navigate to the login page. This allows WordPress to check whether the browser is configured to allow cookies.

 

WordPress cookies with a one-year expiration period:

• wp-settings-[UID] & wp-settings-{time}-[UID]
  WordPress also sets several wp-settings-{time}-[UID] cookies. The number at the end is the unique user ID from the “users” database table. This is used to customize the appearance of the admin interface and possibly also the main site interface.

 

None of these cookies affect website users; they apply only to those who manage our website’s backend (i.e., the WordPress admin interface) as part of their job.

 

In addition, third-party cookies may be used. These cookies may also enable the analysis of users’ browsing behavior. If this is the case, we will inform you separately in this or specific privacy notices directly in the information about the respective third-party tools (such as analytics tools, plugins, etc.). For example, analytics tools (such as Google Analytics) set their own cookies for analytics purposes (see below).

 

When you visit our website, you will be informed about the use of non-essential cookies, and your consent to the processing of the personal data used in this context will be obtained. If no such information is provided, no non-essential cookies will be used.

 

Purpose of data processing
The purpose of using strictly necessary cookies is to enable users to access desired or explicitly requested website features. Some features cannot be provided without the use of cookies. For these features, it is necessary for the browser to be recognized even after a page change. The user data collected by strictly necessary cookies is not used to create user profiles.

Non-essential cookies are generally used to improve the quality of our website and its content. For example, analytics cookies help us understand how the website is used, allowing us to continuously optimize our offerings.

 

Legal basis for data processing

The following applies to strictly necessary cookies: The legal basis for storing strictly necessary cookies on your device and accessing them is Section 25(2)(2) of the German Telemedia Act (TDDDG). The legal basis for the further processing of personal data using the information stored in the cookie is Article 6(1)(f) of the GDPR, i.e., our legitimate interest. Our legitimate interest lies in the purposes mentioned above. For non-strictly necessary cookies, the following applies: The legal basis for storing non-strictly necessary cookies on your device and accessing them is your consent pursuant to Section 25(1) of the TDDDG. The legal basis for the further processing of personal data using non-strictly necessary cookies is the consent granted at the same time pursuant to Article 6(1)(a) of the GDPR.

 

Data retention period

Some of the cookies we use are deleted at the end of the browser session, i.e., when you close your browser (so-called session cookies). Other cookies remain on your device and allow us or third-party providers to recognize your browser on your next visit (persistent or static cookies). If we have stored the cookies based on your consent, we will cease further data processing upon your revocation. Otherwise, we store data collected on the basis of an overriding legitimate interest until the legitimate interest no longer exists, the balancing of interests leads to a different conclusion, or you have effectively objected in accordance with Article 21 of the GDPR (see the visually highlighted “Notice of Special Right to Object” under C.). We regularly review whether the legitimate interest still exists.

Right to object and right to rectification

Cookies are stored on your computer and transmitted from it to our website. Therefore, you have full control over the use of cookies. By changing the settings in your web browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time.

 

Below, we have provided links for common browsers where you can find more information on managing cookie settings:

 

• Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
• Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en&sjid=844354903549749876-EU
• Internet Explorer / Edge: https://support.microsoft.com/en-us/edge/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
• Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html

 

Note: If you disable cookies on our website, you may not be able to use all of the website’s features to their full extent.

If you do not give your consent or withdraw the consent you have already given, you can also prevent the use of non-essential cookies.

 

B.4  Website login

On our website, you can register for access (login) to our customer portal by providing your personal information.

 

Registration requires the following mandatory information:

 

About the Company:

• Company name
• Company address
• Country
• Website

 

Contact person:

• Title
• First name
• Position
• Direct line

 

In addition, you must specify the product you are interested in.

 

Finally, you will need to provide your email address and a password of your choice (i.e., your login credentials) to log in to our customer portal.

 

To log in, you enter your login credentials into a form; we then receive and process this information to verify your credentials and grant you access to the customer portal. We do not share this information with third parties.

 

Purposes of data processing

Logging in to the customer portal allows us to provide certain content on our website that is intended solely for customers and prospective customers. Data processing through the verification of login credentials is essential for this purpose.

 

Legal basis for data processing

The legal basis for the processing of the data is the consent provided upon registration, in accordance with Article 6(1)(a) of the GDPR.

 

Data retention period

The data will be stored until you revoke your consent.

 

Right to object and right to rectification

You can prevent the data processing described here by not registering.

 

B.5  Use of the Matomo analytics tool

This website uses Matomo, an open-source web analytics tool provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org), to collect and store data for marketing and optimization purposes.

 

The data collected using this tool can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor’s internet browser. The cookies enable the recognition of the web browser. The data collected with Matomo is not used to personally identify the visitor to this website without the data subject’s separate consent, nor is it combined with personal data about the holder of the pseudonym.

We would like to point out that we process all Matomo data exclusively on our own web server and that no third party receives this data. These are therefore so-called first-party cookies, which are set and evaluated only by us.

 

Purpose of data processing
We use the analytics tool and analytics cookies to improve the quality of our website and its content. This helps us understand how the website is used, allowing us to continuously optimize our offerings.

 

Legal basis for data processing
The legal basis for setting cookies and processing personal data is the consent you have provided in accordance with Section 25(1) of the TDDDG and Article 6(1)(a) of the GDPR.

 

Data retention period
We store the collected data until the purpose for which it was collected no longer applies, but no longer than until you revoke the consent you have given us.

 

Right to object and right to rectification
You can prevent data processing through the storage of cookies by adjusting your browser settings accordingly. Please note that in this case, you may not be able to use all features of this website to their full extent.

You can prevent further data processing by us with future effect by revoking the consent you have given.

You can also prevent the collection of data related to your use of the website (including your IP address) and the processing of this data by us by using the opt-out option.

B.6  Website protection by WP Cerber

We use the WP Cerber security plugin on our website to protect it against unauthorized access, brute-force attacks, spam, malware, misuse, and other attacks on our technical infrastructure. The provider is Cerber Tech Inc., 1732 1st Ave #20291, New York, NY 10128, USA. Data transfer to a third country outside the European Union cannot be ruled out in this context.
In particular, IP addresses, the date and time of access, URLs accessed, login attempts, usernames during login processes, technical access data, and security-related events may be processed and stored in security logs.

Purpose of data processing
We use the WP Cerber security tool to protect our website against unauthorized access, brute-force attacks, spam, malware, misuse, and other attacks on our technical infrastructure.
To the extent that WP Cerber uses features that transmit IP addresses or other technical data to the provider’s servers, this is done to detect and prevent potentially harmful access attempts.

Legal basis for data processing
The processing is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring the security, availability, and integrity of our website, detecting and defending against attacks, and preventing unauthorized access. The measures implemented also serve to implement appropriate technical and organizational security measures within the meaning of Article 32 of the GDPR.

Data retention period
Security logs are stored only for as long as is necessary for the aforementioned security purposes and are subsequently deleted or anonymized, unless longer storage is required to investigate or prosecute specific security incidents.

Right to object and right to rectification
The use of this tool is for our security, so there is no option to object or opt out.

B.7 Multilingual website with WPML

Our website uses the WordPress plugin WPML to provide a multilingual website and allow users to choose from different language versions.
In doing so, technical information may be processed, in particular the language you have selected, the language version of the website you have accessed, and technical information necessary for the correct display of the respective language version. To the extent that WPML uses cookies or similar technologies, these serve in particular to save your language selection or to provide the correct language version of the website.

Purpose of data processing
We use WPML to offer different language versions of our website, allowing visitors to choose their preferred language.

Legal basis for data processing
The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR. Our legitimate interest lies in providing our multilingual website in a user-friendly and technically sound manner. To the extent that information is stored on or read from your device, this is done on the basis of Section 25(2) of the German Telemedia Act (TDDG), insofar as this is necessary for the provision of the language function you have selected.
If we use functions for automatic translation or for the technical transmission of data to WPML or connected translation services, content and technical information may be transmitted to external service providers. In this case, processing is based on Article 6(1)(f) of the GDPR or, where necessary, on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.

Data retention period
The data processed in connection with WPML is stored only for as long as is necessary to provide the respective language version of our website. To the extent that WPML uses cookies or similar technologies, these are stored until the respective cookie expires or until the user deletes them.
The language and translation data processed by WPML is generally stored for as long as the corresponding content remains on our website. If content is deleted, the associated language and translation information is also deleted, unless there are legal retention obligations or other legitimate reasons for further storage.

Right to object and right to rectification
Users can prevent cookies from being stored by adjusting their browser settings or delete cookies that have already been stored. In this case, the selected language may not be saved permanently, or certain language features of the website may be available only to a limited extent.
To the extent that processing is based on Article 6(1)(f) of the GDPR, users may object to the processing at any time for reasons arising from their particular situation.

B.8 Encryption of the website and communications

All secure areas and forms on the website, and thus all data transmitted through them, are encrypted using the SSL standard (HTTPS).

 

B.9 Transfer of personal data to a third country

As a general rule, no personal data is transferred to a country outside the EU or the EEA (third country).

 

C. Your rights as a data subject

 

If we process your personal data, you are a “data subject” and you have the following rights with respect to us as the data controller:

 

C.1  Right of disclosure

You have the right to receive, free of charge, confirmation from us as to whether we process personal data concerning you. If this is the case, you have the right to access this personal data and to receive further information, as set forth in Article 15 of the GDPR. You may contact us by mail or email to exercise this right.

 

C.2  Right to rectification

You have the right to request that we correct any inaccurate personal data concerning you without delay. You also have the right - taking into account the purposes of processing mentioned above - to request that incomplete personal data be completed, including by means of a supplementary statement. You may contact us by mail or email to do so.

 

C.3  Right to erasure

You have the right to request the immediate erasure of your personal data if any of the conditions set forth in Article 17 of the GDPR are met. You may contact us by mail or email to do so.

 

C.4  Right to restriction of processing

You have the right to request that we restrict the processing of your personal data if any of the conditions set forth in Article 18 of the GDPR apply. To do so, you may contact us by mail or email.

 

C.5  Right to information

If you have exercised your right to rectification, erasure, or restriction of processing with the controller, the controller is obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to request information from the controller regarding these recipients.

 

C.6  Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided the conditions set forth in Article 20 of the GDPR are met. You may contact us by mail or email to exercise this right.

 

C.7  Right to object to processing based on legitimate interests, as well as to direct marketing

In cases where we process personal data on the basis of Article 6(1)(f) of the GDPR (i.e., on the grounds of legitimate interests), you have the right to object at any time to the processing of your personal data by us for reasons arising from your particular situation. If we cannot demonstrate compelling legitimate grounds for the continued processing that override your interests, rights, and freedoms, or if we are processing the relevant data from you for direct marketing purposes, we will no longer process your data (see Art. 21 GDPR). You may contact us by mail or email for this purpose.

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

 

C.8  Right to withdraw consent

You have the right to withdraw your consent to the collection and use of your personal data at any time, with effect for the future. To do so, you can contact us by mail or email. This does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

 

C.9  Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is permitted under Union or Member State law to which we are subject and such law provides for appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or the decision is made with your explicit consent.

We do not engage in such automated decision-making.

 

C.10 Voluntary nature of the provision of data

If the provision of personal data is required by law or contract, we will generally indicate this when collecting the data. In some cases, the data we collect is necessary for the conclusion of a contract, specifically when we would otherwise be unable to fulfill our contractual obligations to you, or could only do so inadequately. You are under no obligation to provide personal data. However, failure to provide such data may result in our inability to perform or offer a service, action, measure, or similar that you have requested, or may prevent us from entering into a contract with you.

 

C.11 Right to file a complaint with a supervisory authority

Without prejudice to any other rights you may have, you have the right to lodge a complaint with a data protection supervisory authority at any time—in particular in the Member State where you reside, where you work, or where the alleged infringement occurred—if you believe that the processing of your personal data violates data protection law.

 

Date of this Privacy Policy: May 12, 2026