Responsible party (within the meaning of the General Data Protection Regulation (DSGVO) as well as other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature):
Managing Director: Sven Gosda and Jan Gosda
We would like to inform you about the type, scope and purpose of the personal data we collect, use and process, and also inform you about the rights to which you are entitled.
The data protection guidelines apply to our online offers (e.g. websites, apps, social media) as well as to our other offline activities (e.g. service provision, communication, documentation).
The use of the website is generally possible without providing personal data. Personal data is any information relating to an identified or identifiable natural person.
If special services of our company are to be used via our website, processing of personal data may become necessary.
Processing means any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, erasure, destruction or any other form of making available of data.
If there is no legal basis for processing, we generally obtain the consent of the data subject.
Consent is any voluntary expression of will in the form of a statement or other unambiguous affirmative action indicating consent to the processing of personal data.
The processing of your personal data, for example the name, address, e-mail address or telephone number, is always carried out in accordance with the Basic Data Protection Regulation and with the country-specific data protection regulations applicable to our company.
As the controller, our enterprise has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, due to security gaps, absolute protection cannot be guaranteed.
For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or in writing.
Many cookies contain a so-called cookie ID, i.e. a unique identifier of the cookie. This consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. Thus, a specific internet browser can be recognised and identified via the cookie ID.
We use so-called session cookies for this purpose, which can be used to recognise that you have visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit the site again, it is automatically recognised that you have already visited us and which settings and entries you have made, so that you do not have to enter them again.
In particular, we use WordPress session cookies.
We use Borlabs Cookie, which sets two technically necessary cookies, namely borlabsCookie and borlabsCookieUnblockContent, to store your preferred cookies.
No personal data is processed when using borlabs cookies.
The borlabsCookie cookie only stores your chosen preference, which you selected when you accessed the website. The borlabsCookieUnblockContent cookie then stores which media/content you would always like to have automatically unblocked without always having to actively confirm this again.
If you want to revoke these settings, simply delete the cookies in your browser. When you reload or enter the website, you will then be asked again for your cookie preference.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created.
The setting of cookies by our website can be prevented at any time by a corresponding setting of the Internet browser used and thus the setting of cookies can be permanently objected to. Cookies that have already been set can be deleted at any time using an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject completely deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be fully used.
3. Collection of general and personal data
Our website collects general data and information each time you or an automated system access the website. This information is temporarily stored in a so-called log file of the server.
The following information may be collected and stored until automated deletion:
(1) browser types and versions used,
(2) the operating system used by the accessing system and the name of the access provider,
(3) the website from which an accessing system arrives at our website (so-called referrer URL),
(4) the sub-websites which are accessed via an accessing system on our website,
(5) the date and time of an access to the internet page,
(6) an Internet protocol address (IP address) of the accessing computer,
(7) the Internet service provider of the accessing system and
(8) other similar data and information that may be required to avert danger in the event of attacks on our information technology.
our information technology systems.
This data and information is never used to draw conclusions about personal data or personal identifications. Rather, this information is required in order to
(1) ensure a smooth connection of the website as well as the comfortable use of the website
(2) optimise the content of our website as well as the advertising for it,
(3) evaluate system security and system stability
(4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
information necessary for prosecution
(5) to achieve other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
The anonymously collected data and information are used statistically and with the aim of increasing data protection and data security in our company. This is to ensure an optimal level of protection for the personal data we process.
The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
4. Use of Google Maps
We use Google Maps, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display maps for the purpose of creating directions on our website.
By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there.
5. Use of Google Web Fonts
For the uniform display of fonts, we use so-called web fonts on our website, which are provided by Google. When you call up our site, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font will be used by your computer.
6. Use of Google ReCaptcha
For protection when submitting forms (e.g. blog comments, contact form, registration for the internal member area) we use in selected cases the service reCAPTCHA of the company Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The service includes the sending of your IP address and possibly other data required by Google for the reCAPTCHA service to Google.
The deviating data protection provisions of the Google company apply to this data. You can find further details in Google’s data protection centre: https://www.google.de/intl/de/privacy
7. Data protection provisions on the use and application of Google Analytics with anonymisation function
We use the Google Analytics component on our website for the purpose of demand-oriented design and continuous optimisation of our pages. Google Analytics is a web analysis service provided by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (https://www.google.de/intl/de/about). Web analysis means the collection, compilation and evaluation of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which people have come to a website (so-called referrers), which sub-pages of the website have been accessed or how often and for how long a sub-page has been accessed.
In connection with the use of Google Analytics, psuedonymised usage profiles are created and cookies are used. Google Analytics sets cookies on the information technology system of the persons who visit our website. The information generated by the cookies about the use of our website and personal data such as browser type / version, operating system used, referrer URL (previously visited page), host name of the accessing computer (IP address), time of server request are transmitted to a Google server in the USA and stored there. Google may pass on this personal data collected via the technical procedure to third parties.
This procedure allows us to analyse the flow of visitors to our website. Google then uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services in connection with the use of our website.
We use Google Analytics with an IP anonymisation function on our website. In this case, your IP address will already be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymised. Google will not, according to its own information, associate your IP address with any other data held by Google.
You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and permanently object to the setting of cookies.
Such a setting of the Internet browser used would also prevent Google from setting cookies on the information technology system of the person concerned. In addition, cookies already set by Google Analytics can be deleted at any time via the internet browser or other software programmes. However, we would like to point out that not all functions of our website can then be used to their full extent under certain circumstances.
You also have the option of preventing the collection of the data generated by Google Analytics or the cookies and related to your use of the website, including your IP address, and the processing of this data by Google. To do this, you must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which will prevent the future collection of your data when visiting the website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in your browser, you will need to set the opt-out cookie again.
Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information is stored on servers run by our software partner HubSpot.
– Content management (website and blog)
– Email marketing (newsletters and automated mailings, e.g. to provide downloads)
– Social media publishing & reporting
– Reporting (e.g. traffic sources, hits, etc. …)
– Contact management (e.g. user segmentation & CRM)
– Landing pages and contact forms
HubSpot Dublin (Docklands)
Ground Floor, Two Dockland Central
Guild Street, Dublin 1, Ireland
Phone: +353 1 5187500
As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
In cases where this cannot be ensured by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.
9. Web analytics service Hotjar
Our website uses Hotjar, a web analytics tool provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”). Hotjar is used to anonymously record the interactions of randomly selected individual users with the website. This creates a log of, for example, mouse movements and clicks with the aim of identifying potential improvements to the respective website.
In addition, information on the operating system, browser, incoming and outgoing links, geographical origin, as well as resolution and type of device are evaluated for statistical purposes. The information generated by the “tracking code” and “cookie” about the user’s visit to our website is transmitted to the Hotjar server in Ireland and stored there.
This information is not personal and is not passed on to third parties by Hotjar.
If you do not wish to have this information recorded, you can deactivate it on all websites that use Hotjar by setting the DoNotTrack header in the user’s browser. Information on how to opt-out can be found on the following page: http://overheat.de/opt-out.html.
10. Registration on our website
You have the option of registering on our website by providing personal data.
The personal data that is transmitted to us in this process results from the respective input mask that is used for registration. The personal data entered is collected and stored exclusively for our internal use and for our own purposes. A transfer to one or more order processors, such as parcel service providers, can be arranged if the personal data is used exclusively for an internal use that is attributable to us.
By registering on our website, the IP address assigned by your internet service provider (ISP), the date as well as the time of registration are stored. By storing this data, misuse of our services can be prevented and, if necessary, the data can make it possible to clarify criminal offences that have been committed. The storage of this data is therefore necessary for our protection. In principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
Your registration enables us to offer you content or services that can only be offered to registered users. You are free to change the personal data you provided during registration at any time or to have it completely deleted from our database.
Upon request, we will provide you at any time with information about which of your personal data we have stored. At your request, we will correct or delete your personal data if there are no legal obligations to retain such data. The person responsible for data processing or another employee is available to you as a contact in this context.
11. Registration and subscription to our newsletter
We offer you the opportunity to register for and subscribe to our company newsletter.
Which personal data is transmitted to us when ordering the newsletter is determined by the input mask used when ordering.
With the newsletter, we inform our customers and business partners at regular intervals about offers from our company and other interesting innovations.
In principle, the newsletter of our company can only be received if you have a valid e-mail address and you register for the newsletter dispatch and have thus expressly consented to the sending of the newsletter to the specified e-mail address in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.
Registration for our newsletter is carried out using the double opt-in procedure, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation serves to check whether you are the owner of the e-mail address and have authorised yourself to receive the newsletter.
The registration for the newsletter is logged in order to be able to prove the registration process in accordance with the legal requirements. For this purpose, the IP address assigned by your Internet service provider (ISP) as well as the date and time of registration and confirmation are stored. The collection of this data is necessary in order to be able to trace any possible misuse of your e-mail address at a later date.
The personal data collected when registering for the newsletter is used exclusively for sending our newsletter. Personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time and revoke your consent to the storage of your personal data, which was given to us for the purpose of sending the newsletter, at any time. You will find a link to this effect in every newsletter. You can also unsubscribe from the newsletter at any time directly on our website or inform us of your wish to cancel or revoke the newsletter service in any other way.
12. SSL encryption
In order to protect your transmitted data as best as possible, we use SSL encryption. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages are marked with “http://”.
All data that you transmit to this website – for example when making enquiries or logging in – cannot be read by third parties thanks to SSL encryption.
10 Routine deletion and blocking of personal data
We process and store collected personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directives and Regulations or another legislator in laws or regulations to which we are subject.
If the purpose of storage no longer applies or a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
13. data subject rights
Due to the fact that personal data may be collected when using our website, you as a person affected by the processing of personal data have the following rights:
a) Right to confirmation
As a data subject concerned by the processing of personal data, you have the right granted by the European Directive and Regulation to request confirmation from us as to whether personal data concerning you are being processed. If you wish to make use of this right of confirmation, you can contact a member of staff responsible for data processing at any time.
b) Right to information pursuant to Art. 15 DSGVO
As a person affected by the processing of personal data, you have the right, granted by the European Directive and Regulation Maker, to request information from us at any time and free of charge about the personal data stored or processed about you and to receive a copy of this information. In particular, you can request information about:
– the purposes of processing
– the category of personal data
– the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular also in the case of recipients in third countries or international organisations
– the planned storage period or, if this is not possible, the criteria for determining this period
– the existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing or a right to object to such processing
– the existence of a right of appeal to a supervisory authority
– the origin of your data or, if the personal data is not collected from you: any available information on the origin of the data
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the details thereof.
If your personal data has been transferred to a third country or an international organisation, you have the right to obtain information about the appropriate safeguards in connection with the transfer. If you wish to exercise this right of access, you can contact a member of staff responsible for data processing at any time.
c) Right to rectification of personal data pursuant to Art. 16 DSGVO
As a person affected by the processing of personal data, you have the right, granted by the European Directive and Regulation Maker, to demand the immediate correction of any personal data relating to you that is incorrect. You also have the right to request that incomplete personal data be completed, taking into account the purposes of the processing.
If you wish to exercise this right of rectification, you can contact a member of staff responsible for data processing at any time.
d) Right to erasure of personal data pursuant to Art. 17 DSGVO
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation-maker to demand that, if one of the following grounds applies, the personal data relating to you be erased without delay, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims:
– the personal data were collected or otherwise processed for purposes for which they are no longer necessary
– the data subject withdraws his/her consent on which the processing was based pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO, and there is no other legal basis for the processing.
– the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
– the personal data have been processed unlawfully.
– the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject
– the personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If one of the above-mentioned reasons applies and you wish to have personal data stored by us deleted, you can contact an employee responsible for data processing at any time. He or she will then immediately take care of the deletion.
If the personal data has been made public by us and we are obliged to erase the personal data as a data controller pursuant to Art. 17 (1) DSGVO, we shall take reasonable measures, including making use of technical means and insofar as this is technically feasible for us, to inform other data controllers who process the published personal data and to obtain erasure in relation to the personal data, insofar as the processing is not necessary. The controller will arrange the necessary in individual cases.
e) Right to restriction of the processing of personal data pursuant to Art. 18 DSGVO
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation-maker to demand that we restrict processing if one of the following conditions is met:
– the accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data.
– the processing is unlawful, but you object to the erasure of the personal data, request instead that the use of the personal data be restricted and we no longer need your data.
– we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
– You have objected to the processing pursuant to Art. 21 (1) DSGVO and it is not yet clear whether there are legitimate reasons on our part that outweigh your reasons.
If one of the above-mentioned conditions is met and you request the restriction of personal data stored by us, you can contact a member of staff responsible for processing at any time, who will then arrange for the restriction of processing.
f) Right to data portability
As a person affected by the processing of personal data, you have the right, granted by the European Directive and Regulation Maker, to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller, provided that the processing is based on consent pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO or on a contract pursuant to Article 6(1)(b) DSGVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to request that your personal data be transferred directly from us to another controller if the technical conditions for this are met and if this does not adversely affect the rights and freedoms of other persons.
To assert the right to data portability, you may at any time contact a member of staff responsible for processing the data.
g) Right of objection pursuant to Art. 21 DSGVO
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation Maker to object at any time to the processing of personal data concerning you, provided that your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) e), f) DSGVO.
The right to object requires that there are grounds arising from your particular situation or that the objection is directed against direct advertising.
In the event of objection, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. The same applies if the processing serves the assertion, exercise or defence of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such marketing without the existence or indication of a specific situation. This also applies to any profiling insofar as it is connected with such direct advertising.
If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right to object on grounds relating to your particular situation to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right of objection, you may directly contact a member of staff responsible for data processing. It is also sufficient to send an objection by e-mail to the e-mail address given on our website.
You also have the right to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated decisions in individual cases (including profiling)
As a data subject of the processing of personal data, you have the right granted by the European Directive and Regulation to not be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or significantly affects you in a similar way, unless the decision is
(1) is not necessary for the conclusion or performance of a contract between us and you; or
(2) is permissible under Union or Member State law to which we are subject and that law takes reasonable steps to safeguard your rights and freedoms and legitimate interests; or
(3) is made with your express consent.
If the decision is necessary for the contract concluded with us or the performance of the contract, or if it is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests.
If you wish to assert your rights in relation to automated decisions, you can contact the data controller at any time.
i) Right of revocation of data protection consent pursuant to Art. 7 (3) DSGVO
As a person affected by the processing of personal data, you have the right granted by the European Directive and Regulation Maker to revoke a consent granted to us for the processing of personal data at any time, with the consequence that we may no longer continue the data processing based on this consent in the future.
If you wish to exercise your right to withdraw consent, you may contact a data controller at any time.
14. Legal basis for processing
Art. 6 I a) DSGVO serves our company as the legal basis for those processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract with you (e.g. for the provision of services or delivery), the processing is based on Art. 6 I b) DSGVO. The same applies to such processing operations that are necessary for pre-contractual measures, e.g. in the case of enquiries about services.
If we are subject to legal obligations that make the processing of personal data necessary, such as for the fulfilment of tax obligations, the basis of the processing is Art. 6 I c) DSGVO.
Exceptionally, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This is the case, for example, if you were to suffer injuries in our company and contact details or other vital information had to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6 I d) DSGVO.
Finally, processing operations may also be based on Art. 6 I f) DSGVO if processing operations are not covered by any of the aforementioned legal bases, the processing is necessary to protect the legitimate interests of our company or a third party and our interests, your interests, fundamental rights and freedoms do not override these. We are permitted to carry out such processing operations primarily because they have been specifically mentioned by the European legislator. The legislator has taken the view that a legitimate interest could be assumed, for example, if you are a contractual partner of ours (recital 47, sentence 2 of the GDPR).
Legitimate interests in the processing pursued by us or a third party
Where the processing of personal data is based on Article 6 I f) DSGVO, our legitimate interest is to conduct our business for the benefit of the welfare of all our employees.
15. storage period for personal data
The basis for the storage period of personal data is the respective statutory retention period. When this period expires, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
(15) Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby inform you that the provision of personal data is partly provided for or required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For example, in order to conclude a contract, it may be necessary for you to provide us with personal data which must then be processed by us. For example, you are obliged to provide us with personal data if you conclude a contract with our company, as otherwise a contract could not be concluded.
At your request, an employee responsible for data processing will inform you on a case-by-case basis whether the provision of personal data is required by law or by contract or whether it is necessary for the conclusion of a contract. You can also ask them whether there is an obligation to disclose your personal data and what the consequences would be if you did not provide it.