What data do we process about you? And for what purposes?

When we receive data from you, we will only process it for the purposes for which we received or collected it. Data processing for other purposes will only be considered if the necessary legal requirements pursuant to Art. 6 (4) GDPR are met. We will, of course, comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR in this case.

What is the legal basis for this? The legal basis for the processing of personal data is generally Article 6 GDPR, unless there are specific legal provisions. The following options are particularly relevant here: Data processing based on your consent (Article 6(1)(a) GDPR) Data processing for the performance of contracts (Article 6(1)(b) GDPR) Data processing based on a balancing of interests (Art. 6 (1) (f) GDPR) Data processing for the fulfillment of a legal obligation (Art. 6 (1) (c) GDPR) If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future. If we process data on the basis of a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR. How long is the data stored? We process the data for as long as is necessary for the respective purpose. If there are legal retention obligations—e.g., under commercial or tax law—the relevant personal data will be stored for the duration of the retention obligation. Once the retention obligation has expired, we will check whether there is any further need for processing. If there is no longer any need, the data will be deleted. As a rule, we review data towards the end of each calendar year to determine whether further processing is necessary. Due to the volume of data, this review is carried out with regard to specific types of data or purposes of processing. Of course, you can request information about the data we have stored about you at any time (see below) and, if there is no longer a need for processing, request that the data be deleted or that processing be restricted. Cooperation with processors and third parties If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract in accordance with Art. 6 I lit. b GDPR) you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR. Transfers to third countries If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if it is necessary for the fulfillment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”). Privacy policy for Microsoft Teams In addition to conventional means of telecommunication such as telephone and email, we also use Microsoft Teams to communicate with our customers and business partners outside our business premises. The application enables written communication within chats as well as voice and video calls, which can be used to conduct online meetings or video conferences. There is also a function that allows the screen or individual application windows to be shared with the participants of a video conference. The application can be used with guest access and a Microsoft account, among other things. The access data is sent by email. If you visit the Microsoft Teams website, this provider is responsible for data processing on its website. It may be necessary to visit the Microsoft Teams website to download the software for using Microsoft Teams. Microsoft Teams can also be used via the browser without downloading the software. The service is then provided via the Microsoft Teams website. Various types of data are processed when using Microsoft Teams. The scope of the data also depends on the information you provide before or during participation in an online meeting. The following personal data is subject to processing: User information: e.g., display name, email address (if applicable), profile picture (optional), preferred language Meeting metadata: e.g., date, time, meeting ID, phone numbers, location Text, audio, and video data: You may have the option to use the chat function in an online meeting. In this case, the text you enter will be processed in order to display it in the online meeting. To enable video display and audio playback, data from your device's microphone and any video camera on your device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the Microsoft Teams applications. When using Microsoft Teams to conduct online meetings, no recordings are made, which means that no image or audio material is stored or processed for any purpose other than that described. When using Microsoft Teams, chat content is logged and stored until the following purposes have been fulfilled. Automated decision-making within the meaning of Art. 22 GDPR is not used. If communication via Microsoft Teams takes place for the purpose of fulfilling contracts or carrying out pre-contractual measures with customers and business partners, the legal basis for the processing of personal data required for this communication is Art. 6 (1) lit. b) GDPR. If communication via Microsoft Teams takes place without contractual relationships with the participants, Art. 6 (1) lit. f) GDPR serves as the legal basis for this. The legitimate interest here is the effective implementation of online meetings and video conferences. By using Microsoft Teams, you accept Microsoft's terms of use and privacy policy. Personal data will not be passed on to third parties unless it is intended for disclosure. The provider of Microsoft Teams obtains knowledge of the above-mentioned data for the purpose of providing the service, insofar as this is provided for in our data processing agreement with Microsoft Teams. We do not intend to process data outside the European Union, as data centers within the European Union are specified as the storage location. However, it cannot be ruled out that data may be routed via Internet servers outside the European Union. This may be the case in particular if the participants in an online meeting are located in a third country. However, the data is encrypted during transport via the Internet and is therefore protected against unauthorized access by third parties. Your rights as a “data subject” You have the right to obtain information about the personal data we process about you. If you submit a request for information that is not in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. You also have the right to have your data corrected or deleted, or to restrict its processing, insofar as you are legally entitled to do so. You also have the right to object to the processing of your data within the framework of the legal requirements. The same applies to your right to data portability. In particular, you have a right to object under Art. 21 (1) and (2) GDPR to the processing of your data in connection with direct marketing if this is based on a balancing of interests. You have the right to complain to a data protection supervisory authority about our processing of personal data. As of: July 2025