Privacy Policy

Privacy Policy

We are very pleased about your interest in our company. The management of MTC Marine Training Center Hamburg GmbH attaches great importance to data protection. It is possible to use the internet pages of MTC Marine Training Center Hamburg GmbH without providing any personal data. However, if a person concerned wishes to make use of special services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

The processing of personal data, for example the name, address, e-mail address or telephone number of a affected person, is always carried out in accordance with the Basic Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to MTC Marine Training Center Hamburg GmbH. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration informs affected persons about the rights to which they are entitled.

MTC Marine Training Center Hamburg GmbH, as the person responsible for processing, has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions may have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as by telephone.

1. Definitions

The data protection declaration of MTC Marine Training Center Hamburg GmbH is based on the terminology used by the European legislator for directives and regulations when the general data protection regulation (GDPR) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‚affected person‚). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Affected person

Affected person means any identified or identifiable natural person whose personal data are processed by the controller.

c) Data processing

Data processing is any operation or set of operations, carried out with or without the aid of automated means, concerning personal data, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of data processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location of that natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific affected person without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Data controller

Data controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by union law or by the law of the member states, provision may be made for the controller or for the specific criteria for his or her designation in accordance with union law or the law of the member states.

h) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, shall not be considered as recipients.

j) Third party

A third party is any natural or legal person, public authority, agency or body other than the affected person, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

k) Consent

Consent shall mean any informed and unequivocal expression of the affected person’s free will in a specific case, in the form of a declaration or other unequivocal affirmative act by which the affected person signifies his or her consent to the processing of personal data relating to him or her.

2. Name and address of the body responsible for processing

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

MTC Marine Training Center Hamburg GmbH
Schnackenburgallee 149, 22525 Hamburg, Germany

Tel.: +49 (0)40 533 07 42-0
Email: info@mtc.hamburg
Website: mtc.hamburg

3. Name and address of the Data Protection Officer

The Data Protection Officer of the controller is

Heinz Kuhlmann
MTC Marine Training Center Hamburg GmbH
Schnackenburgallee 149, 22525 Hamburg, Germany

Phone: +49 (0)40 533 07 42-0
E-mail: info@mtc.hamburg
Website: mtc.hamburg

Every person concerned can contact our data protection officer directly at any time with all questions and suggestions concerning data protection.

4. Cookies

Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?
Whenever you surf the Internet, you are using a browser. Some popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One of them cannot be dismissed: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, quasi the „brain“ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the „user-related“ information back to our site. Thanks to the cookies, our website knows who you are and offers you your accustomed standard settings. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner sites (e.g. Google Analytics). Each cookie is unique because each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other „pests“. Cookies also cannot access information on your PC.

This is how cookie data can look like, for example:

  • Name: _ga
  • Expiry period: 2 years
  • Usage: Differentiation of website visitors
  • Example value: GA1.2.1326744211.152311200023

A browser should support the following minimum sizes:

  • A cookie should be able to contain at least 4096 bytes
  • At least 50 cookies should be able to be stored per domain
  • A total of at least 3000 cookies should be able to be stored

What types of cookies are there?
The question which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly discuss the different types of HTTP cookies.

You can distinguish between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and only proceeds to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies also measure the loading time and the behaviour of the website with different browsers.

Target-oriented cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

Usually, the first time you visit a website, you are asked which of these types of cookies you would like to allow. And of course this decision is also stored in a cookie.

How can I delete cookies?
How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option of deleting cookies, allowing them only partially or deactivating them. For example, you can block third-party cookies, but allow all other cookies.

If you want to find out which cookies are stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you want to allow it or not. The procedure varies depending on the browser. The best thing to do is to look for the instructions in Google using the search term „Delete Chrome cookies“ or „Disable Chrome cookies“ in the case of a Chrome browser, or replace the word „Chrome“ with the name of your browser, e.g. Edge, Firefox, Safari.

What about my privacy?
Since 2009 there are the so-called „cookie guidelines“. This states that the storage of cookies requires your consent. Within the EU countries, however, there are still very different reactions to these guidelines. In Germany, the cookie guidelines have not been implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 para.3 of the Telemediengesetz (TMG – German Tele Media Act).

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called „HTTP State Management Mechanism“.

5. Collection of general data and information

The website of MTC Marine Training Center Hamburg GmbH collects a number of general data and information every time the website is accessed by a affected person or by an automated system. These general data and information are stored in the log files of the server. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.

When using this general data and information, MTC Marine Training Center Hamburg GmbH will not draw any conclusions about the affected person. This information is rather required to (1) deliver the contents of our website correctly, (2) optimise the contents of our website as well as the advertising for it, (3) ensure the permanent operability of our information technology systems and the technology of our website and (4) to provide law enforcement agencies with the information necessary for prosecution in case of a cyber attack. These anonymously collected data and information are therefore statistically evaluated by MTC Marine Training Center Hamburg GmbH on the one hand and on the other hand with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

6. Subscription to our newsletter

On the website of MTC Marine Training Center Hamburg GmbH users are given the opportunity to subscribe to our company’s newsletter. Which personal data will be transmitted to the person responsible for processing when ordering the newsletter can be seen from the input mask used for this purpose.

MTC Marine Training Center Hamburg GmbH informs its customers and business partners about company offers in regular intervals by means of a newsletter. The newsletter of our company can generally only be received by the affected person if (1) the affected person has a valid email address and (2) the affected person registers for the newsletter mailing. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered for the first time by a person concerned for the purpose of receiving the newsletter using the double opt-in procedure. This confirmation mail is used to check whether the owner of the e-mail address has authorized the receipt of the newsletter as a affected person.

When registering for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a affected person’s e-mail address at a later date and therefore serves to provide legal protection for the data controller.

The personal data collected in the course of registering for the newsletter is used exclusively for sending our newsletter. In addition, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as might be the case if there are changes to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by the person concerned at any time. The consent to the storage of personal data, which the person concerned has given us for the newsletter service, can be revoked at any time. For the purpose of revoking the consent, a corresponding link is included in every newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the data controller or to inform the data controller in another way.

7. Newsletter tracking

The newsletters of MTC Marine Training Center Hamburg GmbH contain so-called counting pixels. A tracking pixel is a miniature graphic embedded in such e-mails sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded pixel-code, MTC Marine Training Center Hamburg GmbH is able to identify whether and when an email was opened by a person concerned and which links contained in the email were accessed by the person concerned.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the data controller in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the affected person. This personal data is not passed on to third parties. Affected persons are entitled to revoke the separate declaration of consent submitted in this regard via the double opt-in procedure at any time. After revocation, these personal data will be deleted by the data controller. MTC Marine Training Center Hamburg GmbH automatically interprets a cancellation of the receipt of the newsletter as a revocation.

8. How to contact us via the website

Due to legal regulations, the website of MTC Marine Training Center Hamburg GmbH contains information that enables a quick electronic contact to our company as well as a direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a affected person contacts the data controller by e-mail or via a contact form, the personal data transmitted by the affected person is automatically stored. Such personal data transmitted voluntarily by a affected person to the controller are stored for the purposes of processing or contacting the affected person. Such personal data shall not be disclosed to third parties.

9. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the affected person only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or by any other law or regulation to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

10. Rights of affected person

The controller shall process and store personal data relating to the affected person only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or by any other law or regulation to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

a) Right of confirmation

Every affected person has the right, granted by the European Directives and Regulations, to obtain confirmation from the controller as to whether personal data relating to him are being processed. If a affected person wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.

b) Right to information

Any affected person by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the controller information on the personal data stored in relation to him or her and a copy thereof. Furthermore, the European Directive and Regulation Giver has granted the affected person access to the following information:

  • the purposes of processing
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right of rectification or erasure of personal data relating to him or her or of a right to have the processing limited by the controller or to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the affected person: All available information on the origin of the data
  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the affected person

The affected person shall also have the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the affected person shall also have the right to obtain information on the appropriate safeguards in relation to the transfer.
If a affected person wishes to exercise this right of access, he or she may at any time contact a member of the staff of the controller.

c) Right of rectification

Every person concerned by the processing of personal data has the right, granted by the European legislator, to request the rectification without delay of inaccurate personal data concerning him. The affected person shall also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, having regard to the purposes of the processing.

If a affected person wishes to exercise this right of rectification, he or she may at any time contact an employee of the controller.

d) Right of cancellation (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the controller the immediate erasure of personal data relating to him/her, where one of the following reasons applies and provided that the processing is not necessary:

  • The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
  • The affected person withdraws the consent on which the processing was based pursuant to Article 6(1)(a) of the DPA or Article 9(2)(a) of the DPA, and there is no other legal basis for the processing.
  • The affected person lodges an objection to the processing pursuant to Art. 21(1) DPA and there are no overriding legitimate reasons for the processing, or the affected person lodges an objection to the processing pursuant to Art. 21(2) DPA.
  • The personal data were processed unlawfully.
  • The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data were collected in relation to information society services offered, in accordance with Article 8 (1) of the DSD-REG.

If any of the above reasons apply and a affected person wishes to have personal data stored by MTC Marine Training Center Hamburg GmbH deleted, he/she may contact an employee of the data controller at any time. The employee of MTC Marine Training Center Hamburg GmbH shall ensure that the request for deletion is complied with immediately.

If the personal data has been made public by MTC Marine Training Center Hamburg GmbH and our company as the responsible party according to Art. 17 para. 1 GDPR, MTC Marine Training Center Hamburg GmbH shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested these other persons responsible for data processing to delete all links to these personal data or copies or replications of these personal data, unless the processing is necessary. The employee of MTC Marine Training Center Hamburg GmbH will take the necessary steps in individual cases.

e) Right to limit processing

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to restrict the processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by the affected person, for a period of time sufficient to enable the controller to verify the accuracy of the personal data
  • The processing is unlawful, the affected person refuses to have the personal data deleted and instead requests the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the affected person needs them in order to assert, exercise or defend legal claims.
  • The affected person has lodged an objection to the processing in accordance with Art. 21 (1) DPA and it is not yet clear whether the controller’s legitimate reasons outweigh those of the affected person.

If one of the above-mentioned conditions is met and a affected person wishes to request the restriction of personal data stored at MTC Marine Training Center Hamburg GmbH, he/she may contact an employee of the data controller at any time. The employee of MTC Marine Training Center Hamburg GmbH will arrange for the restriction of the processing.affected person

f) Right to data portability

Every person concerned by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her which have been provided by the affected person to a controller in a structured, common and machine-readable format. He/she also has the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6(1)(a) DPA or Art. 9(2)(a) DPA or on a contract pursuant to Art. 6(1)(b) DPA and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data transferability in accordance with Art. 20 Paragraph 1 FDPIC, the affected person has the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

In order to assert the right to data transfer, the person concerned may contact an employee of MTC Marine Training Center Hamburg GmbH at any time.

g) Right of appeal

Every person concerned by the processing of personal data has the right, granted by the European legislator for directives and regulations, to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out on the basis of Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions.

In the event of an objection, MTC Marine Training Center Hamburg GmbH shall no longer process the personal data, unless we can prove compelling reasons for processing worthy of protection, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defence of legal claims.

If MTC Marine Training Center Hamburg GmbH processes personal data in order to carry out direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, insofar as it is connected with such direct marketing. If the affected person objects to MTC Marine Training Center Hamburg GmbH processing for the purpose of direct marketing, MTC Marine Training Center Hamburg GmbH will no longer process the personal data for these purposes.

In addition, the affected person has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her which is carried out at MTC Marine Training Center Hamburg GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the fulfilment of a task in the public interest.

In order to exercise the right of objection, the person concerned may directly contact any employee of MTC Marine Training Center Hamburg GmbH or any other employee. The affected person is also free to exercise his right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures involving technical specifications.affected person

h) Automated case-by-case decisions including profiling

Every person concerned by the processing of personal data has the right, as granted by the European Directives and Regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the affected person and the controller, or (2) is authorised by Union or national legislation to which the controller is subject and that such legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the affected person, or (3) is taken with the explicit consent of the affected person.

Where the decision is (1) necessary for the conclusion or performance of a contract between the affected person and the data controller, or (2) is taken with the express consent of the affected person, MTC Marine Training Center Hamburg GmbH shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the affected person, including at least the right to obtain the intervention of a person from the data controller, to put forward his point of view and to challenge the decision.

If the affected person wishes to exercise rights relating to automated decisions, he or she may at any time contact a member of the staff of the controller.

i) Right to revoke a data protection consent

Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation Giver, to revoke his or her consent to the processing of personal data at any time.

If the affected person wishes to exercise his or her right to withdraw consent, he or she may at any time contact an employee of the controller.

11. Data protection for applications and the application process

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits the relevant application documents to the controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the German General Equal Treatment Act (AGG).

12. Privacy policy on the use and application of Google Analytics (with anonymization function)

The person responsible for processing has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behaviour of visitors to websites. Among other things, a web analysis service collects data about which website a person concerned came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize an internet page and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The data controller uses the addition „_gat._anonymizeIp“ for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the person concerned is shortened by Google and made anonymous if the access to our Internet pages is from a member state of the European Union or from another state that is a party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website in order to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website.

Which data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a „returning“ user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles in the first place.

Through identifiers such as cookies and app instance IDs, your interactions on our website are measured. Interactions are all kinds of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not pass on any Google Analytics data unless we, as the website operator, give permission to do so. Exceptions may be made if required by law.

The following cookies are used by Google Analytics:
Name: _ga
Value: 2.1326744211.152311200023-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to differentiate between website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152311200023-1
Purpose: The cookie is also used to differentiate between website visitors.
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiration date: after 1 minute

Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token with which a User ID can be retrieved from the AMP Client ID Service. Other possible values indicate a logoff, a request or an error.
Expiration date: after 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: With this cookie you can track your behaviour on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.
Expiration date: after 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated each time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.
Expiration date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. This means that the cookie stores where you came to our website from. This may have been another site or an advertising campaign.
Expiry date: after 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiration date: after 2 years

Note: This list cannot claim to be complete, as Google constantly changes the choice of its cookies. Here we show you an overview of the most important data collected with Google Analytics:

heat maps: Google creates so-called heat maps. With Heatmaps you can see exactly those areas that you click on. This way we get information where you are „on the road“ on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving the site. If you’ve been inactive for 20 minutes, the session ends automatically.

Bouncerate: A bouncer is when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only shown in abbreviated form so that no clear assignment is possible.

location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.

Technical Information: Technical information includes your browser type, your Internet provider or your screen resolution.

Source of origin: Google Analytics or us, is of course also interested in which website or which advertisement brought you to our site.

Other data includes contact details, any ratings, media playback (e.g. when you play a video on our site), sharing content via social media or adding to your favorites. This list does not claim to be exhaustive and serves only as a general orientation for data storage by Google Analytics.

How long and where is the data stored?
Google has distributed your servers around the world. Most of the servers are located in America and therefore your data is usually stored on American servers. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de.

Your data is distributed on different physical media. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. In every Google data centre there are appropriate emergency programs for your data. For example, if Google’s hardware fails or natural disasters paralyze servers, the risk of service interruption at Google remains low.

Google Analytics has a standard retention period of 26 months for your user data. Then your user data will be deleted. However, we do have the option of choosing the retention period for user data ourselves. We have five options for this:

– Deletion after 14 months
– Cancellation after 26 months
– Cancellation after 38 months
– Deletion after 50 months
– No automatic deletion

When the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

Google Analytics IP anonymization
We have implemented the IP address anonymisation of Google Analytics on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of local data protection authorities if they prohibit the storage of the complete IP address. The anonymization or masking of the IP address takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is saved or processed.

You can find more information about IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographic characteristics and interests
We have enabled the advertising reporting features in Google Analytics. The demographic and interest reports include information about age, gender and interests. This allows us to get a better picture of our users without having to associate this information with individual people. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can opt-out of using the activities and information in your Google Account by selecting a checkbox under „Advertising preferences“ on https://adssettings.google.com/authenticated.

The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the affected person has the opportunity to object to the collection of data generated by Google Analytics and relating to the use of this website and the processing of such data by Google and to prevent such processing. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the affected person’s information technology system is deleted, formatted or reinstalled at a later date, the affected person must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or another person within his or her sphere of control, the browser add-on may be reinstalled or reactivated.

Further information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

Google Analytics add-on for data processing
We have concluded a direct customer agreement with Google for the use of Google Analytics by accepting the „data processing addendum“ in Google Analytics.

You can find more information about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Google Analytics Google Signals
We have activated the Google signals in Google Analytics. This updates existing Google Analytics features (advertising reports, remarketing, cross-device reports, and reports on interests and demographics) to provide aggregated and anonymized information about you, provided you have allowed personalized ads in your Google Account.

The special feature is that this is cross-device tracking. This means your data can be analyzed across devices. By enabling Google signals, data is collected and linked to your Google Account. Google can thus recognise, for example, when you view a product on our website via a smartphone and only buy the product later via a laptop. By activating Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

Google Analytics also uses Google signals to collect additional visitor data such as location, search history, YouTube history and data about your actions on our website. This enables Google to provide us with better advertising reports and more useful information about your interests and demographic characteristics. These include your age, what language you speak, where you live, or what gender you are. In addition, social criteria such as your profession, marital status and income are also added. All these characteristics help Google Analytics to define groups of people or target groups.

The reports also help us to better assess your behaviour, wishes and interests. This enables us to optimize and adapt our services and products for you. This data expires by default after 26 months. Please note that this data collection only takes place if you have allowed personalised advertising in your Google Account. It is always aggregate and anonymous data, and never data about individuals. You can manage or delete this data in your Google Account.

13. Privacy policy on the use and application of Google Remarketing

The data controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to display advertising to Internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create user-related advertising and thus to display interest-relevant advertisements to the Internet user.

The company operating the services of Google Remarketing is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google Remarketing is the display of interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or to have them displayed on other Internet sites which are tailored to the individual needs and interests of Internet users.

Google Remarketing sets a cookie on the information technology system of the person concerned. What cookies are has already been explained above. By setting the cookie, Google is able to recognise the visitor to our website if he or she subsequently calls up websites that are also members of the Google advertising network. Each time a website on which the Google Remarketing service has been integrated is called up, the Internet browser of the person concerned automatically identifies itself to Google. In the course of this technical process, Google obtains knowledge of personal data, such as the IP address or the surfing behaviour of the user, which Google uses among other things to display interest-relevant advertising.

By means of the cookie, personal information, for example the websites visited by the person concerned, is stored. Accordingly, each time a user visits our website, personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the person concerned has the opportunity to object to interest-based advertising by Google. To do so, the person concerned must call up the link https://www.google.de/settings/ads from each of the Internet browsers he or she uses and make the desired settings there.

Further information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

14. Privacy policy on the use and application of Google Adwords

The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to display ads in Google’s search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify pre-defined keywords that will cause an ad to appear in Google’s search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the keywords previously defined.

The operating company of the Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a person concerned reaches our website via a Google ad, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and does not serve to identify the affected person. If the cookie has not expired, the conversion cookie is used to determine whether certain sub-pages, for example the shopping basket from an online shop system, have been called up on our website. The conversion cookie enables both we and Google to track whether a person who reached our website via an AdWords ad generated sales, i.e. whether he or she completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive any information from Google that could be used to identify the individual.

The conversion cookie is used to store personal information, such as the Internet pages visited by the person concerned. Accordingly, each time our website is visited, personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the person concerned has the opportunity to object to interest-based advertising by Google. To do so, the person concerned must access https://www.google.de/settings/ads from each of the Internet browsers he or she uses and make the desired settings there.
Further information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

15. Privacy policy on the use and application of Google Maps

We use Google Maps from Google Inc. for our website, and Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google’s servers. Here we will go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can stop it.

What is Google Maps?
Google Maps is an internet map service of the company Google. With Google Maps, you can search online for exact locations of cities, places of interest, accommodations or businesses using a PC, tablet or app. If companies are represented on Google My Business, additional information about the company is displayed next to the location. To display directions, map sections of a location can be embedded into a website using HTML code. Google Maps shows the surface of the earth as a road map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?
All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we have our headquarters. The route description always shows you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us the provision of Google Maps is part of our customer service.

Which data is stored by Google Maps?
In order for Google Maps to offer its service in its entirety, the company must collect and store data about you. This includes the search terms you enter, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered will also be saved. However, this data storage happens on the websites of Google Maps. We can only inform you about it, but we cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide individual, personalised advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:
Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311200023-5

Purpose: NID is used by Google to adapt advertisements to your Google search. Google uses the cookie to „remember“ your most frequently entered search queries or your previous interaction with ads. So you always get customized ads. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.

Expiration date: after 6 months

Note: We cannot guarantee the completeness of the data stored. Especially when using cookies, changes can never be ruled out. In order to identify the cookie NID, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?
The Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can find out exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Google distributes the data on different data carriers. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data center also has special emergency programs. If, for example, there are problems with the Google hardware or a natural disaster paralyses the servers, the data is still protected.
Some data is stored by Google for a set period of time. For other data, Google only offers the option to delete it manually. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.

How can I delete my data or prevent data storage?
With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information is stored for either 3 or 18 months, depending on your decision, and then deleted. You can also manually delete this data from your history at any time using your Google Account. If you want to completely stop your location tracking, you’ll need to pause the Web and App activity section of your Google Account. Click ‚Data and personalization‘ and then click the ‚Activity setting‘ option. Here you can turn activity on or off.

You can also disable, delete or manage individual cookies in your browser. Depending on which browser you use, this always works slightly differently. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome 
Safari: Manage cookies and website data with Safari 
Firefox: Delete cookies to remove data that websites have placed on your computer 
Internet Explorer: Delete and manage cookies 
Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you want to allow it or not.
Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. If you want to learn more about Google’s data processing, we recommend that you read the company’s own privacy policy at https://policies.google.com/privacy?hl=de.

16. Privacy policy on the use and application of Google Site Kit

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics from various Google products such as Google Analytics directly in our WordPress dashboard. The tool or the tools integrated into Google Site Kit also collect personal data from you. In this privacy policy we explain why we use Google Site Kit, how long and where data is stored and which other privacy texts are relevant to you in this context.

What is Google Site Kit?
Google Site Kit is a plug-in for the content management system WordPress. With this plugin we can view important statistics for website analysis directly in our dashboard. These are statistics that are collected by other Google products. First of all by Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?
As a service provider it is our task to offer you the best possible experience on our website. We want you to feel comfortable on our website and find exactly what you are looking for quickly and easily. Statistical evaluations help us to get to know you better and to adapt our offer to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work much easier in this respect because we can view and analyze the statistics of Google products right in the dashboard. We no longer need to register for each tool separately. Site Kit thus always provides a good overview of the most important analysis data.

What data is stored by Google Site Kit?
If you have actively agreed to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics will set cookies and send data from you, for example about your user behavior, to Google, where it is stored and processed. This includes personal data such as your IP address.
For more detailed information on the individual services, we have separate text sections in this privacy policy. For example, take a look at our data protection declaration on Google Analytics. Here we go into the collected data in great detail. You will learn how long Google Analytics stores, manages and processes data, which cookies can be used and how you can prevent data storage. We also have our own privacy policy with comprehensive information for other Google services such as Google Tag Manager or Google AdSense.

In the following, we show you exemplary Google Analytics cookies that can be set in your browser, provided that you have basically agreed to the data processing by Google. Please note that these cookies are only a selection:

Name: _ga
Value:2.1326744211.152311200023-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to differentiate between website visitors.
Expiration date: after 2 years

Name: _gid
Value:2.1687193234.152311200023-7
Purpose: This cookie is also used to differentiate between website visitors.
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: This cookie is used to lower the request rate.
Expiration date: after 1 minute

How long and where is the data stored?
Google stores collected data on its own Google servers, which are distributed worldwide. Most of the servers are located in the United States and therefore it is easily possible that your data is also stored there. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can see exactly where the company provides servers.

Data collected by Google Analytics is stored for 26 months in a standardised way. Afterwards your user data will be deleted. The retention period applies to all data linked to cookies, user recognition and advertising IDs.

How can I delete my data or prevent data storage?
You always have the right to obtain information about your data, to have your data deleted, corrected or restricted. You can also deactivate, delete or manage cookies in your browser at any time. Here we show you the corresponding instructions for the most common browsers:

Chrome: Delete, activate and manage cookies in Chrome 
Safari: Manage cookies and website data with Safari 
Firefox: Delete cookies to remove data that websites have placed on your computer 
Internet Explorer: Delete and manage cookies 
Microsoft Edge: Delete and manage cookies

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311200023. To learn more about data processing by Google, we recommend that you read Google’s comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

17. Privacy policy on the use and application of Google reCAPTCHA

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam, we mean any unsolicited information sent to us by electronic means. With the classic CAPTCHAS, you usually had to solve text or image puzzles to check. With reCAPTCHA from Google we usually do not have to bother you with such puzzles. In most cases it is sufficient to simply check the box and confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don’t even have to put a check mark. How this works exactly and especially which data is used for this purpose, you will learn in the course of this privacy policy.

What is reCAPTCHA?
reCAPTCHA is a free Captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when you fill out forms on the Internet. A captcha service is a kind of automatic turing test, which is supposed to ensure that an action on the internet is done by a human and not by a bot. In the classic Turing test (named after the computer scientist Alan Turing) a human being determines the difference between a bot and a human being. With Captchas this is also done by the computer or a software program. Classical Captchas work with small tasks that are easy to solve for humans, but have considerable difficulties for machines. With reCAPTCHA you don’t have to actively solve puzzles anymore. The tool uses modern risk techniques to distinguish humans from bots. Here you only have to tick the text field „I am not a robot“ or with Invisible reCAPTCHA even this is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyses your user behaviour. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate the probability that you are a human being even before you enter the captcha. reCAPTCHA or captchas in general are used whenever bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our site. Bots or spam-software of different kinds can stay at home. That’s why we do everything possible to protect ourselves and offer the best possible user-friendliness for you. For this reason we use Google reCAPTCHA from the company Google. So we can be pretty sure that we remain a „bot-free“ website. Through the use of reCAPTCHA, data is transmitted to Google to determine whether you are really a human being. reCAPTCHA serves the security of our website and consequently your security. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration, in order to „spam“ forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.

Which data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website really originate from people. This means that the IP address and other data that Google requires for the reCAPTCHA service can be sent to Google. IP addresses are almost always shortened within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data lands on a server in the USA. The IP address is not combined with any other data held by Google unless you are signed in with your Google Account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.

The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data which, to our knowledge, are processed by Google.

  • Referrer URL (the address of the page the visitor comes from)
  • IP address (e.g. 256.123.123.1)
  • Information about the operating system (the software that enables your computer to operate. Known operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files that store data in your browser)
  • Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)
  • Date and language settings (which language or date you have preset on your PC is stored)
  • All Javascript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image consists of)

It is indisputable that Google uses and analyzes this data even before you click on the checkbox „I am not a robot“. With the Invisible reCAPTCHA version even the ticking is omitted and the whole recognition process runs in the background. How much and what kind of data Google exactly stores is not known by Google in detail.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311200023-8
Purpose: This cookie is set by the company DoubleClick (also owns Google) to register and report the actions of a user on the website in dealing with advertisements. In this way the advertising effectiveness can be measured and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertisements. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month

Name: ANID
Value: U7j1v3dZa3112000230xgZFmiqWppRWKOr
Purpose: We could not find out much information about this cookie. In Google’s privacy policy, the cookie is mentioned in connection with „advertising cookies“ such as „DSID“, „FLC“, „AID“, „TAID“. ANID is stored at domain google.com.
Expiration date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes, to verify users, to prevent fraudulent use of credentials and to protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: NID
Value: 0WmuWqy311200023zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to adapt advertisements to your Google search. Google uses the cookie to „remember“ your most commonly entered search queries or your previous interaction with ads. So you always get customized ads. The cookie contains a unique ID to collect user preferences for advertising purposes.
Expiration date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc311200023-4
Purpose: As soon as you have checked the „I am not a robot“ checkbox, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is also used to make user distinctions.
Expiration date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience has shown that Google always changes the choice of its cookies.

How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not clearly shown by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google’s European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. Google’s different privacy policies apply.

How can I delete my data or prevent data storage?
If you do not want any information about you or your behavior to be sent to Google, you must completely log out of Google and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=311200023.


Therefore, when you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.

You can learn more about reCAPTCHA on Google’s web development page at https://developers.google.com/recaptcha/. Google will go into more detail about the technical development of reCAPTCHA here, but you will search in vain for precise information about data storage and data protection issues. A good overview of the basic use of data at Google can be found in the company’s own privacy policy at https://www.google.com/intl/de/policies/privacy/.

18. Privacy policy on the use and application of Jetpack for WordPress

The data controller has integrated Jetpack on this website. Jetpack is a WordPress plug-in that offers additional functions to the operator of an Internet site based on WordPress. Among other things, Jetpack allows the operator of the Internet site to obtain an overview of the visitors to the site. By displaying related articles and publications or the possibility to share content on the site, it is also possible to increase the number of visitors. In addition, security functions are integrated into Jetpack so that a website using Jetpack is better protected against brute force attacks. Jetpack also optimizes and speeds up the loading of images integrated into the website.

The Jetpack plug-in for WordPress is operated by Aut O’Mattic A8C Ireland Ltd, Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland.

Jetpack places a cookie on the information technology system of the person concerned. What cookies are has been explained above. Each time a user accesses any of the individual pages of this website operated by the data controller and on which a Jetpack component has been integrated, the Internet browser on the affected person’s IT system is automatically prompted by the relevant Jetpack component to transmit data to Automattic for analysis. In the course of this technical process, Automattic obtains knowledge of data which is subsequently used to create an overview of the visits to the website. The data thus obtained is used to analyse the behaviour of the affected person who has accessed the controller’s website and is evaluated with the aim of optimising the website. The data collected via the Jetpack component will not be used to identify the affected person without the prior explicit consent of the affected person. The data is also brought to Quantcast’s attention. Quantcast uses the data for the same purposes as Automattic.

The person concerned can prevent the setting of cookies by our website, as described above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Automattic can be deleted at any time via the internet browser or other software programs.

Furthermore, the affected person has the opportunity to object to and prevent the collection of data generated by the Jetpack cookie and relating to the use of this Website and the processing of such data by Automattic/Quantcast. To do so, the person concerned must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie.

The opt-out cookie set with the objection is stored on the information technology system used by the affected person. If the cookies are deleted on the affected person’s system after an objection, the affected person must call up the link again and set a new opt-out cookie.

However, with the setting of the opt-out cookie there is a possibility that the Internet pages of the data controller may no longer be fully usable by the affected person.

Automattic’s applicable privacy policy is available at https://automattic.com/privacy/. Quantcast’s applicable privacy policy is available at https://www.quantcast.com/privacy/.

19. Privacy policy on the use and application of Facebook

The data controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or enables the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data, if a affected person lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the affected person is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the person concerned. If the person concerned clicks one of the Facebook buttons integrated on our website, for example the „Like“ button, or if the person concerned makes a comment, Facebook assigns this information to the person’s personal Facebook user account and stores this personal data.

Facebook receives information via the Facebook component that the affected person has visited our website if the affected person is logged in to Facebook at the same time when he or she accesses our website; this occurs regardless of whether the affected person clicks on the Facebook component or not. If the affected person does not want this information to be sent to Facebook, he or she can prevent it from being sent by logging out of his or her Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the person concerned. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the affected person to suppress data transfer to Facebook.

How can I delete my data or prevent data storage?
In accordance with the Data Protection Basic Regulation, you have the right to information, correction, transferability and deletion of your data.

A complete deletion of your data will only take place if you completely delete your Facebook account. And this is how deleting your Facebook account works:

  1. Click on the right side of Facebook on Settings.
  2. Then click on „Your Facebook information“ in the left column.
  3. Now click „Deactivation and Deletion“.
  4. Now select „Delete account“ and then click on „Next and Delete account
  5. Now enter your password, click on „Next“ and then on „Delete account

The storage of the data that Facebook receives via our site is done, among other things, via cookies (e.g. in the case of social plugins). You can deactivate, delete or manage individual or all cookies in your browser. Depending on which browser you use, this works in different ways. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome 
Safari: Manage cookies and website data with Safari 
Firefox: Delete cookies to remove data that websites have placed on your computer 
Internet Explorer: Delete and manage cookies 
Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you want to allow it or not.

Facebook is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the data guidelines at https://www.facebook.com/about/privacy/update.

20. Privacy policy on the use and application of LinkedIn

The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time a LinkedIn component (LinkedIn plug-in) is installed on our website, the LinkedIn plug-in causes the browser used by the individual to download a representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. This technical process allows LinkedIn to know which specific page of our website is visited by the affected person.

If the person is logged on to LinkedIn at the same time, LinkedIn will know which specific page of our website the person is visiting each time the person visits our website and for the duration of the person’s visit. This information is collected by the LinkedIn component and assigned by LinkedIn to the LinkedIn account of the person concerned. If the person concerned clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and stores this personal data.

LinkedIn receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time when he or she accesses our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the affected person does not want this information to be sent to LinkedIn, he or she can prevent it from being sent by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers the ability to unsubscribe from email, SMS, and targeted ads, and to manage ad preferences at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s current privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

Which data is stored by LinkedIn?
LinkedIn does not store any personal data simply by integrating the social plug-ins. LinkedIn calls this data, which is generated by plug-ins, passive impressions. However, if you click on a social plug-in, for example to share our content, the platform stores personal data as so-called „active impressions“. This is the case regardless of whether you have a LinkedIn account or not. If you are logged in, the data collected is associated with your account.

Your browser connects directly to LinkedIn’s servers when you interact with our plug-ins. This is how the company logs various usage data. In addition to your IP address, this may include, for example, login information, device information, or information about your Internet or mobile service provider. If you access LinkedIn services from your smartphone, your location (after you allow it) can also be determined. LinkedIn may also share this information in „hashed“ form with third-party advertisers. Hashing means that a record is converted into a string. This makes it possible to encrypt the data so that people cannot be identified.

Most data about your user behaviour is stored in cookies. These are small text files that are usually set in your browser. But LinkedIn can also use web beacons, pixel tags, display tags and other device identifiers.

Various tests also show which cookies are set when a user interacts with a social plug-in. The data found cannot claim to be exhaustive and is only used as an example. The following cookies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16311200023-
Purpose: The cookie is a so-called „browser ID cookie“ and thus stores your identification number (ID).
Expiration date: After 2 years

Name: long
Value: v=2&lang=en-en
Purpose: This cookie saves your preset or preferred language.
Expiration date: after session end

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnnJ0G311200023…
Purpose: This cookie is used for routing. Routing records how you got to LinkedIn and how you navigate through the website.
Expiration date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose: No further information could be found out about this cookie.
Expiration date: after 2 minutes

Name: JSESSIONID
Value: ajax:3112000232900777718326218137
Purpose: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through the server.
Expiration date: after session end

Name: bscookie
Value: „v=1&201910230812…
Purpose: This cookie is a security cookie. LinkedIn describes it as a secure browser ID cookie.
Expiration date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose: No further information could be found for this cookie.
Expiration date: after 7 days

Note: LinkedIn also works together with third party providers. That’s why we recognized the two Google Analytics cookies _ga and _gat during our test.

How long and where is the data stored?
As a general rule, LinkedIn keeps your personal information as long as the company considers it necessary to provide its services. However, LinkedIn will delete your personal information when you delete your account. In some exceptional cases, LinkedIn may retain some information in aggregate and anonymous form even after you delete your account. Once you delete your account, other people will not be able to see your information within one day. LinkedIn generally deletes the data within 30 days. LinkedIn does, however, retain data when required by law. Data that can no longer be assigned to any person remains stored even after the account has been closed. The data is stored on various servers in America and probably also in Europe.

How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. In your LinkedIn account you can manage, change and delete your data. You can also request a copy of your personal information from LinkedIn.

This is how you access the account information in your LinkedIn profile:
In LinkedIn, click on your profile icon and select the „Settings and Privacy“ section. Now click on „Privacy“ and then in the section „How LinkedIn uses your data“ click on „Change“. In a short time, you will be able to download selected information about your web activity and account history.

You also have the option to disable LinkedIn’s data processing in your browser. As mentioned above, LinkedIn stores most data through cookies that are set in your browser. You can manage, disable or delete these cookies. Depending on which browser you have, the administration works slightly differently. The instructions for the most common browsers can be found here:

Chrome: Delete, activate and manage cookies in Chrome    
Safari: Manage cookies and website data with Safari 
Firefox: Delete cookies to remove data that websites have placed on your computer 
Internet Explorer: Delete and manage cookies 
Microsoft Edge: Delete and manage cookies

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to accept the cookie or not.

LinkedIn is an active participant of the EU-U.S. Privacy Shield Framework. This framework ensures a correct data transfer between the USA and the European Union. You can find out more about it at https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0. We have tried to provide you with the most important information about data processing by LinkedIn. At https://www.linkedin.com/legal/privacy-policy you can learn more about the data processing of the LinkedIn social media network.

21. Privacy policy on the use and application of Shariff

The data controller has integrated the Shariff component on this website. The Shariff component provides social media buttons that comply with data protection regulations. Shariff was developed for the German computer magazine c’t and is published by GitHub, Inc.

The component was developed by GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

Button solutions provided by social networks usually transfer personal data to the respective social network as soon as a user visits a website in which a social media button has been integrated. By using the Shariff component, personal data is only transmitted to social networks when the visitor to an Internet page actively presses one of the social media buttons. Further information on the Shariff component is available from the computer magazine c’t at http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. The purpose of using the Shariff component is to protect the personal data of visitors to our website and at the same time to enable us to integrate a social media button solution on this website.

Further information and GitHub’s applicable privacy policy can be found at https://help.github.com/articles/github-privacy-policy/.

22. Privacy policy on the use and application of YouTube

The data controller has integrated YouTube components into this website. YouTube is an Internet video portal that allows video publishers to post video clips for free and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos created by users themselves can be accessed via the Internet portal.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time the affected person accesses any of the individual pages of this website operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the affected person’s information technology system is automatically prompted by the relevant YouTube component to download a representation of the relevant YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the affected person.

If the person concerned is logged in to YouTube at the same time, YouTube recognizes which specific page of our website the person concerned is visiting by calling up a page containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.

What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube at least sets a cookie that stores your IP address and our URL. If you are logged in to your YouTube account, YouTube can associate your interactions on our site with your profile, usually using cookies. This includes information such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your Internet service provider. Other data may include contact information, any ratings, sharing content through social media, or adding to your favorites on YouTube.

If you’re not signed in to a Google Account or YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting is preserved. But much interaction data can’t be stored because fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a registered YouTube account. On the other hand we show cookies that are set with a registered account. The list cannot claim to be complete, because the user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y311200023-1
Purpose: This cookie registers a unique ID to store statistics of the video viewed.
Expiration date: after session end

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google gets statistics about how you use YouTube videos on our website via PREF.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track your GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the bandwidth of the user on our websites (with built-in YouTube video).
Expiration date: after 8 months
Other cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7311200023-
Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile about your interests. This data helps us to display personalized advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: Information about your login data is stored in this cookie.
Expiration date: after 2 years
Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI311200023-
Purpose: This cookie stores your Google Account ID and your last sign-in time in digitally signed and encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiration date: after 3 months

YouTube and Google receive information through the YouTube component that the affected person has visited our website whenever the affected person is logged on to YouTube at the same time as he or she visits our website, regardless of whether or not the affected person clicks on a YouTube video. If the affected person does not want this information to be sent to YouTube and Google, he or she can prevent it from being sent by logging out of his or her YouTube account before visiting our website.

The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.

How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google’s servers. Most of these servers are located in America. You can see exactly where Google’s data centres are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is distributed across the servers. So the data can be retrieved faster and is better protected against manipulation.

Google stores the collected data for different lengths of time. Some data can be deleted at any time, others are automatically deleted after a limited time and some are stored by Google for a longer time. Some data (such as items from „My activity“, photos or documents, products) stored in your Google Account will remain stored until you delete them. Even if you’re not signed in to a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data retention?
Generally, you can manually delete data in your Google Account. With the automatic deletion of location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Whether or not you have a Google Account, you can configure your browser to delete or disable Google cookies. This works in different ways depending on the browser you use. The following instructions will show you how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome    
Safari: Manage cookies and website data with Safari 
Firefox: Delete cookies to remove data that websites have placed on your computer 
Internet Explorer: Delete and manage cookies 
Microsoft Edge: Delete and manage cookies

If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you want to allow it or not. Since YouTube is a subsidiary of Google, there is a common privacy policy. If you’d like to learn more about how we handle your information, we recommend you read the privacy policy at https://policies.google.com/privacy?hl=de.

 If you see a built-in subscription button on our site, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location and your default language. In our test, the following four cookies were set without being logged into YouTube:
 
Name: YSC
Value: b9-CV6ojI5311200023Y
Purpose: This cookie registers a unique ID to store statistics of the video viewed.
Expiration date: after session end
 
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google gets statistics about how you use YouTube videos on our website via PREF.
Expiration date: after 8 months
 
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track your GPS location.
Expiration date: after 30 minutes
 
Name: VISITOR_INFO1_LIVE
Value: 31120002395Chz8bagyU
Purpose: This cookie tries to estimate the bandwidth of the user on our websites (with built-in YouTube video).
Expiration date: after 8 months
 
Note: These cookies were set after a test and cannot claim to be complete.
 
If you are logged into your YouTube account, YouTube may use cookies to store many of your actions/interactions on our site and associate them with your YouTube account. This allows YouTube to learn, for example, how long you have been browsing our site, what type of browser you are using, what screen resolution you prefer, or what actions you perform.
 
YouTube uses this information to improve its own services and offerings and to provide analysis and statistics for advertisers (who use Google Ads).affected person

23. Privacy policy on the use and application of Hotjar

We use Hotjar from Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) on our website to statistically evaluate visitor data. Hotjar is a service that analyses the behaviour and feedback of you as a user on our website through a combination of analysis and feedback tools. We receive reports and visual representations from Hotjar that show us where and how you „move“ around our site. Personal information is automatically anonymized and never reaches Hotjar’s servers. This means that you are not personally identified as a website user and we still learn a lot about your user behavior.

What is Hotjar?
As mentioned in the section above, Hotjar helps us analyze the behavior of our site visitors. Among the tools Hotjar offers are heat maps, conversion funnels, visitor recording, incoming feedback, feedback polls and surveys (for more information, please visit https://www.hotjar.com/). In this way, Hotjar helps us to provide you with a better user experience and service. On the one hand, it provides a good analysis of online behavior, and on the other hand, it gives us good feedback on the quality of our website. Besides all the technical analysis aspects, we also want to know your opinion about our website. And with the feedback tool exactly that is possible.

Why do we use Hotjar on our website?
In recent years, the importance of user experience on websites has increased significantly. And with good reason. A website should be designed so that you as a visitor feel comfortable and find your way around easily. Thanks to Hotjar’s analysis and feedback tools, we can make our website and our services more attractive. Hotjar’s heat maps have proven to be especially valuable for us. Heat maps are a form of presentation for the visualization of data. Hotjar’s heat maps enable us to see exactly what you like to click, tap and scroll to.

What data is stored by Hotjar?
As you browse our website, Hotjar automatically collects information about your user behavior. In order to be able to collect this information, we have installed a tracking code on our website. The following data can be collected via your computer or browser:

  • IP address of your computer (collected and stored in an anonymous format)
  • Screen size
  • Browser info (which browser, which version etc.)
  • Your location (but only the country)
  • Your preferred language setting
  • Visited websites (subpages)
  • Date and time of access to one of our sub-pages (web pages)

Cookies also store data that is placed on your computer (usually in your browser). No personal data is collected in them. In principle, Hotjar does not pass on any collected data to third parties. However, Hotjar expressly points out that it is sometimes necessary to share data with Amazon Web Services. In this case, parts of your information will be stored on their servers. However, Amazon is bound by a confidentiality obligation not to disclose this data.

Only a limited number of people (Hotjar employees) have access to the stored information. The Hotjar servers are protected by firewalls and IP restrictions (access only to approved IP addresses). Firewalls are security systems that protect computers from unwanted network access. They are designed to act as a barrier between Hotjar’s secure internal network and the Internet. Furthermore, Hotjar also uses third-party companies such as Google Analytics or Optimizely for its services. These companies may also store information that your browser sends to our website.

The following cookies are used by Hotjar. Since we refer, among other things, to the cookie list from Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/cookie-information, not every cookie has an exemplary value. The list shows examples of Hotjar cookies used and does not claim to be complete.

Name: ajs_anonymous_id
Value: %2258832463-7cee-48ee-b346-a195f18b06c3%22311200023-5
Purpose: The cookie is usually used for analysis purposes and helps count visitors to our site by tracking whether you have been to this page before.
Expiration date: after one year

Name: ajs_group_id
Value: 0
Purpose: This cookie collects data about user behavior. This data can then be assigned to a specific visitor group based on commonalities of the website visitors.
Expiration date: after one year

Name: _hjid
Value: 699ffb1c-4bfb-483f-bde1-22cfa0b59c6c
Purpose: The cookie is used to maintain a Hotjar user ID that is unique to the site in the browser. This allows user behavior to be associated with the same User ID on subsequent visits.
Expiration date: after one year

Name: _hjMinimizedPolls
Value: 462568311200023-8
Purpose: Whenever you minimize a feedback poll widget, Hotjar sets this cookie. The cookie ensures that the widget is actually minimized when you surf our pages.
Expiration date: after one year

Name: _hjIncludedInSample
Value: 1
Purpose: This session cookie is set to inform Hotjar if you are part of the selected people (sample) that will be used to create funnels.
Expiration date: after one year

Name: _hjClosedSurveyInvites
Purpose: This cookie is set when you receive an invitation to a feedback survey via a pop-up window. The cookie is used to ensure that this invitation only appears once for you.
Expiration date: after one year

Name: _hjDonePolls
Purpose: As soon as you end a feedback „question and answer session“ with the so-called Feedback Poll Widget, this cookie is set in your browser. This prevents Hotjar from sending you the same surveys again in the future.
Expiration date: after one year

Name: _hjDoneTestersWidgets
Purpose: This cookie is used as soon as you enter your data in the „Recruit User Tester Widget“. With this widget we want to hire you as a tester. The cookie is used so that this form does not appear again and again.
Expiration date: after one year

Name: _hjMinimizedTestersWidgets
Purpose: To ensure that the „Recruit User Tester“ really remains minimized on all our pages, once you have minimized it, this cookie is set.
Expiration date: after one year

Name: _hjShownFeedbackMessage
Purpose: This cookie is set when you have minimized or supplemented the incoming feedback. This is done so that the incoming feedback is immediately loaded as minimized when you navigate to another page where it should be displayed.
Expiration date: after one year

How long and where is the data stored?
We have installed a tracking code on our website which is transmitted to the Hotjar servers in Ireland (EU). This tracking code contacts Hotjar’s servers and sends a script to your computer or device that you use to access our site. The script collects certain information relating to your interaction with our site. This data is then sent to Hotjar’s servers for processing. Hotjar has imposed a 365-day data retention period on itself. This means that all data that Hotjar has collected that is older than one year is automatically deleted.

How can I delete my data or prevent data storage?
Hotjar does not store any of your personal data for analysis. The company even advertises with the slogan „We track behavior, not individuals“. You also always have the option to prevent the collection of your data. All you have to do is go to the „Opt-out page“ and click on „Disable Hotjar“. Please note that deleting cookies, using the private mode of your browser or using another browser will result in data being collected again. Furthermore, you can also activate the „Do Not Track“ button in your browser. In the browser Chrome, for example, you have to click on the three bars at the top right and go to „Settings“. There you will find the option „Send a „Do Not Track“ request with browser access“ in the „Privacy“ section. Now just activate this button and no data will be collected by Hotjar.

For more details on the privacy policy and which data is collected by Hotjar in which way, please visit https://www.hotjar.com/legal/policies/privacy?tid=311200023.

24. Privacy policy on the use and application of MailChimp

Like many other websites we use the services of the newsletter company MailChimp on our website. The operator of MailChimp is The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Thanks to MailChimp we can send you interesting news very easily via newsletter. With MailChimp we do not need to install anything and can still draw from a pool of really useful functions. In the following we will go into more detail about this e-mail marketing service and inform you about the most important data protection aspects.

What is MailChimp?
MailChimp is a cloud based newsletter management service. „Cloudbased“ means that we do not have to install MailChimp on our own computer or server. Instead, we use the service via an IT infrastructure – which is available via the Internet – on an external server. This way of using a software is also called SaaS (Software as a Service).

With MailChimp we can choose from a wide range of different types of e-mail. Depending on what we want to achieve with our newsletter, we can run single campaigns, regular campaigns, autoresponders (automatic email), A/B tests, RSS campaigns (sending in predefined time and frequency) and follow-up campaigns.

Why do we use MailChimp on our website?
Basically we use a newsletter service to keep in touch with you. We want to tell you what’s new with us or what attractive offers we have in our program right now. For our marketing activities we always look for the easiest and best solutions. And that is why we have chosen the newsletter management service of Mailchimp. Although the software is very easy to use, it offers a large number of helpful features. So we can create interesting and beautiful newsletters in a very short time. Due to the offered design templates we can create each newsletter individually and thanks to the „Responsive Design“ our content will be displayed legibly and beautifully on your smartphone (or any other mobile device).

Through tools such as the A/B test or the extensive analysis options, we can see very quickly how our newsletters are received by you. This allows us to react if necessary and improve our offer or services.

Another advantage is the „cloud system“ of Mailchimp. The data is not stored and processed directly on our server. We can retrieve the data from external servers and thus save our storage space. In addition, the maintenance effort is significantly lower.

Which data is stored by MailChimp?
The Rocket Science Group LLC (MailChimp) maintains online platforms that allow us to contact you (if you have subscribed to our newsletter). If you become a subscriber of our newsletter via our website, you confirm your membership in an e-mail list of MailChimp by e-mail. To enable MailChimp to prove that you are registered in the „list provider“, the date of registration and your IP address will be saved. Furthermore MailChimp stores your e-mail address, name, physical address and demographic information, such as language or location.

This information is used to send you emails and to enable certain other MailChimp features (such as newsletter analysis).

MailChimp also shares information with third parties to provide better customer service. MailChimp also shares some information with third party advertising partners to better understand the interests and concerns of our customers and to provide more relevant content and targeted advertising.

Through so-called „web beacons“ (which are small graphics in HTML emails), MailChimp can determine whether the email has arrived, whether it has been opened and whether links have been clicked on. All this information is stored on the MailChimp servers. Thus we get statistical evaluations and see exactly how well our newsletter was received by you. This way we can adapt our offer much better to your wishes and improve our service.

MailChimp may also use this information to improve our own service. This can be used, for example, to technically optimize the mailing or to determine the location (country) of the recipients.

The following cookies can be set by Mailchimp. This is not a complete cookie list, but rather an exemplary selection:

Name: AVESTA_ENVIRONMENT
Value: Prod
Purpose: This cookie is necessary to provide the Mailchimp services. It is always set when a user subscribes to a newsletter mailing list.
Expiration date: after session end
 
Name: ak_bmsc
Value: F1766FA98C9BB9DE4A39F70A9E5EEAB55F6517348A7000001311200023-3
Purpose: The cookie is used to distinguish a human from a bot. This enables secure reports on the use of a website to be generated.
Expiration date: after 2 hours
 
Name: bm_sv
Value: A5A322305B4401C2451FC22FFF547486~FEsKGvX8eovCwTeFTzb8//I3ak2Au…
Purpose: The cookie is from MasterPass Digital Wallet (a MasterCard service) and is used to provide a visitor with a secure and easy virtual payment transaction. For this purpose, the user is anonymously identified on the website.
Expiration date: after 2 hours
 
Name: _abck
Value: 8D545C8CCA4C3A50579014C449B045311200023-9
Purpose: We were not able to find out any further information about the purpose of this cookie
Expiry date: after one year
 

Sometimes it can happen that you open our newsletter for a better presentation via a given link. This is the case, for example, if your e-mail program does not work or the newsletter is not displayed correctly. The newsletter will then be displayed on a website of MailChimp. MailChimp also uses cookies (small text files that store data on your browser) on its own websites. Personal data can be processed by MailChimp and its partners (e.g. Google Analytics). This data collection is the responsibility of MailChimp and we have no influence on it. In the „Cookie Statement“ of MailChimp (under: https://mailchimp.com/legal/cookies/) you can read exactly how and why the company uses cookies.

 
How long and where is the data stored?
Since MailChimp is an American company, all collected data is also stored on American servers.
 
In principle, the data remains permanently stored on the servers of Mailchimp and is only deleted when you request it. You can have your contact deleted by us. This will permanently remove all your personal data for us and make you anonymous in the Mailchimp reports. However, you can also request the deletion of your data directly at Mailchimp. Then all your data will be removed there and we will get a notification from MailChimp. After we receive the email, we have 30 days to delete your contact from all connected integrations.
 
How can I delete my data or prevent data storage?
You can withdraw your consent to receive our newsletter at any time within the received e-mail by clicking on the link in the lower area. If you have unsubscribed by clicking on the unsubscribe link, your data will be deleted from MailChimp.
 
If you reach a MailChimp website via a link in our newsletter and cookies are set in your browser, you can delete or deactivate these cookies at any time.
 
Depending on your browser the deactivation or deletion works slightly different. The following instructions show how to manage cookies in your browser:
 
 
If you do not wish to receive cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you want to allow it or not.
 
MailChimp is an active participant in the EU-U.S. Privacy Shield Framework which regulates the correct and secure transfer of personal data. You can find more information on https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&tid=311200023. You can learn more about the use of cookies with MailChimp at https://mailchimp.com/legal/cookies/, information about data protection with MailChimp (Privacy) can be found at https://mailchimp.com/legal/privacy/.
 
MailChimp data processing Contract
We have signed a contract with MailChimp for the Data Processing Addendum. This contract serves to protect your personal data and ensures that MailChimp complies with the applicable data protection regulations and does not pass on your personal data to third parties.
You can find more information about this contract on https://mailchimp.com/legal/data-processing-addendum/.

25. Privacy policy on the use and application of Vimeo

We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can display interesting video material directly on our website. Certain data may be transferred from you to Vimeo. In this privacy statement, we will show you what data is involved, why we use Vimeo, and how you can manage or stop your data or data transfer.

What is Vimeo?
Vimeo is a video platform that was founded in 2004 and since 2007 has enabled the streaming of videos in HD quality. Since 2015 it is also possible to stream in 4k Ultra HD. The use of the portal is free of charge, but content with costs can also be published. In comparison to the market leader YouTube, Vimeo places priority on high quality content in good quality. Thus, the portal offers a lot of artistic content such as music videos and short films on the one hand, but on the other hand also documentations worth knowing about various topics.

Why do we use Vimeo on our website?
The goal of our web presence is to provide you with the best possible content. And as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The Vimeo video service helps us achieve this goal. Vimeo gives us the opportunity to present you with high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here. This extends our service and makes it easier for you to access interesting content. Therefore we offer video content in addition to our texts and images.

What data is stored on Vimeo?
When you visit a website on our website that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, operating system, or very basic device information. In addition, Vimeo stores information about which website you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with a built-in Vimeo function. Vimeo can track and store these actions using cookies and similar technologies.

If you are logged in as a registered member of Vimeo, more data can usually be collected because more cookies may already have been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while you are „surfing“ our website.
 
Below we show you the cookies that are set by Vimeo when you are on a website with integrated Vimeo functions. This list is not exhaustive and assumes that you do not have a Vimeo account.
 
Name: player
Value: „“
Purpose: This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your preferred settings back.
Expiration date: after one year
 
Name: vuid
Value: pl1046149876.614422590311200023-4 
Purpose: This cookie collects information about your actions on websites that have embedded a Vimeo video. 
Expiration date: after 2 years
 
Note: These two cookies are always set once you are on a web page with an embedded Vimeo video. When you view the video and click the button, for example to „share“ or „link“ the video, additional cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Exactly which cookies are set here depends on your interaction with the video.
 
The following list shows a selection of possible cookies that are set when you interact with the Vimeo video:
 
Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember the settings you have made. This could be a preset language, region or user name, for example. In general, the cookie stores information about how you use Vimeo.
Expiration date: after one year
Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause/replay a video.
Expiration date: after one year
 
Name: _ga
Value: GA1.2.1522249635.1578401280311200023-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to differentiate between website visitors.
Expiration date: after 2 years
 
Name: _gcl_au
Value: 1.1.770887836.1578401279311200023-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of ads on websites.
Expiration date: after 3 months
 
Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or promotional products from Facebook or other advertisers.
Expiration date: after 3 months
 
Vimeo uses this data to improve its own service, to communicate with you, and to implement its own targeted advertising measures, among other things. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos, as long as you do not interact with the video.
 
How long and where is the data stored?
Vimeo is headquartered in White Plains, New York State (USA). However, the services are offered worldwide. The company uses computer systems, databases and servers in the USA and in other countries. Your data can therefore also be stored and processed on servers in America. The data will remain stored by Vimeo until the company no longer has an economic reason for storing it. Then the data is deleted or made anonymous. Vimeo complies with the EU-U.S. Privacy Shield Framework and is therefore permitted to collect, use and transfer data from users in the EU to the USA.
 
How can I delete my data or prevent data storage?
You always have the possibility to manage cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. Depending on your browser, this works slightly differently. Please note that after deactivating/deleting cookies, it is possible that various functions will no longer be available to the full extent. The following instructions show you how to manage or delete cookies in your browser.
 
 
If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.
 
Vimeo is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active. You can learn more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy. Information about data protection at Vimeo can be found at https://vimeo.com/privacy.

26. Privacy policy on the use and application of jQuery CDN

In order to deliver our website or all our individual sub-pages (web pages) to you quickly and easily on different devices, we use services from jQuery CDN of the jQuery Foundation company. jQuery is distributed via the Content Delivery Network (CDN) of the American software company StackPath (LCC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA). This service stores, manages and processes personal information about you.

A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected to each other via the Internet. Through this network, content, especially very large files, can be delivered quickly, even during large load peaks.

jQuery uses JavaScript libraries to deliver our website content quickly. A CDN server loads the necessary files. As soon as a connection to the CDN server is established, your IP address is recorded and saved. This only happens if this data has not already been saved in your browser as a result of a previous website visit.

StackPath’s privacy policy explicitly mentions that StackPath uses aggregated and anonymized data from various services (such as jQuery) to enhance security and for its own services. However, this data cannot identify you as a person.

If you do not want this data transfer to occur, you always have the option of installing Java Script blockers such as ghostery.com or noscript.net. You can also simply deactivate the execution of JavaScript codes in your browser. If you decide to deactivate JavaScript codes, the usual functions will also change. For example, a website will no longer load as quickly.

StackPath is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active.

For more information about StackPath’s privacy policy, please visit https://www.stackpath.com/legal/privacy-statement/ and for jQuery, please visit https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf.

27. Privacy policy on the use and application of Userlike

On this website, the controller has integrated components of Userlike UG (haftungsbeschränkt). You can use the live chat as a contact form to chat with our staff in near real time. At the start of the chat, personal data is collected.

  • Date and time of the call,
  • browser type/version,
  • IP address,
  • operating system used,
  • URL of the previously visited website,
  • amount of data sent.
  • First name, last name
  • email address

Depending on the course of the conversation with our employees, further personal data may arise in the chat, which are entered by you. The type of data depends strongly on your request or the problem you describe to us.

All our employees have been and will be trained on the subject of data protection and on the safe and confidential handling of customer data. All our employees are bound to confidentiality and have accordingly signed an addendum to the obligation to maintain confidentiality and to observe data protection in their employee contracts.

When you visit https://mtc.hamburg, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that is executed on your computer and enables the chat.

Furthermore, Userlike stores the chat record. This shall not only spare you the inconvenience of recalling the whole chat history of past chats when you ask for our assistance via live chat but shall also ensure an continuous quality control regarding our live chat. If you do not want to have your chat record stored please contact us and we will delete it immediately. You may find our contact details at the end of this privacy statement.

Further information and the applicable data protection regulations of Userlike UG (haftungsbeschränkt) can be found at https://www.userlike.com/en/terms#privacy-policy.

28. Privacy policy on the use and application of Microsoft Teams

1. PURPOSE OF PROCESSING.
We use the „Microsoft Teams“ tool to conduct conference calls, online meetings, video conferences and/or web conferences (hereinafter: „Online Meetings“). „Microsoft Teams“ is a service provided by Microsoft Corporation.

2. RESPONSIBLE PARTY
The person responsible for data processing directly related to the conduct of „Online Meetings“ is MTC Marine Training Center Hamburg GmbH.

Note: Insofar as you call up the „Microsoft Teams“ Internet page, the „Microsoft Teams“ provider is responsible for data processing. However, calling up the Internet page is only necessary to use „Microsoft Teams“ in order to download the software for using „Microsoft Teams“.

If you do not want to or cannot use the „Microsoft Teams“ app, you can also use „Microsoft Teams“ via your browser. The service will then also be provided via the „Microsoft Teams“ website to this extent.

3. WHAT DATA IS PROCESSED?
When using „Microsoft Teams“, various types of data are processed. In this context, the scope of the data also depends on the information on data you provide before or when participating in an „online meeting“.

The following personal data are subject to processing:

User details: e.g. display name („Display name“), e-mail address if applicable, profile picture (optional), preferred language.

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: you may have the option of using the chat function in an „online meeting“. To this extent, the text entries you make are processed in order to display them in the „online meeting“. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the „Microsoft Teams“ applications.

4. SCOPE OF PROCESSING
We use „Microsoft Teams“ to conduct „online meetings“. If we want to record „online meetings“, we will transparently communicate this to you in advance and – if necessary – ask for consent.

Chat content is logged when using Microsoft Teams. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are stored on the team’s SharePoint site.

Automated decision making as defined in Art. 22 GDPR is not used.

5. LEGAL BASIS OF DATA PROCESSING
Insofar as personal data of employees of MTC Marine Training Center Hamburg GmbH is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of „Microsoft Teams“, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of „Microsoft Teams“, Art. 6 (1) lit. f) GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of „online meetings“.
For the rest, the legal basis for data processing when conducting „online meetings“ is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.
Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective implementation of „online meetings“.

6. RECIPIENTS / DISCLOSURE OF DATA
Personal data processed in connection with participation in „online meetings“ will generally not be disclosed to third parties unless it is specifically intended for disclosure. Please note that content from „online meetings“, as well as from face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.
Other recipients: the provider of „Microsoft Teams“ necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with „Microsoft Teams“.

7. DATA PROCESSING OUTSIDE THE EUROPEAN UNIO
Data processing outside the European Union (EU) does not take place in principle, as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers located outside the EU. This may be the case in particular if participants in „Online Meeting“ are located in a third country.
However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

8. FURTHER INFORMATION ON THE PRIVACY POLICY OF MICROSOFT CORPORATION
https://privacy.microsoft.com/de-de/privacystatement
https://www.microsoft.com/de-de/trust-center

29. Privacy policy on the use and application of evidenz

The evidenz software is our database system, with which we manage our participant data. The developers of the evidenz GmbH have provided us with an online booking system. With this system we can present our current dates on the website and at the same time accept bookings. During the registration process, the entered data will be stored in a database on servers of the evidenz GmbH. This data is then written to a text file and encrypted to our database system, then the data is deleted directly from the servers of evidenz GmbH.

The use of the online booking system has the purpose of transmitting the personal data of visitors to our website protected to us.

Further information and the applicable data protection regulations of evidenz GmbH can be found at https://www.evidenz.de/datenschutzerklaerung/.

30. Legal basis of the data processing

Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the affected person is a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the affected person or another natural person. This would be the case, for example, if a visitor to our company was injured and his or her name, age, health insurance details or other vital information had to be disclosed to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided that the interests, fundamental rights and freedoms of the affected person do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the affected person is a customer of the controller (Recital 47 sentence 2 GDPR).

31. Legitimate interests in data processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.

32. Duration for which the personal data are stored

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract.

33. Legal or contractual provisions making the personal data available; necessity for the conclusion of the contract; obligation of the affected person to provide the personal data; possible consequences of not providing the data

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a affected person provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned makes personal data available, he or she must contact one of our employees. Our employee will inform the affected person on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

34. Existence of automated decision making

As a responsible company, we avoid automatic decision making or profiling.

This privacy policy has been conducted with help by the privacy policy generator of Deutschen Gesellschaft für Datenschutz in cooperation with the lawyers of Kanzlei WILDE BEUGER SOLMECKE | Rechtsanwälte and by the privacy policy generator of AdSimple in cooperation with 123familie.de.

Scroll to Top