Privacy: Your right – our commitment

Here you will find the privacy policy for our suppliers and service providers.
Here you will find the privacy policy for prospective customers and clients.

About Us

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

Kemény Boehme Consultants SE
Streitfeldstraße 17-19
81673 Munich

Tel: +49 (0) 89 45 20 56 – 200
Email: info@kbc-consultants.com
Web: www.kbc-consultants.com

Contacting the Data Protection Officer

The data protection officer for the controller is:

DataCo GmbH
Sandstr. 33
80335 Munich
privacy@dataguard.com
Web: www.dataguard.de

General Information on Data Processing

On this page, we provide information about how your personal data is processed on the
website.

How we collect and use your personal data depends on how you interact with us at
or which services you use. We collect, use, or share your personal data
only when we have a legitimate purpose and a legal basis for doing so.

What do we mean by "legal basis"?

Consent ( Art. 6(1)(a) GDPR) – You have given us your consent to process your personal data at
for the specific purpose we have explained to you. You have the right to withdraw your consent at any time at
. For more information on how to withdraw your consent
, please refer to the “Exercising Your Rights” subsections in the following
sections of this Privacy Policy.

Contract ( Art. 6(1)(b) of the GDPR) – We need to use your data to fulfill a contract
that you have with us. Alternatively, it is necessary to use your data because we have asked you to do so
or because you yourself took certain steps before entering into this contract.

Legal obligation (Art. 6(1)(c) of the GDPR) – We are required to use your data to comply with the
Act.

Vital interests (Art. 6(1)(d) of the GDPR) – The processing of your data is necessary
to protect your vital interests or those of another person. For example, to protect you from
serious physical harm.

Public task (Art. 6(1)(e) of the GDPR) – The processing of your data is necessary for
to perform a task carried out in the public interest, or because it is covered by a task laid down by law
, e.g., for a statutory function.

Legitimate interests (Art. 6(1)(f) of the GDPR) – The processing of your data is necessary to support a legitimate interest of
that we or another party have, provided that your own
interests do not override those interests.

Please note that we may not be able to provide you with our website services at
if your data is processed to fulfill a contract or a legal obligation
and you do not provide the requested data.

Sharing of Data and International Transfer

As explained in this Privacy Policy, we use various service providers who help us at
to provide our services and ensure the security of your data. When we use these service providers at
, it is necessary for us to share your personal data with them at
.

We have entered into agreements with all service providers to whom we disclose your data, requiring them to comply with
to protect your data.

If your personal data is transferred outside the EU, we ensure that your
personal data receives an equivalent level of protection, either because the country to which your
data is transferred has an “adequate” data protection standard in accordance with the European
Commission, or by applying another protective measure, such as an enhanced
contractual agreement, i.e., the Standard Contractual Clauses (SCCs) adopted by the European Commission
.

For example, when we use U.S. service providers, we rely either on the SCCs (
) or the EU-U.S. Data Privacy Framework, depending on the provider. You may request a copy of the SCCs we have entered into with our service providers
by sending an email to the email address
provided in this Privacy Policy.

Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. The Right of Access (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you
is being processed. If this is the case, you have the right to access this data and to
the following information:

Purposes of processing
Categories of personal data
Recipients or categories of recipients
Planned retention period or the criteria for determining this period
The existence of the rights to rectification, erasure, restriction, or objection
Right to file a complaint with the competent supervisory authority
Source of the data (if collected from a third party)
Whether automated decision-making, including profiling, is used, along with meaningful information about the logic involved, the scope, and the expected effects
Transfer of personal data to a third country or international organization, if applicable

2. Right to Rectification (Art. 16 GDPR)
If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or supplemented without delay at
.

3. Right to restriction of processing (Art. 18 GDPR)
If any of the following conditions are met, you have the right to request that the processing of your personal data be restricted:

You may contest the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data.
In the event of unlawful processing, you may object to the erasure of the personal data and instead request that the use of the personal data be restricted.
We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise, or defend your legal claims, or
after you have objected to the processing, for the duration of the assessment of whether our legitimate grounds override your interests.

4. Right to erasure (“Right to be forgotten”) (Art. 17 GDPR)
If any of the following grounds apply, you have the right to request the immediate erasure of your personal data at
:

Your data is no longer necessary for the purposes for which it was originally collected.
You have withdrawn your consent and there is no other legal basis for the processing.
You object to the processing and there are no overriding legitimate grounds for the processing, or you object pursuant to Article 21(2) of the GDPR.
Your personal data is being processed unlawfully.
The erasure is necessary to comply with a legal obligation under Union law or the law of the Member State to which we are subject.
The personal data was collected in connection with the information society services offered, in accordance with Article 8(1) of the GDPR.

Please note that the above reasons do not apply if the processing is necessary:

To exercise the right to freedom of expression and information.
To comply with a legal obligation or to perform a task carried out in the public interest to which we are subject.
For reasons of public interest in the area of public health.
For archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes.
To assert, exercise, or defend legal claims.

5. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and
machine-readable format, or to request that it be transmitted to another controller
.

6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or
f GDPR. This also applies to profiling based on these provisions.

If your personal data is processed for the purpose of direct marketing,
you have the right to object at any time to the processing of your personal data
for the purpose of such marketing; this also applies to profiling insofar as it is related to such
direct marketing.

7. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority
if you believe that the processing of your personal data
violates the GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant via
of the status and outcome of the complaint, including the possibility of seeking judicial
redress under Article 78 of the GDPR.

You can find a list of the local supervisory authorities in Germany on the website of the Federal Commissioner for Data Protection (
) at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Hosting of the website and creation of log files

1. Description and Scope of Data Processing
Every time our website is accessed, our system automatically collects data and information from the
computer system of the accessing computer.

The following data is collected in this process:

Information about the browser type and version being used
The user's operating system
The user's Internet service provider
Date and time of access
Websites from which the user's system accesses our website
Websites accessed by the user's system via our website

This data is stored in our system's log files. This data is not stored together with any other personal data belonging to the user.

2. Purpose of data processing
The system must temporarily store the IP address in order to deliver the
website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session
.

Data is stored in log files to ensure the proper functioning of the website. In addition,
uses this data to optimize the website and ensure the security of our
IT systems. The data is not analyzed for marketing purposes in this
context.

3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the General Data Protection Regulation (
).

4. Duration of Storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected
. In the case of data collected for the purpose of providing the website, this occurs when the respective session ends
.

If data is stored in log files, it is retained for no longer than seven days.
Storage beyond this period is possible. In such cases, users’ IP addresses are deleted
or anonymized so that the client that accessed the site can no longer be identified.

5. Exercising Your Rights
The collection of data for the purpose of providing the website and the storage of data in log files is essential for
to operate the website. The user may object to this. Whether the objection to
is successful must be determined through a balancing of interests.

Use of Cookies

1. Description and Scope of Data Processing
When you visit our website, we use technical tools for various functions,
including cookies, which may be stored on your device. When you visit our
website and at any time thereafter, you can choose whether to allow cookies in general or which
specific additional functions you would like to enable. You can make changes in your
browser settings or via our Consent Manager.

Cookies are text files or pieces of information stored in a database that are saved to your hard drive and associated with the browser you are using (
), allowing the entity that sets the cookie to receive certain information (
). Below, we describe the types of cookies we use (
):

We use technically necessary cookies that are required for the technical functioning of the website
. Without these cookies, our website cannot be displayed (correctly) or the
support functions will not work.

The following data is stored and transmitted by technically necessary cookies:

Language settings
Login information
Bot protection (non-personalized)

We use cookies on our website that are not technically necessary. Cookies that are not technically necessary
are text files that are not solely intended to ensure the functionality of the website
, but also collect other data.

The following data is processed through the use of cookies that are not technically necessary:

IP address
Location of Internet users
Tracking of browsing behavior
Technical information about your browser and the devices you use (e.g., language settings, screen resolution), your internet service provider, and the referrer URL (the website or advertisement that directed you to this website)

2. Purpose of Data Processing
The purpose of using technically necessary cookies is to ensure the functionality of our website at
. Some features of our website cannot be provided without the use of cookies
. For these features, it is necessary for the browser to be recognized even after changing pages
.

We require the following technically necessary cookies for the following applications:

Importing language settings
Website functionality
Security

We use non-essential cookies to improve the quality of our website,
, its content, and thereby our reach and efficiency. By setting these
cookies, we learn how the website is used and can thus continuously optimize our offerings. In
particular, these cookies serve the following purposes: statistical analysis (Google Analytics).

3. Legal basis for data processing
The provisions of the German Telecommunications and Telemedia Data Protection Act (
, TTDSG) apply to the storage of information on the end user’s device and/or access to information already stored on the end user’s device at
. If the setting and reading of cookies
is technically necessary, this is done to ensure the functionality of our website
. In this case, the storage of and access to cookies on your
device is based on Section 25(2)(2) of the TTDSG. This storage and access to the
information on your device serve to facilitate your use of our website and
to enable us to offer you our services as you have requested. Some features of our website
do not function without the use of these cookies and therefore could not be provided. The
cookies are generally deleted after the session ends (e.g., logging out or closing the browser) or after
a specified period has elapsed. Information regarding different retention periods for
cookies can be found in the following sections of this Privacy Policy.

To the extent that cookies are used that are not technically necessary, this is done on the basis of your
explicit consent, which you can provide via the cookie banner. The legal basis for the
storage of and access to information in this case is Section 25(1) of the German Teleservices Data Protection Act (TTDSG) in conjunction with Article 6(1)(a) and
Article 7 of the General Data Protection Regulation (GDPR). You may revoke your consent at any time with future effect or subsequently grant it again at
by configuring your cookie settings accordingly. Alternatively, at
, you can prevent the storage of cookies by adjusting the settings of your browser software at
. Please note that the browser settings you configure only apply to the browser in question (
). If personal data is processed following the storage of and access to information on your device (
), the provisions of the GDPR apply (
). You can find further information on this in the following sections of this privacy policy (
).

4. Exercising Your Rights
You can withdraw your consent to the use of cookies at any time and manage your
consent preferences via the following link: You can manage cookies at any time using the
Consent Manager (see the fingerprint icon in the left corner of the page).

Email Contact

1. Description and Scope of Data Processing
You can contact us via the email address provided on our website. In
this case, the user’s personal data transmitted via email will be stored.
The data will be used exclusively for the purpose of handling the correspondence.

2. Purpose of data processing
If you contact us via email, this also constitutes the necessary legitimate interest in the processing of the data
.

3. Legal basis for data processing
The legal basis for processing the data transmitted when sending an email to
is Article 6(1)(f) of the GDPR. Our legitimate interest is to provide the best possible response to the inquiry you send via email to
.

If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing of
is Article 6(1)(b) of the GDPR.

4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected
. For personal data sent via email, this is the case
once the relevant conversation with the user has ended. The conversation is considered ended when
it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Any additional personal data collected during the submission process will be deleted no later than
after a period of seven days.

5. Exercising Your Rights
If a user contacts us via email, they may object to the storage of their personal data
at any time. In such a case, the conversation cannot be continued.
info@kbc-consultants.com
All personal data stored in the course of the contact will be deleted in this
case.

Application via email and application form

1. Description and Scope of Data Processing
Our website features an application form that can be used to submit an electronic application to
. If an applicant uses this option, the data entered in the form at
is transmitted to us and stored. This data includes:

Last name
First name
Phone / Cell phone number
Email address
Desired salary
Resume
Photo
Gender, personalized cover letter, personalized note

Alternatively, you can also send us your application via email. In that case, we will collect your
email address and the information you provide in the email.

After you submit your application, you will receive an email from us at
confirming that we have received your application materials.

Your data will not be shared with third parties. The data will be used exclusively for processing your application at
.

2. Purpose of Data Processing
We process the personal data provided in the application form solely for the purpose of
processing your application. If you contact us via email, this also constitutes the necessary
legitimate interest in processing the data.

The other personal data processed during the submission process is used to prevent misuse of the application form at
and to ensure the security of our IT systems at
.

3. Legal basis for data processing
The legal basis for the processing of your data is the initiation of a contract at the request of the data subject
, in accordance with Article 6(1)(b)(1) of the GDPR and Section 26(1)(1) of the BDSG.

4. Retention Period
After the application process is complete, the data will be retained for up to 6 months. Your data will be deleted no later than
after the 6-month period has expired. In the event of a legal obligation, the data
will be retained in accordance with applicable regulations.

Any additional personal data collected during the submission process will be deleted no later than
after a period of seven days.

Use of company profiles on professional networking sites

1. Scope of Data Processing
The company website is used for job applications, information/PR, and active sourcing. We have no information regarding the processing of your personal data by the companies jointly responsible for the company website
. For more information, please see the privacy policy at
from:

LinkedIn
XING

On our website, we provide information and offer users the opportunity to communicate via
.

The company website is used for job applications, information/PR, and active sourcing.

We do not have any information regarding the processing of your personal data by the companies jointly responsible for the website
. For more information, please visit
and review the privacy policy of:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
XING: https://privacy.xing.com/de

If you participate in an activity on our company page (e.g., comments, posts, likes, “
,” etc.), you may be making personal information (e.g., your real name or photo from your
user profile) publicly available.

2. Legal basis for data processing
The legal basis for processing personal data for the purpose of communicating with
customers and prospective customers is Article 6(1)(f) of the GDPR. Our legitimate interest
is to respond to your inquiry in the best possible way and to provide the requested information
.

If the purpose of the contact is to enter into a contract, the additional legal basis for the processing of
is Article 6(1)(b) of the GDPR.

3. Purpose of Data Processing
Our website is intended to inform users about our services. At
, users are free to disclose personal data through their activities.

4. Duration of storage
The data generated by the company website is not stored in our own systems
.

5. Exercising Your Rights
You may object at any time to the processing of your personal data that we collect in connection with your use of our
website and exercise your rights as a data subject
as outlined in the “Your Rights” section of this Privacy Policy. To do so, please send us
an informal email to the email address provided in this Privacy Policy. For more information on exercising your rights, please visit:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
XING: https://privacy.xing.com/en

Hosting

The website is hosted on servers by a service provider we have engaged.
Our service provider is: Lima City, operated by TrafficPlex GmbH

TrafficPlex GmbH
Konsul-Smidt-Str. 90
28217 Bremen
Managing Director: Phillipp Röll
VAT ID: DE274078422
Bremen Commercial Register: B 26671

For more information, please refer to the provider's privacy policy: https://www.limacity.de/juristisches#datenschutzerklaerung

The servers automatically collect and store information in so-called server log files, which your
browser automatically transmits when you visit the website. The information stored includes:

Information about the browser type and version being used
The user's operating system
The user's Internet service provider
Date and time of access
Websites from which the user's system accesses our website
Websites accessed by the user's system via our website

This data is not combined with other data sources. The collection of this data at
is based on Article 6(1)(f) of the GDPR. Our legitimate interest in processing this data at
is to ensure that our website displays correctly and to optimize its functionality at
.

The website's server is physically located in Germany.

Geotargeting

We use the IP address and other information provided by the user (specifically
and the ZIP code provided during registration or when placing an order) to target specific geographic regions (known as
“geotargeting”).

For example, regional targeting is used to automatically display regional offers or
advertisements that are often more relevant to users. The legal basis for the use
of the IP address and, where applicable, other information provided by the user (in particular the ZIP code) is
Article 6(1)(f) of the GDPR, based on our interest in ensuring more precise targeting
and thereby providing offers and advertisements that are more relevant to users.

In this process, part of the IP address and the additional information provided by the user
(specifically the ZIP code) are merely read and not stored separately.

You can prevent geotargeting by using a VPN or proxy server, for example, which prevent
from determining your exact location. Additionally, depending on the browser you are using, you can also disable location tracking in the corresponding browser settings (if supported by the browser) at

.

We use geotargeting on our website for the following purposes: Google Analytics.

Integrated third-party services

We use various service providers to deliver the services we offer on our website,
.

In general, we have a legitimate interest in sharing your data with the relevant service providers at
if these services are essential for providing the core service offered on the
website.

If such services are required for additional services, enhanced features, or other purposes
, your personal data will only be shared with service providers if you give your
consent.

Here, you can withdraw your consent to the use of integrated third-party services at any time and manage your consent settings at
: You can manage cookies at any time using the Consent Manager (see the
Fingerprint icon in the left corner of the page).

Use of Google Ads Remarketing

1. Scope of Personal Data Processing
We use Google Ads Remarketing provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA
94043, USA, and its representative in the European Union, Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5,
Dublin, Ireland (hereinafter referred to as “Google”). Google Remarketing is used to re-engage visitors to the
website for advertising purposes via Google Ads. With the help of Google Ads
Remarketing, target groups (“Similar Audiences”) can be created, such as those who have visited certain pages
. This makes it possible to identify the user on other websites and display targeted advertising
. Google places a cookie on the user’s computer for this purpose. This allows personal data to be stored and analyzed, particularly the user’s activity (specifically which pages were visited and which elements were clicked),
device and browser information (in particular the IP address and the operating system), data about the
advertisements displayed (in particular which advertisements were displayed and whether the user
clicked on them), and also data from advertising partners (in particular pseudonymized user IDs).
For more information on how Google processes this data, please visit:
https://policies.google.com/privacy?gl=DE&hl=de

2. Purpose of Data Processing
The purpose of processing personal data is to target a specific audience at
. Cookies stored on users’ devices recognize them when they visit a
website and can therefore display advertisements tailored to their interests.

3. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is generally the user’s
consent pursuant to Article 6(1)(a) of the GDPR.

4. Retention Period
Your personal information will be retained for as long as necessary to fulfill the purposes described in this
Privacy Policy or as required by law, e.g., for
tax and accounting purposes.

5. Exercising Your Rights
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent at
does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal
.
You can prevent the collection and processing of your personal data by Google by
disabling the storage of third-party cookies on your computer, using the “Do Not
Track” feature of a compatible browser, disabling the execution of script code in your browser
, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
You can also prevent the collection of data generated by the cookie and related to your use of the
website (including your IP address) by Google, as well as the processing of this data
by Google, by downloading and installing the browser plugin available at the following link
: https://tools.google.com/dlpage/gaoptout?hl=de.
You can disable the use of your personal data by Google
via the following link: https://adssettings.google.de.
Further information on options for objection and removal regarding Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de.

Use of Google Analytics 4 (GA 4)

1. Scope of Personal Data Processing
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow-
-Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

Google Analytics tracks, among other things, how website visitors use our site. To do this, Google places cookies
on your device. During your visit, user behavior is recorded in the form of “events.” This
allows personal data to be stored and analyzed, including:

First visit to the website
Interaction with the website, user journey
Clicks on external links
Video usage
File downloads
Ad impressions and clicks
Scroll behavior (when reaching the bottom of the page)
Searches on the website
Language selection
Page views
Location (Region)
Your IP address (in abbreviated form)
Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
Your Internet service provider
Referrer URL

We use the User ID feature. With the help of the User ID, we can assign a unique, persistent ID to one or more sessions (and the
activities within those sessions) and analyze user behavior
across devices.

By default, IP address anonymization is enabled in GA 4. This means that your IP address is truncated by Google (
) within the member states of the European Union or other signatory states to the
Agreement on the European Economic Area. In exceptional cases—and only rarely
—the full IP address is transmitted to a Google server in the U.S. and truncated there. Google
states that the IP address transmitted by your browser is not merged with
other Google data within the scope of Google Analytics.

For more information about how Google processes data, please visit:
https://policies.google.com/privacy

2. Purpose of data processing
We use GA 4 to analyze the use of our website and to generate reports
on activity on our site. These reports are used to analyze the performance
of our website and to serve targeted advertisements to individuals who have already expressed an initial
interest by visiting our site.

3. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is generally the user’s consent pursuant to Article 6(1)(a) of the GDPR (
).

4. Retention Period
Your personal data will be deleted after 2 months. This deletion is performed automatically once a month
.

5. Exercising Your Rights
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent at
does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal
. You can withdraw your consent via our Cookie Consent Tool.
You can prevent the collection and processing of your personal data by Google by
blocking the storage of third-party cookies on your computer, using the “Do Not
Track” feature of a compatible browser, disabling the execution of script code in your browser
, or installing a script blocker such as NoScript (https://noscript.net) or Ghostery
(https://www.ghostery.com) in your browser.
For more information on options to object to and remove Google tracking, please visit:
https://policies.google.com/technologies/partner-sites.
You can also prevent the collection of data generated by the cookie and related to your use of the
website (including your IP address) by Google, as well as the processing of this data
by Google, by downloading the browser plugin available at the following link
and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.
You can disable the use of your personal data by Google
via the following link: https://adssettings.google.de.

Use of Vimeo

1. Scope of Personal Data Processing
We use the plugin from the video portal Vimeo, operated by Vimeo Inc., 555 West 18th Street, New York, New York
10011, USA. Vimeo is an online video streaming portal. When you visit our website, your browser at
establishes a connection with Vimeo’s servers in the United States. Information about your visit to our website
and your IP address is transmitted to Vimeo.
This occurs regardless of whether you have a Vimeo account and whether you are logged in to it.
If you are logged in, Vimeo can link the collected data to your account.
For more information on how Vimeo processes data, please visit:
https://vimeo.com/privacy.

2. Purpose of data processing
The Vimeo plugin is used to provide and embed videos.

3. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is generally the user’s
consent pursuant to Article 6(1)(a) of the GDPR.

4. Retention Period
Your personal information will be retained for as long as necessary to fulfill the purposes described in this
Privacy Policy or as required by law.

5. Exercising Your Rights
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent
does not affect the lawfulness of the processing
carried out on the basis of your consent prior to its withdrawal.
You can prevent the collection and processing of your personal data by Vimeo by blocking the storage of third-party cookies on your computer, using the “Do Not Track” feature of a compatible browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
For more information on options to object to or remove Vimeo tracking, please visit:
https://vimeo.com/privacy.

Using Wordfence Security

1. Scope of Personal Data Processing
Our website uses features provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA
(hereinafter referred to as “Defiant”). Wordfence Security secures our website and thereby protects visitors to
from viruses and malware. When you visit a page with the plugin, a direct connection is established between your computer and the Defiant server via
. To determine whether the visitor is a human or a bot, the plugin sets cookies. This may result in the storage and analysis of additional personal data, particularly device and browser information (specifically the IP address and operating system).

It is possible to analyze the behavior based on the notifications sent (e.g., how
often a page is accessed). For the purpose of protection against brute-force and DDoS attacks or
comment spam, IP addresses are stored on the Wordfence servers. IP addresses classified as harmless
are placed on a whitelist.
For more information on how Defiant processes data, please visit:
https://www.wordfence.com/privacy-policy/.

2. Purpose of data processing
This website uses the plugin to protect against viruses and malware and to defend against attacks by
cybercriminals.

3. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is generally the user’s
consent pursuant to Article 6(1)(a) of the GDPR.

4. Duration of Storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this
Privacy Policy or as required by law, e.g., for
tax and accounting purposes.

5. Exercising Your Rights
You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawing your consent via
does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal
.
You can prevent the collection and processing of your personal data by Wordfence Security
by blocking the storage of third-party cookies on your computer, using the “Do Not Track” feature of a compatible browser
, disabling the execution of script code in your browser
, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
For more information on options to object to or remove Wordfence Security
, please visit: https://www.wordfence.com/privacy-policy/.

Using WPML

1. Scope of Personal Data Processing
We use WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter referred to as
WPML). WPML is a multilingual plugin for WordPress. We use WPML to display our
website in different languages. When you visit our website
, WPML stores a cookie on your device to save your selected language setting
. This may result in the storage and analysis of personal data, particularly
the user’s activity (specifically which pages were visited and which elements
were clicked on) as well as device and browser information (specifically the IP address and the
operating system).
For more information on how WPML processes data, please visit:
https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/

2. Purpose of processing personal data
We use WPML to make our website available in multiple languages.

3. Legal basis for the processing of personal data
The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest
is to address visitors to our website in their native language.

4. Duration of Storage
WPML stores cookies on your device. For information on how long cookies are stored, please visit
at: https://wpml.org/documentation/privacy-policy-and-DSGVO-compliance

5. Exercising Your Rights
You can prevent WPML from collecting and processing your personal data
by blocking third-party cookies on your computer, using the “Do Not
Track” feature of a compatible browser, disabling script execution in your browser
, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
For more information on options to object to or remove WPML, please visit:
https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/.

Use of Google Tag Manager

1. Scope of the processing of personal data
We use Google Tag Manager (https://www.google.com/intl/de/tagmanager/) provided by Google LLC, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the European Union, Google Ireland Ltd.,
Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as “Google”). Google
Tag Manager allows tags from Google and third-party services to be managed and bundled for embedding on a
website. Tags are small code elements on a website that, among other things, serve to measure visitor numbers and behavior, track the impact of online advertising and
social media channels, implement remarketing and targeting, and
test and optimize websites. When a user visits the website, the current
tag configuration is sent to the user’s browser. It contains instructions on which tags
should be triggered. Google Tag Manager triggers other tags, which may in turn collect data
. You can find information on this in the sections regarding the use of the relevant services
in this privacy policy. Google Tag Manager does not access this data.
For more information about Google Tag Manager, please visit
https://www.google.com/intl/de/tagmanager/faq.html and Google’s privacy policy at
: https://policies.google.com/privacy?hl=de.

2. Purpose of Data Processing
The purpose of processing personal data is to ensure the systematic and transparent management of
and the efficient integration of third-party services.

3. Legal basis for the processing of personal data
The legal basis for the processing of users’ personal data is generally the user’s
consent pursuant to Article 6(1)(a) of the GDPR.

4. Duration of Storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this
Privacy Policy or as required by law.
Advertising data in server logs is anonymized by Google, which, according to its own statements, deletes parts of the IP address
and cookie information after 9 or 18 months, respectively.

5. Exercising Your Rights
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent at
does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal
.
You can prevent the collection and processing of your personal data by Google by
disabling the storage of third-party cookies on your computer, using the “Do Not
Track” feature of a compatible browser, disabling the execution of script code in your browser
, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
You can also prevent the collection of data generated by the cookie and related to your use of the
website (including your IP address) by Google, as well as the processing of this data
by Google, by downloading and installing the browser plugin available at the following link
: https://tools.google.com/dlpage/gaoptout?hl=de.
You can disable the use of your personal data by Google
via the following link: https://adssettings.google.de.
Further information on options for objection and removal regarding Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de.

Use of Cookiebot

1. Scope of Personal Data Processing
We use features of the Cookiebot cookie consent solution provided by Cybot A/S, Havnegade 39, 1058
Copenhagen, Denmark (hereinafter referred to as “Cybot”).
Cookiebot offers a software solution that handles the collection of consent for cookie use
as well as the tracking of online users. Cookiebot informs users of our website
about the cookies used on our website. You also have the option to disable cookie groups
, with the exception of functional
cookies (which are necessary for the smooth display of our website). We are required to document your consent or refusal in accordance with Art. 7(1) GDPR at
.
In particular, the following personal data is processed by Cybot:

The end user's IP address in anonymized form (the last three digits are replaced with '0').
Date and time of consent.
The end user's browser.
The URL for which consent has been granted.
An anonymous, random, and encrypted key.
The end user's consent status, which serves as proof of consent.

Cybot cookies are stored on your device.
The key and consent status are also stored in the end user’s browser in the “CookieConsent” cookie
, so that the website can automatically read and honor the end user’s consent for all subsequent page requests
and future end user sessions for up to 12 months. The key
is used to verify consent and to check whether the consent status stored in the end user’s browser at
remains unchanged compared to the original consent that was transmitted to Cybot via
.
If the “bulk consent” feature is enabled to manage consent for multiple websites via
with a single end-user consent, Cybot also stores an additional separate, random,
unique ID along with the end-user’s consent. If all of the following criteria are met, this
key is stored in encrypted form in the “CookieConsentBulkTicket” cookie in the end-user’s browser.
All data is hosted in an Azure data center operated by the cloud provider Microsoft Ireland Operations Ltd,
South County Business Park, One Microsoft Court, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland,
.
For more information on how Cybot processes data, please visit:
https://www.cookiebot.com/de/privacy-policy/.

2. Purpose of data processing
We use Cookiebot to create and display cookie notices for end users
and to store and display cookie scan reports in the privacy policy. This enables us
to fulfill our information obligations under Articles 13 and 14 of the GDPR
toward the users of our website, as well as to obtain and document
consent to the use of cookies in compliance with data protection laws.
Furthermore, we use Cookiebot to obtain aggregated information about the selection decisions made by
end users regarding accepted cookie types and a graphical representation of this in the Service Manager
.

3. Legal basis for the processing of personal data
The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest
lies in the purposes of data processing listed under 2. The interests and rights of
users are appropriately safeguarded through the anonymization of IP addresses.

4. Duration of Storage
Cybot will store your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy at
or as required by law,
e.g., for tax and accounting purposes.
The cookies used by Cookiebot are stored on users’ devices for up to 12 months
.

5. Exercising Your Rights
You can prevent Cybot from collecting and processing your personal data
by blocking third-party cookies from being stored on your computer, using the “Do Not
Track” feature of a compatible browser, disabling script execution in your browser
, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery
(https://www.ghostery.com) in your browser.
For more information on options to object to or remove Cybot tracking, please visit:
https://www.cookiebot.com/de/privacy-policy/.

Use of Borlabs Cookies

1. Scope of Personal Data Processing
We use Borlabs Cookie, a tool for managing cookie consent provided by
Borlabs GmbH, 22305 Hamburg, Germany. Borlabs Cookie helps us manage and document the consent of website
visitors regarding cookies and similar technologies. When visitors interact with the consent banner at
, Borlabs Cookie processes data, including their cookie
preferences, device and browser information, IP address, and consent history. This data is essential for us at
to comply with legal requirements and respect the privacy preferences
of our visitors.

2. Purpose of Data Processing
The primary purpose of using Borlabs cookies is to enable our website
to comply with the legal obligations under the GDPR and the TTDSG. By effectively managing cookie consents
, we ensure that our website respects our visitors’ decisions
regarding data protection and the use of cookies and related technologies
.

3. Legal basis for the processing of personal data
The processing of personal data by Borlabs Cookie is based on the legal requirement
to obtain and document the consent of website visitors for the use of cookies and similar technologies
in accordance with Article 6(1)(c) of the GDPR and Section 25 of the TTDSG.

4. Duration of storage
The personal data collected by Borlabs’ cookie is stored for as long as
needs it to document consent and comply with legal obligations. The
retention period is determined by legal requirements for the documentation of consent
. The data will be securely deleted as soon as it is no longer needed for its intended purpose
or when the statutory retention periods expire.

5. Exercising Your Rights
For more information on how Borlabs Cookie processes personal data and on visitors’ rights, please refer to the Borlabs Cookie Privacy Policy at: https://de.borlabs.io/datenschutz/

Use of visitor management software

1. Scope of Personal Data Processing
We use Vizito, a visitor management platform provided by Vizito BV, Hasseltweg 408, 3600 Genk, Belgium. The tool is used to manage and organize visitor data in order to ensure efficient and secure visitor registration at our facilities.

2. Purpose of Data Processing
The purpose of data processing is to efficiently manage visitor traffic, meet security requirements, and ensure a professional visitor experience.

3. Legal basis for the processing of personal data
Vizito processes personal data based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR. This legitimate interest lies in the efficient organization and management of visitor data, compliance with legal security requirements, and the improvement of visitor management.

4. Duration of Storage
The personal data collected by Vizito is stored only for as long as necessary to organize and track visits and for as long as there is a legitimate interest in retaining this data. Once the purpose of data collection has been fulfilled or the legitimate interest no longer applies, the data is securely deleted or anonymized, unless there are legal retention requirements.

5. Exercising Your Rights
You can prevent Vizito from collecting and processing your personal data by blocking third-party cookies on your computer, using the “Do Not Track” feature of a compatible browser, disabling script execution in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com).

For more information about your rights and how Vizito processes personal data, please see Vizito’s Privacy Policy.

This privacy policy was created with the assistance of DataGuard.