Privacy Notice

§ 1 Information about the collection of personal data

(1) Below, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. surname, first name, address, email addresses, telephone number, user behavior, subject, and message.

(2) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is: Astera LED Technology GmbH
Schatzbogen 60
81829 Munich
Germany

Phone number: +49 (0)89 215522530
Email: info@astera-led.com
Managing Director: Norbert Ernst (see Legal Notice)

(3) When you contact us by email, we store the data you provide (your email address, your surname, first name, address and telephone number, if applicable, as well as the subject and message) in order to answer your questions. We delete the data collected in this context once storage is no longer necessary, or restrict processing if there are legal retention obligations.

(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the criteria for the storage period.

§ 2 Your rights

(1) You have the following rights with regard to your personal data:

  • Right to information,
  • Right to correction or deletion,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

§ 3 Collection of personal data when visiting our website

(1) When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 (1) (f) GDPR):

  • IP address (anonymized if necessary)
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

When you enter data in our designated forms (e.g., download media packages, newsletter) for:

  • Contacting us
  • Newsletter registration
  • Event registration
  • Download PDF / Watch video
  • Download media packages, the following data will be processed, depending on your input:
  • Company
  • First and last name
  • Email
  • Website
  • Country
  • Phone number

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

(3) Use of cookies: a) This website uses the following types of cookies, the scope and functionality of which are explained below: • Transient cookies (see b) • Persistent cookies (see c) b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser. c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings. d) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website. e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit. f) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your device. These objects store the necessary data independently of the browser you use and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.

§ 4 Contact form

We only process the personal data that you voluntarily provide and send to us in contact forms for the purposes of contract and order processing and handling your inquiries. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

§ 5 Objection or revocation of the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the permissibility of the processing of your personal data after you have notified us of it.

(2) Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary in particular for the fulfillment of a contract with you, which is presented by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.

(3) You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising at the following contact details: Astera LED Technology GmbH Schatzbogen 60 81829 Munich Germany Phone number: +49 (0)89 215522530 Email: info@astera-led.com

§ 6 Newsletter

(1) With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are specified in the declaration of consent.

(2) We use the double opt-in procedure for registration for our newsletter. This means that after you register, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any possible misuse of your personal data.

(3) The only mandatory information required for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1) (a) GDPR.

(4) Please note that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons to your email address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them, and deduce your personal interests from this. We link this data to your actions on our website. You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data for statistical purposes only. Such tracking is also not possible if you have disabled the display of images in your email program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place.

(5) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter email, by sending an email with the subject “Newsletter,” or by sending a message to the contact details provided in the legal notice.

§ 7 Newsletter dispatch via Mailchimp

(1) This website uses Mailchimp to send newsletters. Intuit Mailchimp 405 N Angier Ave. NE Atlanta, GA 30308 USA Mailchimp is a service that can be used to organize and analyze newsletter dispatch. The data you enter for the purpose of receiving the newsletter (e.g., email address) is stored on Mailchimp’s servers in the USA.

(2) Mailchimp enables us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. This allows us to determine, among other things, which links were clicked on particularly often. If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. For detailed information on the functions of Mailchimp, please refer to the following link: https://mailchimp.com/de/

(3) Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations that have already taken place remains unaffected by the revocation.

(4) For data transfers from the EU to the US, Mailchimp/Intuit relies on the adequacy decisions: EU-US Trans-Atlantic Data Privacy Framework: The company is not (yet) certified under the Data Privacy Framework (DPF) “Data Privacy Framework: Re-certification under Review,” which does not yet ensure an adequate level of data protection for the transfer of personal data to the US. The list of certified companies as well as further information on the DPF and the current status can be found here: https://www.dataprivacyframework.gov/EU-U.S. We have concluded a DPA with Mailchimp.

(5) If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website. The data you provide us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Mailchimp’s servers after you unsubscribe. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this. For more details, please refer to Mailchimp’s privacy policy at: https://www.intuit.com/privacy/statement/

§ 8 Applications for job vacancies by email

We advertise job vacancies on our website, and interested parties can apply by emailing the contact address provided. In order to be included in the application process, applicants must provide us with all the personal data required for a sound and informed assessment and selection process together with their application by email. The required information includes general personal details (name, address, telephone number, or email address) as well as performance-specific evidence of the qualifications necessary for the position. The job advertisement specifies which components an application must contain in order to be considered and in what form these components must be submitted by email. After we get your application sent to the email address we gave you, we’ll store your info and only use it to process your application. If we have any questions while we’re processing it, we’ll either use the email address you gave us in your application or a phone number you provided, whichever we choose. The legal basis for this processing, including contacting you for queries, is generally Art. 6 (1) (b) GDPR in conjunction with § 26 (1) BDSG, according to which going through the application process is considered to be the initiation of an employment contract. If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability) are requested from applicants, the processing is carried out in accordance with Art. 9 (2) lit. b GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard. If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws their application prematurely, the data transmitted by email and all electronic correspondence, including the original application email, will be deleted after a corresponding notification, at the latest after 6 months. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in being able to fulfill our obligations to provide evidence under the regulations on equal treatment of applicants. If your application is successful, the data provided will be further processed for the purposes of implementing the employment relationship on the basis of Art. 6 (1) (b) GDPR in conjunction with § 26 (1) BDSG.

§ 9 Facebook/Instagram and LinkedIn targeting (custom audiences/matched audiences)

(1) Our website also uses features from the Facebook and Instagram (Meta Platforms, Inc.) and LinkedIn (Microsoft Corporation) platforms to display interest-based advertising (“ads”). This allows users of the website to be shown targeted, interest-based advertisements within the platforms or on other websites that use the same procedures. Our interest in doing so is to show you advertisements that are of interest to you in order to make our website more interesting for you.

(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the servers of Facebook/Instagram or LinkedIn. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: a) Through the integration, Meta receives the information that you have accessed the corresponding page of our website or clicked on an advertisement from us. If you are registered with a Facebook/Instagram service, Meta can assign the visit to your account. Even if you are not registered with Facebook/Instagram or are not logged in, it is possible that the provider may obtain and store your IP address and other identifying characteristics. b) Through the integration, Microsoft receives similar information about your interaction with our content or advertisements via LinkedIn in order to measure the reach of advertisements and define target groups. Similarly, data can also be assigned to your LinkedIn account if you have an account and are logged in.

(3) Logged-in users can deactivate this function at: a) Facebook/Instagram (Meta): https://www.facebook.com/settings/?tab=ads b) LinkedIn (Microsoft): https://www.linkedin.com/psettings/ads

(4) The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent). Further information on data processing by Facebook/Instagram can be found at https://www.facebook.com/about/privacy and by LinkedIn at https://www.linkedin.com/legal/privacy-policy. For data transfers from the EU to the US, Meta and Microsoft refer to the adequacy decisions: EU-US Trans-Atlantic Data Privacy Framework: Meta and Microsoft are certified as “non-HR data” under the Data Privacy Framework (DPF), which ensures an adequate level of data protection for the transfer of personal data to the US. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/.

§ 10 Integration of Google Maps

(1) We use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on our website. Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. By using this service, our location is displayed to you and any journey to us is made easier.

(2) When you visit subpages that contain Google Maps, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. This may also involve transmission to Google LLC. servers in the USA. This occurs regardless of whether Google provides a user account that you are logged into or whether a user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.

(3) If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by disabling JavaScript in your browser. Google Maps and thus also the map display on this website cannot then be used.

You can view Google’s terms of use at https://www.google.de/intl/de/policies/terms/regional. html. The additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html. Detailed information on data protection in connection with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/.

(4) The legal basis is your explicit and voluntary consent pursuant to Art. 6 (1) (a) GDPR to the processing of your personal data for display purposes using Google Maps. This consent can be revoked at any time. Revocation does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

(5) We have concluded a DPA with Google. For data transfers from the EU to the US, Google relies on the adequacy decisions: EU-US Trans-Atlantic Data Privacy Framework: Google is certified under the Data Privacy Framework (DPF), which ensures an adequate level of data protection for the transfer of personal data to the US. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

§ 11 Integration of YouTube videos

(1) We have integrated YouTube videos into our online offering, which are stored on http://www.Youtube.de or http://www.YouTube.com and can be played directly from our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “YouTube”).

(2) When you visit our website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data is transferred regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want this association with your YouTube profile, you must log out of YouTube before activating the button. YouTube stores your data as usage profiles and uses it for advertising, market research, and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. If our website contains a plugin, your browser transmits information including your IP address. If the playback of embedded videos is started via the plugin, the provider also uses cookies for the purpose of gathering information about user behavior, for statistical purposes, and to prevent misuse.

(3) Data processing, in particular data transmission to YouTube, is carried out for the purpose of simplifying the use of our media content and increasing the attractiveness of our website. By integrating YouTube videos, we offer you the opportunity to interact with the YouTube social network, enabling us to improve our offering and make it more interesting for you as a user. For data transfers from the EU to the US, YouTube refers to the adequacy decisions: EU-US Trans-Atlantic Data Privacy Framework: Google is certified under the Data Privacy Framework (DPF), which ensures an adequate level of data protection for the transfer of personal data to the US. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

(4) The legal basis is your explicit and voluntary consent pursuant to Art. 6 (1) (a) GDPR to the processing of your personal data. This consent can be revoked at any time. Revocation does not affect the lawfulness of processing based on consent before revocation.

(5) For more information on the purpose and scope of data collection and processing, as well as further information on your rights and settings options for protecting your privacy, please contact: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA / Google Ireland Limited Gordon House, Barrow Street Dublin 4 at https://www.google.de/intl/de/policies/privacy

§ 12 Use of Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) According to the information provided by Google, the data collected in the context of the use of Google Analytics is stored for a period of two months and then deleted.

5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. For data transfers from the EU to the US, Google refers to the adequacy decisions: EU-US Trans-Atlantic Data Privacy Framework: Google is certified as “non-HR data” under the Data Privacy Framework (DPF), which ensures an adequate level of data protection for the transfer of personal data to the US. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/ The legal basis for the use of Google Analytics is Art. 6 (1) (a) GDPR. Without your consent, Google Analytics will not be used. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, deactivate this service in the cookie banner.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Terms of Use: http://www.google.com/analytics/terms/de.html, Overview of data protection: https://business.safety.google/intl/de/privacy, https://policies.google.com/technologies/partner-sites and the privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

§ 13 Facebook Custom Audiences

(1) The website also uses Custom Audiences from Facebook Inc. (“Facebook”). This allows users of the website to be shown interest-based advertisements (“Facebook Ads”) when visiting the Facebook social network or other websites that also use this process. Our aim in doing so is to show you advertisements that are of interest to you in order to make our website more interesting for you.

(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding page of our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying features.

(3) Logged-in users can deactivate the “Facebook Custom Audiences” function at https://www.facebook.com/settings/?tab=ads#_.

(4) The legal basis for the processing of your data is Art. 6 (1) (f) GDPR. Meta Platforms Ireland Limited (Facebook), Merrion Road, Dublin 4, D04 X2K5, Ireland; legal basis: legitimate interests (Art. 6 (1) (f) GDPR); website: https://www.facebook.com; privacy policy: https://www.facebook.com/privacy/policy/ For data transfers from the EU to the US, Facebook refers to the Data Privacy Framework (DPF). Meta is certified. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

§ 14 Use of Adobe Typekit

(1) We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Companies (4–6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter referred to as “Adobe”) that gives us access to a font library. In order to integrate the fonts we use, your browser must connect to an Adobe server in the USA and download the font required for our website. This provides Adobe with information that our website has been accessed from your IP address.

(2) For more information about Adobe Typekit, please refer to Adobe’s privacy policy, which you can access here: https://www.adobe.com/de/privacy/policy.html

(3) The legal basis for the integration of Adobe Typekit and the associated data transfer to Adobe is your consent (Art. 6 (1) (a) GDPR). We do not collect any personal data through the integration of Adobe Typekit Web Fonts. For data transfers from the EU to the US, the company relies on the Data Privacy Framework (DPF). Adobe is certified. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

§ 15 Use of bunny.net

(1) Videos are integrated into the website via the content delivery network “bunny.net.” “bunny.net” is a service provided by the EU provider “BunnyWay d.o.o.” based in Slovenia. When you visit a page on our website that contains such a video, your browser establishes a direct connection to the bunny.net servers. Further information can be found at: www.bunny.net/privacy

(2) Through this integration, bunny.net receives the information that your browser has accessed the corresponding page of our website. This may result in personal data being stored and evaluated in server log files, in particular the user’s activity (especially which pages have been visited) and device and browser information (especially the IP address and operating system). Bunny.net does not interact with visitors to our website and does not process any personal visitor data. However, if processing does occur in individual cases, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.

§ 16 Use of Eventbrite

(1) We use the ticket and registration platform Eventbrite, Inc. (95 Third Street, 2nd Floor, San Francisco, CA 94103, USA) for registration for our events. Eventbrite processes the data you enter (e.g., name, email address, billing and payment details, if applicable) on behalf of our company. We have concluded a DPA with Eventbrite.

(2) Information on data processing by Eventbrite, the rights of data subjects, and international data transfers can be found in Eventbrite’s privacy policy at https://www.eventbrite.de/help/de/articles/460838/datenschutzrichtlinie-von-eventbrite/. The legal basis is your consent (Art. 6 (1) (f) GDPR).

(3) For data transfers from the EU to the US, the company refers to the Data Privacy Framework (DPF). Eventbrite is certified with the exception of non-HR data. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

§ 17 Use of HubSpot

(1) We use the HubSpot service on this website for various purposes, e.g. for hosting, the website, and sending newsletters. HubSpot is a software company based in the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500. HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. Our registration service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as the content of our website, is stored on servers belonging to our software partner HubSpot and may be transferred to the USA. We may use it to contact visitors to our website and to determine which of our company’s services are of interest to them. We use all collected information to optimize our marketing activities. For more information about HubSpot’s privacy policy, please visit: https://legal.hubspot.com/privacy-policy. For more information about cookies, please visit: https://knowledge.hubspot.com/.

(2) The legal basis for processing is your consent pursuant to Art. 6 (1) (a) GDPR. If you do not want HubSpot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with future effect. Personal data will be stored for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required for the purpose. In the context of processing via HubSpot, data may be transferred to the USA. For data transfers from the EU to the USA, HubSpot refers to the European Commission’s standard data protection clauses, which are intended to ensure compliance with European data protection standards in the USA. For data transfers from the EU to the US, HubSpot, Inc. relies on adequacy decisions, provided that recertification is successfully completed: EU-US Trans-Atlantic Data Privacy Framework: According to the Data Privacy Framework (DPF), the following status applies as of the date of this privacy policy: Certified. With the exception of: Non-HR Data. The list of certified companies and further information on the DPF can be found here: https://www.dataprivacyframework.gov/

(3) We have entered into a DPA with HubSpot.

§ 18 External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. We use the following host:

Mittwald CM Service GmbH & Co. KG Königsberger Straße 4-6 32339 Espelkamp Germany

We have concluded a contract for order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

As of: January 21, 2026