Contact Details

Contact details of the controller

The entity responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR.

MTR Rechtsanwaltsgesellschaft mbH
Domstraße 10
20095 Hamburg
Email: info@mtrlegal.com

Further information about our company can be found in the imprint details on our website.

Contact details of the Data Protection Officer

If you have any questions and as a point of contact regarding data protection, our external Data Protection Officer is available to you at any time.

Datenschutz-Scheerans
Am Wall 15
14979 Großbeeren
Email: ds@datenschutz-scheerans.de
Web: https://datenschutz-scheerans.de

Definitions

In accordance with Art. 4 GDPR, the following definitions apply to this privacy policy:

• “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”).
• “Processing” means any operation or set of operations performed on personal data, whether or not by automated means.
• “Restriction of processing” means the marking of stored personal data with the aim of limiting its processing in the future.
• “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
• “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.
• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions. In terms of data protection law, a processor is not a third party.
• “Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.
• “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other legal entities belonging to the same corporate group.
• “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Legal bases for data processing

As a matter of principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following legal bases:

• Art. 6(1) sentence 1 lit. a GDPR (“Consent”)
  • If the data subject has given consent to the processing of their personal data for one or more specific purposes freely, in an informed manner and unambiguously by a statement or by a clear affirmative action.
• Art. 6(1) sentence 1 lit. b GDPR (“Performance of a contract”)
  • If the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
• Art. 6(1) sentence 1 lit. c GDPR (“Legal obligation”)
  • If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a statutory retention obligation).
• Art. 6(1) sentence 1 lit. d GDPR (“Vital interests”)
  • If the processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Art. 6(1) sentence 1 lit. e GDPR (“Task carried out in the public interest”)
  • If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Art. 6(1) sentence 1 lit. f GDPR (“Legitimate interests”)
  • If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (in particular where the data subject is a minor).

For the processing operations we carry out, we specify the applicable legal basis below in each case. Processing may also be based on several legal bases.

Data deletion and storage period

For the processing operations we carry out, we state below how long the data are stored and when they are deleted or blocked. Unless an explicit storage period is stated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. As a rule, your data are stored only on our servers in Germany, subject to any transfer in accordance with the applicable provisions.

However, storage may extend beyond the period stated in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by statutory provisions to which we, as controller, are subject (e.g. Sec. 257 German Commercial Code (HGB), Sec. 147 German Fiscal Code (AO)). When the legally prescribed retention period expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for doing so.

Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of processing as well as the existing risks of a personal data breach for the data subject. Our security measures are continuously improved in line with technological developments.

Further information will be provided upon request. Please contact our Data Protection Officer.

Cooperation with processors

As with any larger company, we use external domestic and foreign service providers to handle our business operations. They act only on our instructions and have been contractually obliged within the meaning of Art. 28 GDPR to comply with data protection provisions.

Requirements for transferring personal data to third countries

In the context of our business relationships, your personal data may be transferred to or disclosed to group companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations and for maintaining your business relationship with us. We will inform you of the details of any transfer below at the relevant points.

The European Commission certifies certain third countries as having a level of data protection comparable to the EEA standard by way of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

In other third countries to which personal data may be transferred, a consistently high level of data protection may not exist due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately safeguarded. This can be achieved through binding corporate rules, the European Commission’s standard contractual clauses for the protection of personal data, certifications, or recognised codes of conduct. Please contact our Data Protection Officer if you would like further information.

No automated decision-making (including “profiling”)

We do not intend to use personal data collected from you for automated decision-making (including “profiling”).

No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing personal data in advance. As a customer, you are generally under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the required data. If this should exceptionally be the case within the scope of the products we offer as described below, you will be informed separately.

Legal obligation to transmit certain data

We may be subject to a special statutory or legal obligation to provide lawfully processed personal data to third parties, in particular public authorities (Art. 6(1) sentence 1 lit. c GDPR).

Your rights

You may assert your rights as a data subject regarding your processed personal data against us at any time using the contact details provided above. As a data subject, you have the right:

• pursuant to Art. 15 GDPR, to request information about your data processed by us. In particular, you may request information about the purposes of processing, the categories of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
• pursuant to Art. 16 GDPR, to request without undue delay the rectification of inaccurate data or completion of your data stored by us;
• pursuant to Art. 17 GDPR, to request the erasure of your data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
• pursuant to Art. 18 GDPR, to request the restriction of processing of your data if you contest the accuracy of the data or if the processing is unlawful;
• pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller (“data portability”);
• pursuant to Art. 21 GDPR, to object to processing where processing is based on Art. 6(1) sentence 1 lit. e or lit. f GDPR. This is in particular the case if processing is not necessary for the performance of a contract with you. If it is not an objection to direct marketing, we ask you, when exercising such an objection, to explain the reasons why we should not process your data as carried out by us. In the event of your justified objection, we will review the situation and either stop or adjust the data processing or explain our compelling legitimate grounds for continuing the processing;
• pursuant to Art. 7(3) GDPR, to withdraw your consent at any time. This means that we may no longer continue the data processing based on that consent in the future; and
• pursuant to Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority about the processing of your personal data in our company, for example with the supervisory authority responsible for us.

Visiting websites

Data collection when visiting our website

When using the websites, the following categories of personal data are collected, stored and further processed by us:

• “Log data”: When you visit our websites, a so-called log record (so-called server log files) is temporarily and anonymisedly stored on our web server. This consists of:
  • the page from which the page was requested (so-called referrer URL)
  • the name and URL of the requested page
  • the date and time of access
  • the description of the type, language and version of the web browser used
  • the IP address of the requesting computer, which is shortened so that it can no longer be linked to a person
  • the amount of data transferred
  • the operating system
  • the message whether the access was successful (access status/HTTP status code)
  • the GMT time zone difference
• “Contact form data”: When using contact forms, the data transmitted via them are processed (e.g. first and last name, address and telephone number).

Data collection when submitting forms

When you complete and submit forms, we collect the data you provide in order to process and respond to your request. This typically includes personal information such as your first and last name, your address, your telephone number, and the subject of your enquiry.

These data are used exclusively for the stated purpose of communication and processing your request and are not passed on to third parties without your explicit consent.

Contact by email, telephone or fax

If you contact us by email, telephone or fax, we process the personal data you provide, in particular your name, your contact details and the content of your enquiry, exclusively for the purpose of handling your request. These data will not be passed on to third parties without your explicit consent.

Data processing is based on Art. 6(1) lit. b GDPR insofar as your enquiry relates to the initiation or performance of a contract. In all other cases, processing is based on our legitimate interest in the proper and efficient handling of incoming enquiries pursuant to Art. 6(1) lit. f GDPR or, where applicable, on your consent pursuant to Art. 6(1) lit. a GDPR, which you may withdraw at any time.

The data transmitted in the course of contacting us will be stored for as long as is necessary to process your request. They will then be deleted unless you have given further consent or statutory retention obligations prevent deletion.

Purpose and legal basis of data processing

We process the personal data described above in accordance with the provisions of the GDPR, other applicable data protection regulations, and only to the extent necessary. Where the processing of personal data is based on Art. 6(1) sentence 1 lit. f GDPR, the stated purposes also constitute our legitimate interests.

The processing of log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6(1) sentence 1 lit. f GDPR).

The processing of contact form data is carried out for handling customer enquiries (legal basis is Art. 6(1) sentence 1 lit. b or lit. f GDPR).

Duration of data processing

Your data are processed only for as long as is necessary to achieve the stated processing purposes; the legal bases stated for those purposes apply accordingly.

Transfer of personal data to third parties; legal basis

The following categories of recipients, which are generally processors (see section “Cooperation with processors”), may be granted access to your personal data:

• Service providers for operating our website and processing data stored or transmitted by the systems (e.g. data centre services, payment processing, IT security). The legal basis for the transfer is then Art. 6(1) sentence 1 lit. b or lit. f GDPR, insofar as they are not processors.
• Government agencies/public authorities insofar as this is necessary to fulfil a legal obligation. The legal basis for the transfer is then Art. 6(1) sentence 1 lit. c GDPR.
• Persons engaged for the conduct of our business operations (e.g. auditors, banks, insurers, legal advisers, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6(1) sentence 1 lit. b or lit. f GDPR.

For safeguards ensuring an adequate level of data protection when transferring data to third countries, see the section “Requirements for transferring personal data to third countries”. In addition, we only pass on your personal data to third parties if you have given explicit consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

Use of cookies, plugins and other services on our website

Cookies

We use so-called “Technical Cookies” on this website. Cookies are small text files stored on your hard drive by the browser you use, assigned via a characteristic string of characters, and through which the entity setting the cookie receives certain information. Cookies cannot execute programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the website overall more user-friendly and effective, i.e. more pleasant for you.

Cookies may contain data that make it possible to recognise the device used. In some cases, cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted when you close your browser, and persistent cookies, which are stored beyond the individual session. Regarding their function, cookies are also distinguished as follows:

• Technical Cookies: These are strictly necessary to navigate the website, use basic functions and ensure the security of the website; they neither collect information about you for marketing purposes nor store which websites you have visited.
• Performance Cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website; they do not collect information that could identify you – all collected information is anonymous and is used only to improve our website and find out what interests our users.
• Advertising Cookies / Targeting Cookies: These serve to provide website users with advertising tailored to their needs on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months.
• Sharing Cookies: These serve to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.

Any use of cookies that is not strictly technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies.

Hetzner

Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. When you visit our website, Hetzner processes technical access data as part of hosting operations, in particular so-called log files. This may include IP addresses, the time of access, pages accessed and technical information about the device used.

The processing of these data is carried out to ensure stable, secure and functional operation of our website. The legal basis is Art. 6(1) lit. f GDPR, as we have a legitimate interest in a reliable presentation and safeguarding of our online offering. Where consent is obtained in individual cases, in particular for the storage of cookies or access to information on the user’s device within the meaning of Sec. 25(1) TDDDG, processing is based on Art. 6(1) lit. a GDPR. Any consent given may be withdrawn at any time.

An order processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner. This ensures that personal data are processed exclusively in accordance with our instructions and in compliance with data protection regulations.

Further information on data processing by Hetzner can be found in the provider’s privacy policy at https://www.hetzner.com/de/legal/privacy-policy/.

Cloudflare

To secure and optimise our web presence, we use the Cloudflare service. The provider is Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

Cloudflare provides a globally distributed content delivery network including DNS services. In doing so, data traffic between your device and our website is routed via Cloudflare’s infrastructure. This helps to fend off attacks, optimise loading times and ensure stable and secure delivery of our content. In this context, Cloudflare may process technical information about access and may use technologies such as cookies or comparable methods for recognition, exclusively for security and performance purposes.

Cloudflare is used on the basis of our legitimate interest in secure, reliable and efficient provision of our online offering pursuant to Art. 6(1) lit. f GDPR.

A transfer of personal data to the USA cannot be ruled out. This is based on the Standard Contractual Clauses adopted by the European Commission. Cloudflare is also certified under the EU-U.S. Data Privacy Framework (DPF), thereby committing to compliance with European data protection requirements.

Further information on data processing as well as Cloudflare’s data protection and security measures can be found in the provider’s privacy policy at https://www.cloudflare.com/privacypolicy/ and in the Data Privacy Framework listing at https://www.dataprivacyframework.gov/participant/5666.

Borlabs Cookie

We use the Borlabs Cookie consent solution to manage consents on our website. The provider is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg.

When you access our website, a Borlabs cookie is stored in your browser. This cookie documents your given consents as well as any revocation. Processing takes place exclusively locally on our server; no transfer of this information to Borlabs itself takes place.

The stored consent data remain until you request deletion, remove the Borlabs cookie yourself, or the purpose for storage ceases to apply. Statutory retention obligations remain unaffected.

The use of Borlabs Cookie serves to fulfil our legal obligation to properly obtain and document consent for the use of cookies and comparable technologies. Processing is therefore based on Art. 6(1) lit. c GDPR.

Further information about the functionality and data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Calendly

We use the Calendly service on our website for scheduling appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.

When you book an appointment, the data you enter—especially contact details, preferred times and, if applicable, additional information—are processed to plan, conduct and, where appropriate, follow up the appointment. Appointment and booking data are stored on Calendly servers. Further information on Calendly’s data processing can be found in the provider’s privacy policy at https://calendly.com/privacy.

The data you provide are stored for as long as necessary for appointment organisation or until you request deletion or withdraw consent. Statutory retention obligations remain unaffected.

Calendly is used on the basis of our legitimate interest in efficient and user-friendly appointment scheduling pursuant to Art. 6(1) lit. f GDPR. Where consent is obtained, in particular regarding cookies or access to information on your device within the meaning of Sec. 25(1) TDDDG, processing is based on Art. 6(1) lit. a GDPR in conjunction with Sec. 25(1) TDDDG. Any consent given may be withdrawn at any time.

A transfer of personal data to the USA cannot be ruled out. This is based on the Standard Contractual Clauses of the European Commission. Calendly is also certified under the EU-U.S. Data Privacy Framework (DPF) and thus commits to compliance with European data protection standards. Further information can be found at https://www.dataprivacyframework.gov/participant/6050 as well as on contractual safeguards at https://calendly.com/pages/dpa.

An order processing agreement pursuant to Art. 28 GDPR has been concluded with Calendly, ensuring that personal data are processed exclusively in accordance with our instructions and in compliance with the GDPR.

HubSpot CRM

We use the customer relationship management system HubSpot CRM on this website. The provider is HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA.

HubSpot CRM enables us to manage and maintain existing and potential customer contacts. Interactions via various communication channels such as email, telephone or social networks can be centrally recorded, structured and evaluated for further customer communication. HubSpot CRM also enables analysis of our contacts’ user behaviour on our website. The personal data processed may be used for personalised communication, contract initiation and—where legally permissible—for marketing measures such as sending information or newsletters.

Processing is based on our legitimate interest in efficient organisation of customer relationships and targeted communication pursuant to Art. 6(1) lit. f GDPR. Where consent is required, in particular in connection with cookies or comparable technologies within the meaning of Sec. 25(1) TDDDG, processing is carried out exclusively on the basis of Art. 6(1) lit. a GDPR in conjunction with Sec. 25(1) TDDDG. Any consent given may be withdrawn at any time.

A transfer of personal data to the USA cannot be ruled out. This is based on the Standard Contractual Clauses of the European Commission. HubSpot is also certified under the EU-U.S. Data Privacy Framework (DPF), thereby committing to compliance with European data protection standards. Further information can be found at https://www.dataprivacyframework.gov/participant/5812 and in HubSpot’s privacy policy at https://legal.hubspot.com/de/privacy-policy. Additional information on contractual safeguards is available at https://www.hubspot.de/data-privacy/privacy-shield.

An order processing agreement pursuant to Art. 28 GDPR has been concluded with HubSpot, ensuring that personal data are processed exclusively in accordance with our instructions and in compliance with the GDPR.

ProvenExpert

Our website includes rating seals from ProvenExpert. The provider of this service is Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin.

By embedding the ProvenExpert seal, customer reviews about our company submitted on the ProvenExpert platform are displayed on our website. When you access our website, a connection to ProvenExpert servers is established. Due to technical reasons, ProvenExpert may record that our website was visited. Language settings are also processed to display the rating seal in the appropriate language.

ProvenExpert is used on the basis of our legitimate interest in transparent and comprehensible presentation of customer reviews pursuant to Art. 6(1) lit. f GDPR. Where consent is required for certain technologies, in particular for cookies or comparable methods within the meaning of Sec. 25(1) TDDDG, processing is carried out exclusively on the basis of Art. 6(1) lit. a GDPR in conjunction with Sec. 25(1) TDDDG. Any consent given may be withdrawn at any time.

Google Analytics

We use Google Analytics on this website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to evaluate user behaviour on our website and to analyse reach, usage patterns and the technical performance of our online offering. Among other things, page views, time spent, source, end devices, operating systems and interactions such as clicks, scrolling and mouse movements are recorded. The information collected is assigned to a pseudonymous identifier or the respective device. Google additionally uses statistical modelling and machine-learning methods to evaluate the data.

Google Analytics uses technologies such as cookies or comparable recognition methods. The information collected is generally transferred to Google servers in the USA and stored there. Google Analytics is used exclusively on the basis of your consent pursuant to Art. 6(1) lit. a GDPR in conjunction with Sec. 25(1) TDDDG. You may withdraw your consent at any time.

IP anonymisation is enabled. This means that your IP address is shortened within the EU or EEA before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google processes this information on our behalf to compile reports on website usage and to provide other services related to website usage. The IP address is not merged with other Google data.

You can also prevent data collection by Google Analytics by installing the browser plugin provided by Google: https://tools.google.com/dlpage/gaoptout?hl=de. Further information on Google Analytics data processing can be found at https://support.google.com/analytics/answer/6004245?hl=de.

Data transfers to the USA are based on the Standard Contractual Clauses of the European Commission. Google is also certified under the EU-U.S. Data Privacy Framework (DPF). An order processing agreement pursuant to Art. 28 GDPR has been concluded with Google.

Microsoft Advertising

We use Microsoft Advertising, an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. With Microsoft Advertising, we can display ads in the Bing search engine and on partner sites and analyse their success. Search terms, clicks on ads and resulting actions are analysed.

The so-called Universal Event Tracking technology (UET) is used to collect pseudonymised data in order to track which actions users take on our website after clicking on an ad. This may involve processing anonymised IP addresses, device information, browser and device settings, time spent, visited pages and the Microsoft Click ID.

Microsoft Advertising is used exclusively on the basis of your consent pursuant to Art. 6(1) lit. a GDPR and Sec. 25(1) TDDDG, which can be withdrawn at any time. Data transfers to the USA are based on the Standard Contractual Clauses of the European Commission. Microsoft is certified under the EU-U.S. Data Privacy Framework (DPF). An order processing agreement has been concluded with Microsoft.

Microsoft Clarity

This website uses Microsoft Clarity, an analytics service provided by Microsoft Ireland Operations Limited, One Microsoft Place, Leopardstown, Dublin 18, Ireland. Microsoft Clarity is used to analyse user behaviour on our website. In particular, mouse movements, clicks, scrolling behaviour and sessions are recorded and visually processed in anonymised or pseudonymised form, e.g. through heatmaps or session recordings.

Microsoft Clarity uses cookies or comparable technologies to recognise users. The data are processed on Microsoft (Microsoft Azure) servers, and transfer to the USA is possible. Where consent is obtained, processing is based on Art. 6(1) lit. a GDPR and Sec. 25 TDDDG. Where no consent is required, processing is based on our legitimate interest in optimising our online offering pursuant to Art. 6(1) lit. f GDPR. Any consent given may be withdrawn at any time.

Microsoft is certified under the EU-U.S. Data Privacy Framework. An order processing agreement has been concluded with Microsoft. Further information can be found at https://docs.microsoft.com/en-us/clarity/faq.

Google Ads

We use Google Ads, an online advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display ads in Google Search and across the Google advertising network and to measure their success. Search queries, clicks on ads and interactions with our website can be evaluated.

Google Ads is used exclusively on the basis of your consent pursuant to Art. 6(1) lit. a GDPR and Sec. 25(1) TDDDG, which can be withdrawn at any time. Data transfers to the USA may occur and are based on the Standard Contractual Clauses of the European Commission. Google is certified under the EU-U.S. Data Privacy Framework.

Google Ads Remarketing

We also use Google Ads Remarketing. This allows users who have already interacted with our website to be assigned to certain target groups and later addressed with interest-based advertising. This advertising may also occur across devices if you are logged into your Google account accordingly.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1) lit. a GDPR and Sec. 25(1) TDDDG. You can deactivate personalised advertising at any time in your Google account at https://adssettings.google.com/anonymous?hl=de. Further information can be found at https://policies.google.com/technologies/ads?hl=de.

Google Conversion Tracking

This website uses Google Conversion Tracking to measure whether users perform certain actions on our website after clicking on a Google ad. This allows us, for example, to evaluate which content is used particularly frequently or which functions are triggered. We receive only aggregated evaluations and no information that could identify individual users personally.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1) lit. a GDPR and Sec. 25(1) TDDDG. Google uses cookies or comparable recognition technologies for this purpose. Google is certified under the EU-U.S. Data Privacy Framework. Further information can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=de.

Google Maps

We embed the Google Maps service on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps enables us to display map material directly on the website and thus ensures convenient location of the addresses we provide.

To use Google Maps, processing of your IP address is technically necessary. It is usually transmitted to Google servers in the USA and stored there. We have no influence on this data transfer. When the map function is activated, Google may also use Google Fonts, whereby your browser loads the required fonts from the Google network to display content correctly.

Google Maps is used in the interest of a user-friendly and appealing presentation of our online offering and easy findability of our locations and constitutes a legitimate interest within the meaning of Art. 6(1) lit. f GDPR. Where consent is required for the use of Google Maps or related technologies, in particular for cookies or comparable methods within the meaning of Sec. 25(1) TDDDG, processing is carried out exclusively on the basis of Art. 6(1) lit. a GDPR in conjunction with Sec. 25(1) TDDDG. Any consent given may be withdrawn at any time.

Transfers of personal data to the USA are based on the Standard Contractual Clauses of the European Commission. Google is also certified under the EU-U.S. Data Privacy Framework (DPF). Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de and on contractual safeguards at https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Ninja Firewall

To protect our website from unauthorised access and malicious attacks, we use Ninja Firewall. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza, 367–375 Queen’s Road Central, Sheung Wan, Hong Kong.

Ninja Firewall is used to technically secure our website and processes access data such as IP address, requested content (request), referrer and the time of the page view. Processing takes place exclusively on our own servers. No personal data are transmitted to the provider of Ninja Firewall or to other third parties.

IP anonymisation is enabled so that IP addresses are stored only in shortened form. Ninja Firewall is used on the basis of our legitimate interest in effective protection of our online offering against cyberattacks pursuant to Art. 6(1) lit. f GDPR.

Final remarks

Changes to the privacy notice

In the course of the further development of data protection law as well as technological or organisational changes, our privacy notices are regularly reviewed for the need for adjustments or additions.