Privacy policy

Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the “Information on the controller” section of this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

Hosting

We host the content of our website with the following provider: Rocket.net.

The use of our hosting service provider is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The controller within the meaning of the General Data Protection Regulation (GDPR) for data processing is

GvW Graf von Westphalen

Lawyers Tax Consultants Partnership mbH

Attorney Thomas G.-E. Müller

Nymphenburger Strasse 64

80335 Munich

Phone: +49 89 689077-405

E-mail: t.mueller@gvw.com

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Your rights in general

  • You can revoke your consent to the processing or disclosure of your data at any time for the future (Article 7 (3) GDPR).
  • If the legal basis for processing your data is a legitimate interest in accordance with Article 6(1)(f) GDPR, you may object to the data processing in accordance with Article 21 GDPR. If the data processing in question is direct marketing, you do not have to justify your objection in any way; in all other cases, you must provide reasons for your objection that arise from your particular situation.
  • If we have stored incorrect information about you, you can request that we correct your data (Article 16 GDPR).
  • You can request information from us about which of your data we process (Article 15 GDPR, Section 34 BDSG).
  • You can request that we erase your data or restrict its processing, provided that your request does not conflict with any higher-ranking retention obligations (Article 17 or 18 GDPR, Section 35 BDSG).
  • You can request that we provide you with the data that you have provided to us yourself in a machine-readable format for forwarding to third parties (Article 20 GDPR).
  • You may complain to a supervisory authority for data protection, e.g. the Bavarian State Office for Data Protection Supervision, about data protection issues with us.

General information on cookies

Cookies are a specific form of text entry that is stored on your device by your browser when you visit a website. Different information can be stored in a cookie. Sometimes a cookie only stores a yes or no (“true” or “false”) or a country identifier such as “de” for German; sometimes a character string is stored that enables the browser to be uniquely identified when the website is called up again (a so-called cookie ID).

The right to set cookies is not determined solely by the GDPR, but primarily by Section 25 TTDSG. The standard distinguishes between cookies that are absolutely necessary (essential) for the operation of the online offer and those that are not. Essential cookies may also be set without consent, but non-essential cookies always require consent – even if this is not required under the GDPR (e.g. if there is a legitimate interest as a legal basis or the data is not personal).

Before we store non-essential cookies on your end device, we ask for your consent in accordance with the provisions of § 25 TTDSG.

The purpose of each cookie and the legal basis for its use under the GDPR can be found in the following description of the individual data processing.

There are various ways for you to prevent the acceptance of cookies on your device:

The standard case should be that you decide which cookies you allow and which you do not when you visit one of our websites via our consent manager. In some cases, we can only offer you a blanket acceptance or rejection of all cookies or cookie groups.

In principle, you can set your browser so that it never accepts cookies. By completely excluding cookies in this way, you will most likely lose functions that are based on cookies and that you would actually like to allow or that do not require consent.

You can access websites in the private mode of your browser. Private mode also blocks the setting of cookies in your browser memory or automatically deletes all cookies at the end of the session.

Some browsers or browser plug-ins offer you the option of making more differentiated default settings as to which cookies you want to accept by default and which you do not.

A special case: Google offers a browser plug-in that prevents Google from setting the various cookies. You can find the corresponding plug-in here: https://tools.google.com/dlpage/gaoptout?hl=de

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Social media

We operate a company profile on Instagram (also known as a fan page). Such a fan page enables us to present our organization on Instagram, to get in touch with you on this social media platform and to draw attention to our services and offers via advertisements on these platforms.

Meta provides us with analysis data about the use of our fan page (called Page Insights). This gives us an impression of how successful our individual communication measures are.

Meta’s data protection information applies to the details of data processing at Meta: https://www.facebook.com/about/privacy

In accordance with a ruling of the European Court of Justice, the use of this analysis data is carried out under joint responsibility with Meta in accordance with Article 26 GDPR. Meta has accordingly provided a joint controllership agreement (https://www.facebook.com/legal/terms/page_controller_addendum). In the agreement, Meta has assumed sole responsibility for all data processing issues. If you wish to exercise your rights under the GDPR with regard to the data processed in Page Insights, you should contact Meta directly via your Meta account. However, in accordance with the legal rules on joint responsibility, you are also free to contact us with your request. We would then forward your request to Meta.

Data categories: Meta user name; comments, likes and page views within Instagram and time of action

Data recipient (third country transfer, if applicable): Meta Platforms Inc, contactable for us as a European organization via Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Meta guarantees that the data will be handled in accordance with EU data protection standards by concluding standard data protection clauses.

Purpose + legal basis: Analysis of usage behavior on our Instagram profile. The legal basis is the consent you have given as part of your meta-registration.

Storage period: Meta is responsible for the storage period.

LinkedIn

We operate a company profile on LinkedIn. Such a LinkedIn profile enables us to present our organization on LinkedIn, to get in touch with you on this social media platform and to draw attention to our services and offers via advertisements on this platform.

LinkedIn provides us with analysis data about the use of our profile page. This gives us an impression of how successful our individual communication measures are.

For details on data processing at LinkedIn, please refer to LinkedIn’s data protection information: https://www.linkedin.com/legal/privacy-policy

Data categories: LinkedIn user name; comments, likes and page views within LinkedIn and time of action

Data recipient (third country transfer, if applicable): LinkedIn Corp, contactable for us as a European organization via LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn guarantees that the data will be handled at EU data protection level by concluding standard data protection clauses.

Purpose + legal basis: Analysis of usage behavior on our LinkedIn profile. The legal basis is the consent you have given as part of your LinkedIn registration.

Storage period: The storage period is the responsibility of LinkedIn.

Plugins and tools

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google servers.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.