Privacy Policy & Cookie Declaration
Contents
- General Information About the Processing of Personal Data
- Data Processing Through Visits to Our Websites
- Data Processing Through Cookies (Tracking)
- Data Processed for Contact Purposes
- Data Processed for the Execution of the Contract
- Data Processed for Single Sign-On Services (Facebook Connect)
- Data Processing in Connection With Social Networks
- Advertising and Newsletter
8.1. MailJet
8.2. Mailgun
8.3. Mailchimp
Statistical Data Collection and Analysis - Other Data Processing
9.1. Amazon Cloudfront
9.2. Web Fonts from Adobe Fonts
9.3. Trustpilot - Your Rights
- Disclosure of Data to Third Parties, Transfer to Third Countries
- Deletion of data
- Closing Provisions
- Cookie Declaration
1. General Information About the Processing of Personal Data
(1) The protection of your personal data is of utmost importance to us. The aim of the following information is to provide you with a comprehensive explanation of how your personal data is processed through the use of our websites and services.
(2) The controller according to Art. 4 No. 7 of the General Data Protection Regulation (“GDPR”) is:
Flightright GmbH
Revaler Straße 28
10245 Berlin
Telephone: +49 (0) 331 9816 9040
E-Mail: service@flightright.co.uk
(hereafter referred to as “Flightright”). Further information can be found in our Imprint.
(3) Our data protection officer can be reached via E-mail at datenschutz@flightright.de or by post at our address marked « For the attention of The Data Protection Officer”.
(4) We process personal data in strict compliance with the applicable data protection regulations. This means the data will only be processed with legal permission; in particular, if the processing of the data is necessary for the provision of our contractual and online services, e.g. when consent is legally required, as well as on grounds of our legitimate interest.
(5) The legal basis of consent is Art. 6 para. 1 lit. a. , Art. 7. GDPR resp. § 25 para. 1 TTDSG (German Act to Regulate Data Protection and Privacy in Telecommunications and Telemedia). The legal basis for the processing of data in order to provide our service and execute contractual duties is Art. 6 para. 1 lit. b. GDPR. The legal basis for the processing of data in order to fulfill our legal obligations is Art. 6. Para. 1 lit. c. GDPR, and the legal basis for the processing of data for the safeguarding of our legitimate interests is Art. 6, para 1. lit. f. GDPR resp. § 25 para. 2 TTDSG.
2. Data Processing Through Visits to Our Websites
When using our websites for purely informational purposes, i.e. if you do not make a request, do not log in or otherwise provide us with personal information, we process the data that your browser transmits to our server which is technically necessary to display our websites to you and to guarantee stability and security (« visitor data »):
- IP address
- Date and time of the request
- Duration of the website visit
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Webpage from which the request comes
- Webpages that you visit on our website
- Internet service provider
- Browser type
- Server Log Files
- Operating system and its interface
- Language and version of the browser software.
(2) The legal basis is GDPR and that is our legitimate interest in the presentation of the accessed websites (Art. 6 para. 1 s. 1 lit. f DSGVO and §25 para. 2 TTDSG).
(3) We create anonymous user profiles from individual visit data. This enables us to constantly improve our website.
Google Tag Manager
We use the service called Google Tag Manager from Google. « Google » is a group of companies and consists of the companies Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC. we have concluded a data processing agreement with Google. Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. Google Tag Manager ensures that other components are loaded, which in turn may collect data. Google Tag Manager does not access this data. You can find more information about Google Tag Manager in Google’s privacy policy. Please note that American authorities, such as intelligence agencies, may be able to gain access to personal data that is inevitably exchanged with Google via the Internet Protocol (TCP) when this service is integrated due to American laws such as the Cloud Act.
Google Analytics 4
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (« Google »).
Nature and purpose of the processing
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
We use Google Signals. This allows Google Analytics to collect additional information about users who have personalised ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.
Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of « events ». Events can be:
- Page views
- First visit to the website
- Start of session
- Web pages visited
- Your « click path », interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Seen Ads / clicked Ads
- Your approximate location (region)
- Date and time of your visit
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the data processing
On behalf of the operator Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve toanalyse the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Third country transfer
For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.
Retention period
The data sent by us and linked to cookies are automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.
Withdrawal of Consent
You can withdraw your consent at any time with effect for the future by accessing the cookie settings listed below this data privacy declaration and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.
For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.
3. Data Processing Through Cookies (Tracking)
3.1 Cookies and Cookie-Function groups
In addition to the data usage mentioned above, cookies will be stored on your device when you use our website. Cookies are small text files that are saved to your hard disk by your web browser and provide us with information. They serve to make our website more effective and user-friendly.
We distinguish between the following types of cookies:
3.1.1 Technical Cookies (Necessary Cookies)
These cookies are required to display our website and to provide essential, basic functions, e.g. page navigation, the chat function as well as to comply with data protection standards.
The following information is stored and transmitted in these cookies:
- Language settings
- Page settings
- Other status information
The purpose of using technically necessary cookies is to make our website easier to use. To this end, we also use cookies to recognise the user in future visits. Some elements of our website also technically require the identification of the visiting browser after a change of page.
The legal basis for the use of technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.2 Cookies for User Preferences
These cookies are used to recognize you and your settings when you return to the website (e.g. preferred language).
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. a. GDPR resp. §25 para. 2 TTDSG.
3.1.3 Cookies for Performance and Statistics
These cookies are used to analyse website usage and user behaviour. Through this information we are able to understand how our website is used and where problems occur. This information can then be used to, for example, make the website more user-friendly or to better tailor information and services to our users.
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. a. GDPR.
3.1.4 Marketing Cookies
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. a. GDPR.
3.2 Cookie-Management
3.2.1 Cookie-Consent-Tool (Cookiebot)
A cookie consent tool has been implemented on our website (hereinafter referred to as “Cookiebot”) so that users have full control over the use of cookies. Cookiebot is provided by Cybot A/S, 1058 Copenhagen, Denmark. It displays a list of cookies divided according to their function, explains the purpose of each function group as well as the individual cookies and how long the cookies are stored.
The storage of cookies is technically necessary for the operation of Cookiebot.
3.2.2 Cookiebot Settings
A pop-up window is displayed when a user visits our website for the first time. From here, the user can peronalise their cookie settings by clicking on the desired cookie function group. Please note that the technical cookies are already saved when you access the website and the box for this is preset.
Your Cookie Settings
Should you wish to review or change your cookie settings then click on « Change your consent » in our Cookie Declaration at the bottom of the page and then adjust the settings according via cookiebot.
3.2.3 Withdrawal- /Opt-out Options
If you have consented to the use of cookies during a visit to this website, you can revoke your consent by going to Cookiebot (see above: “Your Cookie Settings”) and deselecting the respective cookie category.
In addition to revoking your consent via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent browser plug-ins from processing your data. Where cookie providers offer such options, we have provided a link in the corresponding notes.
Another option for controlling or making adjustments to the use of cookies can be found in the relevant section of your browser settings.
Further information on the cookies we use can be found in the Cookie Declaration.
4. Data Processed for Contact Purposes
When you contact us via e-mail, telephone or an online contact formula, the data you provide (e.g. e-mail address, name, telephone number, the content of your request) will be processed by us in order to answer your question and/or query. The legal basis for this is Art. 6 para. 1 lit. b. GDPR.
5. Data Processed for the Execution of the Contract
(1) When you commission us to enforce your compensation claim, we process your contact, communication, contract and flight data (e.g. flight number, date, time) so that we can provide our contractual services, which are described in full in our General Terms and Conditions (particularly to enforce the compensation claim). Your contact and flight data are required for the conclusion of the contract. Without this information, it is not possible to conclude the contract. Your data may be passed on to the service providers supporting us (hosters, service providers, operators of communication applications, etc.) These service providers have of course been carefully selected and are bound by our instructions. This applies particularly to technical service providers who support us in the provision of services.
Your payment data will not be required or processed until a payment is due to be made to you.
(2) As stated in our terms and conditions, we instruct so-called contract lawyers to enforce claims if our extrajudicial enforcement of the claim is not successful (“Assignment processs”). Alternatively, you commission the contact lawyers directly (“Power of Attorney process”). In both cases, we will transfer all case-related data to our contract lawyer to enable them to enforce the claim. In future, we will exchange information with the contract lawyer so that we can keep you informed at all times and continue to process your case (e.g. in event of paying out compensation to you).
(3) The legal basis is the existing contractual relationship (Art. 6 para. 1 sentence 1 lit. b. GDPR). We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
6. Data Processed for Single Sign-On Services (Facebook Connect)
You can register on our website using a Google-Account with Single-Sign-On (“SSO”). SSO accounts allow you to log on to different services and platforms with a single account after it has been created. Flightright enables you to use the Google SSO service.
The Google SSO service is provided by Google Inc. (« Google »), Amphitheatre Parkway, Mountain View, CA 94043, USA.
For the purpose and scope of data collection and the further processing and use of the data by Google as well as your rights and the settings options available to protect your privacy, please refer to Google’s privacy policy.
The registration and use of Google’s services are subject to Google’s Privacy Policy and Terms of Use, which you can view at https://policies.google.com/terms.
7. Data Processing in Connection With Social Networks
You can also find us on social networks owned by foreign companies, such as Facebook or Twitter. In addition, we have integrated individual features of these networks into our online services. You can only use these features if you are registered and logged in to the respective social network. Please note that the use of the respective social network is generally subject to the terms of use and data protection conditions of that company, over which we have no influence. Nevertheless, we would like to explain to you how such networks process your personal information in this context:
7.1 Name and Address of Responsible Parties
Besides Flightright GmbH, the parties also responsible for the company’s corporate identity within the scope of the EU data protection regulation are:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland)
- Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
However, you use these platforms and their functions on your own responsibility. This applies in particular to interactive features (e.g., comment, share, rate). We would also like to point out that your data may be processed outside the European Union. The contract required under data protection law must be concluded.
7.2 Purpose and Legal Basis
We ourselves maintain the fan pages ourselves in order to communicate with visitors and to inform them about our services. In addition, we collect data for statistical purposes in order to develop and optimize our content and to make our services more attractive. The data required for this purpose (e.g. number of hits, page activities, data provided by visitors, interactions) is prepared and provided to us by the social networks. We have no influence on the generation and presentation.
Your personal data is not only processed by the social media providers, but also by Flightright GmbH (where applicable), for market research and advertising purposes. For example, advertisements tailored to your interests may be displayed both inside and outside these platforms. To this end, cookies are usually stored on your devices. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. Storage and analysis takes place across multiple devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
The processing of your personal data by Flightright GmbH is based on our legitimate interests in effective information and communication pursuant to Art. 6, para 1. lit. f., Art. 7 GDPR and §25 para. 2 TTDSG resp. §25 para. 1 TTDSG.
If you are asked to consent to the processing of your data, i.e. if you declare your consent by clicking a button or similar (opt-in), the legal basis for data processing is Art. 6, para 1. lit. f. GDPR.
7.3 Your Rights / “Opt-out” Option
If you are registered with a social network and do not wish them to collect your data via our website and link it to your stored membership data with the respective network, you must:
- log out of the respective network before visiting our fan page,
- delete the cookies stored on your device, and
- close and reopen your browser
After logging in again, however, the social network is once more able to identify your user profile.
For a detailed description of the respective kinds of data processing and opt-out options, please refer to the following:
- Facebook
Privacy statement: https://www.facebook.com/about/privacy/;
Opt-Out: http://www.youronlinechoices.com;
- Instagram
Privacy statement: https://help.instagram.com/519522125107875;
Opt-Out: http://www.youronlinechoices.com;
- LinkedIn
Privacy statement: https://www.linkedin.com/legal/privacy-policy;
Opt-Out: http://www.youronlinechoices.com;
- Twitter
Privacy statement: https://twitter.com/de/privacy;
Opt-Out: http://www.youronlinechoices.com;
- Xing
Privacy statement: https://privacy.xing.com/de/datenschutzerklaerung;
Opt-Out: http://www.youronlinechoices.com;
In summary, you have the following rights regarding the processing of your personal data:
Right to disclosure, right to rectification, right to erasure, right to limitation of data processing, right to revocation; right to data portability, right to complain about unlawful processing of your data to the competent supervisory authority.
However, since Flightright GmbH does not have total access to your personal data, you should direct your requests to the providers of the respective social media directly. They have access to the personal data of their members and can take appropriate measures as well as provide information.
Should you need help, we will of course try to support you. Please contact datenschutz@flightright.de.
7.4 Notice Regarding Author’s Rights and Copyright
Should you wish to publish images, text, videos, music, etc. on our social media, please note that by doing so you may be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or copyright holder.
8. Advertising and Newsletter
If you have given your consent to receive our advertising (newsletter, e-mail, by post, etc.), we will inform you via the respective medium about our current offers using the data you have provided. You can revoke your consent at any time.
8.1 MailJet
One of the platform’s main features is the dispatch of emails to various user groups in order to ensure that content is personally communicated in a timely manner. For the purpose of sending emails, we use the email service provider Mailjet, 37 Bis Rue du Sentier 75002 Paris, France. Only email addresses required for sending communication are shared and temporarily stored. Email addresses shall be completely deleted at least 30 days after the last dispatch. Email addresses are used exclusively by SPITCH and are not shared with third parties. Mailjet’s privacy policy is available at: https://www.mailjet.com/privacy-policy/. The legal basis for using an email service provider is based on our legitimate interest as per Art. 6 para. 1 lit. f. GDPR resp. § 25 para. 2 TTDSG. We have concluded a contract for order-data processing with Mailjet in accordance with Art. 28 para. 3 S. 1 GDPR resp. § 25 para. 2 TTDSG.
Mailjet may retrieve the recipient’s data in pseudonymous form, i.e. without any association to a user, in order to optimise or improve their own services, for example, for the technical optimisation of sending communication and the presentation of newsletters or for statistical purposes. The email service provider, however, does not use our newsletter recipients’ data in order to write to them personally or to share the data with third parties.
8.2 Mailgun
Our website uses the e-mail service of the provider Mailgun Technologies, Inc, San Francisco, for the sending and analysis of e-mails. For this purpose, the browser you use must connect to the servers of Mailgun Technologies, Inc. located in the USA. This enables Mailgun Technologies, Inc. to recognise that our website has been accessed via your IP address. The use of Mailgun is in the interest of uniform and secure communication with our customers – this constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. You can find more detailed information in the data protection declaration of Mailgun Technologies, Inc: https://www.mailgun.com/privacy-policy.
8.3 Mailchimp
The newsletter is sent via „MailChimp“, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients as well as further data that will be described in these notes will be stored on MailChimp servers in the USA. MailChimp uses this information for distributing and evaluating the newsletter on our behalf. According to information published by MailChimp, the data will be used for optimising their own services, such as technical optimisation of the distribution process or the layout of the newsletter, as well as for commercial use by determining the recipients‘ countries of residence. However, MailChimp does not use the data of our newsletter subscribers to contact them directly and does not pass them on to third parties.
MailChimp’s data regulations can be viewed here: https://mailchimp.com/legal/privacy/
Statistical Data Collection and Analysis
Our newsletters contain what is known as a web beacon or open tracker, a tiny invisible graphic in the bottom of your HTML email. It is downloaded from Mailchimp’s server when the newsletter is opened. During the download, technical information about your browser and operating system as well as your IP address and the time of the download/opening of the newsletter are collected. These are used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times.
Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although this information technically allows the tracking of individual newsletter recipients, we are not interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users and adapt contents accordingly or send different content to individual users.
9. Other Data Processing
9.1 Amazon Cloudfront
This website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon WebServices Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN provides duplicates of data from a website on various Amazon Web Services (AWS) servers all over the world. This facilitates faster loading times on the website, higher reliability, and increased protection against dataloss.
Some of the images and videos embedded on this website are obtained from the Cloudfront CDN when the page is opened. This retrieval transfers information about your use of our website (such as your IP address) to Amazon servers in other EU countries and stores it there. This happens as soon as you visit our website. Amazon Web Services and Amazon CDN Cloudfront are used in the interest of greater reliability of the website, increased protection against data loss, and better loading speed of this website.
This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR resp. § 25 para. 2 TTDSG.
More information about the data protection practices of Amazon WebServices can be found at: https://aws.amazon.com/compliance/data-privacy-faq/.
The current data privacy statement of Amazon Web Services can be found at: https://aws.amazon.com/privacy/.
9.2 Web Fonts from Adobe Fonts
This site uses so-called web fonts, which are provided by Adobe Fonts, for uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to the Adobe Fonts servers. This will give Adobe Fonts knowledge that your website has been accessed through your IP address. The use of « Adobe Fonts » web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR resp. § 25 TTDSG.
If your browser does not support web fonts, a default font will be used by your computer.
For more information about Adobe Fonts web fonts, see https://fonts.adobe.com/ and in the privacy policy of « Adobe Fonts »: https://www.adobe.com/privacy/policies/adobe-fonts.html
9.3 Trustpilot
We use Trustpilot, a user feedback and rating service provided by Trustpilot, Inc., 245 5th Avenue, 4th floor, New York, NY 10016, USA (“Trustpilot”). Trustpilot provides a form to enter your feedback about our website and to rate your user experience and product quality. If you use this option, all entries are completely voluntary and the results are published on https://www.trustpilot.com/ under a selectable pseudonym. Product reviews may be published on our website as well as in Google search results.
For more information about privacy policies of Trustpilot, please refer to the website https://legal.trustpilot.com/end-user-privacy-terms.
10. Your Rights
(1) You have the following rights with respect to your personal data:
- Right of access by the data subject (Art. 15 GDPR)
- Right to rectification and erasure (Art. 16 and 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object against the processing of data (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
(2) You also have the right to complain to the data protection supervisory authority about our processing of your data.
(3) We would like to inform you that you can revoke any data protection consent provided at any time with future effect. The same applies to consent given to promotional activities. The best way to do this is to send an informal e-mail to: datenschutz@flightright.de. The respective revocation may cause our service to become unavailable to you or only available in a limited capacity.
(4) Insofar as the processing of your personal data is based on a balance of interests (Art. 6 para. 1 s. 1 lit. f GDPR), you may object to the processing. When exercising an objection, we ask that you state why we should not process your personal data in the manner that we have. In case of a justified objection, we will review the situation and either stop or adjust the data processing or point out the compelling legitimate grounds on which we will continue to process the data.
11. Disclosure of Data to Third Parties, Transfer to Third Countries
(1) We only disclose your personal data to our service and partner companies in as far as this is absolutely necessary for order processing and the fulfilment of contractual requirements e.g. on the basis of Art. 6 para. 1 lit. b. GDPR or for the fulfilment of a legal obligation pursuant to Art. 6 para. (1) 1 lit. c GDPR or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR resp. § 25 para. 2 TTDSG.
(2) If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
(3) If, within the context of this Privacy Policy, content, tools or other means are used by third parties and their registered office is located in a third country, it is to be assumed that data will be transferred to the countries of residence of the third party providers. We only disclose your personal data in a third country if it is necessary to fulfil our (pre)contractual obligations (Art. 6 para. 1 lit. b. GDPR), on the basis of your consent (Art. 6 para. 1 lit. a. GDPR resp. § 25 para. 1 TTDSG), on the basis of a legal obligation (Art. 6 para. 1 lit. c. GDPR) or on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR resp. § 25 para. 2 TTDSG). The same applies to third party processing of data on our behalf and to the disclosure or transfer of data to third parties.
(4) We attach considerable importance to processing your data within the EU/EEA. It may happen, however, that we transfer data outside the EU / EEA and to a country without the necessary data protection standards. If your data is transferred to the USA, there is a risk that the data may be processed by US authorities for control and monitoring purposes, possibly without any form of legal recourse being available to you.
12. Deletion of Data
(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
(2) In accordance with statutory requirements in Germany, records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation etc.).
13. Closing Provisions
(1) We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
(2) We will amend the privacy policy from time to time in line with the technical advancement of our services. If the amendmentto the privacy policy does not affect the use of existing data, the new privacy policy is valid from the date of its update on our website. Any changes to the privacy policy with regard to the processing of data that has already been collected will only take place if it is acceptable to you. In such cases, we will notify you in due time via e-mail, on our websites, via our application or in another form. You have the right to object to the applicability of the revised privacy policy within four weeks of receipt of the notification. In the event of an objection, we reserve the right to terminate the contractual relationship. If no objection is raised within the specified period, the amended privacy policy shall be deemed to be accepted by you. We will inform you about your right to object and of the relevance of the objection deadline in said notification.
Last updated: April 2024