Data protection

Responsible for data processing：Tom Gennrich

Hamburger Str. 125, 22083 Hamburg

With the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender specific.

As of September 2, 2021

Responsible person

Overview of the processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data (e.g. names, addresses).
• Content data (e.g. entries in online forms).
• Contact details (e.g. email, telephone numbers).
• Meta / communication data (e.g. device information, IP addresses).
• Usage data (e.g. websites visited, interest in content, access times).
• Contract data (e.g. subject of the contract, duration, customer category).
• Payment data (e.g. bank details, invoices, payment history).

Categories of data subjects

Business and contractual partners.

Interested persons.

Communication partner.

Users (e.g. website visitors, users of online services).

Schoolchildren / students / participants.

Purposes of processing

Provision of our online offer and user-friendliness.

Office and organizational procedures.

Direct marketing (e.g. by email or post).

Feedback (e.g. collecting feedback via an online form).

Marketing.Contact requests and communication.

Profiles with user-related information (creation of user profiles).

Range measurement (e.g. access statistics, recognition of returning visitors).

Provision of contractual services and customer service.

Management and answering of inquiries.

Relevant legal bases

Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) –

The person concerned has given their consent to the processing of the personal data concerning them for a specific purpose or for several specific purposes.

Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) –

Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures at the request of the data subject take place.

Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) –

The processing is necessary to fulfill a legal obligation to which the person responsible is subject.

Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) –

Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate.

Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Transmission of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons, or they are disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies takes place, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).