Privacy Policy

Privacy policy (long version)

Table of contents
•    Introduction
•    Scope of application
•    Definitions
•    Legal basis
•    Contact details of the responsible person
•    Contact details of the data protection officer
•    Storage period
•    Rights under the General Data Protection Regulation
•    Data transfer to third countries
•    Data processing security
•    Communication
•    Cookies
•    Cookie Consent Banner
•    Web hosting
•    YouTube
•    Google Fonts Local
•    Google Maps
•    reCatcha



Introduction
We have written this data protection notice in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws (BDSG-neu), which personal data (data for short) we process as the responsible party, will process in the future and what lawful options you have.
The terms used are to be understood as gender-neutral.

Data protection notices are usually very technical and full of legal jargon. We, on the other hand, inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis.



Scope of application
This data protection notice applies to all personal data processed by us in the company. By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this data protection notice includes:
•    all online presences that we operate
•    E-mail communication


Definitions
The data protection information of SACO Air GmbH is based on the terms used by the European Directive and Ordinance Maker when issuing the Basic Data Protection Regulation (DSGVO). In order to ensure consistent use of language, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy notice:
•    (a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
•    (b) person concerned
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
•    c) Processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, archiving or destruction.
•    (d) restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
•    e) Profiling
Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
•    f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
•    (g) controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
•    (h) Processors
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
•    i) Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
•    j) Third
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
•    k) Consent
Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.


Legal basis
In the following data protection notices, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the data protection basic regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU data protection basic regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
1.    Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2.    Contract (Article 6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
3.    Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4.    Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
Further conditions such as the performance of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply - in Germany, the Federal Data Protection Act, or BDSG-neu for short, applies.
If other regional or national laws apply, we will inform you about them in the following sections.


Contact details of the responsible person
If you have any questions regarding data protection, you will find the contact details of the responsible person or office below:
SACO Air GmbH
represented by: Andreas Papathanasiou, Harald Pahl
North port arch 2a
22848 Norderstedt
Phone +49 40 500 196 0
Fax +49 40 500 196 383
E-mail info@ham.sacogroupair.com
Imprint: https://www.sacogroupair.com/de/impressum


Contact details of the data protection officer
Below you will find the contact details of the data protection officer:
Frank Kowalski (FK-Datenschutz UG)
Tangstedter Weg 38E
22851 Norderstedt
Phone +49 40 943 63 764
E-mail kowalski@fk-datenschutz.de


Storage period
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.


Rights under the General Data Protection Regulation
According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:
•    According to Article 15 of the GDPR, you have the right to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and the following information:
o    the purpose for which we carry out the processing;
o    the categories, i.e. the types of data that are processed;
o    who receives this data and if the data is transferred to third countries, how security can be guaranteed;
o    how long the data will be stored;
o    the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
o    that you can complain to a supervisory authority (link to this authority can be found below);
o    the origin of the data if we have not collected it from you;
o    whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
•    You have a right to rectify data under Article 16 of the GDPR, which means that we must correct data if you find errors.
•    According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the deletion of your data.
•    According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
•    According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
•    According to Article 21 of the GDPR, you have a right to object, which, once enforced, entails a change in processing.
o    If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
o    If data is used to carry out direct marketing, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.
o    If data is used to carry out profiling, you can object to this type of data processing at any time. We are then no longer allowed to use your data for profiling.
•    You may have the right under Article 22 of the GDPR not to be subject to a decision based solely on automated processing (for example profiling).

The following data protection authority is responsible for our company:
Schleswig-Holstein Data Protection Authority
State Commissioner for Data Protection: Marit Hansen
Address: Holstenstraße 98, 24103 Kiel
Telephone number: 04 31/988-12 00
E-mail address: mail@datenschutzzentrum.de
Website: https://www.datenschutzzentrum.de/


Data transfer to third countries
We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason for us to have data processed in third countries. Processing personal data in third countries such as the US, where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as GoogleMaps or Youtube) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will provide you with more detailed information about data transfers to third countries, where applicable, at the appropriate points in this privacy notice.


Data processing security
To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.
TLS encryption with https
TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data tap-proof on the internet. This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".
In this way, we have introduced an additional layer of security and fulfil data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol  at the top left of the browser, to the left of the internet address (e.g. beispielseite.de) and the use of the scheme https (instead of http) as part of our internet address.


Communication
When you contact us and communicate by phone, email or online form, personal data may be processed.
The data is processed for the handling and processing of your question and the related business transaction. The data will be stored for this duration or as long as required by law.
Persons concerned
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
Phone
When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been completed and legal requirements permit.
E-mail
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server. The data is deleted as soon as the business case has been completed and legal requirements permit.
Registration form
You have the option of registering for our customer portal on our homepage. For this purpose, we require your personal data in order to be able to reasonably create you as a customer. The data will not be passed on to third parties and will be stored for as long as we are contractually or legally obliged to do so. If no business transaction is concluded, your data will be deleted at regular intervals.
Newsletter subscription
In the course of registering for our customer portal, you also have the option of registering to receive our newsletter. By registering, you consent to the processing of the data required for this purpose. The data will not be passed on to third parties and will remain stored for as long as we are contractually or legally obliged to do so. Should no business transaction come about, your data will be deleted at regular intervals. You can unsubscribe from the newsletter at any time. For this purpose, you will find an "unsubscribe" link at the end of each newsletter for easy technical implementation.

Legal basis
The processing of data is based on the following legal bases:
•    Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to use it for purposes related to the business case;
•    Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
•    Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to operate customer enquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programmes, exchange servers and mobile phone operators are necessary in order to be able to operate the communication efficiently.


Cookies
What are cookies?
Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy notice.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.
What are the different types of cookies?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy notice. At this point, we would like to briefly discuss the different types of HTTP cookies.
One can distinguish between 4 types of cookies:
Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.
Purposeful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers.
Targeting cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are saved.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customised advertising to the user. This can be very practical, but also very annoying.

Purpose of processing via cookies
The purpose ultimately depends on the cookie in question. You can find more details about this from the manufacturer of the software that sets the cookie.
What data is processed?
We only use essential cookies to ensure a smooth page load.
Storage period of cookies
The storage period depends on the cookie. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
Our cookies are deleted after 4 weeks or after the end of the session.
You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also "Right of objection" below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.
Right of objection - how can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, activate and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer.
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term "Delete Cookies Chrome" or "Deactivate Cookies Chrome" in the case of a Chrome browser.
Legal basis
The so-called "Cookie Guidelines" have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 para. 1 lit. a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Germany, the Cookie Directives have not been implemented as national law. Instead, this directive was largely implemented in § 15 para.3 of the German Telemedia Act (TMG).
On 1 December 2021, the Telecommunications and Telemedia Data Protection Act (TTDSG) came into force. This law comes alongside the scope of the GDPR and aims to prevent unwanted access to information stored on computers, tablets or mobile phones.
In future, consent must always be obtained when using technologies such as cookies, web storage, browser fingerprinting, etc. - regardless of whether personal data is processed in the process.
The further explanations on the principles of the need for consent are described in Section 25 (1) and (2) TTDSG.
For absolutely necessary cookies, even where there is no consent. there are legitimate interests (Article 6(1)(f) DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.
If cookies are used that are not absolutely necessary, this is only done with your consent. The legal basis in this respect is Art. 6 Para. 1 lit. a DSGVO in conjunction with §25 TTDSG.


Cookie Consent Banner
What is Cookie Consent?
We use functions of the provider Cookie Consent on our website.
Cookie Consent is a software product of the company TermsFeed. The software automatically creates a DSGVO-compliant cookie notice for our website visitors.
Why do we use Cookie Consent on our website?
We take data protection very seriously. We want to show you exactly what is happening on our website and which of your data is being stored. With the Cookie consent programming code, we inform you when you first visit our homepage that we use indispensable (technically necessary) cookies.
What data is stored by Cookie Consent?
No cookies are stored in Cookie consent itself. This programming code is merely an indication that necessary cookies are being set.
The technically necessary cookies are, on the one hand, a cookie that contains the selected language and, on the other hand, a session ID cookie. The following data is stored here:
•    IP address (in anonymised form, the last 3 digits are set to 0)
•    Date and time of the visit
•    our website URL
•    technical browser data
•    encrypted, anonymous key
How long and where is the data stored?
All data collected is transmitted, stored and forwarded exclusively within the European Union. The data is stored on a web server operated by us in the aws Amazon data centre. The storage period is 4 weeks
Legal basis
We do not require your consent for the use of the indispensable cookies. The legal basis is the legitimate interest (Article 6 para. 1 lit. f DSGVO) to ensure a proper course of your visit to our homepage.


Web hosting
What is web hosting?
When you visit websites nowadays, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain we mean, for example, www. beispiel.de or www. musterbeispiel.com.
When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.
Why do we process personal data?
The purposes of the data processing are:
1.    Professional hosting of the website and safeguarding of the operation
2.    to maintain operational and IT security
3.    Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or the pursuit of claims.
What data is processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
•    the complete Internet address (URL) of the website accessed (e.g. https://www.beispielwebsite.de/beispielunterseite.html?tid=311881264)
•    Browser and browser version (e.g. Chrome 100)
•    the operating system used (e.g. Windows 10)
•    the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
•    The host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121).
•    Date and time
•    in files, the so-called web server log files
How long is data stored?
As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but are obliged to hand over your data to the authorities on request in the event of unlawful conduct.
Legal basis
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
There is a contract on commissioned processing between us and the hosting provider in accordance with Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.


YouTube privacy policy
What is YouTube?
We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you call up a page on our website that has a YouTube video embedded, your browser connects to the YouTube or Google servers when you watch the video. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.
In the following, we would like to explain in more detail what data is processed, why we have included YouTube videos and how you can manage or delete your data.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, we can't do without interesting videos. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images.
What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet service provider. Other data may include contact details, any ratings, sharing of content via social media or adding to your favourites on YouTube.
If you are not signed in to a Google Account or YouTube account, Google stores data with a unique identifier associated with your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data can't be stored because fewer cookies are set.
In the following list, we show cookies that were set in the browser in a test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because the user data always depends on the interactions on YouTube.
Name: YSC
Value: b9-CV6ojI5Y311881264-1
Purpose: This cookie registers a unique ID to store statistics of the video watched.
Expiry date: after end of session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google gets statistics about how you use YouTube videos on our website via PREF.
Expiry date: after 8 months
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our web pages (with embedded YouTube video).
Expiry date: after 8 months
Other cookies that are set when you are logged in with your YouTube account:
Name: APISID
Wert: zILlvClZSkqGsSwI/AU1aZI6HY7311881264-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalised advertisements.
Expiry date: after 2 years
Name: CONSENT
Value: YES+AT.en+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorised attacks.
Expiry date: after 19 years
Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile about your interests. This data helps to display personalised advertising.
Expiry date: after 2 years
Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL...
Purpose: This cookie stores information about your login details.
Expiry date: after 2 years
Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiry date: after 2 years
Name: SID
Value: oQfNKjAsI311881264-.
Purpose: This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years
Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiry date: after 3 months
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. You can see exactly where Google's data centres are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.
Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time and still others are stored by Google for a longer period of time. Some data (such as items from "My Activity", photos or documents, products) stored in your Google Account will remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app.
How can I delete my data or prevent data storage?
In principle, you can delete data in the Google Account manually. With the automatic deletion function of location and activity data introduced in 2019, information is stored depending on your decision - either 3 or 18 months and then deleted.
Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:
Chrome: Delete, activate and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer.
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.
Legal basis
By launching the video element on YouTube, you have consented to your data being processed and stored by embedded YouTube elements. Thus, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. We use the embedded YouTube elements after we have explicitly informed you about the data transfer to YouTube. YouTube also sets cookies in your browser to store data. That is why we recommend that you read our data protection text on cookies carefully and view the data protection notice or cookie policy of the respective service provider.
YouTube also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.


Google Fonts (Local)
On our website, we use Google Fonts from Google Inc. which we have integrated locally, i.e. on our web server - not on Google's servers. This means that there is no connection to Google servers and therefore no data transfer or storage. In this way, we act in accordance with data protection laws and do not send any data to Google.


Google Maps
What is Google Maps?
We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps enables us to better show you locations and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.
Why do we use Google Maps on our website?
All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information on various locations. You can see at a glance where we are located. The directions always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us, providing Google Maps is part of our customer service.
What data is stored by Google Maps?
In order for Google Maps to be able to offer its service in full, the company has to collect and store data from you. This includes the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. We explicitly point out to you at the relevant places that by activating the slider you give your consent to the processing of data by Google Maps. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.
The following cookie is set in your browser due to the integration of Google Maps:
Name: NID
Wert: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311881264-5
Purpose: NID is used by Google to customise advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way you will always get tailored ads. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiry date: after 6 months
Note: We cannot guarantee the completeness of the data stored. Especially when using cookies, changes can never be ruled out. In order to identify the NID cookie, a separate test page was created where only Google Maps was integrated.
How long and where is the data stored?
Google servers are located in data centres around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where the Google data centres are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Google distributes the data on different data carriers. This means that the data can be retrieved more quickly and is better protected against any attempts at manipulation. Each data centre also has special emergency programmes. If, for example, there are problems with Google's hardware or a natural disaster paralyses the servers, the data will pretty much remain protected anyway.
Google stores some data for a set period of time. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.
How can I delete my data or prevent data storage?
With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months - depending on your decision - and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the "Web and App Activity" section in the Google Account. Click "Data and personalisation" and then on the "Activity setting" option. Here you can switch the activities on or off.
You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, this always works slightly differently. The following instructions show how to manage cookies in your browser:
Chrome: Delete, activate and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer.
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not.
Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
Legal basis
By activating the slider, you consent to the use of Google Maps. Thus, the legal basis of the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Maps.
We also have a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). As a default setting, the use of Google Maps is deactivated from our side. By actively pressing the slider, you consent to the use of Google Maps services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.


Google reCAPTCHA
What is reCAPTCHA?
Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us electronically. With the classic CAPTCHAS, you usually had to solve text or picture puzzles to verify the information. With reCAPTCHA from Google, we usually don't have to bother you with such puzzles. Here, in most cases, it is enough to simply tick a box and thus confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to set a tick anymore. You will find out exactly how this works and, above all, what data is used for this in the course of this data protection information.
reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. The most common use of this service is when you fill out forms on the internet. A captcha service is a type of automatic Turing test that is designed to ensure that an action on the internet is performed by a human and not a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the distinction between a bot and a human. With captchas, this is also done by the computer or a software programme. Classic captchas work with small tasks that are easy for humans to solve, but present considerable difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here you only have to tick the text field "I am not a robot" or with Invisible reCAPTCHA even that is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyses your user behaviour. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate how likely you are to be a human even before the captcha is entered. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).
Why do we use reCAPTCHA on our website?
We only want to welcome flesh and blood people on our site. Bots or spam software of any kind can safely stay at home. That's why we pull out all the stops to protect ourselves and offer the best possible user experience for you. For this reason, we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are actually a human being. reCAPTCHA therefore serves the security of our website and, by extension, your security. For example, without reCAPTCHA it could happen that a bot registers as many email addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.
To make your visit to our homepage more pleasant, we use the Invisible reCaptcha variant, which is executed invisibly for you in the background.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users in order to determine whether the actions on our website actually originate from people. The IP address and other data required by Google for the reCAPTCHA service may therefore be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube. Gmail, etc.) are already placed on your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.
The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data that, to our knowledge, are processed by Google.
•    Referrer URL (the address of the page from which the visitor comes)
•    IP address (e.g. 256.123.123.1)
•    Info about the operating system (the software that enables your computer to run. Known operating systems are Windows, Mac OS X or Linux).
•    Cookies (small text files that store data in your browser)
•    Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
•    Date and language settings (which language or date you have preset on your PC will be saved).
•    All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name).
•    Screen resolution (shows how many pixels the image display consists of)
It is undisputed that Google uses and analyses this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, even the ticking is omitted and the entire recognition process runs in the background. Google does not tell you in detail how much and which data it stores.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311881264-8
Purpose: This cookie is set by DoubleClick (also owned by Google) to record and report a user's actions on the website in dealing with advertisements. This allows advertising effectiveness to be measured and appropriate optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiry date: after one month
Name: ANID
Wert: U7j1v3dZa3118812640xgZFmiqWppRWKOr
Purpose: We could not find out much information about this cookie. In Google's privacy notice, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under domain google.com.
Expiry date: after 9 months
Name: CONSENT
Value: YES+AT.en+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users, prevent login fraud and protect user data from unauthorised attacks.
Expiry date: after 19 years
Name: NID
Wert: 0WmuWqy311881264zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to tailor ads to your Google searches. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way you always get tailored ads. The cookie contains a unique ID to collect the user's personal preferences for advertising purposes.
Expiry date: after 6 months
Name: DV
Wert: gEAABBCjJMXcI0dSAAAANbqc311881264-4
Purpose: Once you have ticked the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalised advertising. DV collects information in an anonymous form and is also used to make user distinctions.
Expiry date: after 10 minutes
Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies from time to time.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated enquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The deviating data protection regulations of the Google company apply to this.
How can I delete my data or prevent data storage?
If you do not want any data about you and your behaviour to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, data is automatically transmitted to Google as soon as you visit our site. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=311881264.
Therefore, by using our website, you consent to the automatic collection, processing and use of data by Google LLC and its agents.
Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.
Legal basis
By registering for our customer portal, you consent to the use of Google reCAPTCHA. Thus, the legal basis for the corresponding data processing is this consent and, according to Art. 6 para. 1 lit. a DSGVO (consent), constitutes the legal basis for the processing of personal data as it may occur during the collection by Google reCAPTCHA.
We also have a legitimate interest in using Google reCAPTCHA to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interests). Nevertheless, we only use Google reCAPTCHA if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of the data processing.

Status: 08-04-2022