---

Data protection declaration

Introduction

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: 21. March 2021

Content overview

• Introduction
• Accountable person
• Overview of processing operations
• Relevant legal bases
• Security measures
• Transmission and disclosure of personal data
• Commercial and business services
• Provision of the online offer and web hosting
• Use of cookies
• Blogs and publication media
• Communication via Messenger
• Advertising communication via email, post, fax or telephone
• Presence in social networks (social media)
• Web analysis, monitoring and optimization
• Assessment platforms
• Plugins and embedded functions as well as content
• Deletion of data
• Amendment and update of the data protection declaration
• Rights of data subjects
• Definitions of terms

Accountable person

 

*Without Javascript no address*

E-mail: *Please activate Javascript*

 

Imprint: https://tandemflüge-bgd.de/impressum/

Overview of processing operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Stock data (e.g. names, addresses).
• Content data (e.g. entries in online forms).
• Contact details (e.g. e-mail, telephone numbers).
• Meta/communication data (e.g. device information, IP addresses).
• Usage data (e.g. visited websites, interest in content, access times).
• Contract data (e.g. subject matter of the contract, term, customer category).
• Payment data (e.g. bank details, invoices, payment history).

Categories of data subjects

• business and contractual partners.
• interested parties.
• communication partners.
• Users (e.g. website visitors, users of online services).

Purposes of processing

• Provision of our online offer and user-friendliness.
• Conversion measurement (measurement of the effectiveness of marketing measures).
• Office and organisational procedures.
• Direct marketing (e.g. by e-mail or by post).
• Feedback (e.g. collecting feedback via online form).
• Interest-based and behavioral marketing.
• Contact requests and communication.
• profiling (creation of user profiles).
• Remarketing.
• Range measurement (e.g. access statistics, recognition of returning visitors).
• security measures.
• Tracking (e.g. interest/behavioural profiling, use of cookies).
• Provision of contractual services and customer service.
• Management and response to requests.

Relevant legal bases

In the following, we share the legal bases of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and residence. If more specific legal bases are also relevant in individual cases, we will inform you of them in the data protection declaration.

• Consent (Art. 6 para 1 s. 1 lit. a. DSGVO) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Contract performance and pre-contractual inquiries (Art. 6 para 1 s. 1 lit. b GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
• Legal obligation (Art. 6 para 1 s. 1 lit. c. GDPR) - The processing is necessary to fulfil a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para 1 s. 1 lit. f. DSGVO) - The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data predominate.

National data protection regulations in GermanyIn addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data during data processing (Bundedatenschutzgesetz – BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Security measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to, access to, input, disclosure, availability and segregation of data. We have also set up procedures to ensure the exercise of data subjects' rights, the deletion of data and the response to the threat to data. Furthermore, we already take into account the protection of personal data during development or Selection of hardware, software and procedures in accordance with the principle of data protection, technology design and data protection-friendly presets.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission and disclosure of personal data

As part of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. Receivers of this data may include other tandem pilots, for example. In such a case, we observe the legal requirements and in particular conclude corresponding contracts or agreements for the protection of your data with the recipients of your data.

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data in order to fulfil our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the framework of applicable law, we only pass on the data of the contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations or is done with the consent of the persons concerned (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal consultants, payment service providers or tax authorities). Further processing forms, e.g. for marketing purposes, will be notified to the contractual partners within the framework of this data protection declaration.

What data is necessary for the aforementioned purposes, we share with the contractual partners before or in the context of data collection, e.g. in online forms, by special marking (e.g. colors) or Symbols (e.g. starlets or similar), or personally with.

We delete the data after expiry of statutory warranty and comparable obligations, i.e., in principle after expiry of 4 years, unless the data is stored in a customer account, e.g., as long as they have to be kept for statutory reasons of archiving (e.g. for tax purposes usually 10 years). Data that has been disclosed to us in the context of an order by the contractual partner, we delete according to the specifications of the order, in principle after the end of the order.

Insofar as we use third parties or platforms to provide our services, the terms and conditions and data protection notices of the respective third parties or platforms apply in the relationship between the users and the providers.

Further information on commercial services: We process the data of our customers and clients (hereinafter referred to as "customers") in order to enable them to select, purchase or commission the selected services or works as well as associated activities as well as their payment and delivery or delivery. to enable execution or performance.

The required information is marked as such in the context of the order, order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations.

• Processed data types: Stock data (e.g. names, addresses), payment data (e.g.

Payment service providers

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the persons concerned efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively "Payment Service Providers").

The data processed by the payment service providers include stock data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, sum and recipient-related data. The information is required to carry out the transactions. However, the data entered are only processed by the payment service providers and stored with them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data will be transmitted by the payment service providers to business information agencies. The purpose of this transmission is to carry out identity and credit checks. For this purpose, we refer to the GTC and the data protection information of the payment service providers.

For the payment transactions, the terms and conditions and the data protection information of the respective payment service providers, which apply within the respective websites or. Transaction applications are available. We also refer to these for further information and assertion of revocation, information and other data subject rights.

• Processed data types: Stock data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Customers, interested parties.
• Purposes of processing: Provision of contractual services and customer service.
• Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para 1 S. 1 lit. b GDPR), Legitimate interests (Art. 6 para 1 S. 1 lit. f GDPR).

Services and service providers used:

• PayPal: Payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/en; Data protection declaration: https://www.paypal.com/en/webapps/mpp/ua/privacy-full.

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage and database services, as well as security and technical maintenance services.

The data processed in the context of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

Email delivery and hosting: The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding e-mail dispatch (e.g. the participating providers) as well as the contents of the respective e-mails are processed. The aforementioned data may also be processed for the purposes of identifying SPAM. Please note that emails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted on the transport route, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the reception on our server.

Collection of access data and logfiles: We ourselves (or our web hosting provider) collect data about every access to the server (so-called server logfiles). The server logfiles can include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data quantities, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the loading of the servers and their stability.

• Processed data types: Content data (e.g. input in online forms), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Users (e.g. website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6 para 1 s. 1 lit. f. DSGVO).

Use of cookies

Comprehensive information can be provided to our Cookie Directive are to be taken. There you can also give and revoke the consent to the use of third-party (marketing) cookies.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "Publication Medium"). The data of the readers are processed for the purposes of the publication medium only insofar as it is necessary for its presentation and communication between authors and readers or for reasons of security. In addition, we refer to the information on the processing of visitors to our publication medium within the framework of this data protection notice.

Comments and contributionsWhen users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is done for our safety if someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process the data of the users for spam detection on the basis of our legitimate interests.

On the same legal basis, we reserve the right to store the IP addresses of users for their duration in the case of surveys and to use cookies in order to avoid multiple votes.

The information about the person provided in the context of the comments and contributions, any contact and website information as well as the content information are permanently stored by us until the objection of the users.

• Processed data types: Stock data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. input in online forms), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and customer service, feedback (e.g. collecting feedback via online form), security measures, management and response to inquiries.
• Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para 1 S. 1 lit. b GDPR), Legitimate interests (Art. 6 para 1 S. 1 lit. f GDPR).

Contact details

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information of the requesting persons is processed as far as this is necessary to answer the contact requests and any requested measures.

The response to the contact requests in the context of contractual or pre-contractual relationships takes place in order to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of the legitimate interests in answering the inquiries.

• Processed data types: Stock data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
• Persons concerned: communication partners.
• Purposes of processing: Contact requests and communication.
• Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para 1 S. 1 lit. b GDPR), Legitimate interests (Art. 6 para 1 S. 1 lit. f GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to observe the following information about the functionality of messengers, encryption, the use of the metadata of the communication and your objection options.

You can also contact us in alternative ways, e.g. by phone or e-mail. Please use the contact options communicated to you or the contact options provided within our online offer.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use a current version of messengers with encryption enabled to ensure encryption of the message content.

However, we also point out to our communication partners that the messenger providers do not see the content, but can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) is processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Incidentally, if we do not ask for consent and e.g. contact us on our own initiative, we use Messenger in relation to our contractual partners as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in a fast and efficient communication and fulfillment of the needs of our communication partner in communication via Messenger. Furthermore, we point out that we do not transmit the contact data provided to us for the first time to Messenger without your consent.

Revocation, objection and deletion: You can revoke a given consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise, as soon as we can assume that we have answered any information of the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory storage obligations.

Subject to reference to other means of communication: Finally, we would like to point out that for reasons of your security, we reserve the right not to answer requests via Messenger. This is the case if, for example, contract internals require special secrecy or a response via Messenger does not meet the formal requirements. In such cases, we refer you to more appropriate means of communication.

Whatsapp: In particular, it should be noted that we must agree to the user conditions of WhatsApp in order to use the service. We also confirm that we have the authorization of all our contacts to pass on their telephone number. If you provide your phone number when submitting a form and do not explicitly exclude the use of a messenger service, you grant us this permission.

• Processed data types: Contact data (e.g. e-mail, telephone numbers), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. input in online forms).
• Persons concerned: communication partners.
• Purposes of processing: Contact requests and communication, direct marketing (e.g. by e-mail or by post).
• Legal bases: Consent (Art. 6 para 1 s. 1 lit. a. GDPR), Legitimate interests (Art. 6 para 1 s. 1 lit. f. GDPR).

Services and service providers used:

• Signal: signal messenger with end-to-end encryption; Service provider: Privacy Signal Messenger, LLC 650 Castro Street, Suite 120-223 Mountain View, CA 94041, USA; Website: https://signal.org/en; Data protection declaration: https://signal.org/legal/.
• Telegram: Telegram Broadcasts - messenger with end-to-end encryption; Service provider: Telegram, Dubai; Website: https://telegram.org/; Data protection declaration: https://telegram.org/privacy.
• WhatsApp: Whatsapp - Messenger from Facebook; Service provider: WhatsApp Inc., Mountain View, California; Website: https://whatsapp.com; Data protection declaration: https://www.whatsapp.com/legal.

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

The recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or We can store the data required to prove consent for up to three years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense of claims. An individual cancellation request is possible at any time, provided that the previous existence of a consent is confirmed at the same time.

Transfer to third parties If you insist on a date when we are already booked, we may notify other independent tandem paraglider pilots. We will tell these pilots your phone number in order to contact you. With this service, we help you to still get your money’s worth. If this is not desired, please write this in the field "Would you like to leave us a message?" in the booking form. We will stick to that.

• Processed data types: Stock data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
• Persons concerned: communication partners.
• Purposes of processing: Direct marketing (e.g. by e-mail or by post).
• Legal bases: Consent (Art. 6 para 1 s. 1 lit. a. GDPR), Legitimate interests (Art. 6 para 1 s. 1 lit. f. GDPR).

Presence in social networks (social media)

We maintain online presences within social networks and process user data in order to communicate with the users active there or to offer information about us.

We point out that data of users can be processed outside the European Union. This can lead to risks for users, because, for example, the enforcement of users' rights could be made more difficult.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks, which presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing forms and the opt-out, we refer to the data protection declarations and information of the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Facebook: Together with Facebook Ireland Ltd., we are responsible for the collection (but not the further processing) of data of visitors to our Facebook page (so-called "fan page"). This information includes information about the types of content that users view or interact with or the actions they take (see "Things done and provided by you and others" in the Facebook Data Policy): https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see "Device information" in the Facebook data policy statement: https://www.facebook.com/policy) As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "page insights", to page operators to gain insight into how people interact with their pages and with the content associated with them. We have entered into a special agreement with Facebook ("Information on page insights"), https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to comply with the data subject rights (i.e. users can e.g. address information or deletion requests directly to Facebook. The rights of users (in particular to access, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on page insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

• Processed data types: Stock data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. input in online forms), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Users (e.g. website visitors, users of online services).
• Purposes of processing: Contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
• Legal bases: Legitimate interests (Art. 6 para 1 s. 1 lit. f. DSGVO).

Services and service providers used:

• Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Data protection declaration: https://instagram.com/about/legal/privacy.

Web analysis, monitoring and optimization

The web analysis (also referred to as "range measurement") serves to evaluate the visitor flows of our online offer and may include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can identify, for example, at which time our online offer or its functions or contents are used most frequently or invite for reuse. We can also understand which areas require optimization.

In addition to web analysis, we can also use test procedures to test and optimize different versions of our online offer or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar methods can be used for the same purpose. This information may include, for example, viewed content, visited websites and elements used there and technical information, such as the browser used, the computer system used and information on times of use. If users have consented to the collection of their location data, these can also be processed depending on the provider.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of the users (such as e-mail addresses or names) are stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to point out the information about the use of cookies in this data protection declaration.

• Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Users (e.g. website visitors, users of online services).
• Purposes of processing: Range measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Consent (Art. 6 para 1 s. 1 lit. a. GDPR), Legitimate interests (Art. 6 para 1 s. 1 lit. f. GDPR).

Services and service providers used:

• Matomo: The information generated by the cookie about your use of this website is only stored on our server and not shared with third parties; Service provider: web analysis / range measurement in self-hosting; Website: https://matomo.org/; Deletion of data: The cookies have a maximum storage period of 13 months.

Assessment platforms

We participate in evaluation procedures to evaluate, optimize and promote our services. If users evaluate us via the participating rating platforms or procedures or otherwise provide feedback, the General Terms and Conditions of Use and the privacy policy of the providers apply in addition. As a rule, the evaluation also requires registration with the respective providers.

In order to ensure that the rating persons have actually used our services, we transmit the necessary data with regard to the customer and the service used to the respective rating platform (including name, e-mail address and order number or article number) with the consent of the customers. This data is used solely to verify the authenticity of the user.

• Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Persons concerned: Customers, users (e.g. website visitors, users of online services).
• Purposes of processing: Feedback (e.g. collecting feedback via online form), conversion measurement (measuring the effectiveness of marketing measures), marketing.
• Legal bases: Consent (Art. 6 para 1 s. 1 lit. a. GDPR), Legitimate interests (Art. 6 para 1 s. 1 lit. f. GDPR).

Services and service providers used:

• Trustpilot: Reviews and widgets; Service provider: Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Website: https://en.trustpilot.com; Data protection declaration: https://en.legal.trustpilot.com/end-user-privacy terms.

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offer, which are purchased from the servers of their respective providers (hereinafter referred to as "third party providers"). These can be, for example, graphics, videos or social media buttons as well as contributions (hereinafter referred to as "Content").

The integration always requires that the third-party providers of this content process the IP address of the users, because without the IP address they could not send the content to their browser. The IP address is therefore necessary for the presentation of this content or function. We make every effort to use only such content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and, among other things, contain technical information about the browser and the operating system, websites to be referred to, the time of visit as well as further information about the use of our online offer as well as such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to point out the information about the use of cookies in this data protection declaration.

• Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. input in online forms).
• Persons concerned: Users (e.g. website visitors, users of online services), communication partners.
• Purposes of processing: Provision of our online offer and user-friendliness, provision of contractual services and customer service, security measures, administration and answering of inquiries, contact requests and communication, direct marketing (e.g. by e-mail or post), tracking (e.g. interest- / behavioral profiling, use of cookies), interest-based and behavioral marketing, profiling (creation of user profiles).
• Legal bases: Legitimate interests (Art. 6 para 1 s. 1 lit. f. GDPR), consent (Art. 6 para 1 s. 1 lit. a GDPR), performance of the contract and pre-contractual inquiries (Art. 6 para 1 s. 1 lit. b GDPR).

Services and service providers used:

• OpenStreetMap: We integrate the maps of the service "OpenStreetMap", which are offered on the basis of the Open Data Commons Open Database license (ODbL) by the OpenStreetMap Foundation (OSMF). The data of the users is used by OpenStreetMap exclusively for the purpose of displaying the map functions and for intermediate storage of the selected settings. These data may include in particular IP addresses and location data of the users, which are not collected without their consent (usually carried out within the settings of their mobile devices). Service provider: OpenStreetMap Foundation (OSMF); Website: https://www.openstreetmap.de; Data protection declaration: https://wiki.openstreetmap.org/wiki/Privacy_Policy.
• YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Data protection declaration: https://policies.google.com/privacy; Option of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for displaying advertisements: https://adssettings.google.com/authenticated.
• Vimeo videos: video content; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Data protection declaration: https://vimeo.com/privacy; Objection option (opt-out): We point out that Vimeo can use Google Analytics and refer to the data protection declaration (in German).https://policies.google.com/privacy) as well as the opt-out possibilities for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or Google’s settings for data use for marketing purposes (http://adssettings.google.com/).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents allowed for processing are revoked or other permissions are waived (e.g. if the purpose of processing this data is waived or they are not necessary for the purpose).

If the data are not deleted because they are necessary for other and legally permitted purposes, their processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or whose storage is necessary for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person.

Further information on the deletion of personal data can also be provided in the context of the individual data protection notices of this data protection declaration.

Amendment and update of the data protection declaration

We ask you to inform yourself regularly about the content of our data protection declaration. We adjust the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that the addresses may change over time and ask you to check the information before contacting us.

Rights of data subjects

As data subjects, you have various rights under the GDPR, in particular from art. 15 to 21 GDPR:

• Right of objection: You have the right, for reasons arising from your particular situation, at any time against the processing of personal data concerning you, based on art. 6 par. 1 lit. e or f DSGVO is to file an objection; This also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected with such direct marketing.
• Right of withdrawal for consents: You have the right to withdraw consents granted at any time.
• Right of access: You have the right to request confirmation as to whether the data in question is processed and on information about this data as well as on further information and copy of the data in accordance with the legal requirements.
• Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
• Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand a restriction of the processing of the data in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request their transmission to another controller.
• Complaint to the supervisory authority: You also have the right, in accordance with legal requirements, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR.

Definitions of terms

In this section you will get an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for understanding. The terms are sorted alphabetically.

• Interest-based and behavioral marketing: Interest- and/or behavioral marketing is when potential interests of users in ads and other content are predetermined as precisely as possible. This is done on the basis of information about their previous behavior (e.g. searching for certain websites and staying on them, purchasing behavior or interaction with other users), which are stored in a so-called profile. Cookies are usually used for these purposes.
• Personal data: 'personal data' means any information relating to an identified or identifiable natural person (the 'data subject'); identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• Profiling: "Profiling" means any type of automated processing of personal data which consists in the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information relating to age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) (e.g., interests in certain content or products, clicking behaviour on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
• Range measurement: The range measurement (also referred to as web analytics) serves to evaluate the visitor flows of an online offer and can include the behavior or interests of visitors in certain information, such as content of websites. With the help of reach analysis, website owners can recognize, for example, at which time visitors visit their website and which content they are interested in. This allows them, for example, to better adapt the content of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more accurate analyses for the use of an online offer.
• Remarketing: "Remarketing" or "Retargeting" is when, for example, it is noted for advertising purposes for which products a user has been interested on a website in order to remind the user of these products on other websites, e.g. in advertisements.
• Tracking: The "tracking" is when the behavior of users can be understood across several online offers. As a rule, behavioral and interest information is stored in cookies or on servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.
• Responsible: "Responsible" means the natural or legal person, authority, institution or other entity which alone or together with others decides on the purposes and means of processing personal data.
• Processing: "Processing" means any operation or series of operations carried out with or without the assistance of automated procedures in connection with personal data. The term extends far and includes virtually every handling of data, be it the collection, evaluation, storage, transmission or deletion.

Created with free data protection Generator.de by Dr. Thomas Schwenke