Privacy Policy

We think, that trust is a fundamental part of building a successful and long-term business relationship.

Speaking about data protection, we would like to earn your trust through a high degree of transparency and responsible action. That is why we disclose in this document what happens to your data transmitted to us.

The processing of all personal data (including, for example, your name, postal address, e-mail address, etc.) is subject to the General Data Protection Regulation (GDPR) and country-specific data protection laws applicable to us, e.g. German Federal Data Protection Act (BDSG).

Personal data is defined as any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an ID number, a location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In the following you will receive further information about how we process your personal data and how you can claim your rights according to the applicable data protection laws.

Anonymous surfing and basic processing of personal data

The use of our website is basically possible without providing any personal data.

However, for certain services of our business, it is necessary to process personal data. If there is no legal basis for this processing, we will of course obtain your explicit consent in advance.

We ensure the protection of all personal data processed via this website by numerous technical and organisational measures. This is done according to the current state of the art.

Our website consistently uses approved encryption technology for data transmission.

Origin of personal data processed by us

We only process personal data that you provide us in the context of your customer relationship and that are absolutely necessary for the fulfilment of our services. This also includes data that we legitimately collect from publicly accessible sources (e.g. Internet, commercial registers) and from other third parties (e.g. credit agencies).

Possible data contents: Personal data (e.g. name, address, contact data), documentation data (e.g. protocols and transcripts), communication data (e.g. e-mail addresses) and other data similar to the above categories.

Legal basis and purpose of data processing

We process personal data exclusively on the basis of the General Data Protection Regulation (GDPR) and country-specific data protection laws applicable to us.

Based on your consent (Art. 6 par. 1 lit. a GDPR)

On the basis of your explicit consent, we will only process your personal data for the agreed purpose.

You can revoke your consent at any time (please contact the above-mentioned responsible data processing department as stated in the coloured box). The revocation of your consent does not affect the lawfulness of the data processing until revocation.

Fulfilment of contractual obligations (Art. 6 par. 1 lit. b GDPR)

Your data will be processed to the extent necessary for the provision of our services. The specific purposes of data processing depend on the service booked (for details, please refer to the contract documentation for details).

Due to legal requirements (Art. 6 par. 1 lit. c GDPR) or if in the public interest (Art. 6 par. 1 lit. e GDPR)

We are subject to certain legal obligations, in particular with regard to accounting obligations and tax law. Therefore, we also process your personal data, for example, for the fulfilment of tax control and reporting obligations.

Balancing of interests (Art. 6 par. 1 lit. f GDPR)

If necessary, your data will be processed to protect our legitimate interests and to safeguard the legitimate interests of third parties; this includes, for example...

• the operation of our business for the benefit of the owner and other entitled parties,
• the assertion of legal claims and use in the context of legal disputes,
• ensuring the security of our IT systems.

Recipients of personal data

Only authorised bodies within our company who are responsible for fulfiling contractual and legal obligations are granted regulated access to your personal data. The same applies to service providers commissioned by us who work for us within this framework.

We ensure the protection of your data by organizational and technical measures, according to current state-of-the-art methods. This also applies to service providers commissioned by us.

Transfer of data to third countries or organisations outside the European Union

Data transmission in this context only takes place if...

• you have given us your explicit consent,
• it is absolutely necessary for the service to be provided (e.g. to fulfil our contractual obligations),
• a legal regulation requires this (e.g. tax reporting obligation).

To perform certain tasks, we use service providers who may be located in a third country (e.g. datacenter). This is permitted exclusively on the basis of Article 45 GDPR, in the context of a decision of the European Commission on the existence of an adequate level of protection in this third country.

Unless the European Commission made a decision, data submission is done only if appropriate guarantees are provided (e.g. data protection provisions approved by the European Commission or the local authority under a defined procedure) and if enforceable rights and effective remedies are provided.

In contracts signed with such service providers, we always oblige them to comply with the European data protection level.

Storage duration of personal data

Your personal data will remain stored for as long as the legally defined retention periods require it. After this period, the corresponding data will be deleted immediately, unless they are required for the further fulfilment of contractual obligations or for the initiation of a contract.

Your privacy rights

Right of access by the data subject (Art. 15 GDPR)

We will be pleased to inform you whether your personal data is processed by us, provide information on this data as well as further details and send you a copy of this data.

Right to rectification (Art. 16 GDPR)

Upon your request, we will immediately rectify any incorrect data collected and update incomplete data as quickly as possible.

Right to erasure (Art. 17 GDPR)

You can make use of your right to the immediate removal of personal data, provided that the fulfilment of our contractual and legal obligations does not conflict with your deletion claim.

Right to restriction of processing (Art. 18 GDPR)

As an alternative to the right of deletion, you also have the right to restrict the processing of personal data.

Right to data portability (Art. 20 GDPR)

Upon request, we will make your data available in a machine-readable format so that you can pass it on to third parties.

Miscellaneous

There is a right of appeal to a responsible data protection supervisory authority (Art. 77 GDPR and §19 BDSG).

You can revoke your consent to the processing of personal data at any time. Note that the revocation only applies to future processing; the legality of processing that has taken place up to the revocation remains unaffected. Send your revocation to info@tobiaseichner.com (responsible for data processing).

Obligation of data provision

You must provide us with any personal data we need to fulfill our contractual and legal obligations. Otherwise, we will usually not be able to provide our services for you.

Automated decision making and profiling (Art. 22 GDPR)

We do not use automated decision making techniques.

In individual cases we use legally received data from credit bureaus to evaluate a possible cooperation or a possible signing of a contract with you. To the extent required by law, we will obtain your explicit consent in advance.

Log data generated during the visit of our website

While visiting our website, we automatically collect a number of data:

• Date/time stamp of the visit
• Duration of the connection
• Host name and IP address
• Access status, HTTP status code
• Web browser (type and version)
• Operating system (type and version)
• Referrer (this is the URL of the web page that contained the link through which the visit was made to us)
• Request content (e.g. the website visited, including the amount of data transferred)

This data remains stored for a maximum of 14 days and is then converted into anonymous statistics. At no time will any personal data be used. The storage of log data is separate from the storage of personal data.

We use this data to maintain the general functionality and security of our technical services and to investigate possible cases of misuse. Identification of individual visitors is technically impossible due to the anonymisation used.

Cookies and tracking tools

Cookies are text-based data transmitted by websites and server services and stored in your web browser for later use.

This website does not use cookies as defined by the GDPR.

Contact options (on our website)

You can contact us either by letter post, by phone or directly by e-mail ("electronic mail"). In addition, we offer the option of exchanging encrypted e-mails.

If you send us a letter or an e-mail, personal data you submitted will be stored automatically. For telephone enquiries, we keep written notes on the contents of the call. These data are collected on a voluntary basis (see Art. 6 par. 1 sentence 1 lit. f GDPR) and are used solely to initiate contact and to process your inquiry.

The data will not be passed on to third parties. After processing your request, all personal data will be automatically deleted.

Software products

By installing, using or acquiring a license for one of our software products, you agree to the collection and use of personal data after explicit consent. For further details, please refer to the license agreement and privacy policy of the software product.

Use and application of services "PayPal" and "Credit card (via PayPal)" for processing payments

Payment transactions initiated by us

If you choose the payment method "PayPal" or "Credit card (via PayPal)" for services provided by us, we will send the following data to PayPal in a manual process to initiate payment processing:

• E-mail address, user ID
• Invoice amount
• Invoice ID, service/delivery date
• If required for buyer/seller protection or payment default insurance: Details of products and services ordered

In an automated process, you will receive a notification from PayPal containing instructions on payment processing.

The payment process is solely handled by PayPal on its own responsibility and is subject to the terms and privacy policy of PayPal.

Payment transactions initiated by you

The payment process is solely handled by PayPal on its own responsibility and is subject to the terms and privacy policy of PayPal.

If you use a payment button on our website, a connection to the PayPal server will be established immediately, which thereby receives the URL of the previously visited website (the so-called referrer) and can link it with your currently assigned IP address and possibly other data.

Basis of processing

Processing is done in accordance with Art. 6 para. 1 lit. b, f GDPR - our legitimate interest lies in the receipt and processing of payments within the scope of our business activities.

PayPal provides the following related documents, among others

• General privacy policy of PayPal

Address of the operator

PayPal (Europe) S.à.r.l. & Cie. S.C.A | 22-24 Boulevard Royal | 2449 Luxembourg, Luxembourg | Web: www.paypal.com

Links to websites and other third party contents

This website contains links to external websites and to third party contents.

If you click on such a link, they may collect, process or share your personal data. We have no control over the sites provided by third parties, neither on the contents published nor on the handling of personal data.

Only the privacy policies of the respective site operators apply. If you have any questions regarding data protection on such external sites, please contact the operator responsible for these sites.