Privacy Policy
Introduction and Overview
We have written this privacy policy (version 21.02.2025-312952343) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (referred to as "data") we, as the data controller – and the processors we commission (e.g., providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral. In short: We inform you comprehensively about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it helps transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible with brief, unclear, and legally-technical explanations, as is often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information you were not yet aware of. If you still have questions, we kindly ask you to contact the responsible office listed below or in the legal notice, follow the provided links, and consult additional information on third-party sites. You can also find our contact details in the legal notice.
Scope of Application
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Article 4 No. 1 of the GDPR, such as a person’s name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:
all online presences (e.g., websites) that we operate,
social media presences and email communication,
mobile apps for smartphones and other devices.
In short: This privacy policy applies to all areas in which personal data is processed in a structured manner within the company through the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
Legal Foundations
In the following privacy policy, we provide you with transparent information about the legal principles and regulations — that is, the legal bases of the General Data Protection Regulation — that allow us to process personal data. Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions is met:
Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase agreement with you, we need personal information in advance.
Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and efficiently. This processing is therefore a legitimate interest.
Other conditions such as processing in the public interest, the exercise of official authority, or the protection of vital interests generally do not apply to us. If such a legal basis should become relevant, it will be indicated at the appropriate point.
In addition to the EU regulation, national laws also apply:
In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
In Germany, the applicable law is the Federal Data Protection Act, abbreviated as BDSG
Contact details of the controller
If you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR):
Noris Biochemie GmbH
John Cosmo da Silva
Emil-Hoffmann-Str. 55–59
50996 Cologne, Germany
Authorized representative: John Cosmo da Silva
Email: jdasilva@noris-biochemie.de
Phone: +49 (0) 22364909499
Imprint: https://noris-biochemie.de/impressum
Storage duration
That we only store personal data for as long as is absolutely necessary for the provision of our services and products is considered a general principle for us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to apply, for example for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.
We will inform you about the specific duration of each data processing operation further below, if we have additional information on this.
Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to ensure fair and transparent processing of your data:
According to Article 15 GDPR, you have the right to know whether we process any of your personal data. If that is the case, you have the right to receive a copy of the data and obtain the following information:
the purpose for which we process the data;
the categories, i.e. the types of data being processed;
who receives this data and, if the data is transferred to third countries, how its security is guaranteed;
how long the data will be stored;
the existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing;
that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
the source of the data, if it was not collected directly from you;
whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile about you.
According to Article 16 GDPR, you have the right to rectification, which means we must correct your data if you find any errors.
According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which means you may request the deletion of your personal data.
According to Article 18 GDPR, you have the right to restriction of processing, which means we may only store your data but not use it further.
According to Article 20 GDPR, you have the right to data portability, which means we must provide your data to you in a commonly used format upon request.
According to Article 21 GDPR, you have the right to object to processing, and if exercised, this will lead to a change in how your data is processed.
If the processing of your data is based on Article 6(1)(e) (public interest or exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing. We will then review as quickly as possible whether we are legally able to comply with your objection.
If your data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
If your data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
According to Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing (such as profiling), under certain conditions.
According to Article 77 GDPR, you have the right to lodge a complaint. This means you may contact a data protection authority at any time if you believe that the processing of your personal data violates the GDPR.
In short: You have rights – don’t hesitate to contact the responsible office listed above!
If you believe that the processing of your data violates data protection law or that your rights have been infringed in any other way, you can lodge a complaint with the relevant supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/.
In Germany, each federal state has its own data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
North Rhine-Westphalia Data Protection Authority
State Commissioner for Data Protection: Bettina Gayk
Address: Kavalleriestraße 2-4, 40213 Düsseldorf
Phone number: +49 211 384 24-0
Email address: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de/
Security of Data Processing
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible within our capabilities for third parties to draw conclusions about personal information from our data.
Article 25 of the GDPR refers to “data protection by design and by default,” meaning that security must always be considered and appropriate measures taken—both in software (e.g., forms) and hardware (e.g., access to the server room). Below, we will outline specific measures if necessary.
Communication
Communication Summary
Data subjects: All individuals who communicate with us via telephone, email, or online form
Processed data: e.g. phone number, name, email address, entered form data. More details can be found under each specific communication method
Purpose: Handling communication with customers, business partners, etc.
Storage duration: Duration of the business transaction and as required by legal obligations
Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)
If you contact us and communicate via telephone, email, or online form, personal data may be processed.
The data is processed for handling and managing your inquiry and the related business transaction. The data is stored for as long as necessary for that purpose or as required by law.
Data subjects
All individuals who contact us via the communication channels we provide are affected by the described processes.
Telephone
If you call us, call data is pseudonymously stored on the respective device and by the telecommunications provider used. In addition, data such as name and phone number may be sent via email and stored for response purposes. The data is deleted once the business transaction has ended and legal provisions allow it.
If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and also on the email server. The data is deleted once the business transaction has ended and legal provisions allow it.
Online Forms
If you communicate with us via online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business transaction has ended and legal provisions allow it.
Legal Basis
The processing of data is based on the following legal grounds:
Art. 6(1)(a) GDPR (Consent): You give us your consent to store your data and use it further for purposes related to the business transaction;
Art. 6(1)(b) GDPR (Contract): It is necessary for the performance of a contract with you or with a processor such as the telephone provider, or we need to process the data for pre-contractual measures, such as preparing an offer;
Art. 6(1)(f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communication in a professional manner. For this, certain technical systems such as email programs, Exchange servers, and mobile network providers are necessary to enable efficient communication.
Auftragsverarbeitungsvertrag (AVV)
In diesem Abschnitt möchten wir Ihnen erklären, was ein Auftragsverarbeitungsvertrag ist und warum dieser benötigt wird. Weil das Wort “Auftragsverarbeitungsvertrag” ein ziemlicher Zungenbrecher ist, werden wir hier im Text auch öfters nur das Akronym AVV benutzen. Wie die meisten Unternehmen arbeiten wir nicht alleine, sondern nehmen auch selbst Dienstleistungen anderer Unternehmen oder Einzelpersonen in Anspruch. Durch die Einbeziehung verschiedener Unternehmen bzw. Dienstleister kann es sein, dass wir personenbezogene Daten zur Verarbeitung weitergeben. Diese Partner fungieren dann als Auftragsverarbeiter, mit denen wir einen Vertrag, den sogenannten Auftragsverarbeitungsvertrag (AVV), abschließen. Für Sie am wichtigsten zu wissen ist, dass die Verarbeitung Ihrer personenbezogenen Daten ausschließlich nach unserer Weisung erfolgt und durch den AVV geregelt werden muss.
Wer sind Auftragsverarbeiter?
Wir sind als Unternehmen und Websiteinhaber für alle Daten, die wir von Ihnen verarbeiten verantwortlich. Neben den Verantwortlichen kann es auch sogenannte Auftragsverarbeiter geben. Dazu zählt jedes Unternehmen bzw. jede Person, die in unserem Auftrag personenbezogene Daten verarbeitet. Genauer und nach der DSGVO-Definition gesagt: jede natürliche oder juristische Person, Behörde, Einrichtung oder eine andere Stelle, die in unserem Auftrag personenbezogene Daten verarbeitet, gilt als Auftragsverarbeiter. Auftragsverarbeiter können folglich Dienstleister wie Hosting- oder Cloudanbieter, Bezahlungs- oder Newsletter-Anbieter oder große Unternehmen wie beispielsweise Google oder Microsoft sein.
Zur besseren Verständlichkeit der Begrifflichkeiten hier ein Überblick über die drei Rollen in der DSGVO:
Betroffener (Sie als Kunde oder Interessent) → Verantwortlicher (wir als Unternehmen und Auftraggeber) → Auftragsverarbeiter (Dienstleister wie z. B. Webhoster oder Cloudanbieter).
Inhalt eines Auftragsverarbeitungsvertrages
Wie bereits oben erwähnt, haben wir mit unseren Partnern, die als Auftragsverarbeiter fungieren, einen AVV abgeschlossen. Darin wird allen voran festgehalten, dass der Auftragsverarbeiter die zu bearbeitenden Daten ausschließlich gemäß der DSGVO verarbeitet. Der Vertrag muss schriftlich abgeschlossen werden, allerdings gilt in diesem Zusammenhang auch der elektronische Vertragsabschluss als „schriftlich“. Erst auf der Grundlage des Vertrags erfolgt die Verarbeitung der personenbezogenen Daten. Im Vertrag muss folgendes enthalten sein:
Bindung an uns als Verantwortlichen
Pflichten und Rechte des Verantwortlichen
Kategorien betroffener Personen
Art der personenbezogenen Daten
Art und Zweck der Datenverarbeitung
Gegenstand und Dauer der Datenverarbeitung
Durchführungsort der Datenverarbeitung
Weiters enthält der Vertrag alle Pflichten des Auftragsverarbeiters. Die wichtigsten Pflichten sind:
Maßnahmen zur Datensicherheit zu gewährleisten
mögliche technische und organisatorischen Maßnahmen zu treffen, um die Rechte der betroffenen Person zu schützen
ein Daten-Verarbeitungsverzeichnis zu führen
auf Anfrage der Datenschutz-Aufsichtsbehörde mit dieser zusammenzuarbeiten
eine Risikoanalyse in Bezug auf die erhaltenen personenbezogenen Daten durchzuführen
Sub-Auftragsverarbeiter dürfen nur mit schriftlicher Genehmigung des Verantwortlichen beauftragt werden
Data Processing Agreement (DPA)
In this section, we would like to explain what a Data Processing Agreement is and why it is necessary. Since the term “Data Processing Agreement” can be a bit of a tongue-twister, we will often refer to it using the acronym DPA throughout the text. Like most companies, we do not operate alone but also use services provided by other companies or individuals. By involving various companies or service providers, it may be necessary to share personal data for processing. These partners then act as data processors, with whom we enter into a contract called a Data Processing Agreement (DPA). What is most important for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be governed by the DPA.
Who are data processors?
As a company and website operator, we are responsible for all the data we process from you. In addition to the controllers, there can also be so-called data processors. This includes any company or person who processes personal data on our behalf. More precisely, according to the GDPR definition: any natural or legal person, public authority, agency, or other body which processes personal data on our behalf is considered a data processor. Data processors may therefore include service providers such as hosting or cloud providers, payment or newsletter services, or large companies like Google or Microsoft.
To clarify the terminology, here is an overview of the three roles under the GDPR:
Data subject (you as a customer or interested party) → Controller (we as the company and client) → Data processor (service providers such as web hosts or cloud providers).
Contents of a Data Processing Agreement
As already mentioned above, we have concluded a DPA with our partners who act as data processors. The DPA primarily states that the data processor processes the data exclusively in accordance with the GDPR. The agreement must be concluded in writing; however, electronic contracts are also considered “written” for this purpose. Personal data may only be processed based on the agreement. The contract must include the following:
Obligation to follow our instructions as the controller
Duties and rights of the controller
Categories of data subjects
Type of personal data
Nature and purpose of data processing
Subject matter and duration of data processing
Place of data processing
Furthermore, the contract includes all obligations of the data processor. The most important obligations are:
Ensuring data security measures
Taking technical and organizational measures to protect the rights of the data subjects
Maintaining a record of processing activities
Cooperating with the data protection supervisory authority upon request
Carrying out a risk assessment in relation to the personal data received
Sub-processors may only be commissioned with the written approval of the controller
Cookies
Cookies Summary
Data subjects: Visitors to the website
Purpose: Dependent on the respective cookie. More details can be found below or from the software provider that sets the cookie.
Processed data: Dependent on the respective cookie. More details can be found below or from the software provider that sets the cookie.
Storage duration: Dependent on the respective cookie, ranging from hours to years.
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used, so that you can better understand the following privacy statement.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are very useful helpers. Almost all websites use cookies. To be more specific, they are HTTP cookies, as there are also other types of cookies for different purposes. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and provides you with the settings you're accustomed to. In some browsers, each cookie has its own file, while in others like Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser, like Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be assessed individually, as each one stores different data. The expiration time of a cookie can range from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies cannot access any information on your PC.
For example, cookie data might look like this:
Name: _ga
Value: GA1.2.1326744211.152312952343-9
Purpose: Distinguishing website visitors
Expiration date: after 2 years
The following minimum sizes should be supported by a browser:
At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total
What types of cookies are there?
The question of which cookies we specifically use depends on the services being used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies that can be distinguished:
Essential Cookies:
These cookies are necessary to ensure basic functions of the website. For example, these cookies are required when a user adds a product to the shopping cart, then continues browsing other pages and later proceeds to checkout. These cookies prevent the shopping cart from being cleared, even if the user closes their browser window.
Functional Cookies
These cookies collect information about user behavior and whether the user encounters any error messages. Additionally, these cookies are used to measure the loading time and the performance of the website across different browsers.
Targeting Cookies
These cookies are also known as advertising cookies. They serve to deliver personalized advertising to the user. While this can be very useful, it can also become quite annoying.
Typically, when you visit a website for the first time, you are asked which types of cookies you want to allow. This decision is then stored in a cookie.
If you want to learn more about cookies and don't mind technical documentation, we recommend RFC 6265, the Request for Comments from the Internet Engineering Task Force (IETF) titled "HTTP State Management Mechanism."
Purpose of Processing via Cookies
The purpose ultimately depends on the specific cookie. More details can be found below or with the software provider that sets the cookie.
What Data is Processed?
Cookies are small helpers for many different tasks. What data is stored in cookies cannot be generalized, but we will inform you about the processed or stored data within the framework of the following privacy policy.
Storage Duration of Cookies
The storage duration depends on the specific cookie and will be clarified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.
You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, with the legality of storage until then remaining unaffected.
Right to Object – How Can I Delete Cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.
If you want to find out which cookies have been stored in your browser, or if you wish to change or delete your cookie settings, you can do so in your browser settings:
Chrome: Cookies in Chrome löschen, aktivieren und verwalten
Safari: Verwalten von Cookies und Websitedaten mit Safari
Firefox: Cookies löschen, um Daten zu entfernen, die Websites auf Ihrem Computer abgelegt haben
Internet Explorer: Löschen und Verwalten von Cookies
Microsoft Edge: Löschen und Verwalten von Cookies
If you generally do not want any cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide whether to allow the cookie or not for each individual case. The process differs depending on the browser. It is best to search for instructions on Google using the search terms “delete cookies Chrome” or “disable cookies Chrome” if you are using the Chrome browser.
Legal Basis
Since 2009, there have been the so-called "Cookie Guidelines." These guidelines stipulate that storing cookies requires your consent (Article 6(1)(a) GDPR). However, EU countries have had different reactions to these guidelines. In Austria, the implementation of this directive was made through Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Guidelines were not implemented as national law. Instead, they were largely incorporated into Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.
For strictly necessary cookies, even when no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which are often of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often necessary.
Where cookies that are not strictly necessary are used, this only occurs with your consent. The legal basis in this case is Article 6(1)(a) GDPR.
In the following sections, you will be informed in more detail about the use of cookies, as far as the software in use deploys cookies.
Webhosting Introduction
Webhosting Summary
Affected: Visitors of the website
Purpose: Professional hosting of the website and ensuring smooth operation
Processed Data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider used.
Storage Duration: Depending on the provider, but generally 2 weeks
Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests)
What is Web Hosting?
When you visit websites today, certain information – including personal data – is automatically created and stored, as is the case on this website. This data should be processed sparingly and only when justified. By “website,” we mean all the pages within a domain, i.e., everything from the homepage to the very last subpage (like this one). A domain refers to something like beispiel.de or musterbeispiel.com.
When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We’ll just refer to it as a browser or web browser here.
To display the website, the browser needs to connect to another computer where the website’s code is stored: the webserver. Running a web server is a complex and demanding task, so it is usually handled by professional providers. These providers offer web hosting services and ensure reliable and error-free storage of website data. Quite a few technical terms, but hang in there – it’ll get clearer!
When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and transfers data to and from the web server, personal data may be processed. On one hand, your computer stores data, and on the other, the web server must also temporarily store data to ensure smooth operation.
Why do we process personal data?
The purposes of data processing are:
Professional hosting of the website and securing the operation
Maintaining operational and IT security
Anonymous evaluation of access behavior to improve our offerings and, if necessary, for law enforcement or pursuing claims
Which data is processed?
Even while you are visiting our website, our web server, which is the computer hosting this website, typically automatically stores data such as:
The complete internet address (URL) of the website you visited
The browser and browser version (e.g., Chrome 87)
The operating system used (e.g., Windows 10)
The address (URL) of the previously visited page (Referrer URL) (e.g., https://www.exampleoriginatingpage.com/whereidcamefrom/)
The hostname and IP address of the device from which the access is made (e.g., COMPUTERNAME and 194.23.43.121)
Date and time
This information is stored in files called web server log files.
How long is the data stored?
Typically, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude the possibility that it may be accessed by authorities in the event of illegal behavior.
In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!
Legal basis
The legality of processing personal data in the context of web hosting arises from Article 6 (1) letter f of the GDPR (legitimate interests), as the use of professional hosting by a provider is necessary to present the company securely and user-friendly on the internet and to potentially pursue attacks and claims arising from it.
There is usually a contract for data processing between us and the hosting provider in accordance with Article 28 of the GDPR, which ensures compliance with data protection and guarantees data security.
Website Builders Introduction
Website Builders Privacy Policy Summary
affected: visitors of the website
purpose: optimization of our service performance
processed data: data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this privacy policy and in the privacy policy of the providers.
storage duration: depends on the provider
legal basis: art. 6 para. 1 lit. f GDPR (legitimate interests), art. 6 para. 1 lit. a GDPR (consent)
What are website builders?
We use a website builder system for our website. Website builders are a special form of a content management system (CMS). With a website builder, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer website builder systems. By using a website builder, personal data from you can also be collected, stored, and processed. In this privacy notice, we provide general information about data processing through website builder systems. For more detailed information, please refer to the privacy statements of the provider.
Why do we use website builder systems for our website?
The biggest advantage of a website builder system is its ease of use. We want to provide you with a clear, simple, and user-friendly website that we can manage and maintain ourselves – without external support. A website builder system now offers many helpful features that we can use without programming knowledge. This allows us to design our web presence according to our preferences and provide you with an informative and pleasant experience on our website.
What data is stored by a website builder system?
The specific data stored depends on the website builder system used. Each provider processes and collects different data from website visitors. However, in general, technical usage information such as the operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Additionally, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may be processed. Personal data can also be collected and stored, typically including contact details such as email address, phone number (if provided), IP address, and geographic location data. For more details on what data is stored, please refer to the privacy policy of the provider.
How long and where is the data stored?
We will inform you about the duration of data processing further below, in connection with the website builder system used, if we have additional information on this. Detailed information on this matter can be found in the privacy policy of the provider. In general, we process personal data only as long as it is necessary for providing our services and products. It is possible that the provider may store data according to its own guidelines, which we have no influence over.
Right of objection
You always have the right to request information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the website builder system at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.
Cookies used by the provider for their functions can be deleted, deactivated, or managed through your browser. Depending on the browser you use, the process may vary. However, please note that some functions may no longer work as expected if you do so.
Legal basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly. The corresponding legal basis is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use the builder if you have given your consent.
If the processing of data is not essential for the operation of the website, the data will only be processed based on your consent. This specifically applies to tracking activities. The legal basis in this case is Article 6(1)(a) of the GDPR.
With this privacy policy, we have provided you with the key general information regarding data processing. If you would like more detailed information, you can find further details – if available – in the following section or in the privacy policy of the provider.
Use of Hostinger on Our Website
Hostinger Privacy Policy Summary
Affected parties: Visitors to our website
Purpose: Optimization of our service and hosting the website
Processed data: IP address, technical data (e.g., browser type, operating system), access data
Retention period: Varies depending on the type of data, details are provided below
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
What is Hostinger?
Hostinger is a web hosting service provider that we use to make our website available online. The service allows us to store and deliver data such as website content, images, and scripts. Hostinger is based in Lithuania and offers hosting services worldwide.
HOSTINGER Operations, UAB
Švitrigailos str. 34, Vilnius 03230 Lithuania
Phone: +37064503378
Email: domains@hostinger.com
Website: https://www.hostinger.com/de/legal/impressum
Why do we use Hostinger on our website?
We use Hostinger to ensure fast and reliable delivery of our website. Professional hosting improves the loading speed and security of our website and allows us to manage our content efficiently.
What data is processed by Hostinger?
When visiting our website, Hostinger automatically collects technical information, including:
IP address of the visitor
Browser type and version
Operating system
Referring URL
Visited pages on our website
Date and time of access
This data is necessary to ensure the stability and security of the website and to detect potential attacks.
How long and where is the data stored?
The storage duration varies depending on the type of data:
Server log files are usually stored for 30 days and then deleted.
Other technical data is only stored for as long as necessary for the operation of the website.
Hostinger stores the data in data centers within the EU but may also use services with external partners.
How can I delete my data or prevent data storage?
In principle, only technically necessary data is stored. If you wish to prevent storage:
Use a VPN or proxy to anonymize your IP address.
Disable cookies in your browser settings if Hostinger sets cookies.
If you have concerns about data storage, you can contact Hostinger directly:
Hostinger International Ltd.
Email: privacy@hostinger.com
Website: https://www.hostinger.de
Legal Basis
The use of Hostinger is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO), as secure and efficient hosting is required for the operation of our website.
Cookie Consent Management Platform Introduction
Cookie Consent Management Platform Summary
Affected: Website visitors
Purpose: Obtaining and managing consent for certain cookies and therefore the use of certain tools
Processed Data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool used.
Storage Duration: Depends on the tool used, typically for periods of several years
Legal Basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests)
What is a Cookie Consent Management Platform?
We use a Consent Management Platform (CMP) software on our website, which helps us and you handle the use of scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a privacy-compliant cookie consent for you, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all the cookies in use. As a website visitor, you can then decide which scripts and cookies to allow or not allow. The following graphic shows the relationship between the browser, web server, and CMP.
Why do we use a Cookie Management Tool?
Our goal is to provide you with the best possible transparency regarding data privacy. We are also legally required to do so. We want to inform you about all tools and cookies that may store and process data about you. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know which cookies are present on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all the cookies and can provide you with GDPR-compliant information. Through the consent system, you can accept or reject cookies.
What data is processed?
With our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you for consent every time you visit our website and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Typically, this data (e.g., pseudonymous user ID, consent time, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.
Duration of Data Processing
We will inform you about the duration of data processing further below, if we have additional information on this. In general, we process personal data only as long as necessary to provide our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted after you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used, and in most cases, you should expect a storage period of several years. You can usually find detailed information about the duration of data processing in the privacy policies of the individual providers.
Right to Object
You also have the right and ability at any time to withdraw your consent to the use of cookies. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.
For information about specific cookie management tools, you can refer to the following sections if available.
Legal Basis
If you consent to the use of cookies, personal data will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent also serves as the legal basis for the use of cookies or the processing of your data. To manage consent for cookies and to provide you with the opportunity to give consent, a cookie consent management platform software is used. The use of this software enables us to operate the website efficiently and in compliance with legal requirements, which represents a legitimate interest (Article 6(1)(f) GDPR).
Use of Video and Photo Elements
Videos & Photos Summary
Affected parties: Visitors to our website
Purpose: Optimizing our service performance, creating an engaging website design, and improving the user experience
Processed data: Depending on the type of embedding, the following data may be stored:
Contact data (if interaction occurs)
User behavior data (e.g., video viewing duration)
Device information (e.g., operating system, browser type)
IP address
More details can be found below in the relevant privacy texts.
Storage duration: Data is generally stored as long as it is necessary for the respective service purpose.
Legal basis: Article 6(1)(a) GDPR (consent) – if active consent is required for usage (e.g., embedded YouTube videos with tracking), Article 6(1)(f) GDPR (legitimate interest) – if the usage is necessary to provide a functional and attractive website.
What are Video and Photo Elements?
Video and photo elements are visual content that we integrate into our website to ensure an engaging and user-friendly experience. These can include embedded videos, images, or interactive graphics that are either hosted directly on our website or loaded from external platforms.
Why do we use video and photo elements on our website?
Improving user experience through engaging visual content
Conveying information in an easily understandable manner
Optimizing loading times by using external image and video services
Enhancing the attractiveness and user-friendliness of our website
What data is stored by video and photo elements?
Depending on whether an image or video is embedded from an external service, different data may be stored or transmitted:
Directly hosted content on the website: No automatic transfer to third parties
Embedded third-party content (e.g., YouTube, Pexels, Unsplash):
IP address
Browser and device data
User behavior (e.g., video viewing duration)
Cookies for user recognition (if active)
Where do we get our images from?
Images from Unsplash
Our images come from Unsplash, a platform for royalty-free images. Unsplash provides high-quality photos under a free license.
Unsplash is based in Montreal, Canada. In Canada, there is no legal obligation to provide an imprint, as required in Germany. Therefore, you will not find a traditional imprint on the Unsplash website. However, Unsplash offers a dedicated license page where the terms of use of the images are described in detail (Unsplash License).
Please note that loading images from Unsplash may transmit technical data, such as your IP address, to Unsplash servers. For more information, please refer to Unsplash's privacy policy: https://unsplash.com/privacy.Videos from Pexels
Our website uses videos from Pexels, a platform for royalty-free videos.
The provided videos are free to use without attribution. When playing an embedded video, technical data (e.g., your IP address, browser information, or device IDs) may be processed by Pexels.
For more details, please refer to Pexels' privacy policy: https://www.pexels.com/privacy-policy/.
Provider:
Canva Germany GmbH
Pappelallee 78/79, 10437 Berlin, Germany
Email: hello@pexels.com
Website: www.pexels.com
Duration of Data Processing
The duration of data processing depends on the type of embedding:
Directly hosted content: No additional storage of personal data
Embedded content: Storage according to the respective third-party provider guidelines (e.g., Unsplash, Pexels)
Cookies and tracking data from third parties may be stored for different periods. You can manage or delete them in your browser settings.
Right to Object
If you do not want data about you to be stored or transmitted:
Disable cookies and scripts from third parties in your browser settings.
Use ad blockers or special privacy plugins to minimize tracking by external providers.
If embedded videos or images set cookies, you can adjust your cookie settings on our website and refuse or withdraw consent.
Legal Basis
The processing of your data is based on the following legal grounds:
Article 6(1)(a) GDPR (Consent) – If active consent for the use of external content is required.
Article 6(1)(f) GDPR (Legitimate Interest) – If the use of images and videos is necessary for improving the website and no significant privacy concerns exist.
Processing of Application Data
Summary of Applications
Affected parties: Individuals who apply via the website
Purpose: Conducting the application process and deciding whether to establish an employment relationship
Processed data: Personal data (e.g., name, address, contact details), application documents (e.g., CV, certificates, cover letter), and any other information provided
Retention period: 6 months after the completion of the application process, unless longer storage is required (e.g., for establishing, performing, or terminating an employment relationship, or due to legal retention obligations)
Legal basis: Article 6(1)(b) GDPR (contract performance or pre-contractual measures), Article 6(1)(f) GDPR (legitimate interest), § 26 BDSG (data processing for employment purposes)
This process involves reviewing your qualifications, contacting you, and making decisions about a potential employment relationship. Your application data is exclusively processed by authorized personnel. Data will be retained only for as long as necessary for the application process or as required by law. If your application is unsuccessful, your data will be deleted after six months, unless you have consented to its retention for a longer period.
If you have any questions or concerns regarding data processing, feel free to contact us via the provided contact details.
Processing of Application Data
When you apply with us, we process the data you submit for the purpose of conducting the application process. This processing includes, in particular, reviewing your qualifications, contacting you, and making decisions regarding the potential establishment of an employment relationship.
Your application data is processed solely by authorized personnel within our company. We will only share your data with third parties if it is necessary for the application process or if you have granted us explicit consent.
If your application is unsuccessful, your data will be deleted no later than six months after the conclusion of the application process. If you agree to longer storage (e.g., for a candidate pool), the data will be stored for the agreed duration.
You have the right at any time to request information about your stored data, request its deletion, or object to further processing.
If you have any questions about data protection, you can contact us anytime using the contact details provided in the imprint.
Contact Form and Customer Inquiries
Contact Form and Customer Inquiries Summary
Affected: Individuals who use the contact form or contact us in other ways
Purpose: Processing of inquiries and communication with customers or interested parties
Processed Data: Name, email address, phone number (if provided), message text, and possibly other information provided
Storage Duration: 6 months after the inquiry is completed, unless there is a legal obligation to retain the data or the inquiry leads to a contractual relationship
Legal Basis: Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures), Article 6(1)(f) GDPR (legitimate interest in processing inquiries)
Processing of Inquiries via the Contact Form
If you use our contact form or contact us in other ways (e.g., via email or phone), we process the information you provide in order to handle your inquiry and for further communication with you.
The transmitted data will be processed exclusively by authorized employees and will not be passed on to third parties without your consent, unless this is necessary for processing your inquiry or is required by law.
Your data will be deleted no later than six months after the final processing of your inquiry, unless there are legal retention obligations or a contractual relationship arises from the inquiry.
You have the right to obtain information about your stored data, request corrections or deletions, and object to further processing.
For more information on data protection, you can contact us at any time via the contact address provided in the imprint.
Explanation of Terms Used
We always strive to write our privacy policy as clearly and understandably as possible. However, especially with technical and legal topics, this is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently explained in the privacy policy so far. If these terms are taken from the GDPR and are definitions, we will also reference the GDPR texts here and add our own explanations where necessary.
Supervisory Authority
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Supervisory authority" means an independent public authority established by a Member State in accordance with Article 51;
Explanation: "Supervisory authorities" are always independent government bodies that are authorized to issue instructions in certain cases. They are responsible for conducting state oversight and are typically located in ministries, special departments, or other authorities. In Austria, there is a national data protection authority, while in Germany, each federal state has its own data protection authority.
Processor
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to the controller, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.
Affected Supervisory Authority
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Affected supervisory authority" means a supervisory authority that is affected by the processing of personal data because
a) the controller or processor is established in the territory of the Member State of that supervisory authority,
b) this processing has or may have significant effects on data subjects residing in the territory of that supervisory authority, or
c) a complaint has been lodged with that supervisory authority;
Explanation: In Germany, each federal state has its own data protection authority. Therefore, if your company (main office) is based in Germany, the relevant supervisory authority of the respective state will be your point of contact. In Austria, there is only one national data protection authority.
Biometric Data
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Biometric data" means personal data obtained through specific technical means related to the physical, physiological, or behavioral characteristics of a natural person, which allows or confirms the unique identification of that person, such as facial images or fingerprint data;
Explanation: Biometric data refers to biological characteristics that are described by biometric data and from which personal data can be derived through technical methods. This includes, for example, DNA, fingerprints, the geometry of various body parts, body height, but also handwriting or the sound of a voice.
File System
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"File system" means any structured set of personal data that is accessible according to specific criteria, regardless of whether this set is centrally, decentrally, or organized based on functional or geographical factors;
Explanation: Any organized storage of data on a computer's data storage device is referred to as a "file system." For example, if we store your name and email address for our newsletter on a server, these data are stored in a so-called "file system." The key tasks of a "file system" include quickly searching for and retrieving specific data and, of course, ensuring the secure storage of the data.
Service of the Information Society
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Service of the information society" means a service as defined in Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and the Council (19);
Explanation: The term "information society" essentially refers to a society that relies on information and communication technologies. Specifically, as a website visitor, you are familiar with various types of online services, most of which fall under "services of the information society." A classic example of this is online transactions, such as purchasing goods over the Internet.
Third Party
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Third party" means any natural or legal person, authority, agency, or other body, except the data subject, the controller, the processor, and persons who, under the direct authority of the controller or the processor, are authorized to process the personal data;
Explanation: The GDPR essentially clarifies what a "third party" is not. In practice, a "third party" is any person or entity that has an interest in the personal data but does not belong to the aforementioned persons, authorities, or bodies. For example, a parent company can act as a "third party." In this case, the subsidiary is the controller, and the parent company is the "third party." However, this does not mean that the parent company automatically has the right to view, collect, or store the personal data of the subsidiary.
Restriction of Processing
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Restriction of processing" means marking stored personal data with the aim of limiting its future processing;
Explanation: It is your right to request from processors at any time to restrict the further processing of your personal data. This involves marking specific personal data such as your name, date of birth, or address in such a way that complete further processing is no longer possible. For example, you could restrict the processing to prevent your data from being used for personalized advertising.
Consent
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes, either by a statement or by a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them;
Explanation: Consent is typically obtained on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are often asked via a banner whether you consent to the processing of your data. You are usually given options to make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data may be processed. In principle, consent can also be provided in writing, rather than via a tool.
Recipient
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Recipient" means any natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether they are a third party or not. Authorities that may receive personal data under a specific investigation mandate under Union law or the law of member states are not considered recipients; the processing of such data by these authorities takes place in accordance with applicable data protection laws and in line with the purposes of the processing;
Explanation: Any person or entity that receives personal data is considered a recipient. Therefore, we and our processors are also recipients. Only authorities with an investigation mandate are not considered recipients.
Genetic Data
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Genetic data" means personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of that natural person and which are obtained, in particular, from the analysis of a biological sample of the data subject;
Explanation: With a certain level of effort, individuals can be identified through genetic data. For this reason, genetic data falls under the category of personal data. Genetic data is typically obtained from blood or saliva samples.
Cross-border Processing
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Cross-border processing" refers to either:
a) The processing of personal data in the context of the activities of establishments of a controller or processor in the Union in more than one member state, if the controller or processor is established in more than one member state, or
b) The processing of personal data in the context of the activities of a single establishment of a controller or processor in the Union, but which has significant effects on data subjects in more than one member state or may have such effects;
Explanation: For example, if a company or another organization has branches in Spain and Croatia and processes personal data in connection with the activities of the branches, this is considered "cross-border processing" of personal data. Even if the data is processed in only one country (like Spain in this case), if the effects for the data subject are also apparent in another country, it is still considered "cross-border processing."
Head Office
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Head office"
a) In the case of a controller with establishments in more than one member state, the location of its central administration in the Union, unless decisions regarding the purposes and means of processing personal data are made in another establishment of the controller in the Union and that establishment is authorized to implement those decisions; in this case, the establishment making such decisions is considered the head office;
b) In the case of a processor with establishments in more than one member state, the location of its central administration in the Union or, if the processor does not have a central administration in the Union, the establishment of the processor in the Union where the processing activities primarily take place within the activities of the processor's establishment, provided the processor is subject to specific obligations under this regulation;
Explanation: For example, Google is an American company that processes data in the US, but its European head office is located in Ireland (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Therefore, Google Ireland Limited is legally considered an independent company and is responsible for all Google products offered within the European Economic Area. Unlike a head office, there are also branch offices, which do not function as legally independent entities and are therefore distinguished from subsidiaries. A head office is essentially the location where a company (commercial corporation) has its operational center.
International Organization
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"International organization" means an international legal organization and its subordinate bodies or any other body established by an agreement between two or more countries or on the basis of such an agreement.
Explanation: The most well-known examples of international organizations are the European Union or the United Nations. In the GDPR, distinctions are made regarding data transfers between third countries and international organizations. Within the EU, the flow of personal data does not pose a problem as all EU countries are bound by the provisions of the GDPR. However, data transfers to third countries or international organizations are subject to specific requirements.
Substantial and Justified Objection
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Substantial and justified objection" means an objection to a draft decision with regard to whether there is a violation of this regulation or whether the proposed measures against the controller or processor are in accordance with this regulation, where the objection clearly outlines the scope of the risks arising from the draft decision concerning the fundamental rights and freedoms of the data subject and, where applicable, the free movement of personal data within the Union;
Explanation: If certain measures taken by us as controllers or by our processors are not in accordance with the GDPR, you can raise a "substantial and justified objection." In doing so, you must explain the scope of the risks with regard to your fundamental rights and freedoms, as well as the free movement of your personal data within the EU.
Personal Data
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Explanation: Personal data are any data that can identify you as an individual. These typically include data such as:
Name
Address
Email address
Postal address
Phone number
Date of birth
Identification numbers such as social security numbers, tax ID numbers, identity card numbers, or student numbers
Bank data such as account numbers, credit information, balances, etc.
According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to identify at least the approximate location of your device and, in turn, you as the account holder. Therefore, even storing an IP address requires a legal basis under the GDPR. There are also "special categories" of personal data, which are particularly sensitive and require more protection. These include:
Racial and ethnic origin
Political opinions
Religious or philosophical beliefs
Union membership
Genetic data, such as data from blood or saliva samples
Biometric data (information regarding psychological, physical, or behavioral characteristics that can identify a person)
Health data
Data on sexual orientation or sexual life
Profiling
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Profiling" means any type of automated processing of personal data that involves using such data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning the performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.
Explanation: Profiling involves collecting various pieces of information about a person to learn more about them. In the online world, profiling is often used for advertising purposes or credit assessments. Web or advertising analytics programs collect data on your behavior and interests on a website. From this, a specific user profile is created, which is then used to target ads to a specific audience.
Pseudonymization
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Pseudonymization" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not assigned to an identified or identifiable natural person.
Explanation: In our privacy policy, we often refer to pseudonymized data. Through pseudonymized data, you as an individual cannot be identified unless additional information is added. However, pseudonymization should not be confused with anonymization. In anonymization, any personal reference is completely removed, and it would require disproportionate technical effort to reconstruct the data.
Company
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Company" means a natural or legal person who carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly engage in economic activity.
Explanation: For example, we are a company and also engage in economic activities through our website by offering and selling services and/or products. Every company has formal characteristics such as its legal status, such as GmbH or AG.
Data Controller
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Data Controller" means the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for in Union law or the law of the Member States.
Explanation: In our case, we are responsible for processing your personal data and are therefore the "Data Controller." If we pass the collected data on to other service providers for processing, they are "Data Processors." For this, a "Data Processing Agreement (DPA)" must be signed.
Processing
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Note: When we speak of processing in our privacy policy, we mean any type of data processing. This includes, as mentioned in the original GDPR definition above, not only collecting but also storing and processing data.
Binding Corporate Rules (Verbindliche interne Datenschutzvorschriften)
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Binding internal data protection rules" refers to measures for the protection of personal data to which a data controller or data processor established in the territory of a Member State commits itself in relation to data transfers or a category of data transfers of personal data to a data controller or data processor within the same corporate group or group of enterprises that carry out a joint economic activity, in one or more third countries.
Explanation: You may have heard the term "Binding Corporate Rules" (BCRs) before. This is the term often used when referring to binding internal data protection rules. Such internal rules are especially beneficial for companies (such as Google) that process data in third countries. A company, through these rules, commits to following data protection regulations. These rules govern the handling of personal data that is transferred to and processed in third countries.
Personal Data Breach (Verletzung des Schutzes personenbezogener Daten)
Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Personal data breach" means a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
Explanation: For example, a "personal data breach" can occur in the case of a data leak, such as a technical issue or a cyberattack. If the breach results in a risk to the rights and freedoms of natural persons, the data controller must immediately report the incident to the relevant supervisory authority. Furthermore, the affected individuals must also be informed if the breach poses a high risk to their rights and freedoms.
Representative
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
„Representative“ means a natural or legal person established in the Union, who has been appointed by the data controller or the processor in writing in accordance with Article 27 and represents the data controller or processor with respect to their obligations under this Regulation;
Explanation: A "representative" can be any person who has been appointed in writing by us (the data controller) or one of our service providers (the processor). Companies outside the EU that process data of EU citizens must designate a representative within the EU. For example, if a web analytics provider has its headquarters in the USA, it must appoint a "representative" within the European Union who handles the obligations related to data processing.
Final Words
Congratulations! If you are reading this, you have truly "fought" through our entire privacy policy or at least scrolled down to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you about the processing of personal data to the best of our knowledge and belief. We not only want to inform you about which data is processed but also explain the reasons for using various software programs. Privacy policies often sound very technical and legal. However, since most of you are not web developers or lawyers, we also wanted to take a different approach linguistically and explain the matter in simple and clear language. Of course, this is not always possible due to the nature of the subject. Therefore, the most important terms are explained at the end of the privacy policy.
If you have any questions about data protection on our website, please don't hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.
Source: This privacy policy was created with the help of the Privacy Policy Generator for Germany by AdSimple (Privacy Policy) and adapted to the specific requirements of our website. The original language of this privacy policy is German. In the case of discrepancies, the German version takes precedence. All texts are copyrighted.
Contact us
info@noris-biochemie.de
© 2024. Noris Biochemie GmbH | All rights reserved.
Emil-Hoffmann-Str 55-59
50996 Köln
Deutschland
