Skip to content
    en
    en

    PRIVACY STATEMENT

    for all websites and webpages of, and for the newsletter of, the BüchnerBarella group of companies

    We appreciate your interest in our online offer. Since your data, your trust and your satisfaction are very important to us and the protection of personal data is more to us than mere compliance with legal requirements, we ask you to read the following data protection declaration carefully.

     

    1. General Information

    While using our website, you can trust that we will handle the data you entrust to us responsibly and will not pass it on to third parties without authorization.
    The protection of your personal data has a particularly high priority for us. The processing of personal data, for example the name, address, e-mail address or telephone number of a person, is always in accordance with applicable data protection law.

    The following data protection declaration is intended to inform you about the type, scope and purpose of the processing of personal data within our online offer, in mobile applications and within our online presences and social media presences (hereinafter collectively referred to as "online offer"). With regard to the terms used in our data protection declaration, such as "processing" or "controller", we refer to the definitions in the General Data Protection Regulation (see Art. 4 GDPR). Furthermore, we want to inform you about the rights to which you are entitled, the so-called data subject rights.

    Terms used are not gender specific.

    As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Despite all due care, security gaps can occur in Internet-based data transmission, so that absolute protection cannot be guaranteed. This means that absolute protection cannot be guaranteed by us either. For this reason, you are of course free to transmit personal data to us by alternative means, for example by telephone.

    2. Responsible party

    The responsible party for data processing within the meaning of the GDPR and the BDSG (German Federal Data Protection Act) is:
    BüchnerBarella Holding GmbH & Co. KG
    Christina Holzinger, Joachim Lenoir, Benno Walter, Andreas Zelmer
    Lonystraße 9
    35390 Gießen
    Phone: +49 (0) 641 7959-16
    Fax: +49 (0) 641 7959-19
    E-Mail: kontakt@buechnerbarella.de
    Website: www.buechnerbarella.de

    The data protection officer of the party responsible for the data processing (controller) is:
    E-Mail: datenschutz@buechnerbarella.de
    www.deutsches-datenschutz-institut.de

    You can also reach our data protection officer per mail at the above-mentioned company address with the addition of "data protection officer".

    3. Overview of the processing/h5>

    The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

    Categories of data subjects:
    The following categories of persons are affected by the data processing in the context of visiting our website: Customers, interested parties, communication partners, users, business and contractual partners, clients, employees.

    Types of data processed:
    The following categories of personal data are processed: Inventory data, contact data, content data, contract data, usage data, meta and communication data.

    Purposes of processing:
    We process your personal data for the following purposes: provision of contractual services and customer service, contact requests and communication, security measures, direct marketing, reach measurement, office and organizational operations, remarketing, conversion measurement, click tracking, targeting, managing and responding to requests, feedback, marketing, profiles with user-related information, providing our online offer and user-friendliness.

    4. Relevant legal bases

    Below you will find an overview of the legal basis of the GDPR on the basis of which we process your personal data. Please note that in addition to the provisions of the GDPR, national data protection laws may apply in your or our country of residence or domicile:

    • Consent (Art. 6 para. 1 p. 1 lit. a GDPR): The data subject has given his/her consent to the processing of his/her personal data for a specific purpose or purposes.
    • Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b GDPR): Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
    • Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
    • Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR): Processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
    5. Safety measures

    In accordance with legal requirements, taking into account the state-of-the-art, the implementation costs and the type, scope, context and purposes of the processing, as well as the different probabilities of occurrence and the extent of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures (TOM) to ensure a level of protection appropriate to the risk.
    These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as access, entry, disclosure, ensuring availability and segregation. In addition, we have procedures in place to ensure the exercise of data subject rights, deletion of data and responses to data threats. Furthermore, we already take into account the protection of personal data when developing or selecting hardware, software and procedures according to the principle of data protection through technology design and through data protection-friendly default settings.

    SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

    6. Transfer of personal data

    In the course of processing personal data, the data may be transferred to or disclosed to other entities, companies, legally independent organizational units or persons. Recipients of this data may be, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

    Data transfers within our group: We may transfer personal data to other companies within our group or grant them access to this data. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate corporate and business interests or occurs if it is necessary for the fulfillment of our contractual obligations or if the consent of the data subject or a legal permission has been obtained.

    The following companies in our group may be recipients of data:

    BüchnerBarella Versicherungsmakler GmbH
    Jägerweg 1
    76532 Baden-Baden

    BüchnerBarella Versicherungsmakler GmbH
    Hakenort 37
    33609 Bielefeld

    BüchnerBarella Versicherungsmakler GmbH
    Steinhalde 131
    79117 Freiburg

    BüchnerBarella Versicherungsmakler GmbH
    Lonystraße 9
    35390 Gießen

    BüchnerBarella Assekuranzservice GmbH
    Lonystraße 9
    35390 Gießen

    BüchnerBarella Consulting GmbH
    Lonystraße 9
    35390 Gießen

    BüchnerBarella Versicherungsmakler GmbH
    Bleichenbrücke 9
    20354 Hamburg

    BüchnerBarella Versicherungsmakler GmbH
    Westring 295
    44629 Herne

    BüchnerBarella Versicherungsmakler GmbH
    Theodor-Heuss-Straße 53
    85055 Ingolstadt

    BüchnerBarella Versicherungsmakler GmbH
    Holunderweg 28
    50858 Köln

    BüchnerBarella Versicherungsmakler GmbH
    Seeburgstraße 100
    04103 Leipzig

    BüchnerBarella Versicherungsmakler GmbH
    Königstraße 349
    32427 Minden

    BüchnerBarella Versicherungsmakler GmbH
    Haldystraße 1B
    66123 Saarbrücken

    BüchnerBarella Versicherungsmakler GmbH
    Eurener Straße 196-198
    54294 Trier

    BüchnerBarella Versicherungsdienst GmbH
    Eurener Straße 196-198
    54294 Trier

    BüchnerBarella Versicherungsmakler GmbH
    Kotzinger Straße 21
    83278 Traunstein

    BüchnerBarella Versicherungsmakler GmbH
    Ottobrunner Straße 39
    82008 Unterhaching

    Expendo Consulting GmbH
    Hühnerweg 17
    60599 Frankfurt

    Data processing in third countries: When you visit our website, we may also process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)), or processing may take place in the context of the use of third party services or the disclosure or transfer of data to other persons, bodies or companies. However, this will only be done in accordance with the law.

    Subject to express consent or contractual or legal transfer obligations, we only process or have data processed in third countries with a recognized level of data protection, or contractually commit ourselves through so-called standard protection clauses of the EU Commission, or there are certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

    External links to third-party websites: We may also include external links to third-party websites. Please note that we are not responsible for their operation, including any data processing that takes place there.

    When you click on one of these links, you are sending information to or through such third party websites. We recommend that you check the privacy notices of these websites before sending them any information that can be personally attributed to you.

    7. Data deletion

    The data we process will be deleted in accordance with the statutory provisions, as soon as you revoke your consent to the processing or when other permissions cease to apply (e.g. if the purpose of the processing ceases to apply or the data is no longer required for the purpose).

    If the data is not deleted because it is required for other legally permissible purposes, processing is limited to these purposes. This means that the data is being blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. As part of our data protection information, we may provide users with further information on the deletion and retention of data that specifically relates to the processing in question.

    8. Use and application of cookies

    We also use cookies on our Internet pages. Cookies are small files or other storage references that store information on end devices via your internet browser and read information from the end devices. This can be done, for example, to save the login status in a user account, the content accessed, or the functions used in an online offer. Cookies can be used for various purposes, e.g. for the purpose of functionality, security and comfort of online offers as well as the creation of analyses of visitor flows. Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored.

    Through the use of cookies, we can provide the users of our website with more user-friendly services that would not be possible without the cookie setting. By using a cookie, the information and offers on our website can be optimized in the interests of the user. Cookies enable us, for example, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.

    Notes on the legal basis: The legal basis under data protection law on which we process users' personal data using cookies depends on whether or not we ask users for their consent. If a user consents, the legal basis for processing the data is the declared consent. Otherwise, the processing of data processed using cookies is based on our legitimate interests (e.g. in the economic operation of our online service and in improving its user-friendliness) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to enable us to fulfil our contractual obligations. For more information on the cookies we use, please see Privacy Settings.

    With regard to the storage period, the following types of cookies are classified:

    • temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g. browser or mobile application).
    • permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when a website is visited again. Likewise, the user data collected with the help of cookies can be used for range measurement. Unless we explicitly inform users about the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.

    Processing of cookie data on the basis of consent: We use a (cookie) consent management procedure under which the user consents to the use of cookies or to the processing operations mentioned in the cookie consent management procedure and providers can be obtained, managed and revoked by users. The declaration of consent is thereby stored so that the query does not have to be repeated and in order to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information on cookie management service providers, the following information applies: The duration of the storage of consent can be up to two years.

    General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and may also object to the processing in accordance with the legal requirements in Art. 21 GDPR (further information on the objection can be found in this data protection statement). Users can also declare their objection via the settings of their browser.

    As a cookie consent tool, we use the services of HubSpot: This tool is used to manage cookies and consents; it enables compliance with data protection regulations through respectful and transparent data exchange based on consents between end users and the websites they visit; service provider: HubSpot, Inc. 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA. Privacy Policy: https://legal.hubspot.com/privacy-policy;

    9. Provision of the online offer and web hosting

    We process data of our contractual and business partners, customers and interested parties (collectively referred to as "contractual partners") in the context of pre-contractual, contractual and comparable legal relationships and related measures as well as in the context of communication with contractual partners, e.g. for queries. We process this data to fulfil our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and the remedy of warranty and other service disruptions.

    In addition, we process the data to protect our rights and for the purposes of the administrative tasks and company organization associated with these duties. Furthermore, we process the data on the basis of our legitimate interests in proper and economic business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. to engage telecommunication, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfil legal obligations. Contractual partners are informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration. In addition, we inform our contractual partners before or during the collection of data, e.g. in online forms, through symbols, or in person, which data is required for the aforementioned purposes.

    We delete the data after expiry of the legal warranty and comparable obligations, i.e. generally after 3 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons. We delete data that a contractual partner has provided to us as part of an order in accordance with the specifications of the order, generally after the order has ended.

    As far as we use third party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third party providers or platforms apply in the relationship between the users and the providers.

    Business analysis and market research: For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we evaluate the data we have about business transactions, contracts, enquiries, etc., whereby the group of persons concerned can fall on contractual partners, interested parties, customers, visitors and users of our online offer. The evaluations are carried out for the purposes of business management evaluation, marketing and market research (e.g. to determine customer groups with different characteristics). Where available, we may consider the profiles of registered users together with their information, e.g. about services used. The evaluations serve us alone and are not passed on to outside parties, unless they are anonymous evaluations with summarised, i.e. anonymous values. Furthermore, we take the privacy of the users into consideration and process the data for analysis purposes as pseudonymously as possible and, if possible, anonymously (e.g. as summarised data).

    Provision of the online offer and web hosting: In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services. If you use our website for purely informational purposes, do not register or otherwise transmit information to us (e.g. by e-mail), we only collect data that your browser transmits to our server (so-called "server log files").

    The data processed in the course of providing the hosting service may include all information about the users of our online service that accrues in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of the online offers to the browsers, and all entries made within our online offer or on websites.

    • Types of data processed: Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of processing: Provision of our online offer and user-friendliness.
    • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) and consent of the user (Art. 6 para. 1 p. 1 lit. a GDPR).

    Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). This includes the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server, and on the other hand to relieve the servers and ensure their stability.

    Deletion of data: Log file information is stored for a maximum of 90 days and then deleted or anonymised. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been conclusively clarified.

    Further information on service providers used:

    • Cloudflare: We use the service of Cloudflare Inc., 101 Townsend St., San Francisco, CA 95107 USA as a CDN (Content Delivery Network) on our website to make our website faster and more secure. Cloudflare uses cookies and user data for this purpose. A CDN is a network of connected servers to bring websites to the user's screen faster. This means that the content of our website is not only delivered to the user by our hosting server, but also by servers of our service provider.
    10. Contact and request management

    When contacting us (e.g. by contact form, e-mail, telephone or via social media) as well as in the context of existing usage and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact requests and, if applicable, requested measures.
    The response to the contact requests as well as the administration of the contact and request data in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre-)contractual requests and otherwise on the basis of the legitimate interests in responding to the requests and maintaining the user or business relationships.

    • Types of data processed: Inventory data (e.g. names, addresses); contact information (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
    • Data subjects: Communication partners.
    • Purposes of processing: contact requests and communication as well as contract initiation, if applicable.
    • Legal basis: Contract fulfilment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).
    11. Application for a job

    If you apply for an advertised position, we will process the following categories of personal data that you provide to us as part of the application process and that we collect and store:

    • Types of data processed: Core data (surname, first name, date of birth), contact data (address, telephone number, email address), qualification data (CV, certificates, proof of further training), possibly also bank data (for reimbursement of travel expenses), other data resulting from the application process (e.g. previous employment, religious affiliation, salary expectations, hobbies, living situation, disability status, data that you yourself have provided as part of the application process or have entered or stored in our systems and media);
    • Data subjects: Applicants
    • Purpose of the processing: The collection and processing of the data serves the possible establishment of an employment relationship.
    • Legal basis: Implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR; Section 26 BDSG in Germany).

    Your personal data is collected directly from you as part of the application process. In addition, we may also have received data from third parties (e.g. employment agencies).

    Disclosure of personal data: Within our company, only those persons and departments receive your personal data that are directly involved in the application process (management, HR department, specialist department). We may use service providers bound by instructions who support us, for example, in the areas of IT, personnel recruitment or archiving and destruction of documents and with whom separate contracts have been concluded for order processing. Data is not passed on to third parties not listed in this information.

    Duration of data storage: We store your personal data until the storage is no longer necessary or the legitimate interest in the storage has ceased to exist. If you are not hired, this is usually the case no later than seven months after the application process has been completed. In individual cases, however, individual data may be stored for longer (e.g. for travel expense accounting). The duration of storage then depends on the statutory retention obligations.

    12. Web analysis, monitoring and optimisation

    Web analysis (also called "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or content are most frequently used or invite you to use it again. We can also understand in which areas there is a need for optimisation. In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offer or its components.

    Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes and information may be stored in and read from a browser or terminal device. The collected information include, in particular, the visited websites and the elements used there, as well as technical information such as the browser used, the computer system used and information about the times of use. If users have given us or the providers of the services we use their consent to the collection of their location data, location data may also be processed. The IP addresses of the users are also collected.

    Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, the processing of user data is based on our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we also refer to the information on the use of cookies (see above, point 8).

    • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); click tracking; feedback (e.g. collection of feedback via online forms); heat maps (mouse movements of users combined to form an overall picture); surveys and questionnaires (e.g. surveys with input options, multiple choice questions); marketing. Legal basis: consent (Art. 6 para. 1 p. 1 lit. a GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

    Further information on processing, procedures and services:

    • HubSpot: Web analytics, reach measurement and measurement of user flows; HubSpot is a software used for the purpose of web analytics and reach measurement. Within the scope of using HubSpot, cookies are generated and stored on the user's end device. The user data collected in the course of using HubSpot is only processed by us and is not passed on to third parties. The cookies are stored for a maximum period of 180 days. The legal basis for the processing is the consent of the user (Art. 6 para. 1 p. 1 lit. a GDPR). Further details can be found at: https://legal.hubspot.com/privacy-policy
    13. Presence in social networks (social media)

    We maintain online presences in social networks and process user data in this context in order to communicate with users active there or to offer information about us. We have integrated components of these social networks on this website, i.e. Facebook, Instagram, LinkedIn and Twitter.

    We would like to point out that user data may also be processed outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce user rights.

    Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and the resulting interests of the users. The usage profiles can be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. In addition, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in there).

    For a detailed description of the respective forms of processing and the possibility of objection (opt-out), we refer to the data protection declarations and information of the operators of the respective networks.

    Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

    • Types of data processed: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of processing: contact requests and communication; feedback (e.g. collecting feedback via an online form); marketing;
    • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR)

    Further information on the services used:

    • LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy;
    • Xing: social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDRP); Website: https://www.xing.de; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
    • Facebook: social network; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; website: https://facebook.com; Privacy policy: https://www.facebook.com/about/privacy; further information: Shared Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "Fanpage"). The joint responsibility is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the sister company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
    • YouTube: social network and video platform; YouTube is an online video portal that allows video editors to upload video clips for free and other users to watch, rate and comment on them, also for free. YouTube allows the publication of any kind of video, which is why complete film and TV shows as well as music videos, trailers and user-created videos can be accessed via the online portal; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy policy: https://policies.google.com/privacy; Opt-out: https://adssettings.google.com/authenticated.
    14. Plugins and embedded functions and content

    We integrate functional and content elements into our online offer that are obtained from the servers of the respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

    The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they could not send the content to the user's browser. The IP address is therefore required for the presentation of these contents or functions. We try to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. The "pixel tags" may be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contains, among other things, technical information about the browser and operating system, web pages to be called up, the time of the visit and other information about the use of our online offer and can also be linked to such information from other sources.

    • Types of data being processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact information (e.g. email, phone numbers); content data (e.g. entries in online forms); event data (Facebook) ("event data" is data that may be transmitted by us to Facebook, e.g. via Facebook Pixel (via apps or otherwise), and that relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, interactions with Facebook, etc.). e.g. via Facebook Pixel (via apps or otherwise), and which relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, features, installation of apps, purchases of products, etc. Event data is processed to build audiences for content and advertising information (Custom Audiences); event data does not include actual content (such as written comments), login information or contact information (i.e. names, email addresses and phone numbers). Event data is deleted by Facebook after a maximum of two years on a target group basis with the deletion of our Facebook account.
    • Data subjects: Users (e.g. website visitors, users of online services).
    • Purposes of processing: provision of our online offer and user-friendliness; provision of contractual services and customer service; marketing; profiling with user-related information (creation of user profiles); feedback (e.g. collection of feedback via online form).
    • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. GDPR); Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

    Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, the processing of user data is based on our legitimate interests (i.e. interest in efficient, environmentally and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

    Further information on the services used:

    • OpenStreetMap: We integrate the maps of the "OpenStreetMap" service on our site, which are offered on the basis of the Open Data Commons Open Database Licence (ODbL) by the OpenStreetMap Foundation (OSMF). Your data as a user will be used by OpenStreetMap exclusively for the purpose of displaying the map functions and for temporarily storing the selected settings. This data may include, in particular, IP addresses and location data of the users, which are, however, not collected without their consent (usually executed in the context of the settings of their mobile devices); service provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR); Website: https://www.openstreetmap.de; Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
    15. Data subject rights

    As a data subject, you are entitled to various so-called data subject rights, which result in particular from Art. 15 to 21 GDPR:

    • Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
    • Right to withdraw consent: You have the right to withdraw your consent at any time.
    • Right for information: You have the right to request confirmation as to whether the data in question are being processed and to request information on these data as well as further information and a copy of the data in accordance with the legal provisions.
    • Right to rectification: In accordance with the legal provisions, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
    • Right to erasure and restriction of processing: You have the right to request that data concerning you be erased immediately in accordance with the legal provisions or, alternatively, to request restriction of the processing of the data in accordance with the legal provisions.
    • Right to data portability: you have the right to receive the data you have provided to us in a structured, common and machine-readable format in accordance with the legal provisions, or to request its transfer to another controller.
    • Complaint to the supervisory authority: In accordance with the legal provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular with a supervisory authority in the Member State where you have your habitual residence, with the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

      The supervisory authority responsible for us is:
      The Hessian Commissioner for Data Protection and Freedom of Information

      Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
      Postfach 3165
      65021 Wiesbaden
      Phone: +49 (0) 611 1408-0
    16. Modification and updating of the privacy policy

    We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your involvement (e.g. consent) or other individual notification.

    Where we provide addresses and contact details of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the details before contacting us.