Privacy Policy

Data Protection

1. Gerneral information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy below this text.

Data collection on this website
Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the Responsible Party” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can include, for example, data you enter in a contact form.
Other data is automatically collected by our IT systems when you visit the website, either automatically or with your consent. This primarily includes technical data (e.g., internet browser, operating system, or the time of the page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.

What are your rights regarding your data?

You have the right to obtain information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time with future effect. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to file a complaint with the competent supervisory authority.
For these and any other questions related to data protection, you can contact us at any time.

Analyse-tools and third-party-tools

When visiting this website, your browsing behavior may be statistically analyzed. This is primarily done using so-called analytics programs.
Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

webgo

The provider is webgo GmbH, Heidenkampsweg 81, 20097 Hamburg (hereinafter referred to as “webgo”). When you visit our website, webgo collects various log files, including your IP addresses.
For details, please refer to webgo’s privacy policy: https://www.webgo.de/datenschutz/.

The use of webgo is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) as defined by the TTDSG. Consent can be withdrawn at any time.

Data processing agreement 

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures webgo processes the personal data of our website visitors strictly in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory notices on data protection 

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data will be collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains what data we collect, how we use it, and for what purpose.

Please note that data transmission over the Internet (e.g., communication via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the responsible party

The responsible party for data processing on this website is:

Yvonne Bueser, 86 Triq Il-Kampanella, Fgura, Malta

E-Mail: mail @ yvonnesayurvedakitchen.com

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage period

Unless a more specific storage period is mentioned in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

General information an the legal basis for data processing on this website

If you have given consent for data processing, we process your personal data based on Article 6(1)(a) of the GDPR or, if special categories of data as defined in Article 9(1) of the GDPR are processed, on Article 9(2)(a) of the GDPR. In cases of explicit consent for the transfer of personal data to third countries, the data processing is also based on Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of § 25(1) of the TTDSG. Consent can be withdrawn at any time.

If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data based on Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Article 6(1)(c) of the GDPR. Data processing may also be based on our legitimate interest in accordance with Article 6(1)(f) of the GDPR. The specific legal basis applicable in each case is detailed in the following sections of this privacy policy.

Note on data transfer to the USA and other third countries 

We use tools from companies based in the USA or other countries that do not offer a level of data protection comparable to that of the EU. When these tools are active, your personal data may be transferred to and processed in these third countries.

Please note that these countries may not guarantee a data protection level equivalent to EU standards. For example, U.S. companies are required to provide personal data to security authorities, and you as the data subject may have no legal recourse against this. It cannot be ruled out that U.S. authorities (e.g., intelligence agencies) could process, analyze, and permanently store your data located on U.S. servers for surveillance purposes. We have no influence over these processing activities.

Revocation of your consent to data processing 

Many data processing operations are only possible with your explicit consent. You may revoke consent you have already given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and to Direct Advertising (Article 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).

Right of complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the location of the alleged violation. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portibility

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Right to access, rectification, and erasure

Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipients, and the purpose of data processing. You may also have the right to request the correction or deletion of this data.

For these purposes or for other questions concerning personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

Disputing the Accuracy of Data: If you contest the accuracy of your personal data stored by us, we typically need time to verify your claim. For the duration of this verification, you have the right to request the restriction of the processing of your personal data.
Unlawful Processing: If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of deletion.
Data No Longer Needed: If we no longer require your personal data but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing instead of deletion.
Objection Under Article 21(1) GDPR: If you have lodged an objection under Article 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
When the processing of your personal data is restricted, such data – apart from being stored – may only be processed with your consent, for the assertion, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

SSL or  TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock symbol in your browser bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact data published as part of the legal notice requirement for sending unsolicited advertising and informational materials is hereby prohibited. The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional information being sent, such as spam emails.

4. Data collection on this website

Our website uses “cookies.” Cookies are small data packets that do not harm your device. They can either be temporarily stored for the duration of a session (session cookies) or permanently stored (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them or your web browser performs an automatic deletion.

Cookies may be set by us (first-party cookies) or by third-party providers (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third parties within websites (e.g., cookies for payment processing services).

Cookies serve various purposes. Many cookies are technically necessary as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required for electronic communication, the provision of specific functions requested by you (e.g., shopping cart functionality), or the optimization of the website (e.g., cookies to measure web audience) are stored based on Article 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized delivery of its services. If consent for the storage of cookies and similar recognition technologies has been requested, the processing is carried out exclusively based on this consent (Article 6(1)(a) GDPR and Section 25(1) TTDSG). Consent can be withdrawn at any time.

You can configure your browser to notify you when cookies are set, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Details on the cookies and services used on this website can be found in this privacy policy.

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent for storing certain cookies in your browser or using specific technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, RĂĽbenkamp 32, 22305 Hamburg, Germany (hereinafter “Borlabs”).

When you visit our website, a Borlabs cookie is stored in your browser, recording the consents you have given or their withdrawal. This data is not shared with the provider of Borlabs Cookie.

The collected data is stored until you request its deletion, delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. For details on data processing by Borlabs Cookie, please visit: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of Borlabs Cookie’s consent technology is to ensure legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Server-Log-Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the technically error-free presentation and optimization of the website, for which the server log files must be recorded.

Contact form

When you send us inquiries via the contact form, the information you provide in the inquiry form, including your contact details, will be stored by us for the purpose of processing the inquiry and for any follow-up questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), provided it has been obtained. Consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for its storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions, especially retention periods, remain unaffected.

Iquiries via email or phone

If you contact us via email or phone, your inquiry, including all resulting personal data (e.g., name, inquiry), will be stored and processed for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), provided it has been obtained. Consent can be revoked at any time.

The data sent to us through inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions, especially statutory retention periods, remain unaffected.

Calendly

On our website, you have the option to schedule appointments with us. We use the tool “Calendly” for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as “Calendly”).

For scheduling purposes, you provide the requested information and select a desired appointment time via the input form. The data you enter is used for planning, conducting, and possibly following up on the appointment. Appointment data is stored on Calendly’s servers. You can view Calendly’s privacy policy here: https://calendly.com/de/pages/privacy.

The data you provide will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies. Mandatory legal provisions, such as retention periods, remain unaffected.

The legal basis for processing your data is Article 6(1)(f) GDPR. The website operator has a legitimate interest in offering a straightforward scheduling process for interested parties and customers. If consent is requested, data processing will be carried out solely on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, as long as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent can be withdrawn at any time.

Data Transfer to the USA
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://calendly.com/pages/dpa

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This legally required agreement ensures that Calendly processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

5. Social Media

This website uses elements from social media platforms (e.g., Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr). Social media elements are typically identifiable by their respective logos.

To protect your privacy on this website, we use the “Shariff” solution. This application prevents the integrated social media elements from transmitting your personal data to the respective provider upon first visiting the site.

Only when you activate the respective social media element by clicking its associated button, a direct connection to the provider’s server is established (consent). Once the social media element is activated, the provider receives information, such as your IP address, indicating that you visited this website. If you are logged into your respective social media account (e.g., Facebook) at the same time, the provider can link your visit to this website with your user account.

Activating the plugin constitutes consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG. You can revoke this consent at any time with future effect.

The use of this service is to ensure compliance with legally required consents for the deployment of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

Facebook

Elements from the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
You can find an overview of Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives information that you visited this website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.

If consent has been obtained, the use of the above-mentioned service is based on Article 6(1)(a) GDPR and Section 25 TTDSG. Consent can be revoked at any time. If no consent was obtained, the use of the service is based on our legitimate interest in achieving the broadest possible visibility on social media.

If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. The mutual obligations have been defined in an agreement on joint processing. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can exercise data subject rights (e.g., access requests) concerning data processed by Facebook directly with Facebook. If you exercise your rights with us, we are obligated to forward them to Facebook.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381, and
https://www.facebook.com/policy.php

Instagram

Functions of the Instagram service are integrated into this website. These functions are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of this website, we do not have knowledge of the content of the transmitted data or how Instagram uses it.

If consent has been obtained, the use of the above-mentioned service is based on Article 6(1)(a) GDPR and Section 25 TTDSG. Consent can be revoked at any time. If no consent was obtained, the use of the service is based on our legitimate interest in achieving the broadest possible visibility on social media.

If personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transmission to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of the joint responsibility. The mutual obligations have been defined in an agreement on joint processing. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can exercise data subject rights (e.g., access requests) concerning data processed by Facebook or Instagram directly with Facebook. If you exercise your rights with us, we are obligated to forward them to Facebook.

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875, and
https://de-de.facebook.com/help/566994660333381.

For more information, please refer to Instagram’s privacy policy at:
https://instagram.com/about/legal/privacy/

6. Analytic tools and adverts

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and user origin. These data are compiled in a user ID and assigned to the respective device of the website visitor.

Additionally, Google Analytics allows us to record your mouse and scroll movements and clicks. Google Analytics also employs various modeling approaches to augment the collected datasets and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing their behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is typically transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data processing agreement 

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

6. Newsletter

If you wish to subscribe to the newsletter offered on the website, we require your email address and additional information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No further data is collected, or it is only collected voluntarily. For processing the newsletter, we use newsletter service providers, which are described below.

MailerLite

This website uses MailerLite for sending newsletters. The provider is UAB “MailerLite,” J. Basanaviciaus 15, LT-03108 Vilnius, Lithuania (hereafter referred to as MailerLite).

MailerLite is a service that allows the organization and analysis of newsletter distributions. The data you enter to subscribe to the newsletter is stored on MailerLite’s servers.

If you do not wish to have your data analyzed by MailerLite, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose.

Data analysis through MailerLite

With the help of MailerLite, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. In this way, we can determine which links were clicked the most.

Additionally, we can identify whether certain predefined actions were carried out after opening or clicking (conversion rate). For example, we can determine if you made a purchase after clicking the newsletter.

MailerLite also enables us to segment newsletter recipients into different categories (clustering). For example, we can categorize recipients by age, gender, or location. This allows us to tailor the newsletters more effectively to the target audience.

For detailed information about MailerLite’s features, you can visit the following link: https://www.mailerlite.com/features.
You can read MailerLite’s privacy policy here: https://www.mailerlite.com/legal/privacy-policy

Legal basis

The data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time for the future.

Storage duration

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, either with us or with the newsletter service provider, and will be deleted after the newsletter is unsubscribed or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Data that has been stored for other purposes will remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest in the sense of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

Data processing agreement 

We have entered into a data processing agreement (DPA) to use the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

8. Plugins and Tools

Google Fonts (local hosting)

This site uses Google Fonts, provided by Google, to ensure a uniform display of fonts. The Google Fonts are locally installed, meaning that no connection is made to Google’s servers.

For more information about Google Fonts, visit: https://developers.google.com/fonts/faq and refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en

9. Audio and video conferences

Data processing 

For communication with our customers, we use online conference tools. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is processed by us and the provider of the respective conference tool.

The conference tools collect all the data that you provide or use to access the tools (such as email address and/or phone number). Additionally, the conference tools process the duration of the conference, the start and end time of your participation, the number of participants, and other “contextual information” related to the communication (metadata).

Furthermore, the tool provider processes all technical data necessary to facilitate online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device types, operating system types and versions, client versions, camera types, microphones or speakers, and connection types.

If content is exchanged, uploaded, or otherwise provided within the tool, this content will also be stored on the tool provider’s servers. Such content includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools we use. Our options are mainly determined by the policies of the respective provider. For further details on data processing by the conference tools, please refer to the privacy policies of the respective tools listed below.

Purpose and legal basis

The conference tools are used to communicate with potential or existing clients or to provide certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest pursuant to Art. 6(1)(f) GDPR). If consent is requested, the use of the tools is based on this consent; consent can be revoked at any time with effect for the future.

Storage duration

The data directly collected by us through the video and conference tools will be deleted from our systems as soon as you request deletion, withdraw your consent for storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage duration of your data that is stored by the operators of the conference tools for their own purposes. For details, please refer directly to the operators of the conference tools.

Conference tool used

We use the following tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. You can find details about data processing in Zoom’s privacy policy:
https://zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://zoom.us/de-de/privacy.html.

Data processing agreement

We have entered into a data processing agreement (DPA) with Zoom. This legally required agreement ensures that Zoom processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.