Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is based on making our website accessible to you.

The purpose of data processing is to enable you to use the website (connection establishment). It ensures system security, the technical administration of the network infrastructure and the optimization of the website. Your IP address is only analyzed in the event of attacks on our network infrastructure or that of our Internet provider.

Your personal data will be deleted as soon as it is no longer required for the above- mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys, but only in anonymized form. The data is deleted there after 7 days.

In addition, you can object to this processing at any time by contacting us or the 1&1 data protection officer. If you wish to exercise any of these rights, you can contact 1&1's data protection officer at the above address or send an e-mail to datenschutz@ionos.de.

Our website uses the services of the hosting provider 1&1. Data processing is carried out by: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. Further information can be found in 1&1's privacy policy.

We also use the services of the hosting provider AWS. The data processing is carried out by: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg 1855, Luxembourg (a subsidiary of Amazon.com Inc., 410 Terry Avenue North, Seattle WA 98109, USA). In order to ensure the greatest possible data security, we have chosen the server location in Frankfurt am Main for the service provider AWS. You can find more information about AWS data protection here.

The legal basis for the processing of data by cookies that do not solely serve the functionality of our website is Art. 6 para. 1 sentence 1 lit. a) GDPR.

The legal basis for data processing by cookies, which are used exclusively for the functionality of this website, is Art. 6 para. 1 sentence 1 lit. f) GDPR.

Our legitimate interest arises from ensuring a smooth connection setup and convenient use of the website. In addition, data processing serves to analyze system security and stability as well as the statistical evaluation of website usage.

There are two types of cookies that are used on this website:

a)  Transient cookies

These are automatically deleted when you close the browser. These include session cookies in particular, which store a so-called session ID. This allows your computer to be recognized when you return to our website. The session cookies are deleted as soon as you log out or close the browser.

b)  Persistent cookies

These are automatically deleted after a predefined period, which may vary depending on the cookie.

You have the option at any time to withdraw your consent to the processing of cookies that do not serve the pure functionality of the website. Cookies are only set after you have consented to this when you access the site. This allows you to control data processing via cookies on our website.

You can also delete cookies at any time via your browser's security settings. Please note that you may not be able to use all functions of the website if you do so. The setting of cookies can also be permanently prevented by making the appropriate settings in your browser.

Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

We only process your data in order to process your contact request.

Your data will be deleted as soon as the purpose of the processing has been fulfilled, usually immediately after your request has been answered. In rare cases, however, it may be necessary to store your data for longer if this is required by legal, regulatory or contractual obligations.

You can contact us at any time and object to the further processing of your data. In this case, we will unfortunately not be able to continue communicating with you. All personal data processed in the course of making contact will then be deleted, unless statutory retention obligations prevent deletion.

If you enter personal data in the mandatory fields, the processing is based on Art. 6 para. 1 sentence 1 lit. b) GDPR. If you also enter personal data in optional fields, the processing is based on Art. 6 para. 1 sentence 1 lit. a) GDPR.

We only process your data in order to complete your registration and manage your website account.

Your data will be deleted as soon as it is no longer required for the purpose of registration. This is the case when you close your account with us and no legal or official retention periods prevent the deletion.

You can change, correct or delete your personal data at any time, both during and after registration.

Further information on the respective social login functions, the data transmitted and the privacy settings of your social media account can be found in the data protection information of:

• Facebook: https://www.facebook.com/legal/terms
• Google: http://www.google.com/policies/privacy/?hl=de

If you provide us with your first and last name and your e-mail address, the processing is based on Art. 6 para. 1 sentence 1 lit. b) GDPR. You provide us with all other data voluntarily, so that the processing in these cases is based on Art. 6 para. 1 sentence 1 lit. a) GDPR.

The social login makes it easier for you to use our registration function. It also provides us with information about the use of our website by social media users. We also use social media logins to make our website better known.

The social login data will be stored until revoked and used as described.

You can prevent this data processing by using the regular registration process. You can change, correct or delete your personal data at any time, both during and after registration. If the data processing is based on your consent, you can revoke this at any time in accordance with Art. 7 GDPR.

A revocation is effective from the time it is declared and for the future. 

Your data is processed on the basis of Art. 88 GDPR and Section 26 BDSG.

We process your data exclusively for the purpose of carrying out the application process.

If your application leads to an employment relationship, your personal data will be stored in compliance with the statutory provisions.

If your application is not considered, it will be deleted according to the rules of our deletion concept, whereby the provisions of the General Equal Treatment Act (AGG), in particular the existing burden of proof according to § 22 AGG, will be observed.

Your data will only be stored for longer if this is contrary to statutory provisions or if you have consented to longer storage. In this case, the storage is based on Art. 6 para. 1 sentence 1 lit. c) or lit. a) GDPR.

You can contact us at any time and object to the further processing of your data. In this case, all personal data processed in the course of the application process will be deleted - unless there are mandatory legal provisions to the contrary.

Data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

The newsletter serves to inform you regularly about our offers and news.

Your data will only be processed for as long as it is necessary to fulfill the purpose and no legal or official retention obligations prevent deletion.

You can withdraw your consent to the processing of your personal data for the newsletter at any time. To do so, you can either click on the unsubscribe link in each newsletter or send us your revocation by other means.

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

We use Mailjet as a dispatch service provider to ensure that our emails are sent reliably and efficiently.

According to Mailjet, they only store your personal data for as long as is necessary to provide their services. Mailjet deletes your data when we delete it from our address file.

You can revoke your consent at any time. To do so, click on the link in the footer of the respective e-mail. If there is no link then the data processing is necessary in order to maintain full functionality on our website. Therefore, objecting is impossible.

The legal basis for the use of Zoom is Art. 6 para. 1 lit. b) GDPR. In the case of "open webinars", it is Art. 6 para. 1 lit. f) GDPR.

We use Zoom to carry out our live formats. This allows us to present interesting content to you in a vivid way. Zoom processes your data in order to provide and optimize the services.

Zoom deletes personal data as soon as the purpose of processing has been fulfilled and no legal regulations prevent deletion. You also have the option of deleting your own content yourself.

You can object to data processing or withdraw your consent at any time. To do so, you can contact our data protection officer or Zoom directly via the following email addresses: legal@zoom.us or privacy@zoom.us.

The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the performance of a contract). The transmission to the starter is based on Art. 6 para. 1 lit. b) GDPR (processing for the performance of a contract).

We trust in the data security of Stripe. All card numbers entered are encrypted with AES-256. The infrastructure for storing, decrypting and transmitting card numbers is completely separate and uses different credentials than Stripe's main services.

Stripe is certified to the highest industry standards and holds official licenses worldwide. According to Stripe, it takes technical, organizational and administrative measures to ensure that personal data is protected against unauthorized access, loss, alteration or misuse.

Further information can be found in Stripe's privacy policy.

Data processing is used to process support, for technical checks on the risk of non-payment and for fraud prevention.

The personal data exchanged between Stripe and the controller may be transmitted by Stripe to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness. Stripe may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of Stripe.

Address, payment and order data are stored for up to 10 years due to commercial and tax law requirements. Unsuccessful campaigns are deleted 3 months after completion. If you use Stripe, Stripe also stores your personal data for as long as you use the services. After that, it will be deleted unless there are official, contractual or legal requirements that require longer storage.

Storage is required for contract processing and for legal reasons. Premature deletion is only possible if there are no statutory retention obligations to the contrary.

If you have any questions about data protection at Stripe or would like to exercise your rights, you can contact our data protection officer or contact Stripe directly at https://stripe.com/contact or by email at privacy@stripe.com.

The processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR, as it is necessary for the performance of the contract.

The collection and processing of your payout information serves to ensure the secure and proper disbursement of funds as part of your crowdfunding campaign.

Your data will be stored for as long as is necessary to process the payouts. In addition, statutory retention periods apply.

Premature deletion of the data is only possible if there are no legal or contractual obligations to store it. Your data is managed or changed via your Stripe account.

If you have any questions about data protection at Stripe or would like to exercise your rights, you can contact our data protection officer or contact Stripe directly: https://stripe.com/contact or by e-mail to privacy@stripe.com.

If you click on a social media link, your data may be processed by the respective provider in the USA.

The European Court of Justice (ECJ) considers the level of data protection in the USA to be inadequate. There is a risk that US authorities will process your data for monitoring and surveillance purposes, possibly without any legal protection for you.

Important: As long as you do not click on the links of the social media providers, no data transfer takes place.

You can find the data protection guidelines on the homepages of the respective providers. For example, you can find LinkedIn at https://www.linkedin.com/legal/privacy-policy.

Starter can decide for themselves which profiles they link to. These usually include, but are not limited to, Facebook, Instagram, YouTube, TikTok, Twitter and Twitch.

We use Vimeo to integrate videos. The data processing is carried out jointly with: Vimeo Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA.

When you access a page on our website with a Vimeo plugin (e.g. project details page), a connection to the Vimeo servers is established. Your browser automatically transmits information to Vimeo, including which page you have visited.

If you are logged in to Vimeo at the time of your visit, Vimeo assigns this information directly to your user account. When you start a video (e.g. click the play button), this information is also assigned to your account.

Further information on data protection can be found here. 

Legal basis for data processing

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing

We use social media to make our company better known and to offer you the opportunity to interact with social networks. Through Vimeo you can stream videos directly on our website.

Duration of data storage

According to its own information, Vimeo only stores your personal data as long as you have an account with Vimeo. If you do not have an account, the data is stored anonymously so that the GDPR is no longer applicable.

Right to objection and erasure

You can withdraw your consent at any time. To do so, please contact our data protection officer.

To prevent data processing by Vimeo, you can:

• log out of Vimeo before visiting our website,
• delete all cookies from your browser history.

You can make further settings and objections to the use of your data in the Vimeo profile settings. These settings are platform-independent and apply to all devices.

We use YouTube to integrate videos on our website. We are jointly responsible for data processing:

• YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• For Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Normally, when you access a website with an embedded YouTube video, your browser already sends your IP address to YouTube and stores cookies on your device.

However, we have activated YouTube's extended data protection mode. This means that YouTube only sets cookies when you actively click on the video. If you are already logged in to YouTube, your video view will be linked to your user account.

You can find more information in YouTube's privacy policy.  

Legal basis for data processing

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing

We use social media to make our company better known and to offer you the opportunity to interact with social networks.

Duration of data storage

According to Google, the data collected by YouTube is deleted after 9 to 18 months.

Right to objection and erasure

You can withdraw your consent at any time. To do so, please contact our data protection officer. To prevent data processing by YouTube, you can:

• log out of YouTube before visiting our website,
• delete all cookies from your browser history.

You can make further settings for data processing and use for advertising purposes in the YouTube profile settings. These settings apply to all your devices across all platforms.

We use SoundCloud, operated by SoundCloud Global Limited & Co KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, to integrate audio material. When you visit a page with a SoundCloud component, your browser downloads the corresponding representation of SoundCloud.

If you start an audio file and are logged in to SoundCloud at the same time, SoundCloud recognizes which page you are visiting and assigns this information to your personal SoundCloud account. Activities such as pressing the "Play" button or leaving a comment are also linked to your account.

Legal basis for data processing

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing

The SoundCloud integration enables the playback of audio material directly on our website and improves the user experience.

Duration of data storage

The data is stored and processed by SoundCloud itself. You can find information on this in SoundCloud's privacy policy.

Possibility of removal by the data subject

To prevent the transmission and storage of data by SoundCloud, you must log out of SoundCloud before starting an audio file.

We use Spotify plugins, operated by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. These enable the streaming of audio material directly on our website via an iFrame. You can find an overview of the Spotify plugins at https://developer.spotify.com.

When you visit a subpage with a Spotify plugin, a connection to the Spotify servers is established as soon as you click the "Play" button. Spotify transmits information about your use of the stream and assigns it to your personal Spotify account if necessary.

Spotify also receives the information that you have visited our website.

Legal basis for data processing

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing

The integration of Spotify enables the direct playback of audio material on our website and improves the user experience.

Duration of data storage

The data is stored and processed by Spotify itself. You can find more information on this in Spotify's privacy policy. 

Possibility of removal by the data subject

To prevent the transmission and storage of data by Spotify, you must log out of Spotify before starting an audio file.

We use the web analysis service Matomo (formerly PIWIK). The data processing is carried out by: InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is based in New Zealand, a third country with an adequate level of data protection, which has been certified by the EU Commission in accordance with Art. 45 (3) GDPR, EU decision on the level of protection.

Matomo uses cookies (see section on cookies above). The following data is collected:

• Two bytes of your IP address (e.g. 192.168.xxx.xxx)
• Called website
• The website from which you came (referrer)
• Subpages that you access on our website
• Duration of your visit to the website
• Frequency of your page views

The software runs exclusively on our servers. Your personal data is only stored there. This data is not passed on to third parties.

We have set Matomo so that IP addresses are anonymized (only 2 bytes are stored). This means that it is no longer possible to assign the IP address to your computer.

You can find more information on data protection at Matomo here: https://matomo.org/privacy/ and here https://matomo.org/privacy-policy/

Legal basis for data processing

Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Purpose of data processing

Matomo helps us to analyze the use of our website in order to:

• optimize the website
• carry out a cost-benefit analysis
• understand the flow of visitors to our website
• to make the website clear and user-friendly

Duration of data storage

We only store your data for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, your data will be blocked and deleted in accordance with our deletion concept, unless legal, official or contractual regulations prevent deletion.

Right to objection and erasure

You can withdraw your consent at any time. To do so, please contact our data protection officer.

How can you prevent tracking by Matomo?

Block cookies:

• You can deactivate the setting of cookies in your browser settings
• You can delete cookies that have already been set in your browser settings

Important: If you prevent the setting of cookies, it is possible that not all functions of our website will be fully available. If you have any questions about data protection, you can contact Matomo directly: privacy@matomo.org 

Our website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google Analytics uses cookies to analyze your use of our website. The data collected includes:

• IP address
• Access time
• Access duration

This information is transferred to a Google server in the USA and stored there.

Google analyzes your activities on our website and provides us with reports. Google may pass on the information collected to third parties if this is required by law or if third parties process data on behalf of Google.

Our Google tracking codes use the "_anonymizeIp()" function, which means that IP addresses are only processed in abbreviated form. This excludes the possibility of direct personal references.

You can find more information about Google Analytics and data protection here:

• https://www.google.de/intl/de/policies/
• http://www.google.com/analytics/terms/de.html  

Legal basis for data processing

Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

Our legitimate interest is to continuously optimize our website to meet your needs.

Purpose of data processing

By analyzing your surfing behavior, we can:

• better understand the use of our website
• improve user-friendliness
• optimize our website

Thanks to the anonymization of the IP address, your interest in the protection of your personal data is taken into account.

Duration of data storage

The data collected is deleted after 512 days (approx. two years).

Right to objection and erasure

You can prevent the installation of Google Analytics cookies by selecting the appropriate settings on your browser:

• set your browser so that no cookies are stored.
• Install a browser extension, e.g: http://tools.google.com/dlpage/gaoptout?hl=de

Note: If you deactivate Google Analytics, you may not be able to use all functions of the website without restrictions. You can also deactivate tracking here.

We use Google Tag Manager to manage website tags via an interface. This allows us to integrate Google Analytics and other Google marketing services into our online offering. Important: The Tag Manager itself does not process any personal data.

You can find more information on the Google Tag Manager usage guidelines here. 

We use the Zammad ticket system from Zammad GmbH, Marienstraße 11, 10117 Berlin, Germany, to process customer inquiries. When you contact us, your surname, first name, email address and optionally an attachment are recorded. The data is stored by Zammad in Germany.

Legal basis for data processing

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. In addition, we have concluded an order processing contract (AVV) with Zammad.

Purpose of data processing

The processing of your personal data serves exclusively to process your request and to follow up on support requests.

Duration of data storage

Your data and message history will be stored for up to six months to enable follow-up questions and subsequent contact.

Right to objection and erasure

You can revoke your consent at any time, which will result in your data being deleted, provided there are no statutory retention obligations. Further information can be found in Zammad's privacy policy at https://zammad.com/de/datenschutz.

We use Cloudflare on our website to ensure secure and error-free use. Cloudflare acts as a content delivery network (CDN) and helps to optimize loading times and improve the security of the website.

To do this, Cloudflare creates log data, such as the number of page views. This data is used to detect attempted attacks and protect our website accordingly. The analysis usually takes place within a few minutes so that the security guidelines can be adjusted immediately.

According to our settings, Cloudflare processes personal data exclusively in data centers within the European Union. We use the Cloudflare Data Localization Suite for this purpose.

Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 US. More information on data protection at Cloudflare.

Legal basis for data processing

Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in ensuring the secure use of our website. By using Cloudflare, we also comply with the principle of integrity and confidentiality of your data within the meaning of Art. 5 para. 1 lit. f) GDPR.

Purpose of data processing

The purpose of the data agreement corresponds to our legitimate interest in the confidentiality and integrity of our data processing and in ensuring the availability and full functionality of our website.

Duration of data storage

According to its own information, the raw data is usually deleted after four hours and at the latest after three days, provided that no legal regulations prevent deletion.

Right to objection and erasure

The website can only be displayed if the described data is processed. If you wish to object to the further processing of your data, please contact our data protection officer.

We use the New Relic software on our website to ensure stable technical platform operation. New Relic analyzes whether the website is accessible and how quickly it loads on your device. Technical error messages from your browser are transmitted anonymously to New Relic.

During your visit, your browser connects to the bam-cell.nr-data.net domain operated by New Relic. The IP address and browser type are transmitted. Cookies are not stored. The analysis is aggregated so that it is not possible to identify individual users.

Legal basis for data processing

The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR in a stable and efficient website operation.

Purpose of data processing

New Relic is used to monitor platform performance, analyze errors and optimize loading times.

Duration of data storage

New Relic stores the transmitted data in accordance with the company's own data protection guidelines. You can find more information here: https://newrelic.com/termsandconditions/privacy.

Right to objection and erasure

As data collection is necessary for the technical operation of the platform, there is no direct option to deactivate it.

We use the services of the IT security service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Germany, to prevent fraud on our website. For this purpose, communication takes place exclusively between us and Risk.Ident to analyze fraud risks.

Risk.Ident uses cookies and tracking technologies to collect and process specific device-related data, raw data from the TCP/IP connection and usage data from our website. The user's IP address is collected but encrypted by Risk.Ident within a few seconds. This information is stored in a fraud prevention database.

Legal basis for data processing

The processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR to prevent fraud.

Purpose of data processing

The data collected is used to create a risk assessment, which we retrieve during the following processes:

• Creating a project
• Support for a project

The risk assessment is based on factors such as

• Use of proxy connections
• Switch between different Internet service providers
• Frequently changing geo-references
• Number of Internet transactions via the end device
• Probability that the stored end device matches the user

This evaluation helps us to recognize and prevent fraud attempts at an early stage.

Duration of data storage

The storage period depends on Risk.Ident's internal data protection guidelines. However, the IP address is encrypted within a few seconds.

Right to objection and erasure

The use of Risk.Ident is required for fraud prevention, therefore there is no direct deactivation option.

If it becomes known that a person has committed or attempted to commit fraud, we transmit this information, including device-related data, to Risk.Ident.

You can find more information on data protection here.

We use the cloud storage service Dropbox Business, operated by Dropbox, Inc, 333 Brannan Street, San Francisco, CA 94107, USA, to upload videos for participation in the Launch Day. The data is stored on a server in the EU.

Data subjects are users who upload videos while logged in. Dropbox is the recipient of this personal data in the context of the aforementioned processing.

Legal basis for data processing

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Dropbox is a member of the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Purpose of data processing

The use of Dropbox Business enables the secure storage and management of the uploaded videos required for participation in the Launch Day.

Duration of data storage

The storage period depends on Dropbox's internal guidelines and the requirements for carrying out the launch day.

Right to objection and erasure

The rights of persons affected by data processing at Dropbox, in particular the right to object, rectification, erasure and blocking, must be asserted against us. You can find more information about Dropbox's data protection here.

We use the chatbot software Chatbase on our website. The data processing is carried out by: Chatbase.co Inc, 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3. The service is based on ChatGPT and helps us to conduct automated conversations with users and answer their queries more quickly and easily.

While you are chatting with the chatbot, data such as the questions you enter and the answers you receive will be processed. In your own interest, please do not provide any personal data. The following data may be collected from you:

• IP address
• Log files
• Location information and other metadata

You can find more information about Chatbase in the privacy policy. 

Legal basis for data processing

Contacting Chatbase and the associated disclosure of your data is voluntary. The data processing is therefore based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 para. 2 GDPR (Art. 46 para. 2 lit. c GDPR), which we have agreed with the provider.

Purpose of data processing

The purpose of data processing is to offer users of our website a direct and fast means of communication and to allow them to ask us questions and make comments directly via the website chat.

Duration of data storage

The data collected will be deleted as soon as the purpose of the data processing has

been fulfilled and no legal, contractual or official regulations prevent deletion.

Right to objection and erasure

The rights of persons affected by data processing at Chatbase, in particular the right to object, rectification, erasure and blocking, must be asserted against us.

We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the USA.

The following data is processed for this purpose:

• IP address

Optionally, different data is also processed, which you enter yourself depending on the form.

We have concluded an order processing contract (AV contract) with Typeform for the data protection-compliant use of your data. Typeform is ISO27001 and SOC2 certified. You can view the data processing agreement provided by Typeform and the privacy policy here.

Legal basis for data processing

Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR.

Purpose of data processing

We use the forms hosted by Typeform to ensure better contact from you and therefore better answers for you.

Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and no contractual, official or legal regulations prevent deletion.

Right to objection and erasure

The rights of data subjects affected by data processing at Typeform, in particular the right to object, rectification, erasure and blocking, must be asserted against us.

The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission. You can find more information here.

Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. You can find more information here. 

Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.

In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 sec. 1 lit. a) GDPR for this purpose.

Right to withdraw a given consent (Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. This will affect the admissibility of processing your personal data by us for the time after you have withdrawn your consent. To withdraw your consent, contact us personally or in written form.

Right of access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:

• the purpose of processing;
• the categories of personal data concerned;
• the recipients or the categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in countries outside of the EU or international organisations;
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
• all available information on the source of your personal data;
• the existence of automated decision-making, including profiling, referred to Art. 22 para. 1 and 4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.

Right to rectification and erasure (Art. 16, 17 GDPR)

You have the right to obtain from us without undue delay the rectification and completion of inaccurate personal data concerning yourself.

You may also request the erasure of your personal data if any of the following applies to you:

• the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw consent on which the processing is based according to Art. 6 para. 1 s.1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground of processing;
• you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the you object to the processing pursuant to Art. 21 para. 2 GDPR;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
• the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1.

Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

These rights shall not apply to the extent that processing is necessary:

• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance of Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
• for the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR)

You shall have the right to obtain from us restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.

Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.

Right to information (Art. 19 GDPR)

If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.

You also have the right to know which recipients have received your personal data.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller, where

• the processing is based on consent pursuant of Art. 6 para. 1 s.1 lit. a) GDPR or of Art. 9 para. 2 lit. a) GDPR or is based on a contract pursuant of Art. 6 para. 1 s. 1 lit. b) DS-GVO; and
• the processing is carried out by automated means.

In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.

Right to object (Art. 21 GDPR)

Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e).

In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.

Right to lodge a complaint with supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.