PRIVACY STATEMENT

Privacy statement in accordance with GDPR

We treat your personal data in confidence and in accordance with the statutory data protection regulations and this privacy statement.

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection regulations of the Member States, as well as other provisions on data protection, is the

Foundation: Erich und Amanda Neumayer-Stiftung
Address: Langenweg 55, 26125 Oldenburg
Telephone: +49 (0)711 284 643 92
Email: info@neumayer-stiftung.de
Website: www.neumayer-stiftung.de

hereinafter referred to as the “data controller”.

II. Supervisory authority – Landesbeauftragte für den Datenschutz [data protection commissioner]

The role of the data protection commissioner (Landesbeauftragten für den Datenschutz (LfD)) is to monitor adherence to the data protection regulations both by the authorities and other official bodies, as well as by businesses and other non-official bodies in Lower Saxony, and therefore to safeguard the right to informational self-determination.

The responsible authority in Lower Saxony is:

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5
30159 Hannover
Telephone +49 (0) 5 11 1 20-45 00
Fax +49 (0) 5 11 1 20-45 99
https://www.lfd.niedersachsen.de

III. General information about data processing

1. Scope of personal data processing

We only process our users’ personal data in as far as this is necessary for providing a functioning website and our content and services. We generally only process our users’ personal data with the user’s consent. Exceptions apply in such cases where factual reasons make it impossible to obtain prior consent and where legal regulations permit data processing.

2. Legal basis for processing of personal data

If we obtain consent from the person concerned for operations for processing personal data, the legal basis is Art. 6 (1)(a) EU General Data Protection Regulation (GDPR).

Where processing is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 (1)(b) GDPR. This also applies to processing operations that are necessary to take steps prior to entering a contract.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6(1)(c) GDPR.

If processing is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6(1)(c) GDPR.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for the processing is Art. 6(1)(f) GDPR.

IV. Cooperation with processors and third parties

If, as part of our processing, we disclose data to other persons or companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this will only be done if it is allowed by law (e.g. if transmission of data to third parties, such as a payment services provider, is necessary for performance of a contract, pursuant to Art. 6(1)(b) GDPR), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. in cases where representatives, web hosts, etc. are used).

If we instruct third parties to process data on the basis of a
“data processing agreement”, this is done on the basis of Article 28 GDPR.

1. Transfer to third countries

If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or if data are processed in a third country in the context of using third-party services or disclosure or transmission of data to third parties, this will only be done if it is for fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process data or have data processed in a third country in the presence of the special prerequisites of Art. 44 ff. GDPR. I.e. the data are processed e.g. on the basis of special guarantees, such as the officially recognised setting of a level of data protection that corresponds to the EU (e.g. through the “Privacy Shield” for the USA) or adherence to officially recognised special contractual obligations (“standard contractual clauses”).

2. Deletion of data and retention periods

The personal data of the data subjects will be deleted or blocked as soon as the purpose of storage no longer applies. Furthermore data can continue to be stored if this has been provided for by European or national legislators in Union decrees, laws or other regulations to which the controller is subject. Data is also blocked or deleted when a retention period prescribed by the standards referred to expires, unless it is necessary to store the data for longer in order to conclude or fulfil a contract. The data will be blocked and not used for other purposes. This applies e.g. to data that must be stored for reasons under commercial or tax law.

In accordance with legal requirements, storage is for 6/10 years pursuant to § 257 HGB [commercial code] (trading books, inventories, opening balances, annual accounts, commercial papers, accounting documents, etc.), and for 6/10 years pursuant to § 147 AO [tax code] (books, records, status reports, accounting documents, commercial papers and business letters, documents relating to taxation, etc.).

3. Security measures

In accordance with Art. 32 GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, we shall take suitable technical and organisational measures to guarantee a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by monitoring physical access to the data, as well as monitoring access, entry, passing on, safeguarding of availability relating to the data, and separation of the data. Furthermore, we have set up processes to guarantee exercise of data subjects’ rights, deletion of data and a response to threats to data. Furthermore, we take into consideration protection of personal data in the development and/or selection of hardware, software and processes, according to the principle of data protection by design and by default (Art. 25 GDPR).

Security measures include, in particular, encrypted transfer of data between your browser and our server. This also applies to transfer of emails between our server and our clients.

For security reasons and to protect confidential content during transfer, for example transfer of enquiries that you send us as the operator of this website, this website uses SSL encryption. You can tell if a connection is encrypted because the address bar of the browser will change from “http://” to “https:// and a padlock symbol will appear.

If SSL encryption is activated then the data that you send us cannot be read by third parties.

4. Updates and amendments to the privacy statement

Please read our privacy statement regularly. We will amend our privacy statement as soon as this is required by any changes to the way we process data. We will inform you if the changes require cooperation on your behalf (e.g. consent) or if it is otherwise necessary for us to notify you individually.

V. Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights in respect of the controller:

1. Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed.

Where that is the case, you can request access to the following information from the controller:

(1) the purposes of the processing;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you by the controller or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) if the personal data are not collected from you, any available information as to their source;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is being transferred to a third country or an international organisation. In connection with this, you have the right to be informed about appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

This right to access can be restricted if it is expected to render impossible or seriously impair fulfilment of research or statistical purposes and if its restriction is necessary for the fulfilment of research or statistical purposes.

2. Right to rectification

You have the right to obtain from the controller rectification and/or completion if personal data processed concerning you is inaccurate or incomplete. The controller must rectify the data without undue delay.

Your right to rectification can be restricted if it is expected to render impossible or seriously impair fulfilment of research or statistical purposes and if its restriction is necessary for the fulfilment of research or statistical purposes.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where the following conditions apply:

(1) you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of your personal data;

(2) the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or

(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing in accordance with the conditions above, you shall be informed by the controller before the restriction of processing is lifted.

Your right to restriction of processing can be restricted if it is expected to render impossible or seriously impair fulfilment of research or statistical purposes and if its restriction is necessary for the fulfilment of research or statistical purposes.

4. Right to erasure (right to be forgotten)

a) Obligation to erase personal data

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) you withdraw the consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a), and where there is no other legal ground for the processing.

(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) the personal data concerning you have been unlawfully processed. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(5) The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

There is no right to erasure if processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Notification obligation

If you have asserted your right to rectification, deletion or restriction of processing in respect of the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b); and

(2) the processing is carried out by automated means.

In exercising this right, you shall have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you.

Your right to object can be restricted if it is expected to render impossible or seriously impair fulfilment of research or statistical purposes and if its restriction is necessary for the fulfilment of research or statistical purposes.

8. Right to withdraw the declaration of consent under privacy law

You have the right to withdraw your declaration of consent under privacy law at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the data controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or

(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

VI. Provision of the website and creation of log files

1. Description and scope of data processing

Our website is provided by our provider with whom we have concluded a processing contract. Our provider provides us with an infrastructure and storage space on the web server and takes over the technical management of the website.
If you only use our website for information, i.e. if you do not register or send us information in any other way, we only collect the personal data that your browser sends to our server. If you wish to look at our website, we collect the following data that is technically necessary to enable us to display our website for you and to guarantee stability and security:
• IP address (see also: https://en.wikipedia.org/wiki/IP_address),
• Date and time of request,
• Time difference to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code (file transmitted, file not found, etc.),
• Volume of data transmitted,
• Requesting website,
• Browser type/version,
• Operating system and its interface,
• Language and version of the browser software
We are unable to assign this data to a specific person. These data are not merged with other data sources.

2. Legal basis for data processing
The legal basis for temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of the data processing

The system temporarily stores the IP address in order to facilitate delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Data is stored in log files to guarantee the functionality of the website. We also use the data to optimise our website and to guarantee the security of our IT systems. Data is not analysed and evaluated for marketing purposes in connection with this.

Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR is for these purposes.

4. Duration of data retention

The data will be deleted as soon as it is no longer required for fulfilling the purpose of its collection. If data are collected in order to provide the website, they will be deleted when the respective session ends.

If data are stored in log files, they will be deleted after fourteen days at the latest. Data can be stored beyond this time. In this case, the users’ IP addresses will be deleted or obscured so that they can no longer be assigned to the requesting client.

5. Opt-out and removal options

Data collection for providing the website and storage of data in log files is essential for operating the website. Consequently, the user does not have any opt-out options.

VII. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for subsequent retrieval. Cookies can be small files or other types of information storage. Cookies contain characteristic sequences of characters that allow the browser to be clearly identified.

We use session cookies that are only placed on your browser for the duration of the current visit to our website..

This is required for our website to function. For example, this is the only way to save your login status or to enable the shopping basket function and therefore to make using our online offer possible.

A randomly generated, unambiguous identification number, “session ID” is assigned in a session cookie. Cookies also contain information about their origin and duration of storage. These cookies are not able to store any other data. Session cookies are deleted when you finish using our online offer and e.g. log out or close your browser.

We also use cookies on our website that enable analysis of users’ surfing behaviour.

The following data can be transmitted in this way:
• Search terms entered
• Frequency of page views
• Use of website functions

Technical measures are taken to pseudonymise user data collected in this way.

When they view our website, an info banner informs users about the use of cookies for analysis purposes, and refers them to this privacy statement. In connection with this, users are also told how they can adjust their browser settings to prevent placement of cookies.

2. Legal basis for data processing

The legal basis for processing personal data using technical cookies is Article 6(1)(f) GDPR.

The legal basis for processing personal data using analytical cookies with the user’s consent is Article 6(1)(a) GDPR.

3. Purpose of the data processing

The purpose of technical cookies is to make websites easier for users to use. Without the use of cookies we are unable to offer some of the functions of our website. These functions require your browser to be recognised even after you navigate away to a different page.

For example, cookies are required for the following uses:

• Login, shopping basket and order process in an online shop
• To save language settings
• To save currency settings in an online shop
• To save search terms

User data collected using technical cookies will not be used to create user profiles.

We use analytical cookies to improve the quality of our website and its content. Analytical cookies provide us with information about how the website is used so that we can keep improving it.

Our legitimate interest in processing personal data pursuant to Article 6(1)(f) GDPR is for these purposes.

4. Duration of storage, opt-out and removal options

Cookies are placed on the user’s computer and transferred to our website from there. As a user, you therefore have complete control over the use of cookies. You can deactivate or restrict transfer of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, you might not be able to make full use of all of the website’s functions.

5. Information about external cookies

Various marketing companies use cookies to measure reach and for advertising purposes. You can opt out of use of these cookies

• Through the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/),
• The US American site (http://www.aboutads.info/choices) or
• The European site (http://www.youronlinechoices.com/uk/your-ad-choices/).

VIII. Web analysis using Google Analytics

1. Scope of personal data processing

We use Google Analytics on our website. We have instructed Google to evaluate users’ use of our online offer, to compile reports about activities within this online offer and to provide us with other services related to use of this online offer and internet use. This can involve using the data processed to create pseudonymised usage profiles for the users. To do this, Google places a cookie on the internet user’s system. The information generated by the cookie about the user’s use of the online offer is normally transmitted to a Google server in the USA where it is stored.

We use Google Analytics with IP anonymization activated. That means that Google abbreviates users’ IP addresses within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

2. Legal basis for processing of personal data

The legal basis for processing users’ personal data is Article 6(1)(f) GDPR.
Google is certified in accordance with the Privacy Shield agreement and therefore guarantees that it will adhere to the European law on data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

3. Purpose of the data processing

Processing users’ personal data enables us to analyse users’ surfing behaviour. Evaluating the data collected enables us to compile information about use of the individual elements of our website. This helps us to continually improve our website and its user-friendliness. Our legitimate interest in processing data pursuant to Article 6(1)(f) GDPR is also for these purposes. Anonymization of the IP address sufficiently takes into account the user’s interests in protection of their personal data.

4. Duration of data retention

Google erases or anonymises user’s personal data after 14 months.

5. Opt-out and removal options

Cookies are placed on the user’s computer and transferred to our website from there. As a user, you therefore have complete control over the use of cookies. You can deactivate or restrict transfer of cookies by changing the settings in your web browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, you might not be able to make full use of all of the website’s functions.
We offer users of our website the option of opting out of the analysis process. For this purpose, an additional cookie is placed on your system that tells Google not to save the user’s data. If the user erases this cookie from their system, they will have to place the opt-out cookie on their system again.

Deactivating Google Analytics using cookies: alternatively, users can use their browser to communicate to us that we should not undertake any analysis. The Do Not Track technology we use enables users to decide for themselves whether their behaviour is tracked by websites, advertising networks or social networks. If users have activated the setting “I do not want to be tracked” in their browser, nothing will be retrieved from their browser by Google Analytics using an external analysis code.
You can find instructions on Do Not Track at the following addresses, for example:

• Mozilla Firefox
https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
• Google Chrome
https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en-GB
• Safari
https://support.apple.com/en-gb/guide/safari/sfri40732/mac
• Microsoft Internet Explorer 11
https://support.microsoft.com/en-gb/help/17288/windows-internet-explorer-11-use-do-not-track
• Microsoft Edge (Windows 10)
https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy
• Opera
https://help.opera.com/en/latest/security-and-privacy/#tracking

Google also offers a plugin for current browsers. It prevents visitor data from being forwarded to Google Analytics through Google Analytics-JavaScript (ga.js, analytics.js and dc.js) when corresponding pages are retrieved with code from Google Analytics. It does not prevent data from being transmitted to the website or to other web analysis services.
You can find the Google plugin here: https://tools.google.com/dlpage/gaoptout?hl=en-GB
You can find more information about use of data by Google, settings and opt-out options in Google’s privacy statement at 
https://policies.google.com/technologies/ads 
as well as in the settings for displaying advertisements through Google https://adssettings.google.com/authenticated.

IX. Contact form and email contact

1. Description and scope of data processing

Our website features a contact form that can be used for contacting us electronically. If a user uses this option, all of the data entered into the input mask will be transmitted to us and stored.
The following data will also be stored when the message is sent:

• The user’s IP address
• Date and time of registration

We obtain your consent for data processing during the sending process and refer to this privacy statement.

Alternatively, users can contact us using the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

No data will be forwarded to third parties in connection with this. The data are only used for processing the conversation.

2. Legal basis for data processing

If the user’s consent has been obtained the legal basis for processing data is Article 6(1)(a) GDPR.

The legal basis for processing data that is transmitted when an email is sent is Article 6(1)(f) GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

3. Purpose of the data processing

We only process personal data from the input mask to deal with the enquiry. If contact is made by email, the necessary legitimate interest is also in processing of the data.

Other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of data retention

The data will be deleted as soon as it is no longer required for fulfilling the purpose of its collection. With regard to the personal data from the input mask of the contact form and the personal data transmitted by email, this is the case when the respective conversation with the user is finished. The conversation is finished when it can be assumed from the circumstances that the matter concerned has been conclusively resolved.

Additional personal data collected during the sending process is erased after a period of fourteen days at the latest.

5. Opt-out and removal options

The user has the option of withdrawing their consent to processing of their personal data at any time.

If the user contacts us by email, they can opt-out of storage of their personal data at any time, in the same way. In this case it will not be possible to continue the conversation.

In other cases the user must opt out by email or in paper form (letter).
In this case, all personal data stored in the course of the contact will be deleted.

X. Integration of third-party content and services

1. Description and scope of data processing

As part of our online offer, we use offers from third-party providers, in order to incorporate their content and services, such as fonts, graphics, videos, cards, information, etc. In order to display the necessary content, your browser makes a direct connection with the servers of the third-party providers when you visit our website. As a result, the relevant third-party providers obtain information about when this website was used and what content was used, including the user’s IP address. Depending on the service, additional information (e.g. geodata, in the case of a route planner) is sent to the third-party providers.

We do not have any influence over the scope, further processing or use of the data collected by the third-party providers.

Third-party providers often use cookies in order to analyse user behaviour across different websites and to link this information with other sources. This also applies to use of “web beacons”, small invisible graphics that are used for statistical or marketing purposes.

With regard to the actual scope of the data processing, we refer to the privacy statements of the third-party providers.

2. Legal basis for data processing

The legal basis for data processing is Article 6(1)(f) GDPR. Third-party providers that process data outside of the EU process data in accordance with the Privacy Shield agreement.

3. Purpose of the data processing

The purpose of data collection and further processing of data can be found in the privacy statement of the third-party providers.

4. Duration of data retention

The duration of the data retention can be found in the privacy statement of the third-party providers.

5. Opt-out and removal options

You can prevent integration of third-party content and services on our website by deactivating use of Javascript in your browser. You might not be able to make full use of all of our website’s functions if Javascript is deactivated.

With regard to opt-out and removal options, we refer to the privacy statements of the third-party providers.

6. Third-party content and services on this website

We have integrated the following third-party content and services:
Third-party provider content
Fonts from Google Fonts maps from Google Maps Google ReCaptcha security technology Google LLC
1600 Amphitheatre Parkway Mountain View, CA 94043 USA
Privacy statement: https://www.google.com/policies/privacy/ Privacy settings: https://adssettings.google.com/authenticated Privacy Shield agreement: https://www.privacyshield.gov/participant?
id=a2zt000000001L5AAI&status=Active
Fonts from Adobe (Typekit) Adobe Systems Software Ireland Limited 4-6 Riverwalk, Citywest Business Campus Dublin 24
Republic of Ireland

Privacy statements: https://www.adobe.com/uk/privacy/policy.html
https://www.adobe.com/uk/privacy/policies/adobe-fonts.html

Privacy Shield agreement: https://www.privacyshield.gov/participant?
id=a2zt0000000TNo9AAG&status=Active