Privacy Policy

As of January 2, 2024

Table of Contents

Responsible parties

Susanne Fiebig,
Stadtbibliothek Bremen
, Am Wall 201,
28195 Bremen

Email address: datenschutz@stabi-hb.de
Imprint: https://stabi-hb.de/impressum/

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Contact details.
  • Content data.
  • Usage data.
  • Metadata, communication data and process data.

Categories of affected persons

  • Communication partner.
  • Users.

Purposes of processing

  • Contact requests and communication.
  • Security measures.
  • Direct marketing.
  • Range measurement.
  • Conversion measurement.
  • Managing and responding to inquiries.
  • Feedback.
  • Marketing.
  • Profiles containing user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the GDPR data protection regulations, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply.

Notice regarding the applicability of the GDPR and Swiss Federal Data Protection Act (FADP): This privacy notice serves to provide information in accordance with both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that, due to its broader geographical scope and clarity, the terms used here are those of the GDPR. In particular, instead of the terms "processing" of "personal data," "overriding interest," and "special categories of personal data" used in the FADP, the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR are employed. However, the legal meaning of these terms will continue to be determined according to the FADP when it applies.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

IP address truncation: If IP addresses are processed by us or by the service providers and technologies we use, and processing a full IP address is not necessary, the IP address is truncated (also known as "IP masking"). This involves removing the last two digits, or the last part of the IP address after a period, or replacing them with placeholders. The purpose of truncating the IP address is to prevent or significantly hinder the identification of a person based on their IP address.

TLS/SSL encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hypertext Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured with an SSL/TLS certificate.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw any consent you have given at any time.
  • Right to information: You have the right to request confirmation as to whether data concerning you is being processed, and to access this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of your personal data or the correction of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without undue delay, or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller, in accordance with the legal requirements.
  • Right to lodge a complaint with a supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you usually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.

Provision of the online service and web hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Provision of online services on our own/dedicated server hardware: For the provision of our online services, we use server hardware operated by us, as well as the associated storage space, computing capacity and software; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called "server log files." Server log files may contain the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, so-called DDoS attacks), and to ensure server capacity and stability. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
  • Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website : https://www.hetzner.com ; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz ; Data processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

Contact and inquiry management

When you contact us (e.g. by mail, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the requesting persons is processed to the extent necessary to answer the contact requests and any requested measures.

  • Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact requests and communication; managing and responding to inquiries; feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

  • Contact form: When users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to handle the communicated request; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to take note of the following information regarding the functionality of the messengers, encryption, the use of communication metadata and your options to object.

You can also contact us via alternative methods, such as by phone or email. Please use the contact options provided to you or those listed within our online services.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of message content.

However, we would also like to point out to our communication partners that while the messenger providers cannot see the content, they can find out that and when communication partners communicate with us, and that technical information about the communication partners' devices and, depending on their device settings, location information (so-called metadata) are processed.

Legal basis for communication: If we request permission from our communication partners before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and they contact us on their own initiative, for example, we use messengers in our dealings with our contractual partners and during contract negotiations as a contractual measure. In the case of other interested parties and communication partners, we use messengers based on our legitimate interests in fast and efficient communication and in meeting the needs of our communication partners for communication via messenger. Furthermore, we would like to point out that we will not transmit the contact details you provide to the messenger service for the first time without your consent.

Revocation, objection, and deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion policy (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any inquiries from the communication partners, provided that no reference to a previous conversation is to be expected and that no legal retention obligations prevent deletion.

Reservation of the right to refer you to other communication channels: Finally, we would like to point out that, for your security, we reserve the right not to respond to inquiries via messenger. This is the case, for example, if contractual details require special confidentiality or if a response via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

  • Types of data processed: Contact data (e.g., email, telephone numbers); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact requests and communication; direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/ ; Privacy policy: https://www.whatsapp.com/legal . Basis for third-country transfer: EU-US Data Privacy Framework (DPF) .

Audio content

We use hosting and analytics services from service providers to offer our audio content for listening or downloading and to obtain statistical information on the access of the audio content.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors); conversion measurement (measuring the effectiveness of marketing measures); profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Podigee: Hosting, distribution, and analysis of podcasts; provision of web players for podcasts; creation of podcast feeds; statistics on usage and reach; Service provider: Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.podigee.com/de . Privacy policy: https://www.podigee.com/de/about/privacy/ .

Newsletters and electronic notifications

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletters") with the recipient's consent or where legally permitted. If the content of the newsletter is specifically described during the registration process, this description is decisive for the user's consent. Otherwise, our newsletters contain information about our services and our company.

To subscribe to our newsletters, you generally only need to provide your email address. However, we may ask you to provide a name for personalized addressing in the newsletter, or other information if required for the purposes of the newsletter.

Double opt-in procedure: Subscription to our newsletter is always carried out using a double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements. This includes recording the registration and confirmation times as well as the IP address. Changes to your data stored with the email service provider are also logged.

Erasure and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The registration process is logged based on our legitimate interests for the purpose of documenting its proper execution. If we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure email delivery system.

Contents:

Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g., names, addresses); contact data (e.g., email addresses, telephone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); usage data (e.g., websites visited, interest in content, access times).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post); reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to receiving further newsletters. You will find a link to unsubscribe at the end of each newsletter, or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

  • Measurement of open and click rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from their server, when the newsletter is opened. During this retrieval, technical information such as browser and system details, as well as your IP address and the time of retrieval, are collected. This information is used to technically improve our newsletter based on the technical data or to analyze target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to understand the reading habits of our users and to adapt our content to them or to send different content according to their interests.

    The measurement of open rates and click rates, as well as the storage of the measurement results in the profiles of the users and their further processing, are based on the consent of the users.

    A separate revocation of performance tracking is unfortunately not possible; in this case, the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Brevo: Email delivery and automation services; Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.brevo.com/ ; Privacy policy: https://www.brevo.com/legal/privacypolicy/ . Data processing agreement: Provided by the service provider.

Web analytics, monitoring and optimization

Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online services and can include pseudonymous data on visitor behavior, interests, or demographic information such as age or gender. Reach analysis allows us, for example, to identify when our online services, their features, or content are most frequently used or encourage repeat visits. It also helps us understand which areas require optimization.

In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles—that is, data aggregated from a usage session—may be created for these purposes, and information may be stored in and retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used therein, as well as technical information such as the browser and operating system used, and usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.

Users' IP addresses are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored for web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Audience measurement (e.g., access statistics, recognition of returning visitors). Profiles with user-related information (creation of user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

  • Matomo: Matomo is software used for web analytics and audience measurement. When using Matomo, cookies are generated and stored on the user's device. The user data collected through Matomo is processed only by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/ ; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Data deletion: The cookies have a maximum storage period of 13 months.

Presences in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about ourselves.

Please note that user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage patterns and the resulting user interests. These user profiles can then be used to display advertisements, both within and outside the networks, that are likely to correspond to the users' interests. For these purposes, cookies are typically stored on users' computers, recording their usage patterns and interests. Additionally, user profiles can also store data independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and the options for objecting (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Regarding requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively addressed directly with the service providers. Only the providers have access to user data and can take appropriate action and provide information directly. However, should you require assistance, you can contact us.

  • Types of data processed: Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g., collecting feedback via online form). Marketing.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com . Privacy policy: https://instagram.com/about/legal/privacy .
  • Facebook Pages: Profiles within the social network Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com ; Privacy policy: https://www.facebook.com/about/privacy ; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses ( https://www.facebook.com/legal/EU_data_transfer_addendum ); Further information: We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy ), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language preferences, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy ). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights," to Page owners so they can gain insights into how people interact with their Pages and the content associated with them. We have entered into a specific agreement with Facebook (“Information about Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum ) which, in particular, regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, submit requests for information or deletion directly to Facebook). The rights of users (in particular, the rights to information, deletion, objection, and lodging a complaint with the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” ( https://www.facebook.com/legal/terms/information_about_page_insights_data ). Joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which specifically concerns the transfer of data to its parent company, Meta Platforms, Inc., in the USA.
  • Vimeo: Social network and video platform; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, NY 10011, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vimeo.com . Privacy policy: https://vimeo.com/privacy .
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF) . Opt-out option: https://myadcenter.google.com/personalizationoff .

Plugins and embedded functions as well as content

We integrate functional and content elements into our online services that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").

The integration of third-party content always requires that these providers process users' IP addresses, as they cannot send the content to users' browsers without them. The IP address is therefore necessary for displaying this content or these functions. We strive to use only content from providers who use IP addresses solely for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on users' devices and may include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.

  • Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email addresses, telephone numbers); Content data (e.g., entries in online forms).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness. Profiles with user-related information (creation of user profiles).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services: