• Kontakt Info:
  • Langenstr. 66b, 18439 Stralsund
  • Mobil: +49 171 8367831
  • Telefon: +49 3831 4349530
  • info@orcas.de

Der große Messenger Vergleich

Es gibt zahlreiche Messenger auf dem Markt. Aber welchen Messenger kann man für die berufliche Kommunikation einsetzen? Welche beachten die DSGVO und gelten als sicher? Mit welchem Messenger kann man von Freunden erreicht werden? Welchen können mit welchem Handy und welche auf dem Desktop mit Windows, MacOS oder Linux benutzt werden? Viele Fragen die wir versuchen in unserem großen Messenger-Vergleich zu beantworten.

Dabei nehmen wir nicht nur die allseits bekannten Messenger WhatsApp, Facebook Messenger und Skype unter die Lupe, sondern auch Telegram, Signal, Threema und Hangouts, alt bekannte wie ICQ und Jabber und natürlich auch eher unbekannte wie Viber, Wire, SIMSme, Hoccer, Discord und YooYuu. Mit teilweise überraschenden Ergebnissen.

Jeder Messenger und jedes bewertete Feature lässt sich einzeln kommentieren.

Facebook vs. DSGVO

Große Probleme angesichts des Inkrafttretens der DSGVO dürfte derzeit immer noch Facebook haben. Während Whatsapp und Apple hinsichtlich iCloud ausdrücklich von gewerbsmäßiger Nutzung ihrer Dienste abraten, vertritt das Unternehmen weiterhin aktuell entgegen der Datenschutzkonferenz, einem Gremium bestehend aus den unabhängigen Datenschutzbehörden, die Auffassung, dass die angebotenen Dienste im Einklang mit der DSGVO ständen.

https://www.datenschutz-berlin.de/pdf/publikationen/DSK/2018/2018-DSK-Facebook_Fanpages.pdf

“We want to be clear that Facebook Pages and Page Insights remain legal “

https://www.facebook.com/business/news/updates-for-page-admins-in-the-eu-and-the-eea

Sollte man nun vor lauter Verunsicherung sämtliche Unternehmensaktivitäten beim weltweit größten “Social” Net verbannen? Eine sehr gute und auch ausführliche Zusammenfassung dazu gibt es bei heise.de:

https://www.heise.de/newsticker/meldung/Analyse-zum-EuGH-Urteil-Noch-kein-Grund-Facebook-Seiten-zu-schliessen-4069690.html

bestehende Situation

Knackpunkt in der ganzen Debatte ist die Mitverantwortung des Nutzers an der Verarbeitung personenbezogener Daten. Viele argumentieren hier, dass sie keinen Einfluss auf die Verarbeitung hätten. Einerseits lassen viele gewerbliche Nutzer die Sorge um personenbezogenen Daten Dritter weitgehend vermissen und sind sich der Folgen leichtfertigen Umganges mit Daten nicht bewusst. Es lässt sich auch wohl nicht von heute auf morgen erwarten, dass sich das ändert. Andererseits zeigt sich Facebook bisher wenig flexibel, was die Anpassung des eigenen Geschäftsmodells an europäischen Datenschutz anbelangt. Facebook trägt hier also ganz klar die Verantwortung ein Produkt anzubieten, das sich ohne Bauchschmerzen in der EU ( s. Facebook – Urteil ) einsetzen lässt. Das sollte auch für Nutzer gelten, welche mitunter nicht so viel zusätzliche Zeit aufbringen können die neuen gesetzlichen Vorgaben im Einzelnen zu verstehen.

Personenbezogene Daten sind natürlich keine Ware, die man handeln könnte, sondern ein schutzwürdiges Gut. Hier fehlt immer noch Bewusstsein, auch im Sinne von Vertrauen erweckenden Geschäftsprozessen. Könnte sich jeder bedenkenlos ohne Sorgen und ohne Angst vor den Gefahren von Wirtschaftsspionage und Überwachung überall anmelden, würde sich das mit Sicherheit auch positiv auf geschäftliche Strukturen in vielen verschiedenen Bereichen auswirken. Andererseits kalkulieren Nutzer den Verkauf ihrer persönlichen Daten mehr oder weniger mit ein. Sie sind sich jedoch oft nicht wirklich über alle Folgen bewusst.

Doch auch dem, der sich schon Gedanken gemacht hat, bleibt es in Sachen Facebook nur abzuwarten. Welche Webdienste sicher eingesetzt werden können, wird sich erst in Zukunft entscheiden.

Bildquelle: https://pixabay.com/de/facebook-meeting-social-personen-260818/

orcas auf dem 3. Tag des Mittelstandes

Der 3. Tag des Mittelstandes findet am 08.09.2018 auf dem Alten Markt in Stralsund in der Zeit von 11:00 – 17:00 Uhr statt. Eine Veranstaltung der Stralsunder Mittelstandsvereinigung e. V.. Wir zeigen dort der Öffentlichkeit unser Leistungsspektrum und beantworten Fragen zum Datenschutz, Suchmaschinenoptimierung, Social Media und allgemein zu Web-Seiten Erstellung bzw. Web-Entwicklung. Wir teilen uns den Stand mit der IT-Lagune, die Fragen zum Verein selbst, zu den BitKoeppen, zum geplanten IT-Center und allen anderen IT-Lagune Projekten beantwortet. Als Highlight zeigen wir 3D-Druck in Aktion und sinnvolle Beispiele der Anwendung. Kommt vorbei und schaut es Euch an.

EU-US Privacy Shield und DSGVO – Facebook, Whatsapp, Twitter, Google

Vielen Nutzern stellt sich die Frage, welche Webdienste gerade im geschäftlichen Umfeld nach den Vorgaben der DSGVO bedenkenlos genutzt werden können. Es geisterten auch schon einige Meldungen durch die Medien, u. a. dass die Nutzung von Whatsapp für Handwerkerfotos nicht mehr möglich ist. Welche Bedeutung hat die “EU-US Privacy Shield”-Zertifizierung?

EU-US Privacy Shield

Da ein Großteil des genutzten Internets immer noch durch amerikanische Firmen bestimmt wird, spielt hier die nicht unumstrittene “EU-US Privacy Shield”-Zertifizierung eine wichtige Rolle. Nach dem Bruch des “Safe-Harbor Abkommens” (heise.de berichtete) stellt diese eine Orientierung bereit um zu entscheiden, ob Dienste von Unternehmen aus nicht EU-Ländern in Europa genutzt werden dürfen. Die Unternehmen in dieser Liste haben sich zertifizieren lassen und sich damit verpflichtet die Grundsätze des europäischen Datenschutzrechts zu befolgen. Google, Facebook, Twitter, Microsoft und auch Whatsapp finden sich in der Liste der zertifizierten Unternehmen auf https://www.privacyshield.gov/list. Apple findet sich übrigens nicht in der Liste.

AV-Vereinbarung

Spätestens seit dem Urteil in Sachen Facebook wurde klar gestellt, dass eine sogenannte “gemeinsame Verantwortung” des Nutzers zusammen mit dem Anbieter des Webdienstes in Sachen personenbezogene Daten vorliegt. Gerade vor diesem Hintergrund ist allerdings wichtig, dass bei nicht privater Nutzung, also auch z. B. im Verein, eine entsprechende AV-Vereinbarung als organisatorische Maßnahme mit dem jeweiligen Anbieter  zustande kommt.

Rechtliche Position

Wie wackelig der rechtliche Bezug auf die EU-US Privacy Shield Zertifizierung ist, zeigt sich bei Whatsapp. Whatsapp ist zertifiziert, scheidet aber für die Nutzung im nicht privaten Umfeld aus, da ohne Einwilligung des Nutzers personenbezogene Daten erfasst werden, um gewohnte Funktionen bereit zu stellen. Damit ist jedem Nutzer klar, dass gegen die Grundsätze der DSGVO verstoßen wird. So kann man sich auch nicht mehr auf die “rechtliche Krücke” der EU-US Privacy Shield Zertifizierung zurück ziehen. Whatsapp schließt übrigens in seinen AGB’s die Nutzung im nicht privaten Umfeld ohne extra Zustimmung durch Whatsapp aus.

Besonders kritisch ist bei Whatsapp die Freigabe der Kontaktliste zu betrachten. Ein Nutzer darf der Freigabe eigentlich erst zustimmen, wenn er von allen Kontakten, deren Daten nicht öffentlich zugänglich sind, eine Einwilligung hat. Die Kontaktdaten in der persönlichen Kontaktliste sind nämlich gar nicht seine eigenen Daten, sondern gehören der jeweiligen Person. Siehe dazu auch “WhatsApp: Datenschutzkonforme Nutzung möglich?“.

Etwas anders verhält es sich im Falle von Apple. Hier sind Produkte grundsätzlich etwas mehr auf Datenschutz ausgelegt. Dennoch wird z.B. die “iCloud” für Unternehmen zum Problem, s. https://www.datenschutz-guru.de/warum-apples-icloud-fur-unternehmen-derzeit-ein-problem-sein-kann/.

In der Frage der Einwilligung in die Erfassung personenbezogenener Daten laufen im Moment außerdem Verfahren gegen Google und Facebook. Hier wird wiederum deutlich, dass eine wie auch immer geartete Zertifizierung einen Anhaltspunkt, jedoch keine Garantie dafür bietet, dass ein Webdienst im geschäftlichen Umfeld genutzt werden darf oder sollte.

Europäische Rechenzentren

In Sachen Technik und IT-Sicherheit ist es zu Recht umstritten, ob personenbezogene Daten grundsätzlich im Unternehmensnetzwerk oder der Cloud besser aufgehoben sind. Da muss einfach je nach Situation entschieden und abgewogen werden.

Microsoft

Eine Sonderposition nimmt hier aktuell Microsoft ein. Die Firma betreibt für Firmen eigene Rechenzentren in Europa und möchte so ausschließen, dass Daten in die USA übertragen werden. Das führte auch schon zu rechtlichen Auseinandersetzungen zwischen Microsoft und dem FBI (Microsoft setzt sich bei Datenabfrage gegen FBI durch). Aber aufpassen, denn das bedeutet nicht, dass alle von Microsoft angebotenen Dienste als datenschutzkonform nach DSGVO zu betrachten sind. Die Speicherung von Daten in europäischen Rechenzentren zum Beispiel lässt sich Microsoft extra bezahlen.

Fazit

Insgesamt zeigt sich inzwischen deutlich, dass die mittlerweile gewohnte Nutzung einiger Webdienste Probleme im Kontext des europäischen Rechtsraumes mit sich bringt. Rechtskonform in Bezug auf die Nutzung amerikanischer Dienste verhält man sich scheinbar nur durch völligen Verzicht.

Ob der Druck durch die EU Kommission und dem europäischen Markt groß genug wird, dass gerade häufig in Anspruch genommene amerikanische Firmen in Sachen Datenschutz nachbessern, bleibt abzuwarten.

Warum sollten alle Dateisysteme verschlüsselt sein?

In einem Unternehmen sollten alle Dateisysteme, nicht nur die von mobilen Geräten wie Laptops, USB-Sticks und Smartphones, verschlüsselt sein, weil das Vorbeugen gegen Missbrauch unter die vorgeschriebene Sorgfaltspflicht fällt. Kommt es zu einem, nach DSGVO, meldepflichtigen Vorfall oder zu einer Kontrolle durch die Aufsichtsbehörden, können Ihnen unverschlüsselte Dateisysteme als grob fahrlässig ausgelegt werden und zu Strafen führen.

Davon bleibt unbeschadet, dass es Ihnen mit Sicherheit auch lieber ist, dass Diebe mit Ihren Daten nichts anfangen und so auch keine Folgeschäden verursachen können.

Wer benötigt einen Datenschutzbeauftragten?

Die DSGVO und das BDSG schreiben für alle Firmen, Unternehmen, Vereine, Organisationen usw. einen Mindeststandard für den Datenschutz vor. Einige müssen sogar einen Datenschutzbeauftragten benennen, der dann dem Landesdatenschutzbeauftragten gemeldet werden muss. Aber wer genau benötigt so einen Datenschutzbeauftragten?

Allgemein bekannt scheint die im §38 Art. 1 BDSG (neu) genannte Regelung zu sein, nach der ein Unternehmen, in dem mindestens 10 Personen (Angestellte oder auch freie Mitarbeiter) ständig mit der automatisierten Verarbeitung von personenbezogenen Daten beschäftigt sind, einen Datenschutzbeauftragten benötigen. Es gibt aber eine Vielzahl weiterer Regelungen und damit verbundener Auslegungen. Unter folgenden Bedingungen ist beispielsweise auch ein Datenschutzbeauftragter erforderlich:

  • bei Unternehmen mit mehr als 250 Mitarbeitern,
  • in ärztlichen Gemeinschaftspraxen in denen mehr als ein Arzt auf die selben Patientendaten zugreifen kann,
  • in einer Arztpraxis, in der die Anzahl der Betroffenen erheblich über dem Betroffenenkreis eines durchschnittlichen, durch ErwGr. 91 Satz 4 privilegierten Einzelarztes, liegt,
  • in Behörden oder öffentlichen Stellen (mit Ausnahme von Gerichten, die im Rahmen ihrer justiziellen Tätigkeit handeln),
  • bei Verarbeitung besonderer Arten von personenbezogenen Daten nach Art. 9 DSGVO
  • bei Notwendigkeit einer Datenschutzfolgeabschätzung (DSFA)
  • wenn der überwiegende Geschäftszweck die Verarbeitung von personenbezogenen Daten ist
    • dazu werden die meisten IT-Unternehmen gezählt, da durch Zugriff auf unternehmensfremde Systeme i. d. R. ein Zugriff auf personenbezogene Daten gegeben ist, auch wenn diese praktisch nicht verarbeitet werden. Ausnahmen stellen hier lediglich Designer dar, welche keinen umfassenden Zugriff auf Systeme ihrer Kunden erhalten.
  • wenn die „Kerntätigkeit“ eine „umfangreiche regelmäßige und systematische Überwachung von Personen“ beinhaltet,
  • wenn eine geschäftsmäßige Verarbeitung personenbezogener Daten zum Zweck der Übermittlung, der anonymisierten Übermittlung oder für Zwecke der Markt- oder Meinungsforschung vorliegt.

Datenschutz nach DSGVO, die nächste große Hürde nach dem Euro?

ein Abriss zwei Monate nach Inkrafttreten der DSGVO

Wenn man die Diskussion zum Thema verfolgt, so geht es vor allem um Eines: nebulöse neue Bedingungen für den Geschäftsbetrieb, das Business sowie alle möglichen Organisationsstrukturen, z. B. Vereine – Bedingungen, die eigentlich gar nicht umsetzbar seien und nur Kosten in die Höhe trieben, wobei alle Unternehmen und Organisationen, die tatsächlich viele Daten verarbeiten, mit ihren Rechtsabteilungen ohne viele Reibereien davon kämen; und Eigenlob auf der anderen Seite in den gesetzgebenden Instanzen für einen scheinbar gelungenen zeitgemäßen Datenschutz.

Praktisch stellt sich jedoch allein die Frage, welche neuen und beständigen, andererseits, welche unmittelbaren Vorgaben wurden hier seitens EU und deutschem Gesetzgeber, der ja schon mal mit hoher Durchfallquote beim Bundesverfassungsgericht glänzt, gemacht. Und darum soll es hier gehen.

Die erste Frage, die sich stellt: Was ändert sich für mich auch ohne Datenschutzbeauftragten?

Wer sich mit dem Thema Datenschutz auseinander setzt, der weiß, dass künftig nahezu jede Organisationsstruktur, angefangen beim Verein, die personenbezogene Daten, auch im Auftrag Dritter, erfasst und verarbeitet, als Verantwortliche eine Menge Dokumentationen zu erstellen hat, mit denen der Schutz personenbezogener Daten nachgewiesen werden kann und auch muss. Dazu zählt in erster Linie das Verfahrensverzeichnis, welches künftig standardmäßige für alle verbindliche Verfahren definiert, um Daten zu verarbeiten. Gerade bei der Erstellung eines Verfahrensverzeichnisses kann sich durchaus auch herausstellen, dass eine DSFA (Datenschutzfolgeabschätzung, begrifflich eine Nachfolgerin der Technikfolgeabschätzung) notwendig wird. Somit ist auch ein Datenschutzbeauftragter zu bestellen. Daneben wird für alle auch die Dokumentation zu Berechtigungen, Sicherheit, Backup und Notfällen Pflicht. Doch die Dokumentation allein reicht nicht. Es muss künftig gerade auch ein sowohl technisches als auch organisatorisches, gegebenenfalls erhöhtes, Sicherheitsniveau sicher gestellt sein oder geschaffen werden, damit personenbezogene Daten allein überhaupt erfasst und verarbeitet werden dürfen. Wichtig ist vor allem, dass künftig nur noch auf verschlüsselte Datenträger gespeichert wird. Der Gesetzgeber verlangt darüber hinaus auch organisatorische Garantien, wie z. B. spezielle Vereinbarungen. Konkret vorgeschrieben ist die sogenannte Auftragsdatenverarbeitungsvereinbarung (AV-Vereinbarung).
Wird keine Dokumentation erstellt, vor allem – fehlt ein Verfahrensverzeichnis oder AV-Vereinbarungen – wird dies wiederum als grob fahrlässig angesehen.

Was muss ich Betroffenen gegenüber künftig beachten?

Betroffenen, von den Daten verarbeitet werden, steht künftig ein Auskunftsrecht über alle gespeicherten Daten zu. Das gilt auch gegenüber Behörden. Betroffene müssen außerdem anders als bisher informiert werden, sollten sie nicht ohnehin Kenntnis von der Erfassung und Speicherung ihrer Daten erlangt haben.
Außerdem ist die Verfügbarkeit der personenbezogenen Daten sicher zu stellen.

Brauche ich nun einen Datenschutzbeauftragten und was kann mir passieren?

Mit dieser Frage sind nach bisheriger Erfahrung mit dem neuen Datenschutz viele überfordert. Habe ich mehr als 9 Mitarbeiter, die hauptsächlich mit personenbezogenen Daten beschäftigt sind, d. h. in der Regel Management, Verwaltung und Buchhaltung? Wenn ja, dann ist ein Datenschutzbeauftragter notwendig. Doch das ist nicht das einzige Kriterium. Werden möglicherweise besondere Kategorien personenbezogener Daten, also solche, die besonders sensibel sind und eines erhöhten Schutzniveaus bedürfen, verarbeitet oder fallen solche an, z. B. eine weiträumige Videoüberwachung öffentlich zugängiger Bereiche, oder ist für eine Verarbeitung eine DSFA nötig? Auch dann ist ein Datenschutzbeauftragter nötig, unabhängig von der Anzahl der Mitarbeiter. Dazu gibt es von den Datenschutzbehörden Listen mit Verarbeitungstätigkeiten, hier die Liste für Mecklenburg-Vorpommern (https://www.datenschutz-mv.de/static/DS/Dateien/DS-GVO/Hilfsmittel%20zur%20Umsetzung/MV_DSFA_Muss-Liste.pdf), die auf jeden Fall einer DSFA bedürfen. Zusätzlich gibt es für spezielle Berufsgruppen wie z. B. Rechtsanwälte, Steuerberater und Ärzte Ausnahmeregelungen. Trotzdem ist z. B. bei ärztlichen Gemeinschaftspraxen auch bei weniger als 10 Mitarbeitern nach allgemeiner Auffassung ein Datenschutzbeauftragter notwendig.
Es zeigt sich also, dass nicht mehr wie bisher die Unternehmensgröße allein eine Rolle spielt.
Wird ein Datenschutzbeauftragter allerdings trotz mitunter nicht einfach nachvollziehbarer Vorgaben nicht bestellt, dann wird das in Zukunft als fahrlässig angesehen und aller Wahrscheinlichkeit nach mit einem Bußgeld belegt.

Was ist die Grundlage des neuen Datenschutzes nach EU-Recht?

Grundlage des “neuen” Datenschutzes ist ein Verbot der Verarbeitung personenbezogener Daten außer zu gesetzlich vorgeschriebenen Zwecken mit Erlaubnisvorbehalt. Dieser Erlaubnisvorbehalt stützt sich im Wesentlichen auf die Einwilligung des Betroffenen sowie mitunter ein berechtigtes Interesse des Verantwortlichen zu Verarbeitung. Wer also tatsächlich  bedenkenlos persönliche Daten weg gibt, dem ist möglicherweise auch in Zukunft nicht geholfen. Darüber hinaus wird es im Einzelnen schon mal kompliziert. Der Erlaubnisvorbehalt ist zudem an einen genau definierten Zweck der Verarbeitung gebunden. Der Wegfall des Zweckes der Verarbeitung von Daten bedingt grundsätzlich deren Löschung. Zusammen mit dem Zweck gibt es ein Gebot der Minimierung von zu verarbeitenden Daten. Außerdem besteht künftig ein Koppelungsverbot. Es dürfen Informationsdienste nicht an die Erfassung personenbezogener Daten gekoppelt werden. Das bereitet derzeit vor allem Facebook und auch Google Kopfzerbrechen.

Fazit

Der neue Datenschutz hat es in sich. Unternehmen und Organisationen müssen künftig nachweisen, dass sie sich um Datenschutz nicht nur bemüht, sondern diesen aktiv umgesetzt haben und im Tagesgeschäft beachten. Einerseits gibt es mitunter noch keine klaren Vorgaben, was zu tun ist, auf der anderen Seite jedoch bereits drastischere Möglichkeiten der Sanktionierung als bisher.

Was sich allgemeiner definiert als Zweckbindung, Datenminimierung, Betroffenenrechte, Transparenz und Sicherheit und auf der technischen Seite mit Integrität, Vertraulichkeit, Zuverlässigkeit ganz gut anhört, ist doch mitunter nicht so leicht zu verstehen und umzusetzen.
Andererseits möchten mit Sicherheit auch Sie, dass Ihre Geschäftspartner und Dienstleister mit Ihren Daten verantwortungsvoll umgehen.

Updates

04.08.2018 – Fazit

17.08.2018 – Korrekturen und Formulierungen

21.08. 2018 – Beitragsbild

Quellenangaben

https://pixabay.com/en/privacy-policy-privacy-data-security-3583612/

Sind Sie es leid, immer wieder dieselbe Auswahl zu treffen?
Wichtiger Hinweis
DSGVO Nachricht
  • Beschreibung
    Weitere Informationen sind nicht bekannt.
  • Beschreibung
    Weitere Informationen sind nicht bekannt.
  • Beschreibung
    Weitere Informationen sind nicht bekannt.
  • Beschreibung
    Weitere Informationen sind nicht bekannt.

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Details can be found in our privacy policy under the heading "Third-party modules and analytics."

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Mario Gleichmann - orcas
Frankendamm 45
18439 Stralsund

Telephone: +4938314349530
Email: info@orcas.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.

In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Arne Pisch
Frankendamm 45
18439 Stralsund

Telephone: +4938314349530
Email: arne.pisch@orcas.de

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Leaving comments on this website

If you use the comment function on this site, the time at which you created the comment and your email address will be stored along with your comment, as well as your username, unless you are posting anonymously.

Storage of the IP address

Our comment function stores the IP addresses of those users who post comments. Since we do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.

Subscribing to the comment feed

As a user of this site, you can sign up to receive the comment feed after registering. Your email address will be checked with a confirmation email. You can unsubscribe from this function at any time by clicking the link in the emails. The data provided when you subscribed to the comments feed will then be deleted, but if you have submitted this data to us for other purposes or elsewhere (such as subscribing to a newsletter), it will be retained.

How long comments are stored

The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).

Legal basis

The comments are stored based on your consent per Art. 6 (1) (a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Processing of data (customer and contract data)

We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.

Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Data transferred when signing up for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

5. Social media

Facebook plugins (Like & Share buttons)

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook's privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

Twitter plugin

Functions of the Twitter service have been integrated into our website and app. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “Retweet” function, the websites you visit are connected to your Twitter account and made known to other users. In doing so, data will also be transferred to Twitter. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by Twitter. For more information on Twitter's privacy policy, please go to https://twitter.com/privacy.

Your privacy preferences with Twitter can be modified in your account settings at https://twitter.com/account/settings.

Google+ plugin

Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1'd a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.

Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.

Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users' +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.

Instagram plugin

Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.

For more information, see the Instagram Privacy Policy: https://instagram.com/about/legal/privacy/.

Tumblr plugin

Our pages use the buttons of the Tumblr service. It is operated by Tumblr, Inc., 35 East 21st St., 10th Floor, New York, NY 10010, USA.

These functions allow you to share a post or a page on Tumblr or to follow the provider on Tumblr. When you visit one of our websites using the Tumblr button, the browser establishes a direct connection to the Tumblr servers. We have no influence on the amount of data that Tumblr gathers and transmits with the plugin. Based on our current knowledge, we believe that the user's IP address and the URL of the respective website are transmitted.

Further information can be found in Tumblr's privacy policy at https://www.tumblr.com/policy/de/privacy.

LinkedIn plugin

Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.

More information can be found in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

XING Plugin

Our website uses features provided by the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.

For more information about data protection and the XING Share button, please see the XING privacy policy at https://www.xing.com/app/share?op=data_protection.

Pinterest plugin

Our website contains functions of the Pinterest social network, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.

When you visit a page containing the Pinterest social plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits this log data to Pinterest servers in the United States. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.

More information about the purpose, scope and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in the privacy notices of Pinterest: https://about.pinterest.com/de/privacy-policy.

6. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Matomo (formerly Piwik)

This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.

If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.

[Hier Matomo iframe-Code einfügen] (Klick für die Anleitung)

WordPress Stats

This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA.

WordPress Stats uses cookies that are stored on your computer and allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address will be anonymized after processing and before storage.

WordPress Stats cookies remain on your device until you delete them.

The storage of "WordPress Stats" cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. The functionality of our services may be limited when cookies are disabled.

You can object to the collection and use of your data at any time with future effect by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.

If you delete the cookies on your computer, you will have to set the opt-out cookie again.

Google AdSense

This website uses Google AdSense, a service for including advertisements from Google Inc. ("Google"). It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google AdSense uses so-called "cookies", which are text files stored in your computer that enable an analysis of the way you use the website. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as the visitor traffic on these pages can be evaluated.

The information generated by cookies and web beacons relating to your use of this website (including your IP address), and delivery of advertising formats, is transmitted to a Google server in the US and stored there. This information can be passed on from Google to contracting parties of Google. However, Google will not merge your IP address with other data you have stored.

AdSense cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

You can prevent the installation of cookies by setting your browser software accordingly. Please be aware that in this case, you may not be able to make full use of all the features of this website. By using this website, you agree to the processing of data relating to you and collected by Google as described and for the purposes set out above.

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.

To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.

For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.

Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users' identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.

Check out Facebook's privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

7. Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service which organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.

MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.

We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp's servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

For details, see the MailChimp privacy policy at https://mailchimp.com/legal/terms/.

Completion of a data processing agreement

We have entered into a data processing agreement with MailChimp, in which we require MailChimp to protect the data of our customers and not to disclose said data to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

8. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Vimeo

Our website uses features provided by the Vimeo video portal. This service is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. In addition, Vimeo will receive your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

When you call up a page of our website that contains a social plugin, your browser makes a direct connection with Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

SoundCloud

On our pages, plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated. The SoundCloud plugins can be recognized by the SoundCloud logo on our site.

When you visit our site, a direct connection between your browser and the SoundCloud server is established via the plugin. This enables SoundCloud to receive information that you have visited our site from your IP address. If you click on the "Like" or "Share" buttons while you are logged into your SoundCloud account, you can link the content of our pages to your SoundCloud profile. This means that SoundCloud can associate visits to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by SoundCloud. For more information on SoundCloud's privacy policy, please go to https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to associate your visit to our site with your SoundCloud account, please log out of your SoundCloud account.

Spotify

Features of the Spotify music service are included on our pages. This service is provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. The Spotify plugins can be recognized by the green logo on our site. For an overview of the Spotify Plugins, see https://developer.spotify.com.

Thus, when you visit our pages about the plugin a direct connection can be established between your browser and the Spotify server. This enables Spotify to receive information that you have visited our site from your IP address. If you click the Spotify button while you are logged into your Spotify account, you can link the content of our pages to your Spotify profile. This means that Spotify can associate visits to our pages with your user account.

More information can be found in the Spotify privacy policy at https://www.spotify.com/de/legal/privacy-policy/.

If you do not want Spotify to associate your visit to our site with your Spotify account, please log out of your Spotify account.

9. Online marketing and affiliate programs

Amazon affiliate program

The site operators participating in the Amazon EU partner program. Our pages contain advertisements and links to the sites run by amazon.de through which we can earn referral fees. Amazon uses cookies to trace the origin of the orders. As a result, Amazon can detect that you clicked the affiliate link on our website.

The storage of Amazon cookies is based on Art. 6 (f) DSGVO. The website operator has a legitimate interest in this service since it only receives credit for referral fees if these cookies are set.

To obtain more information about how Amazon uses your data, see the Amazon privacy policy at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.

10. Payment service providers

PayPal

Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.

If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.

x