Privacy Policy

Status: April 2024

Table of contents

• • Responsible person
  • Overview of processing
  • Relevant legal bases
  • Security measures
  • Transmission of personal data
  • Provision of online services and web hosting
  • Use of cookies
  • Business services
  • Use of online platforms for offer and sales purposes
    
  • Providers and services used in the course of business activities
    
  • Payment procedure
  • Contact and enquiry management
  • Video conferences, online meetings, webinars and screen sharing
    
  • Web analysis, monitoring and optimisation

   

  Responsible person

  M.Psych.Sc.Cristian-Mihai Puiu
  
  E-Mail-Address: info@genuine-psychology.com
  
  Imprint: https://genuine-psychology.com/de/datenschutzerklaerung/
  
   

  Overview of processing

  The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

  Types of data processed

  • Inventory data.
  • Location data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and process data.

  Special categories of data

  • Health data.
  • Data on sexual life or sexual orientation.
  • Religious or ideological beliefs.
  • Data revealing racial and ethnic origin.

  Categories of persons concerned

  • Clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Pupils/ students/ participants.

  Purposes of processing

  • Provision of services and customer service.
  • Contact enquiries and communication.
  • Security measures.
  • Range measurement.
  • Managing and responding to enquiries.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • IT infrastructure.

   

  Relevant legal bases

  Relevant legal bases according to the GDPR (General Data Protection Regulation): Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. The data protection laws of the individual federal states may also apply.
  Reference to validity of GDPR and Swiss DPA (Swiss Data Protection Act): This data protection notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that the terms of the GDPR are used due to the broader geographical application and comprehensibility. In particular, instead of the terms ‘processing’ of ‘personal data’, ‘overriding interest’ and ‘sensitive personal data’ used in the Swiss DPA, the terms ‘processing’ of ‘personal data’, ‘legitimate interest’ and ‘special categories of data’ used in the GDPR are used. However, the legal meaning of the terms will continue to be determined in accordance with the Swiss DPA within the scope of application of the Swiss DPA.
  
   

  Security measures

  We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, safeguarding availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. We also take the protection of personal data into account as early as the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings. Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), protecting the data from unauthorised access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signalled by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.
  
  

   

  Transmission of personal data

  As part of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
  
   

  Provision of online services and web hosting

  We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or end device.

  • Processed data types: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
  • Persons concerned: Users (e.g. website visitors, users of online services).
  • Processing purposes: Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.); security measures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  Further information on processing operations, procedures and services:

  • Provision of online services on own/dedicated server hardware: We use server hardware operated by us and the associated storage space, computing capacity and software to provide our online offering. Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called ‘server log files’. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks), and also to ensure the utilisation of the servers and their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
  • E-mail dispatch and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and receipt on our server; Legal bases:Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/; Data processing agreement: https://wordpress.com/support/data-processing-agreements/. Basis for third country transfers: Data Privacy Framework (DPF).

   

  Use of cookies

  Cookies are small text files or other storage notes that store information on end devices and read it from them. For example, to store the log-in status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions used in an online offering. Cookies can also be used for various purposes, for example to ensure the functionality, security and convenience of online services and to create analyses of visitor flows.
  Notes on consent: We use cookies in accordance with the statutory provisions. We therefore obtain prior consent from users, unless this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to you and contains the information on the respective use of cookies.
  Notes on the legal basis for data protection: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we ask for their consent. If users accept, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this occurs in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We will explain the purposes for which we use cookies in the course of this privacy policy or as part of our consent and processing procedures.
  Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the log-in status can be saved and favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage duration can be up to two years.

  General information on cancellation and objection (Opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements, also by means of the privacy settings of their browser.

  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  Further information on processing operations, procedures and services:

  • Processing of cookie data on the basis of consent: We use a consent management solution in which the user’s consent to the use of cookies or to the procedures and providers mentioned in the consent management solution is obtained. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users’ end devices. As part of this procedure, user consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option of managing and revoking their consent. The declarations of consent are stored in order to avoid repeated requests and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information on the browser, the system and the end device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

   

  Business services

  We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as ‘contractual partners’) in the context of contractual and comparable legal relationships and associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer enquiries. We process this data in order to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and the company organisation. In addition, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse, jeopardising their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this privacy policy. We inform the contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person. We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant under tax law and for trading books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organisational documents and accounting records, and six years for commercial and business letters received and reproductions of commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created, the record was made or the other documents were created. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

  • Types of data processed: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
  • Special categories of personal data: Health data (Art. 9 para. 1 GDPR); data concerning sex life or sexual orientation (Art. 9 para. 1 GDPR); religious or philosophical beliefs (Art. 9 para. 1 GDPR); data revealing racial or ethnic origin (Art. 9 para. 1 GDPR).
  • Persons concerned: Clients; interested parties; business and contractual partners; pupils/students/participants.
  • Processing purposes: Provision of contractual services and customer service; security measures; contact requests and communication; office and organisational procedures; managing and responding to enquiries.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR; Art. 31 para. 1 and 2. lit. b. Swiss FADP); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR; Art. 31 para. 1 Swiss FADP); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP).

   

  Use of online platforms for offer and sales purposes

  We offer our services on online platforms that are operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the execution of the payment process and the procedures used on the platforms to measure reach and for interest-based marketing.

  • Processed data types:Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contact data (e.g. email, telephone numbers); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
  • Persons concerned: Clients.
  • Processing purposes: Provision of contractual services and customer service.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR; Art. 31 para. 1 and 2. lit. b. Swiss DSG).

   

  Providers and services used in the course of business activities

  As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (‘services’ for short) in compliance with legal requirements. Their use is based on our interests in the proper, lawful and economic management of our business operations and our internal organisation.

  • Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); location data (information on the geographical position of a device or person); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
  • Persons concerned: Clients; Interested parties; Users (e.g. website visitors, users of online services); Communication partners.
  • Processing purposes: Provision of contractual services and customer service; office and organisational procedures; reach measurement (e.g. access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); provision of our online offer and user-friendliness; contact enquiries and communication.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP); consent (Art. 6 para. 1 lit. a GDPR; Art. 31 para. 1 Swiss FADP).

  Further information on processing operations, procedures and services:

  • Calendly: Online appointment scheduling and appointment management; Service provider: Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP); Website: https://calendly.com/de; Privacy Policy: https://calendly.com/pages/privacy; Data processing agreement: https://calendly.com/dpa; Basis for transfer to third countries: Standard Contractual Clauses (https://calendly.com/dpa).
  • Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognise which content users have called up within one or more usage processes, which search terms they have used, which they have called up again or which they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of the users that refer to our online offering and technical aspects of their end devices and browsers. Pseudonymised user profiles are created with information from the use of various devices, whereby cookies may be used. In Google Analytics, data on geographical location is processed at a higher level by collecting the following metadata based on the IP search: ‘city’ (and the derived latitude and longitude of the city), ‘continent’, ‘country’, ‘region’, ‘subcontinent’ (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The IP address of users is not logged and is shortened by the last two digits by default. IP address truncation takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is collected via EU domains and servers; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses ( https://business.safety.google/adsprocessorterms); Opt-out: Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of adverts: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (Types of processing and processed data).
  • Microsoft Teams: Conferencing and communications software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP); Website: https://www.microsoft.com/de-de/microsoft-365; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

   

  Payment procedure

  As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively referred to as ‘payment service providers’). The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the payment service providers’ terms and conditions and data protection information. Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.

  • Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); contact data (e.g. email, telephone numbers).
  • Persons concerned: Clients; interested parties.
  • Processing purposes: Provision of contractual services and customer service. Legal basis: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR; Art. 31 para. 1 and 2. lit. b. Swiss DSG).

   

  Contact and enquiry management

  When contacting us (e.g. by post, contact form, email, or telephone) and in the context of existing user and business relationships, the data of the enquiring persons are processed insofar as this is necessary to answer the contact enquiries and any requested measures.

  • Processed data types: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as the information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Persons concerned: Communication partners.
  • Processing purposes: Communication; managing and responding to enquiries; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  Further information on processing operations, procedures and services:

  • Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request; Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

   

  Video conferences, online meetings, webinars and screen sharing

  We use platforms and applications of other providers (hereinafter referred to as ‘conference platforms’) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as ‘conference’). When selecting the conference platforms and their services, we observe the legal requirements. Data processed by conference platforms: In the context of participation in a conference, the conference platforms process the personal data of the participants listed below. The scope of the processing depends on which data is required in the context of a specific conference (e.g. specification of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of holding the conference, the conference platforms may also process participants’ data for security purposes or service optimisation. The processed data includes personal data (first name, surname), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants’ end devices, their operating system, the browser and its technical and language settings, information on the content of the communication processes, i.e. entries in chats as well as audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If the participants are registered as users with the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider. Logging and recordings: If text entries, participation results (e.g. from surveys) and video or audio recordings are logged, this will be transparently communicated to participants in advance and they will be asked for consent where necessary. Data protection measures for participants: For details on the processing of your data by the conference platforms, please refer to their data protection notices and select the security and data protection settings that are best for you in the conference platform settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using the function to make the background unrecognisable, if technically possible). Links to the conference rooms and access data may not be passed on to unauthorised third parties. Notes on legal bases: If, in addition to the conference platforms, we also process users’ data and ask users for their consent to use the conference platforms or certain functions (e.g. consent to the recording of conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfil our contractual obligations (e.g. in participant lists, in the case of processing the results of discussions, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: Inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
  • Persons concerned: Communication partners; users (e.g. website visitors, users of online services).
  • Processing purposes: Provision of contractual services and customer service; contact requests and communication; office and organisational procedures. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP).

  Further information on processing operations, procedures and services:

  • • Microsoft Teams: Conferencing and communications software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR; Art. 31 para. 1 and 2 Swiss FADP); Website: https://www.microsoft.com/de-de/microsoft-365; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

   

  Web analysis, monitoring and optimisation

  Web analysis (also referred to as ‘reach measurement’) is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognise at what time our online offering or its functions or content are most frequently used or invite visitors to reuse them. It also enables us to understand which areas require optimisation. In addition to web analysis, we may also use test procedures, for example to test and optimise different versions of our online offering or its components. Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes and information may be stored in a browser or end device and then read out. The information collected includes, in particular, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed. In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective process. Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time data, identification numbers, persons involved).
  • Persons concerned: Users (e.g. website visitors, users of online services).
  • Processing purposes: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
  • Security measures: IP-Masking (pseudonymisation of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  Further information on processing operations, procedures and services:

  • Google Analytics: We use Google Analytics to measure and analyse the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or e-mail addresses. It is used to assign analysis information to an end device in order to recognise which content users have called up within one or more usage processes, which search terms they have used, which they have called up again or which they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of the users that refer to our online offering and technical aspects of their end devices and browsers. Pseudonymised user profiles are created with information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: City (and the city’s inferred latitude and longitude), Continent, Country, Region, Subcontinent (and ID-based counterparts).In the case of EU data traffic, the IP address data is used exclusively for this derivation of geolocalisation data before it is immediately deleted. It is not logged, is not accessible and is not used for any other purpose. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymisation of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF); Possibility of objection (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of adverts: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).

  Created with free Datenschutz-Generator.de by Dr Thomas Schwenke