pri­va­cy

Contents

1. Preface and selected terms
2. Responsible for Data Processing
3. Compact overview
4. Legal Basis for Processing Personal Data
5. Data Subjects Rights under the General Data Protection Regulation
6. External Hosting
7. Automatic server log files
8. Use of cookies
9. Data Processing in the Context of Communication and Contact
10. Information for Applicants
11. Audio and Video Conferencing with MS Teams
12. Our Social Media Presence
13. Additional Data Protection Information for our Business Partners

1. Preface and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

• GDPR stands for the European General Data Protection Regulation.
• BDSG is an abbreviation for the Federal Data Protection Act in its current version.
• Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
• The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
• The data subject within the meaning of the GDPR is any natural person whose personal data is processed.
• Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (definitions).
  
  

2. Responsible for Data Processing

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

hi tx GmbH
Am smk-Kreisel 1
70794 Filderstadt
Telefon: +49 (0) 711 77 8 66 0
E-Mail: info@smk-systeme.de

3. Compact overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security on our Website
Our website is provided with a TLS certificate, which is used to encrypt data transfer processes. This happens, for example, if you send us a message via a form. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.

Data that you transmit to us
On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Server Log Files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Use of Cookies
Cookies help us to provide various services; further information can be found in this data protection declaration.

Plugins and Content Delivery Networks
We use plugins and content delivery networks. If such services are integrated via a website, access data is transmitted to the services. Typically this is your IP address and other metadata, such as time and date of access.

Newsletter / direct marketing

Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 Paragraph 3 UWG and Art. 6 Para. 1 lit. f of the GDPR. You can of course object to receiving direct marketing information at any time.

Other data recipients

1. Data Transfer within the Corporate Group
   Within the corporate group, we use the services of affiliated companies, particularly in the areas of accounting, human resources management and IT. The services are provided by smk systeme metall kunststoff gmbh & co. Kg, Am smk-Kreisel 1, 70794 Filderstadt.
2. Use of Data Processores
   We have commissioned data processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting or email hosting. These companies process personal data according to our instructions.
3. Use of Specialist Services
   If necessary, we pass on your data to, for example, banks, shipping service providers, our tax advisor or lawyer.
4. Legal Obligations
   We are subject to legal obligations, such as commercial laws or tax laws, in this context we must pass on certain data, for example, to tax authorities.
5. Investigation of Crimes
   If necessary to secure our interests, we pass on data to the law enforcement authorities.

General Information on Deletion Periods of Personal Data
We process the data as long as necessary for the respective purpose. As a rule we process your personal data for the duration of our business relationship, which includes the initiation and processing of a contract; further we are obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of Personal Data to a Third Country
We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Art. 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these based on our legitimate interests. In these cases, we will point out the circumstance if necessary.

Obligation to provide personal data
You are free to decide whether you provide personal data on our website for specific purposes. To carry out legal transactions, the provision of personal data is contractually required.

4. Legal Basis for Processing Personal Data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent (Art. 6 Para. 1 lit. a GDPR)
Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

Data Processing within contractual purposes (Art. 6 Para. 1 lit. b GDPR)
The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

Legal Obligations (Art. 6 Para. 1 lit. c GDPR)
The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

Legitimate Interests (Art. 6 Para. 1 lit. f GDPR)
The processing of personal data based on a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject.

5. Data Subjects Rights under the General Data Protection Regulation

Every natural person is entitled to certain rights, which are defined in particular in Art. 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us.

Right to revoke your consent in accordance with Art. 7 GDPR
You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG)
You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG)
You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
• If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
• If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability according to Art. 20 GDPR
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR
If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External Hosting

This website is hosted externally. The personal data collected on this website is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR, insofar as the consent requires the storage of cookies or access to information on the user's end device (e.g . B. Device fingerprinting). Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following host:
IONOS SE
Elgendorfer Str. 57
56410 Montabaur

Data Processing Agreement
We have concluded a Data Processing Agreements for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Automatic server log files

Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.

• Date and time of retrieval
• Information about the browser type and version browser used
• Information about the operating system used
• Device (client)
• Referrer URL (which page you used to land on our website)
• Hyperlinks accessed

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

8. Use of cookies

Our websites use so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party companies can also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you require (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure technically error-free and optimized provision of its services. If consent to store cookies has been requested, the cookies in question will be stored exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection declaration and, if necessary, ask for your consent.

Legal Basis and Information about setting your Preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 Para. 1 lit. f GDPR); we only use other cookies with your consent (Art. 6 Para. 1 lit. a GDPR). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit, and you also have the option to adjust your preferences at any time.

The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our data protection declaration.

9. Data Processing in the Context of Communication and Contact

Message via contact form
You have the option of sending us messages using the contact form. We process the data that you entered in the data collection mask. Mandatory fields are marked and must be provided. The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered into the contact form is generally based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time in the future without giving us reasons. In addition, we process your data to initiate or carry out sales contracts, for example if you ask us product-related questions (Art. 6 Para. 1 lit. b GDPR).

We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.

Communication via email
If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out based on pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

If it is a product or service-related message, we generally process your data based on our legitimate interests in accordance with Art. 6 (1) (b) GDPR.

Please note that we store all incoming emails in accordance with proper accounting principles for a period of ten years, starting from the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax
Even if you contact us by telephone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting you by email.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of data processing is achieved.

10. Information for Applicants

If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the respective position, using an online form.

As a general rule, we only process the data that you have sent us yourself as part of an application process. The use of other sources is only considered after you have been informed and consulted with us. For example, whether we may contact a former employer.

The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Art. 6 Paragraph 1 Letter b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period, this is done on the legal basis of Art. 6 Paragraph 1 Letter a GDPR.

Deletion periods for applicant data
We delete applicant data a maximum of 4 months after the application process has been completed (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing is generally no longer valid once the selection process has ended, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you have the impression that your interests in immediate deletion outweigh yours, you have the option of requesting this from us. We will then examine your request and give you feedback.

After the expiry of the above-mentioned period, your data will be deleted unless we have to defend ourselves, for example, in an ongoing procedure, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the procedure has been completed, provided there are no statutory retention periods.

If we are permitted to store your data for a longer period on the basis of your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before you revoke your consent if it is foreseeable that no position will be available.

Inclusion in our applicant pool

If we are unable to offer you a position at the current time, we may ask you for your consent to continue storing your data. This is so that we can offer you a suitable position at a later date.

The legal basis for processing your data in our applicant pool is your consent (Art. 6 Paragraph 1 Letter a of GDPR). Of course, you can revoke your consent at any time with effect for the future.

If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool by then at the latest.

11. Audio and Video Conferencing with MS Teams

We use the Microsoft Teams tool for communication. Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown , Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams data protection declaration: https://privacy.microsoft.com/....

Microsoft Teams processes all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is necessary to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it will also be stored on the tool provider's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis
We use Microsoft Teams to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools will be used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage period
The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Data Processing Agreement
We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

12. Our Social Media Presence

Data Processing through Social Networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Individual social networks

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs. For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

13. Additional Data Protection Information for our Business Partners

Data Categories and Purposes of Processing
We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it. As a rule, we process the following categories of data from you

• Name first Name
• Address and/or company address
• Telecommunications data
• E-mail address
• company
• professional function and/or position
• Bank details/other payment details
• Data on the history of the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. B. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Art. 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Art. 13 Paragraph 3 GDPR and Art. 14 Paragraph 4 GDPR.

Legal Basis on which we process your Data

Based on your consent (Art. 6 Para. 1 lit. a GDPR)
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed based on your consent, you have the right to revoke your consent to us at any time with future effect.

Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and is carried out at your request.

Data processing is based on a legal obligation (Art. 6 Para. 1 lit. c GDPR).
Like every company, we have retention obligations and fulfill other documentation requirements, this may also apply to documents containing personal information. To the extent that we process data for these purposes, the processing takes place on the basis of a legal obligation.

Data processing based on a balancing of interests (Art. 6 Para. 1 lit. f GDPR)
If we process data on the basis of a balancing of interests, you as the data subject have the right to the processing of personal data, taking into account the provisions of Art. 21 GDPR to contradict. To the extent that the specific purpose permits, we process your data pseudonymously or anonymously.

Other Recipients of your Data

Transfer to processors within the scope of Art. 28 GDPR
Processors we use (Art. 28 GDPR), particularly in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. When we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contracts for order processing have been concluded. We would be happy to let you know which processors we use.

To carry out a contractual relationship
If it is necessary to carry out the contract with you, we pass on your data, for example, to our bank to process payments or shipping service providers such as German Post, DHL, UPS, GSL, DPD or other event-related providers.

Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other places, insofar as you have given us your consent.
If you have given your explicit consent, we will also pass on your data to other places. However, this occurs within the limits provided you have verifiable consent.

Information on Deletion Periods for Personal Data

Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), can usually be three years, but in certain cases can also be up to thirty years. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

As a rule, such retention periods in the context of legal transactions (according to §147 AO / §257 HGB / §14b UstG) are 10 years, starting with the year following the legal transaction.

Specific example
If you provide us with your contact details, for example by email, telephone, or by handing over your business card , we will store this data on the basis of pre-contractual measures and in accordance with Art. 6 Para. 1 lit. b of the GDPR Interest (Art. 6 Para. 1 lit. f GDPR) in smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for ten years until the commercial and tax requirements expire. After this period, we check whether we can delete the data and, if necessary, delete it.

E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an email, your data and the entire email content will be stored for 10 years. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual email is not proportionate to the benefit and legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual case check and inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.

Revocation of your consent
If we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only retain the consent subject to restriction of processing to be able to defend ourselves in the event of a dispute.

Legal or contractual Obligation to provide Personal Data

The provision of personal data is regularly necessary for the initiation, conclusion, processing, and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transfer to a Third Country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, considering suitable guarantees or other suitable guarantees.