Privacy policy

Introduction

Hack Your Shack gGmbH is a German non-profit organisation. With dooiy, we develop a do-it-yourself platform with and for people in underserved communities in the Global South. For this purpose, we operate an inclusive information service to disseminate step-by-step instructions that can be used to improve the living situation even in challenging living environments.

We maintain several websites, multiple social media presences and direct communication channels, such as telephone, email or messaging services. We also use online services for teleconferencing, videoconferencing, appointments and file sharing in order to carry out our tasks efficiently.

We take the protection of your personal data very seriously and have designed our services to be as data protection-friendly as possible. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

In the following, we describe which data we collect from you and how we process it. In addition, we point out which service providers we use collect data from you.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Responsible party

The responsible party for data processing on this website is:

Hack Your Shack gGmbH
Pfarrstr. 90 | 10317 Berlin
Phone: +49 30-28625264
E-mail: info@hackyourshack.org

If you have specific questions about the processing of your data or if you wish to exercise your rights as a data subject, please contact our data protection officer Marlene Lerch.

Hosting

We host our websites ourselves. We rent the server hardware from a hosting provider. This is located in a German data centre and is therefore subject to German law, including the Federal Data Protection Act. The provider of this service is STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. Further information on Strato as a hosting provider can be found here: https://www.strato.de/datenschutz/

Server log files

In order to operate our website smoothly and securely, both the web server and the operating system record a variety of system events in so-called logs. In addition to the IP address, your request potentially contains other information that is necessary for the technical provision of our service. This includes, for example, browser type and version, your operating system, time of server request, host name or screen size. We need this information, for example, to be able to provide you with images in the appropriate size and thus consume less server performance, bandwidth and CO2. Which information is transmitted varies from browser to browser and can be configured by you in the browser settings.

The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 Para. 1 lit. f DSGVO.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. As soon as the log file is rotated, it is saved in anonymised form. For this purpose, the last octet of the IP address is zeroed out so that it is no longer possible to establish a reference to the individual user.

In addition, the data is processed in anonymised form for statistical purposes, if necessary. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.

We store this information in rotating logs for a period of up to 3 weeks, after which the information is deleted again, unless we are obliged to keep this information longer for legal reasons. Since IP addresses are also considered personal data, we treat them with particular sensitivity. No information flows from our server to third parties. When we access our server, we only do so via strongly encrypted connections (SSH).

Cookies

We do not use cookies to track you or to obtain further personal data from you. Our internet pages do not use cookies at all in the public area.

In order to access protected areas, you must log in with your user name and password. In response, you will receive a cryptographically signed cookie from our server, which you can use to authenticate yourself each time you access the site (your browser does this automatically). This way you don’t have to enter your username and password every time you access the site. When logging in and in general, we will inform you in advance if we set cookies.

We endeavour to minimise the use of cookies to what is functionally necessary.

Content Delivery Network

When you visit our websites, your request is sent from your browser to our server via various communication nodes. To protect our server from cyber-attacks and to make the delivery of our data packets as secure and fast as possible, we have integrated our server into the Content Delivery Network (CDN) of Cloudflare (Cloudflare Inc, 101 Townsend Street, San Francisco, CA 94107, USA). A CDN is a worldwide network of connected servers, through which websites can be delivered faster, because the distance of data transmission is significantly shortened. This means that your request is transmitted from your telecommunications provider to this CDN at a location near you. There, your request is checked by Cloudflare for harmfulness and then transmitted to our server as quickly as possible. This allows us to make our websites available very quickly, even in Africa, for example. On this journey, the packet is end-to-end encrypted thanks to Cloudflare and is enriched with certain information, e.g. with which methods the packet was checked or where it was fed into the CDN. For this purpose, personal data must be processed in server log files by Cloudflare (quite inevitably, this is at least your IP address). These are stored by Cloudflare for as long as is necessary for the purposes described. Please compare the explanations under “Server log files”. Cloudflare acts as a recipient of your personal data and as a processor for us. The integration of Cloudflare corresponds to our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. We have configured the use of Cloudflare so that no cookies are used.

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf.

For more information about Cloudflare’s privacy policy, please visit: https://www.cloudflare.com/de-de/privacypolicy.

Tracking tools, analytics tools and plugins

For the analysis of our website traffic, we have opted for a particularly privacy-friendly solution and only use the data generated by the transport in the Cloudflare CDN.

Cloudflare Tools

Cloudflare Web Analytics does not use client-side information, such as cookies or local storage, to collect usage metrics. Cloudflare also does not “fingerprint” individuals in the form of their IP address, user agent strings or other data for analytics purposes. Cloudflare Analytics are non-invasive and respect the privacy of our visitors.

Contact us and newsletter

Request by email or phone

If you contact us by email or phone, your request including all resulting personal data (name, email address, phone number, request, etc.) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Request via WhatsApp

If you contact us via the WhatsApp business channel offered on our website, among others, your enquiry including all personal data resulting from it will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries sent to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

The service provider of WhatsApp is the US company WhatsApp Inc, a subsidiary of Meta Platforms Inc. In Europe, the subsidiary WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible.

By using WhatsApp, metadata is collected from you, which is also processed in the USA. This includes your IP address, your phone number, device information, your location and your usage behaviour. This data is sent to WhatsApp or the owner of the service Meta. Message content is encrypted end-to-end and cannot be viewed by anyone except you and us.

Since personal data is transferred to the USA, further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the providers in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipients of the data in the USA to process the data in accordance with the level of protection in Europe. Nevertheless, we would like to point out that this involves risks with regard to the protection of your data.

Further information on data transfer in accordance with the standard contractual clauses can be found here: www.whatsapp.com/legal/business-data-transfer-addendum-20210927 or on data processing with Whatsapp here: www.whatsapp.com/privacy

Request or appointment via Calendly

On our website you have the possibility to make an appointment with us via the button “Schedule Meeting”. For this purpose, we will redirect you to the website of “Calendly”. Calendly is a service of Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, https://calendly.com.

We have concluded a contract agreement with Calendly so that the data you provide is processed for us in accordance with your instructions and order. Since it cannot be ruled out that the data will also be processed in a third country (USA), we have concluded a “Data Processing Addendum” with Calendly so that secure data processing is also guaranteed here. You can also find more information at https://calendly.com/pages/dpa.

If you book an appointment with us on the Calendly website, your data will be entered into our calendar (Google Workspace). Furthermore, the data is visible to us in the login area of Calendly and is stored there.

You will receive a confirmation of the appointment by email, where you have the option to enter the data in your calendar. The purpose of processing the data provided is to be able to make an appointment, to process the contact request and to be able to contact you.

The legal basis for the processing of personal data described here is your declaration of consent at the beginning of the online appointment process. It is in our interest to offer you the possibility to arrange appointments with us independently. This simplifies the coordination of appointments and enables efficient scheduling.

The personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

In addition to Calendly, the recipient of the data is also our server host (email/ Google), which also works for us within the framework of a commissioned data agreement.

Audio and video conferences

Data processing

For communication with our partners and users, we use online conference tools, among others. The tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conferencing tools collect all data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the Service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing partners and users or to offer certain services (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conferencing tools:

Google Meet

We use Google Meet. The provider of this service is Google Inc. In Europe, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for this and all other Google services. Details on data processing can be found in Google’s privacy policy: https://policies.google.com/privacy.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Data transfers to conference tools used

A contract for order processing has been concluded with both providers and the strict requirements of the German data protection authorities for use are fully implemented.

As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the providers in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipients of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipients in the USA.

Data processing through social networks

We maintain publicly accessible profiles on social networks. You can find the social networks we use in detail below.

Social networks such as Facebook, Twitter etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we are not able to track all processing on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

We would like to point out that you use our social media sites on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period for data collected via social media

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have placed the Facebook icon on our website. No personal data is automatically transmitted to Facebook when you visit our website. The icon only serves to link to our Facebook fan page.

The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We use the Facebook Insights statistics service for the needs-based design and ongoing optimisation of our Facebook fan page. This service records your activity on our page and makes it available to us in anonymised statistics. This gives us insights into the reach of posts, views/average duration of video playback, age groups, statistics on gender ratios, shared content, origin of users, general page activity, preset language settings. However, it is not possible for us to draw conclusions about individual visitors or access to individual user profiles through this statistics service. You can find more information about Facebook Insights here:

https://www.facebook.com/business/pages/manage#page_insights

If you contact us via Facebook, share our posts or comment on them, we receive additional data from you, such as your name on the Facebook account, date and time of your post or contact. The additional data records or information provided by you depend on the content of the comments or the purpose of your contact. Data processing by us is also possible if you participate in our competitions. In the case of competitions, the winners are publicly identified with their usernames and asked to get in touch within a period of 14 days. Winners must send their full name and address so that the prizes can be sent. This data will be processed by us exclusively for the purpose of handling the competition.

We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies the data processing operations for which we or Facebook are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have two profiles on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.

For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

TiKTok is a social media platform whose app you can download free of charge via iOS or Android on your smartphone. Users can create media such as short videos and share them with the community or the general public outside the platform. Exchange with other users takes place via an integrated chat or via a comment function on the video clips. The TikTok profile of dooiy can be found via search. By clicking on “Follow” you become a follower of the account, which is visible to the administrators of the account as well as to your friends and possibly other users of TikTok. When you access the dooiy service, personal user data, i.e. data with which you can be personally identified, is collected. Please note that the extent of the data transfer depends on whether you access the TikTok account anonymously or are already logged in with your own profile. We expressly point out that TikTok stores the data of the users of its services (e.g. personal information, IP address, etc.) and may also use this data for business purposes. We hereby inform you that you use the Tik-Tok service on your own responsibility. What information TikTok receives and how it is used is described in general terms in TikTok’s privacy policy.

You can find more information about TikTok’s data processing in TikTok’s privacy policy at: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

We have no influence on the data collection and further processing by TikTok. Furthermore, it is not clear to us to what extent, where and for how long the data is stored, to what extent TikTok complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy.

Data transfers to the USA within the scope of our social media presence

For the US providers mentioned in this section (Facebook, Instagram, LinkedIn, YouTube), further protection mechanisms are required to ensure the level of data protection of the GDPR, as a data transfer to the USA takes place. To ensure this, we have agreed standard data protection clauses with the providers in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipients of the data in the USA or China to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipients in the USA.

Handling of applicant data

We offer you the opportunity to apply for a professional or voluntary position with us (e.g. by e-mail). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary to decide whether to take up employment with us. The legal basis for this is § 26 BDSG-neu according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 Para. 1 lit. b DSGVO for the purpose of implementing the employment relationship.

Retention period of the data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 Para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.

Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

Your rights

Detailed information on your rights in connection with the processing of your data can be found in point 6.1. of this data protection declaration.

Your rights as a data subject

Right to information

You have the right to request information from us at any time about the personal data we process that concerns you within the scope of Art. 15 DSGVO. To do this, you can send a request by post or e-mail to the address given below.

Right to correct incorrect data

You have the right to demand that we correct your personal data without delay if it is incorrect. To do so, please contact us at the address below.

Right to erasure

You have the right, under the conditions described in Art. 17 DSGVO, to demand that we delete the personal data concerning you. These conditions provide in particular for the right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section 5 of this data protection declaration. To exercise your right to erasure, please contact us at the addresses below.

Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 DSGVO. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data are no longer necessary for the purposes pursued by us, but the user requires them for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.

Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 DSGVO. To exercise your right to data portability, please contact us at the addresses below.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) DSGVO, in accordance with Article 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

Right of complaint

You also have the right to contact the competent supervisory authority in the event of a complaint.

Storage period in general

Unless a more specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have another legally permissible reason for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.

Data security

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Changes to the data protection declaration

We always keep this data protection declaration and all the data protection information it contains up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data. The current version of the data protection declaration is always available under “Data protection declaration” in the footer of this website.

Status: 15.12.2022