Privacy Policy

1. Controller

The controller for the processing of personal data on the website within the meaning of the General Data Protection Regulation (GDPR) is: 

Datasphere Analytics GmbH
Lippstädter Straße 42
48155 Münster, Germany

For data protection inquiries or to exercise your data subject rights, please contact: hello@datasphere-analytics.com

2. Data Protection Officer 

The following person has been appointed as Data Protection Officer: 

Kertos GmbH
Brienner Straße 41
80333 Munich, Germany
Email: dsb@kertos.io

3. Data Processing on Our Website

3.1 Provision of the Website

Purpose of processing:  

We process your data in order to:

• ensure the reliable operation of the website

• provide user-friendly access to our website

• and maintain IT security

Recipients:  

• Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA;  

• Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA;  

• Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA;

• UNPKG.com (content delivery);  

• Volentio JSD Limited (jsDelivr, content delivery).

Data processed:  

• IP address of the requesting device

• Method (e.g., GET, POST), date and time of the request

• Address of the accessed website and path of the requested file

• if applicable, previously accessed or requested website/file (HTTP referer)

• Information regarding the browser and operating system used

• Version of the HTTP protocol, HTTP status code, size of the delivered file

• Request information such as language, content type, content encoding, character encodings

Legal basis:

Article 6(1)(f) GDPR. The processing of the specified data is necessary to provide the website and to ensure secure and user-friendly operation.

Retention period:

‍The collected data will be deleted as soon as it is no longer required for the operation of the website, but no later than 30 days, unless a statutory retention obligation applies.  Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR). Webflow, Cloudflare and Amazon Web Services are certified under this framework. Additionally, Standard Contractual Clauses (SCCs) have been concluded.

Further information:

‍https://webflow.com/legal/privacy, https://www.cloudflare.com/privacypolicy/, https://aws.amazon.com/privacy/

3.2 Google Fonts

Purpose of processing:

Display of website content and fonts.

Recipients:

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data processed:  

1. Access data (e.g., IP address, error timestamp)  

2. Device information (e.g., device type, operating system)  

3. Browser data (e.g., browser type, version)  

4. Location data (e.g., country based on IP address)  

Lawful basis:

Legitimate interest pursuant to Article 6(1)(f) GDPR in ensuring a technically secure, consistent, and attractive presentation of content and fonts.  

Retention period:

The data are deleted as soon as the purpose of display has been achieved.  

International data transfer:

Data may be transferred to servers in the United States. Google is certified under the EU-U.S. Data Privacy Framework, so transfers may be based on Article 45 GDPR. In addition, Standard Contractual Clauses (SCCs) are in place with Google.  

Further information:

‍ https://policies.google.com/privacy.

4. Demo/Appointment Booking

Purpose of processing:  

Provision of an online scheduling tool to book product demos and meetings.

Recipients:  

Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518, USA. Stripe payment widgets may be loaded on Calendly-embedded booking pages (Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).

Data processed:

• Name

• Email address

• Company name (if provided)

• Meeting time and subject

• Free-text message describing your request

• Access data (e.g., IP address, time of access, browser type)

Legal basis:

Consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. Where the booking serves to initiate or perform a contract, processing is additionally based on Art. 6(1)(b) GDPR.

Retention period:

‍Data is only stored for as long as strictly necessary, but for no longer than 30 days. Further storage may occur in individual cases where legally required or necessary for the performance of a contract.

Third-country transfer:

Data may be transferred to servers of Calendly in the USA. Calendly is certified under the EU-U.S. Data Privacy Framework; such transfers are based on Art. 45 GDPR.

Further information:

https://calendly.com/legal/privacy-notice

5. Analytics and Tracking

Cookies are small text files stored by your browser on your device. Cookies do not execute programs or install malware. Comparable technologies include web storage (local/session storage), fingerprinting, tags, and pixels. Most browsers accept these technologies by default; however, you can adjust your settings to block their use or to require consent. Please note that blocking cookies or similar technologies may restrict certain functionalities of the website.

Purpose:

‍We use tracking and analytics tools to continually optimize our website and adapt it to your needs. For this purpose, information is collected using these technologies or device information is combined (device fingerprinting).  

Legal basis:

Technically necessary tools required for the operation of the website are used on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR, or for the performance of a contract or pre-contractual measures pursuant to Art. 6(1)(b) GDPR. The storage of or access to information on your device is strictly necessary in these cases and is based on Section 25(2) TDDDG. Optional tools are used exclusively with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Below, we outline the tracking and analytics tools used, their respective purposes, and the data processed.

Recipients:

‍Google Tag Manager, Google Analytics 4, Google Ads, Google Ads Remarketing, Google reCAPTCHA, Microsoft Advertising, Microsoft Clarity, LinkedIn Insight Tag, HubSpot Analytics, HubSpot Forms, Cookiebot (Usercentrics GmbH), Airbrake (error monitoring), Pirsch Analytics

a. Google Tag Manager

Purpose: Management and triggering of website tags via a unified interface.

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processed:

• Access data (e.g., time of page view, referrer URL)

• Device data (e.g., IP address, device type)

• Browser data (e.g., browser used, language settings)

• Event data (e.g., tag firing, interactions with embedded scripts)

• Location data (e.g., country, city — based on IP address)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 90 days.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs).

Further information: https://policies.google.com/privacy

b. Google Analytics

Purpose: Web analytics to measure and evaluate website usage.

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processed:

• Device data (e.g., IP address, device type, screen resolution)

• Browser data (e.g., browser used, language, installed plug-ins)

• Usage data (e.g., pages visited, time on page, click paths, scroll depth, entry and exit pages)

• Event data (e.g., clicks on buttons/links, submitted forms)

• Location data (e.g., country, city)

• Source and traffic data (e.g., referrer URL, access source such as search engine)

• Conversion and goal completion data (e.g., newsletter sign-ups, goals reached on the website)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 14 months.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR). Google is certified under this framework. Additionally, Standard Contractual Clauses (SCCs) have been concluded with Google.

Further information: https://policies.google.com/privacy

c. Google Ads

Purpose: Display of personalized advertising, placement and optimization of advertising campaigns, and reach measurement within the Google advertising network.

Recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processed:

• Online identifiers (e.g., cookie ID, advertising ID)

• IP address (shortened/anonymized)

• Browser information (e.g., language, version)

• Information on user behavior (e.g., clicked ads, pages visited)

• Usage data (e.g., time and duration of interaction)

• Device information (e.g., device type, operating system)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 90 days.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs).

Further information: https://policies.google.com/privacy

d. Google Ads Remarketing

Purpose: Delivery of personalized advertising based on visitor behavior within the Google advertising network.

Recipients: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processed:

• Access data (e.g., IP address, time of visit)

• Usage data (e.g., pages visited, duration of visit)

• Device data (e.g., device type, operating system)

• Browser data (e.g., browser used, language settings)

• Source and traffic data (e.g., referrer URL, access source)

• Event data (e.g., interactions with page content, clicks)

• Location data (e.g., country, city — based on IP address)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 90 days.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs).

Further information: https://policies.google.com/privacy

e. Google reCAPTCHA

Purpose: Detection and prevention of automated requests (bots) to secure the website and contact forms.

Recipients: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processed:

• Network data (e.g., IP address, referrer URL)

• Device information (e.g., operating system, language settings)

• User interactions (e.g., mouse movements, keystrokes)

• Session information (e.g., duration, location)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR (protection of the website against automated requests and ensuring the availability of the website).

Retention period: Data is deleted after transmission to Google.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

Further information: https://policies.google.com/privacy

f. Microsoft Advertising

Purpose: Delivery of targeted advertising and analysis of the effectiveness of advertising measures.

Recipients: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Data processed:

• Device information (e.g., IP address, browser type)

• User behavior (e.g., clicks, page views)

• Demographic data (e.g., age group, gender, if provided)

• Advertising interaction data (e.g., impressions, conversions)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Data is stored for up to 18 months.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs).

Further information: https://privacy.microsoft.com/en-us/privacystatement

g. Microsoft Clarity

Purpose: Analysis of user behavior using heatmaps and session recordings to improve user experience and error analysis.

Recipients: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Data processed:

• Access data (e.g., IP address, time of access)

• Usage data (e.g., time on page, clicks, scroll behavior)

• Source and traffic data (e.g., referrer URL, entry pages)

• Device data (e.g., device type, screen resolution, device model)

• Browser data (e.g., browser type used, browser version)

• Event data (e.g., interactions with elements, mouse movements)

• Location data (e.g., country, region — based on IP address)

• Cookie data for pseudonymized recognition (e.g., session ID)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Data (including cookies and session recordings) is generally stored for up to 13 months.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs).

Further information: https://privacy.microsoft.com/en-us/privacystatement

h. LinkedIn Insight Tag

Purpose: Analysis and optimization of our LinkedIn company page and improvement of our social media strategy. A joint controllership pursuant to Art. 26 GDPR exists between us and LinkedIn.

Recipients: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Data processed:

• Aggregated usage data (e.g., page views, engagement rate)

• Demographic information (e.g., industry, company size, job title)

• Interaction data (e.g., likes, comments, shares)

• Visitor statistics (e.g., visitor numbers, visit times)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 12 months.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional Standard Contractual Clauses (SCCs). LinkedIn assumes the primary responsibility for compliance with data protection obligations when providing the Insight Tag; you may assert your rights directly with LinkedIn.

Further information: https://www.linkedin.com/legal/privacy-policy

i. HubSpot Analytics

Purpose: Monitoring of the website as well as support and optimization of digital marketing activities.

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Data processed:

• Identification data (e.g., unique user token, user identifier in the cookie “hubspotutk”)

• Access data (e.g., date and time of visit, domain of the website)

• Session data (e.g., number of sessions, duration of individual visits)

• Device data (e.g., device type, operating system)

• Browser data (e.g., browser used, language settings)

• Usage data (e.g., pages visited, returning visits)

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Retention period: Cookies are stored for up to 13 months.

Third-country transfer: Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

Further information: https://legal.hubspot.com/privacy-policy

j. HubSpot Forms

Purpose: Provision of online forms and surveys for contact and lead management.

Recipients: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Data processed:

• Contact data (e.g., name, email address, phone number)

• Form content (e.g., messages, inquiries)

• Access data (e.g., IP address, time of submission)

• Device information (e.g., device type, operating system)

• Browser data (e.g., browser used, version)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR in providing forms for efficient communication; where applicable Art. 6(1)(b) GDPR for pre-contractual measures.

Retention period: Data is stored upon submission and deleted when the purpose is fulfilled.

Third-country transfer: Data may be transferred to the USA. HubSpot is certified under the EU-U.S. Data Privacy Framework; such transfers are based on Art. 45 GDPR. Additionally, Standard Contractual Clauses (SCCs) have been concluded.

Further information: https://legal.hubspot.com/privacy-policy

k. Cookiebot

Purpose: Management of consents for the use of cookies.

Recipients: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

Data processed:

• Device data (e.g., IP address, device type)

• Event data (e.g., preference settings, interaction with embedded scripts)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR. The legitimate interest lies in proving your consent.

Retention period: Up to 12 months.

Further information: https://www.cookiebot.com/en/privacy-policy/

l. Airbrake

Purpose: Error monitoring and analysis of technical malfunctions to ensure the stability and security of the website.

Recipients: Airbrake Technologies, Inc., 535 Mission Street, 14th Floor, San Francisco, CA 94105, USA.

Data processed:

• Access data (e.g., IP address, time of error occurrence)

• Event data (e.g., crash reports, error logs)

• Usage data (e.g., general usage statistics, page views at the time of the error)

• Device information (e.g., device type, operating system)

• Browser data (e.g., browser used, version)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR (ensuring the stability and security of the website).

Retention period: Data is deleted once the purpose has been fulfilled.

Third-country transfer: Data is transferred to the USA on the basis of Standard Contractual Clauses (Art. 46 GDPR).

Further information: https://airbrake.io/legal/privacy

m. Pirsch Analytics

Purpose: Privacy-friendly, cookie-less web analytics to measure reach and optimize the website.

Recipients: Pirsch Analytics UG (haftungsbeschränkt), Am Hain 4, 36275 Kirchheim, Germany.

Data processed:

• Access data (e.g., anonymized IP address, date and time of access)

• Usage data (e.g., pages visited, duration of visit)

• Device and browser information (e.g., device type, browser used)

• Source and traffic data (e.g., referrer URL)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR in the analysis and optimization of our website.

Retention period: Data is stored in aggregated and anonymized form.

Third-country transfer: No transfer to third countries. Data is processed on servers within the EU.

Further information: https://pirsch.io/privacy

A detailed list of the cookies and comparable technologies used is provided in the appendix to this privacy notice (see “Appendix: Cookie Overview”).

6. Contact via email or contact form

Purpose:

‍ To process and respond to your inquiry.  

Recipient:

HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Data processed:  

• Name

• Email address

• Content of your message

Legal basis:

‍Article 6(1)(f) GDPR (legitimate interest in communicating with you). If your inquiry is aimed at concluding or performing a contract, processing is carried out on the basis of Article 6(1)(b) GDPR.  

Retention period:

‍Your data will only be stored for as long as necessary to fully process your inquiry.  

Further information:

https://legal.hubspot.com/privacy-policy

7. Applications

Purpose:

Selection of candidates for the potential establishment of an employment relationship.

Recipients:

‍JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland

Data processed:

• Name

• Email address

• Telephone number

• Curriculum vitae (CV)

• Cover letter

• Other application documents provided by you

• IP address

• Browser type and version

• Operating system

• Date and time of access

Legal basis:

‍Article 6(1)(b) GDPR (performance of pre-contractual measures); Article 6(1)(f) GDPR, where we have a legitimate interest in the efficient conduct of the application process.

Retention period:

‍We store your personal data until the conclusion of the application process. In the event of a rejection, your data will be retained for up to six months following notification of the decision. In the case of legal disputes, retention may be extended until final resolution. If you are hired, your application documents will be stored in your personnel file for the duration of your employment relationship. You may withdraw your application or object to the processing at any time; in this case, your data will be deleted and your application will no longer be considered.

International data transfer:

Data may be transferred to Switzerland. An adequacy decision of the European Commission exists for Switzerland, so transfers are based on Article 45 GDPR. Where further transfers to other third countries occur, JOIN ensures an adequate level of data protection through appropriate safeguards in accordance with GDPR requirements.

Further information:

‍https://join.com/de/dpa

8. Internal Data Transfers

Personal data is primarily processed within the EU/EEA. Transfers to so-called "third countries" only occur in compliance with the requirements of the GDPR and where suitable safeguards are in place. Before data is transferred to a service provider in a third country, the level of data protection is assessed. A transfer only takes place if sufficient protection mechanisms exist. All service providers must enter into a data processing agreement. For providers outside the EEA, additional measures are required. Pursuant to Articles 44 et seq. GDPR, a transfer is only permitted if at least one of the following requirements is met:

• The European Commission has determined that an adequate level of data protection exists.

• Standard Contractual Clauses have been concluded with the recipient.

• Other appropriate safeguards pursuant to Article 46 GDPR are in place.

• In certain exceptional cases as set out in Article 49 GDPR.

9. CRM, Sales and Lead Management

Purpose:

Management and maintenance of relationships with customers, prospects and other contractual or business partners (B2B), including lead management, qualification and prioritisation of leads, documentation of communication and contract histories, planning and control of sales activities, as well as enrichment of contact and company data from public sources and specialised B2B data providers.

Recipients:

HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Data processed:

• First and last name

• Business contact details (e.g. email address, telephone number, business address)

• Company-related data (e.g. company name, industry, company size, role/position, department)

• Data relating to contractual processes and enquiries (e.g. quotation number, interests in services, history of enquiries and processes)

• Communication and interaction data (e.g. meetings, call notes, participation in events/webinars, reaction to emails, access to content)

• Enriched information from publicly accessible sources and/or B2B data providers (e.g. additional company information, professional profile details, topics/areas of focus, assignment to segments or “scores” for the prioritisation of leads)

Legal basis:

• Performance of a contract and implementation of pre-contractual measures pursuant to Art. 6 (1) (b) GDPR, insofar as we are in a (pre-)contractual relationship with you/your employer.

• In addition, legitimate interests pursuant to Art. 6 (1) (f) GDPR in the efficient organisation of sales and business relationships, targeted B2B communication and the optimisation of our products and services. Where we process personal data for the purposes of direct marketing and related profiling activities (e.g. lead scoring to prioritise contacts), you may object to such processing at any time with effect for the future.

Storage period:

For the duration of the business relationship and thereafter as long as there is a legitimate interest in further storage (e.g. follow-up of enquiries, maintenance of business relationships); subsequent deletion or anonymisation, provided that no statutory retention obligations apply. Contact details of prospects/leads with whom there has been no interaction for a longer period of time are regularly deleted or further processed only in anonymised form for statistical purposes.

Third-country transfer:

Data may be transferred to the USA on the basis of the EU-U.S. Data Privacy Framework (Art. 45 GDPR). HubSpot is certified under this framework. Additionally, Standard Contractual Clauses (SCCs) have been concluded.

Further information:

https://legal.hubspot.com/privacy-policy

‍

10. Recipients

Personal data collected by us will only be disclosed if:

• you have given us your explicit consent pursuant to Article 6(1)(a) GDPR;

• the disclosure is necessary to safeguard our legitimate interests or for the establishment, exercise, or defence of legal claims, and there is no reason to assume that your interests or fundamental rights and freedoms which require the protection of personal data override those interests (Article 6(1)(f) GDPR);

• we are legally obliged to disclose the data (Article 6(1)(c) GDPR); or

• such disclosure is lawful and necessary for the performance of a contract with you or for the implementation of pre-contractual measures at your request (Article 6(1)(b) GDPR).

Possible recipients include: 

• Processors: Group companies or external service providers (e.g., for technical infrastructure and processing, maintenance, payment processing) that are carefully selected and monitored. Processors may only process data in accordance with our instructions.

• Public authorities: Government agencies and public institutions (e.g., tax authorities, public prosecutors, courts) to whom we are required to transfer personal data, for example to comply with legal obligations or to protect legitimate interests.

‍

11. Data Security and Safeguards 

We implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. These measures are designed to protect against unauthorized access, manipulation, loss, or misuse. Our security measures are regularly reviewed and adapted to reflect technological advancements and current industry standards.

Please note that despite extensive protective measures, data transmission over the internet may involve security vulnerabilities. In particular, unencrypted communication (e.g., standard email) carries the risk that data may be accessed by third parties. We have no influence over the actions of external parties. We therefore recommend that you use encryption or other protective measures when transmitting sensitive information electronically to minimize potential risks.

12. Retention and Erasure/Blocking of Data 

Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage will only take place if required by European Union or national legal provisions to which the controller is subject. Data will also be deleted or blocked once a statutory retention period expires, unless continued storage is necessary for the performance of a contractual relationship. 

13. Data Subject Rights

You have the following rights with regard to your personal data:  

1. Right of access (Article 15 GDPR, Section 34 BDSG): You may request information as to whether and which personal data we process, for what purpose, to whom or to which categories of recipients the data is disclosed, and how long it is stored.

2. Right to rectification (Article 16 GDPR): You may request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

3. Right to erasure (Article 17 GDPR): You may request the erasure of your personal data, in particular if it is no longer necessary, you withdraw your consent, or the data has been unlawfully processed.

4. Right to restriction of processing (Article 18 GDPR): You may request the restriction of the processing of your data, for example if the accuracy of the data is contested.

5. Right to data portability (Article 20 GDPR): You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of this data to another controller, where technically feasible.

6. Right to withdraw consent (Article 7(3) GDPR): You may withdraw any consent given at any time with effect for the future. The lawfulness of processing up to the point of withdrawal remains unaffected.

Right to object (Article 21 GDPR): You may object at any time to the processing of your personal data for reasons relating to your particular situation, especially in the context of direct marketing or any related profiling.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR):  You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection regulations. 

‍

Appendix: Cookie Overview

Change Date: 27.04.2026