Privacy policy

Introduction

This website is operated by: STONE ROCK UG.

It is very important to us to handle our website visitors’ data confidentially and to protect it in the best possible way. For this reason, we make every effort to meet the requirements of the GDPR.

Below we explain how we process your data on our website. To do this, we use language that is as clear and transparent as possible so that you really understand what happens to your data.

General information
- Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when ‘something happens to it’. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

Applicable regulations/laws – GDPR, BDSG and TDDDG

The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG supplements the provisions of the GDPR as far as the use of cookies is concerned.

The person responsible

The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the person responsible at:

STONE ROCK UG

Weinbergweg 92
70569 Stuttgart

[email protected]

Data Protection Officer

We have appointed a data protection officer for our company. You can reach him under:

Suwarie Topaz

Weinbergweg 92, 70569 Stuttgart

[email protected]

How data is generally processed on this website

As we have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If we also use personal data or collect other data, we will inform you of this or ask for your consent.

You provide us with other personal data consciously.

You will find detailed information on this below.

Your rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

The details of these rights and how to exercise them can be found in the last section of this privacy policy.

Data protection – Our view

Data protection is more than just a chore for us! Personal data has great value and careful handling of this data should be a matter of course in our digitalized world. As a website visitor, you should also be able to decide for yourself what “happens” to your data, when and by whom. That is why we are committed to complying with all legal regulations, only collect the data that is necessary for us and, of course, treat it confidentially.

Forwarding and deletion

The transfer and deletion of data are also important and sensitive issues. We would therefore like to briefly inform you in advance about our general approach to this.

Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called processor and an order processing contract has been concluded in accordance with Art. 28 GDPR.

We delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a ‘good’ overview of this.

For further information, please refer to this privacy policy and contact the controller if you have any specific questions.

Hosting

This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This includes the automatically collected and stored log files (see below for more details), as well as all other data provided by website visitors.

External hosting is used for the purpose of secure, fast and reliable provision of our website and in this context serves to fulfill the contract with our potential and existing customers.

The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal device of the website visitor or user within the meaning of the TDDDG.

Our hoster only processes data that is necessary to fulfill its performance obligations and acts as our processor, i.e. it is subject to our instructions. We have concluded a corresponding contract for order processing with our hoster.

We use the following hoster:

IONOS

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

[email protected]

https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

Legal basis

The processing of personal data always requires a legal basis. The GDPR provides the following options in Art. 6 para. 1 sentence 1:

The data subject has given their consent to the processing of their personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
the processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, we will provide you with the specific legal basis for the respective processing.

What happens on our website

When you visit our website, we process your personal data.

We use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.

Below you can find out what data is collected when you visit our website, for what purpose this is done and on what legal basis.

Data collection when accessing the website

When you visit the website, information is automatically stored in so-called server log files. This is the following information:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is required temporarily in order to be able to display our website to you permanently and without any problems. In particular, this data is used for the following purposes:

System security of the website
System stability of the website
Troubleshooting on the website
Establishing a connection to the website
Presentation of the website

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in the processing of this data, in particular our interest in the functionality of the website and its security.

Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved.

If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.

Otherwise, no merging with other data takes place.

Cookies
- General information

This website uses so-called cookies. This is a data record, information that is stored in the browser of your end device and is related to our website.

The use of cookies can make it easier for visitors to navigate the website.

Rejecting cookies

You can prevent cookies from being set by adjusting your browser settings.

Here you will find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies+l%C3% B6schen&redirectlocale=en

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de

Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3% B6schen-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.
If you use a different browser, we recommend that you enter the name of your browser and ‘delete and manage cookies’ in a search engine and follow the official link to your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/
or www.youronlinechoices.com.

However, we must point out that a comprehensive blocking/deletion of cookies can lead to impairments in the use of the website.

Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with the applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is Art. 6 para. 1 lit. b, c and/or f GDPR, depending on the individual case.

Technically not necessary cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer functions of the website that are not technically necessary.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

Data processing through user input
- Own data collection

We offer the following (service) on our website: Online counseling.

We collect the following data for this purpose:

Name

E-mail address

Address

Phone number

Account details

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and in some cases on the respective end devices. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

Telephone

If you contact us by telephone, the call data may be stored in pseudonymized form on the respective end device and with the telecommunications provider used. Personal data collected during the telephone call will only be processed in order to process your request. Depending on the request, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose no longer applies and it is possible in accordance with the legal requirements.

Contact form

We offer a contact form. This is used to contact our company.

In this form, we usually process your first and last name, your telephone number, your e-mail address, a postal address and the content of the message. The data is stored on our web server and forwarded internally to the relevant e-mail addresses.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in responding to your request and in an uncomplicated way of contacting you. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

We delete this data no later than 3 months after receipt, unless it is required for a contractual relationship that has arisen.

We bind the contact form from

WordPress

Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, United States of America

https://wordpress.org/about/privacy/

on our website.

Appointment scheduling tool

Calendly

In order to be able to arrange an appointment with us, we integrate the functions of Calendly on our website. This service is offered by Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, georgia 30363, USA.

The data requested for this purpose will be used for the planning, execution and follow-up of the appointment and stored on Calendly servers.

Calendly uses cookies to collect and store data on our website. These cookies are only set with your consent. You can revoke and manage your consent at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user’s terminal device or the storage of cookies within the meaning of the TDDDG.

In addition, the legal basis for the use of Calendly is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in engaging in direct communication with customers, potential customers and other interested parties and processing inquiries directly and as quickly as possible.

The data will be stored until the data subject requests deletion, revokes consent to storage or the purpose for storage no longer applies. Mandatory statutory provisions on retention periods remain unaffected.

The EU Commission’s Standard Contractual Clauses (SCC) apply to data transfers to the USA.

You can find more information here:

https://calendly.com/de/pages/privacy

https://calendly.com/pages/dpa.

Google Calendar

In order to be able to make an appointment with us, we integrate the functions of Google Calendar on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data requested for this purpose is used for the planning, execution and follow-up of the appointment and stored on Google Calendar servers.

Google Calendar uses cookies to collect and store data on our website. These cookies are only set with consent. This consent can be revoked and managed at any time in our cookie consent tool. The legal basis for this is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user’s terminal device or the storage of cookies within the meaning of the TDDDG.

In addition, the legal basis for the use of Google Calendar is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in entering into a direct exchange with customers, potential customers and other interested parties and processing inquiries directly and as quickly as possible.

Data is stored until the data subject requests deletion, the consent for storage has been revoked or the purpose for storage no longer applies. Mandatory statutory provisions on retention periods remain unaffected.

The EU Commission’s Standard Contractual Clauses (SCC) apply to data transfers to the USA.

You can find more information here:

https://policies.google.com/privacy

https://workspace.google.com/terms/dpa_terms.html

https://cloud.google.com/terms/sccs.

Analysis and tracking tools
- Google Analytics

We use Google Analytics on this website. Google Analytics is a web analysis service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses cookies to recognize the user and thus analyze usage behavior. These cookies are only set with consent. Consent can be revoked at any time and managed in our cookie consent tool.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

The information collected here is usually transferred to a Google server in the USA and stored there.
On July 10, 2023, the European Commission adopted an adequacy decision for the USA. Google LLC is certified under the EU-US Privacy Framework. However, as the Google servers are located worldwide and data transfer to third countries (e.g. Singapore) cannot be ruled out, the EU Commission’s Standard Contractual Clauses (SCC) apply.

The use of Google Analytics results in IP anonymization. The IP address of the respective user is shortened on servers within the member states of the EU (or the European Economic Area) in such a way that it is no longer possible to trace it back to a natural person. In addition, Google undertakes to provide appropriate data protection via the Google Ads data processing conditions and creates an evaluation of website use and website activity and provides the services associated with use. The Google Ads Data Processing Terms apply to companies that are subject to the EU General Data Protection Regulation (GDPR) of the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) or similar regulations.

An additional browser plugin can be used to prevent the information collected (such as the IP address) from being sent to Google and used by Google. The plugin and further information can be found at https://tools.google.com/dlpage/gaoptout?hl=de.

Otherwise, the storage period depends on the type of data processed. Each customer can choose how long Google Analytics stores data before it is automatically deleted. The maximum lifespan of a Google Analytics cookie is two years.

Further information on the use of data by Google can also be found at https://support.google.com/analytics/answer/6004245?hl=de. For all other queries, you can also contact [email protected]
directly.

Google Consent Mode

We use Google Consent Mode on our website to customize the use of Google services based on your consent. This means that, depending on your consent, we either use the full functionality of these services or only carry out limited data collection.

Google Consent Mode allows a certain amount of data processing, even if consent is denied, but in anonymized form.

We use the Advanced Consent Mode. This enables more detailed data collection if you have consented to the use of cookies in accordance with Art. 6 para. 1 lit. a GDPR. This data helps us to evaluate the performance of our marketing measures more precisely and to carry out user-defined analyses.

The processing is carried out in our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Further information on Google Consent Mode can be found at: https://support.google.com/analytics/answer/9976101.

Social media plugins
- Instagram

Elements of the social network Instagram are integrated on this website. This service is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Instagram servers and their IP address is transmitted to Instagram. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. As the website operator, we have no knowledge of the content of the transmitted data.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

If personal data is collected on this website with the help of Facebook or Instagram and forwarded to Meta, the website operator and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Habour, Dublin 2, Ireland are jointly responsible for data processing in accordance with Art. 26 GDPR. This joint responsibility is limited exclusively to the collection and transfer of data to Facebook and Instagram. There is an agreement on joint processing for this purpose:

https://www.facebook.com/legal/controller_addendum.

The website operator is responsible for providing data protection information when using the Instagram tool and for the secure integration of the tool on the corresponding website in accordance with data protection law. Facebook and Instagram, on the other hand, are responsible for the data security of their products. This means that data subjects’ rights with regard to data processed by Facebook or Instagram must be asserted directly with Facebook or Instagram.

The EU Commission’s Standard Contractual Clauses (SCC) apply to data transfers to the USA.

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

https://instagram.com/about/legal/privacy/.

Threads

We also use the functions of Threads. Data collected when using the service, including IP address, application used and information about the end device as well as websites accessed, location and mobile phone provider, are processed by Meta Platform, Inc. as described above. This data may also be transferred to countries outside the European Union.
The data collected is linked to the account or profile at Threads. There is no control over the specifics of the data processed by Threads, including its processing, use or disclosure to third parties.
Further information:

https://help.instagram.com/769983657850450/?helpref=uf_share

https://privacycenter.instagram.com/policy.

Elements of the Pinterest social network are integrated on this website. This service is offered by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If the social media element is activated, a direct connection is established between the website visitor and the Pinterest servers in the USA and the visitor’s IP address, browser type and settings, date and time of the request and cookies are transmitted to Pintereset. If the website visitor has a user account, the visit to this website can be assigned to the corresponding user account. The website operator has no knowledge of the content of the transmitted data.

The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Further details:

https://policy.pinterest.com/de/privacy-policy.

Social media profiles

In addition to our website, we are also present with our company on social networks. At
, we want to present our company and create the opportunity to get in touch with us.

We also use the opportunity to place advertisements and job advertisements on social media.

In the following, we provide information about which data we and the respective social network process when you visit and
interact with our profile.

Instagram

We operate an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Instagram profile and interact with us, we process personal data. On the one hand, the data made publicly available on the profile. On the other hand, we also process the personal data contained in posts, comments or direct messages to us. Through interactions such as liking or sharing, we can see the user profile with the public information.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Instagram profile.

Insofar as an inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Insights

As explained in the Meta Privacy Policy under “How do we use your information?” (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as insights, for site operators. This also applies to our Instagram profile.

The insights are summarized statistics that are created based on certain interactions of visitors with pages and the content associated with them and are logged by the meta servers. This includes the following information, among others

How many people see and interact with our products, services or content, such as posts, videos, Instagram pages, listings, stores and advertisements (if the advertisement is shown on meta-products);
How people interact with our content, websites, apps and services;
Which group of people interact with our content and which group of people use our services.

Meta provides us with summarized reports and insights that tell us how well our content, features, products and services are performing.

We do not receive access to personal data, but only to the summarized reports.

To evaluate the reach, we can make settings or set appropriate filters with regard to the selection of a time period, the viewing of a specific post and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals.

The purpose of processing this data is to analyze our reach and adapt our content and advertisements to user interests so that visitors can derive the greatest possible benefit from them. By evaluating this data, we can recognize how our content, our profile and our advertising are consumed. This enables us to create target group-specific content and place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called insights, the processing is carried out under joint responsibility with Meta in accordance with Art. 26 para. 1 GDPR.

We have concluded a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta’s contact details are as follows:

Online contact: https://www.facebook.com/help/contact/1650115808681298

Postal: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For Instagram, you can contact the data protection officer at the following link:

https://www.facebook.com/help/contact/540977946302970.

Further information about the Insights:

https://de-de.facebook.com/help/pages/insights.

You can find Instagram’s full privacy policy here:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for “German” IP addresses). Meta also stores information about the end devices of its users (e.g. as part of the “login notification” function); Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your device. This enables Meta to track that you have visited this page and how you have used it. Meta buttons integrated into websites enable Meta to record your visits to these websites and assign them to your Instagram profile. This data can be used to tailor content or advertising to you.

Further information:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

Threads

https://help.instagram.com/769983657850450/?helpref=uf_share

https://privacycenter.instagram.com/policy.

Third-party content
- OpenStreetMap

We use OpenStreetMap on this website. OpenStreetMap is a plugin that enables the integration of map material on this website. This service is offered by the OpenStreetMap Foundation, St John’s Innovation Center, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

This is a collaborative project that aims to create and offer freely usable geographical data, such as street maps. As it is an open source project, the data is contributed and updated by a community of cartographers from around the world. This data can be used for a variety of purposes, from displaying maps on websites to use in GIS applications, mobile apps and more.

When using the maps, a connection is established to the servers of the OpenStreetMap Foundation. This does not involve cookies that are used for tracking website visitors, but only those that are limited to the functionality of the website.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in showing locations or providing geographical information.

Further information:

https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Dieter Live API

We use the live API from Dieter macht den Datenschutz to display our privacy policy. This is a service of simply Legal GmbH, Burkarderstraße 36, 97082 Würzburg.

The API is a technical interface. When you access our privacy policy, a connection to the servers of simply Legal GmbH is established. Your IP address will be transmitted to simply Legal GmbH.

Further information on the handling of data by simply Legal GmbH:

https://www.dieter-datenschutz.de/datenschutz/.

[…]

Audio and video conferencing
- Zoom

We use Zoom to communicate with customers. Zoom is an online conferencing tool. This service is offered by Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.

When communicating with this tool via video or audio conferencing, personal data is processed by us and the provider of the tool. The data collected includes all information that you provide when using the tool. Metadata relating to the conference is also processed. Furthermore, technical information required for the function of online communication is processed. Furthermore, all files that are shared within the tool are stored on the tool provider’s servers.

Zoom can also set cookies. These cookies are only set with consent. Consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Zoom is Art. 6 para. 1 lit. b GDPR. The communication is related to the performance of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

This data is stored until the data subject requests its deletion, the consent for storage is revoked or the purpose for storage no longer applies. Cookies remain on the end device until the user deletes them. Mandatory statutory provisions on retention periods remain unaffected.

The EU Commission’s Standard Contractual Clauses (SCC) apply to data transfers to the USA.

Further information:

https://zoom.us/de-de/privacy.html.

Skype for Business

We use Skype for Business to communicate with customers. Skype for Business is an online conferencing tool. This service is offered by Skype Communications SARL, 23-29 Rives de Clausen, L-2165, Luxembourg.

Skype for Business can also set cookies. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Skype for Business is Art. 6 para. 1 lit. b GDPR. The communication is related to the performance of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further details:

https://privacy.microsoft.com/de-de/privacystatement/.

Microsoft Teams

We use Microsoft Teams to communicate with customers. Microsoft Teams is an online conferencing tool. This service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft Teams can also set cookies. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Microsoft Teams is Art. 6 para. 1 lit. b GDPR. The communication is related to the performance of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further details:

https://privacy.microsoft.com/de-de/privacystatement.

Google Meet

We use Google Meet to communicate with customers. Google Meet is an online conferencing tool. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Meet can also set cookies. These cookies are only set with consent. This consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

Otherwise, the legal basis for the processing of data by Google Meet is Art. 6 para. 1 lit. b GDPR. The communication is related to the performance of a contract or is necessary for the fulfillment of pre-contractual obligations. Furthermore, this tool is used to simplify communication with our company. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further details:

https://policies.google.com/privacy?hl=de.

Data transfer to providers on our platform

As part of the use of our platform for the use of services or the purchase of products, we pass on certain personal data to the providers (e.g. service providers, sellers) in order to enable the processing of the corresponding services. This data transfer is necessary so that the providers can provide their services or deliver products.

In doing so, we may pass on the name to identify the user, the contact details for contacting us in the event of queries or problems, the address for providing the service or delivering products, the order details for transmitting details of the requested service or ordered products and, if necessary, payment information for processing the payment (this is usually encrypted and in accordance with the applicable security standards), to the providers.

The legal basis for data transfer is Art. 6 para. 1 lit. b GDPR, as it is necessary for the fulfillment of the contractual relationship between you and the provider.

The providers are obliged to use the transmitted data exclusively for processing the requested services or deliveries and to protect the data in accordance with the applicable data protection laws. He is the direct contractual partner and therefore bears his own responsibility for the processing of personal data. If you have any questions about its data processing, you can contact the provider directly.

Payment services
- Apple Pay

We use Apple Pay on this website. Apple Pay is a payment service provider. This service is offered by Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.apple.com/legal/privacy/de-ww/.

Klarna

We use Klarna on this website. Klarna is a payment service provider. This service is offered by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

https://www.klarna.com/de/datenschutz/.

Instant bank transfer

We use Sofortüberweisung on this website. Sofortüberweisung is a payment service provider. This service is offered by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.

For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. For this purpose, the PIN and a valid TAN are transmitted to Sofort GmbH, which logs into the online banking account. The account balance is checked and the corresponding transfer is carried out. In addition, turnover, the credit limit of the overdraft facility and the existence of other accounts and their account balances are queried. The respective contractual and data protection provisions of the payment service provider apply to the transaction in question.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.sofort.de/datenschutz.html

https://www.klarna.com/sofort/.

Shopify Payment

This website uses Shopify Payment. Shopify Payment is a payment service provider. This service is offered by Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

In addition, we have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Further details:

https://www.shopify.de/legal/datenschutz.

Mastercard

We use Mastercard on this website. Mastercard is a payment service provider. This service is offered by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Mastercard may transfer the data to the parent company in the USA. Mastercard has Binding Corporate Rules (BCR) for this purpose.

Further details:

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

https://www.mastercard.de/de-de/datenschutz.html.

VISA

We use VISA on this website. VISA is a payment service provider. This service is offered by Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom.

The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of (pre-)contractual obligations.

We also have a legitimate interest in the processing of this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

The EU Commission’s Standard Contractual Clauses (SCC) apply to data transfers to the USA.

Further details:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Cloud backups

We use cloud backup functions on our website to protect the data and content of the website from data loss, corruption or security incidents. This ensures that the website can be restored quickly and completely in the event of a server failure, a hacker attack or other unforeseen events.

If personal data is stored on our website, it is transferred to the servers of the respective provider during backups.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in securing our data.

We use the following cloud backup service:

Google Drive

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

https://policies.google.com/privacy?hl=de.

IONOS

IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
https://www.ionos.de/terms-gtc/datenschutzerklaerung/.

What else is important

Finally, we would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.

Your rights in detail
- Right to information in accordance with Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.

Right to rectification in accordance with Art. 16 GDPR

This right includes the correction of incorrect data and the completion of incomplete personal data.

Right to erasure in accordance with Art. 17 GDPR

This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to request the deletion of your personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This “right to be forgotten” also corresponds to the controller’s obligation under Art. 17 para. 2 GDPR to take appropriate measures to bring about the general erasure of data.

Right to restriction of processing pursuant to Art. 18 GDPR

This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.

Right to data portability pursuant to Art. 20 GDPR

This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.

Right to object pursuant to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

Right to “individual decision-making” pursuant to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.

Further rights

The GDPR contains comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.

We would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

We would also like to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

Right to lodge a complaint pursuant to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

What if the GDPR is abolished tomorrow or other changes take place?

The current status of this data protection declaration is 27.07.2024. From time to time it is necessary to adapt the content of the data protection declaration in order to react to actual and legal changes. We therefore reserve the right to amend this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.

Created with the kind support of Dieter macht den Datenschutz

Real estate agent & property management

Do you have any questions?

We guarantee first-class service and innovative solutions for all your real estate needs. With expertise, passion and precision, we are at your side as a reliable partner throughout Germany – from consultation to implementation.

Contact details

Important links

Imprint