Privacy Policy

Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

• Ergo-Tec GmbH Gewerbestraße 2 91489 Wilhelmsdorf Email: info@ergo-tec.com mailto:info@ergo-tec.com Web: www.ergo-tec.com http://www.ergo-tec.com Tel: +49 9104 829690

Name and Address of the Data Protection Officer

The data protection officer of the controller is:

• Oliver Fouquet Fürther Straße 98-100 90429 Nürnberg Germany Tel. 0911/32386-53 Email: info@metropoldata.de mailto:info@metropoldata.de or datenschutz@ergo-tec.com mailto:datenschutz@ergo-tec.com

1. General Information on Data Processing

1. Scope of Processing of Personal Data

We collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

2. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

1. Browser type, language setting
2. Browser version
3. Operating system used
4. Referrer URL
5. Pages accessed and data volumes
6. Date and time of server request
7. IP address

The data is stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. Additionally, the data serves us to optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not usually take place in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

4. Duration of Storage

The data is restricted after three months and deleted after 12 months.

5. Objection and Removal Possibility

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

3. Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again. The following cookies are used according to your selection:

Cookie Name	Purpose	Storage Duration	Legal Basis	Publisher
Borlabs-Cookie	Stores your consent	1 year	Art. 6 para. 1 lit. f GDPR	Borlabs
AEC	Monitoring and analysis of user behavior, security of Google user account	6 months	Art. 6 para. 1 lit. f GDPR	Google
SOCS	Storage of cookie settings	11 months	Art. 6 para. 1 lit. f GDPR	Google
_Secure-ENID	Prevention of fraudulent login attempts and statistics and marketing purposes after a successful login process	13 months	Art. 6 para. 1 lit. f GDPR	Google
_ga_gat_gld	Cookie from Google for controlling advanced script and event handling	2 years	Art. 6 para. 1 lit. a GDPR	Google
_ga	Used to collect data about the number of visits a user makes to the website as well as the date of the first and last visit	2 years	Art. 6 para. 1 lit. a GDPR	Google
_ga#	Used to collect data about the number of visits a user makes to the website as well as the date of the first and last visit	2 years	Art. 6 para. 1 lit. a GDPR	Google
_cf_bm	Used to identify bots and ensure the security of the website	30 minutes	Art. 6 para. 1 lit. f GDPR	hcaptcha.com
_osm_location, osm_session, osm_totp_token, osm_welcome, pk_id, pk_ref, pk_ses, qos_token	Used to unlock OpenStreetMap content	1-10 years	Art. 6 para. 1 lit. a GDPR	OpenStreetMap

 

2. Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR, insofar as they are technically necessary. Otherwise, the legal basis is Art. 6 para. 1 lit. a GDPR, if you have consented to their use.

3. Purpose of Data Processing

The purpose of using technically necessary cookies is to enable the use of websites for users. The user data collected through technically necessary cookies is not used to create user profiles.

These purposes also constitute our legitimate interest in processing personal data according to Art. 6 para. 1 lit. f GDPR.

4. Duration of Storage, Objection, and Removal Possibility

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all functions of the website to their full extent.

4. OpenStreetMaps

1. Description and Scope of Data Processing

The website uses the open-source map service „OpenStreetMaps“ (also known as „OSM“) provided by the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OSM is used to offer an interactive map on our website that shows you how to find and reach us. This service facilitates the findability of our office by loading map material from an external server. The following data is transmitted to the servers of OSM during the display:

• Our web pages you have visited
• The IP address of your device
• Browser
• Operating system
• Date and time

A cookie „_osm_location“ (expires after 10 years) is set to unlock the content of OpenStreetMap. When clicking on the map to full screen, the cookie „_osm_totp_token“ (expires after one hour) is set to operate the map section. A session cookie „_osm_session“ and a cookie „_pk_id.1.cf09“ (expires after one year) from Piwik are also set to measure click behavior.

2. Legal Basis for Data Processing

The legal basis for the processing of data is your consent according to Art. 6 para. 1 lit. a GDPR.

3. Purpose of Data Processing

The embedding of OpenStreetMap on our homepage serves the better and easier findability of our office for clients and interested parties.

4. Duration of Storage

The IP address and user information are deleted after 180 days. You can delete the cookies in the browser yourself. How OpenStreetMap stores your data can be viewed on the OpenStreetMap privacy page here: https://wiki.osmfoundation.org/wiki/Privacy_Policy https://wiki.osmfoundation.org/wiki/Privacy_Policy.

5. Contact Form and Email Contact

1. Description and Scope of Data Processing

Several contact forms are available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

These are:

• The IP address of the user
• Name, first name
• Email
• Telephone number
• Company name
• Street, house number, postal code, and city
• Content of the message

For the processing of the data, reference is made to this privacy policy during the sending process.

Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

If applications are sent to us by email, the documents and information contained therein will be sent to us. These are particularly, in addition to the above personal data:

• Certificates
• Resume
• Health data (e.g., regarding disability)

2. Legal Basis for Data Processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. For employment relationships, § 26 para. 1 BDSG-new applies additionally.

3. Purpose of Data Processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and ensure the security of our information technology systems.

4. Duration of Storage

The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and no other legal basis for processing the data due to a contractual relationship exists. Contract-relevant data are kept for six years and tax-relevant data for 8 years (§147 AO).

If there is no consent from the applicant to retain their application documents, they will be deleted no later than six months after the end of the application process.

The personal data additionally collected during the sending process (e.g., IP address) will be deleted no later than seven days after the process.

5. Objection and Removal Possibility

The user has the possibility to object to the processing of personal data at any time. In such a case, the conversation cannot be continued.

The objection to the storage of personal data can be made at any time.

All personal data stored in the course of contacting will be deleted in this case, provided there is no legitimate interest or other legal basis for retaining the data.

6. Transfer of Personal Data to Third Parties

Your data will only be transferred to the extent necessary to fulfill the tasks. This includes, in particular, the transfer of data, e.g., to providers. The transfer of data to fulfill the mentioned service is based on order processing.

Furthermore, data is transferred to third parties as necessary for contract fulfillment. However, these are also subject to data protection and confidentiality.

7. Applicant-Employee Data

1. Description and Scope of Data Processing

If you apply to us, the data you provide will be stored. These may include:

• Salutation
• Name
• Email address
• Phone
• Email
• Bank data
• Special personal data (health data, e.g., illnesses and disabilities)
• Application data (e.g., certificates, resume)

If you are employed by us, the following data may additionally be stored:

• Employment contract data
• Income and asset conditions
• Social data
• Application data (e.g., certificates, resume)
• Performance evaluations

2. Legal Basis for Data Processing

The legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG-new, or Art. 6 para. 1 lit. a GDPR if you have consented to longer storage.

3. Purpose of Data Processing

The data is used exclusively for processing your application and conducting the employment relationship,

• to establish and conduct an employment relationship
• to comply with our legal obligations
• to correspond with you
• to process payments
• to settle any liability claims and to assert claims against you

4. Duration of Storage

The data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. If there is no consent from the applicant to retain their application documents, they will be deleted no later than six months after the end of the application process.

If you enter into an employment relationship with us, the personal data collected by us for conducting the employment relationship will be retained for up to three years after the end of the employment relationship, unless we are obliged to retain them for a longer period according to Article 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial retention and documentation obligations (§ 257 HGB 6 years or § 147 AO 8 years) or you have consented to further storage according to Art. 6 para. 1 sentence 1 lit. a GDPR.

5. Objection and Removal Possibility

You have the possibility to object to the processing at any time. In such a case, the application process cannot be continued.

The objection and revocation of consent can be made informally to the above address.

All personal data stored in the course of contacting will be deleted in this case, provided there is no other legal basis for storage.

6. Transfer to Third Parties

Data is transferred to insurance companies, banks, authorities, courts, health insurance companies, pension insurance companies, and tax offices as necessary for conducting the employment relationship.

8. Google Tag Manager

1. Description and Scope of Data Processing

The Google Tag Manager is an organization tool that allows us to centrally integrate and manage website tags via a user interface. Tags are small code snippets that, for example, record your activities on our website (tracking). For this purpose, JavaScript code snippets are inserted into the source code of our site. The tags often come from Google internal products like Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, integrate buttons, set cookies, and track users across multiple websites.

The Tag Manager itself does not set cookies and does not store data. It acts as a mere „manager“ of the implemented tags.

In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this only concerns the use and utilization of our Tag Manager and not your data stored via the code snippets. We allow Google and others to receive selected data in anonymized form.

2. Legal Basis for Data Processing

The legal basis is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing

The Google Tag Manager (GTM) serves to load tools for which you have consented to use.

9. Google Analytics

1. Description and Scope of Data Processing

This website uses Google Analytics, a web analytics service provided by Google Inc. („Google“). The use is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Google Analytics uses „cookies“, text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of the website, such as

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Hostname of the accessing computer (IP address)
• Time of server request

is usually transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. We have also extended Google Analytics on this website with the code „anonymizeIP“. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all functions of this website to their full extent.

When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this process, reference is also made to this privacy policy.

2. Legal Basis for Data Processing

The legal basis is Art. 6 para. 1 lit. a GDPR.

3. Purpose of Data Processing

The analysis cookies are used to evaluate the use of the website, compile reports on website activity, and provide other services related to website and internet usage to the visitor. This also helps optimize the website based on visitor behavior and improve its discoverability.

4. Duration of Storage, Objection, and Removal Possibility

If you wish to object to the use of cookies after giving your consent, you can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en http://tools.google.com/dlpage/gaoptout?hl=en.

We also use Google Analytics to evaluate data from Double-Click cookies and AdWords for statistical purposes. If you do not wish this, you can deactivate it via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/ http://www.google.com/settings/ads/onweb/).

5. Data Deletion and Storage Duration

The data is automatically deleted after 14 months. Once a month, data that has reached the end of its retention period is automatically deleted. If you revisit our homepage before the deletion period expires, the usage recognition is reset, and the deletion date is extended to the current time plus the retention period. If you do not revisit the homepage, the data will be deleted after 14 months.

10. hCAPTCHA

1. Description and Scope of Data Processing

This website uses hCAPTCHA. The service provider is the American company Intuition Machines Inc., 350 Alabama St, San Francisco, CA 94110, USA.

hCAPTCHA checks whether the data input on our website (especially in the contact form) is made by a human or an automated program. For this purpose, hCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as you access the contact form. hCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements). The data collected is transmitted to Intuition Machines Inc.

The use of hCAPTCHA is in the interest of the security of our website and to protect our company from automated inputs (attacks).

Intuition Machines Inc. adheres to the EU-U.S. Data Privacy Framework (DPF) principles regarding personal data of individuals in the European Economic Area (EEA), the United Kingdom, Gibraltar, and Switzerland. Further information about hCAPTCHA can be found in the privacy policy of Intuition Machines Inc. at: https://www.hcaptcha.com/privacy https://www.hcaptcha.com/privacy.

2. Legal Basis for Data Processing

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in protecting our website from misuse and automated data extraction and ensuring the security of our systems.

3. Purpose of Data Processing

The use of hCAPTCHA is in the interest of the security of our website and to protect our company from automated inputs (attacks).

4. Objection and Removal Possibility

You can object to the processing by sending an email to support@imachines.com mailto:support@imachines.com or by post to Intuition Machines, Inc., 1065 SW 8th St #704, Miami FL 33130, USA, Attention: Privacy.

Intuition Machines Inc. will respond within 45 days of receiving the notification. In accordance with the EU-U.S. DPF, the UK extension of the EU-U.S. DPF, and the Swiss-U.S. DPF, Intuition Machines Inc. („IM“) commits to forwarding unresolved complaints about the handling of personal data received under the EU-U.S. DPF, the UK extension of the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you have an unresolved privacy or data use concern that Intuition Machines Inc. has not satisfactorily addressed, please contact our U.S.-based third-party dispute resolution provider (free of charge) at: https://www.jamsadr.com/DPF-Dispute-Resolution https://www.jamsadr.com/DPF-Dispute-Resolution.

5. Data Deletion and Storage Duration

Intuition Machines Inc. securely stores your personal data for the duration of your account with us. IM retains your personal data only as long as necessary to fulfill the purposes for which it was collected, including fulfilling legal, accounting, or reporting obligations or resolving disputes. The criteria used by Intuition Machines Inc. to determine retention periods include applicable contractual provisions, statutory limitation periods, applicable regulatory requirements, and industry standards.

Information collected through technical means such as cookies, web beacons, and other analytics tools is discarded as quickly as possible but may be retained for a limited period of up to one year after the cookie expires, typically in anonymized and aggregated form unless Intuition Machines Inc. detects potential misuse of the service. In such cases, Intuition Machines Inc. will retain this information to help prevent future misuse. Intuition Machines Inc. is unable to link this anonymized and aggregated information to you, your household, an IP address, or other personal data based on the stored information.

Further information about hCAPTCHA can be found in the privacy policy of Intuition Machines Inc. at: https://www.hcaptcha.com/privacy https://www.hcaptcha.com/privacy.

11. Encryption

This site uses SSL encryption for security reasons and to protect the transmission of all content. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http:“ to „https:“ and by the lock symbol in your browser line.

It is also possible to send emails end-to-end encrypted via DATEV eG to us. For this purpose, we will send you an appropriate email with the encryption details upon request.

12. Social Media

1. LinkedIn

This website uses a link to LinkedIn. The links are recognizable by the LinkedIn logo.

a) Description and Scope of Data Processing

This website uses a link to LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We have a page on the LinkedIn network to communicate with customers, prospects, and users. Regarding data processing, LinkedIn and we are jointly responsible within the meaning of Art. 26 para. 1 GDPR. Our mutual obligations arising from joint responsibility are set out in an agreement between LinkedIn and us. This agreement can be viewed here: https://legal.linkedin.com/pages-joint-controller-addendum https://legal.linkedin.com/pages-joint-controller-addendum.

LinkedIn uses two types of cookies: persistent cookies and session cookies. A persistent cookie remains beyond the current session and is used for various purposes, such as recognizing you as an existing user so that you can return to LinkedIn and interact with our services without logging in again. Since a persistent cookie remains in your browser, it is read by LinkedIn when you return to one of our websites or visit a partner site that uses our services. Session cookies are only valid for the respective session (usually the current visit to a website or a browser session).

Additionally, LinkedIn uses pixels. A pixel is a tiny image embedded in websites and emails that requires a call (providing device and visit information) to LinkedIn’s servers to deliver the pixel on these websites and emails. LinkedIn uses pixels to learn more about your interactions with email content or web content, such as whether you responded to ads or posts. Pixels may allow LinkedIn and third parties to place cookies in your browser.

If you are a LinkedIn member but have logged out of your account on a browser, LinkedIn may still track your interaction with our services on that browser for up to 30 days to generate usage analytics for LinkedIn services. These analytics data may be shared with us in aggregated form.

Further information can be found at: https://de.linkedin.com/legal/cookie-policy https://de.linkedin.com/legal/cookie-policy.

b) Legal Basis for the Processing of Personal Data

The legal basis is our legitimate interest in informing users and communicating with them in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If you communicate with us via LinkedIn, the legitimate interest lies in responding to your inquiry in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If your request aims at the conclusion of a contract or the implementation of pre-contractual measures, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

c) Duration of Storage, Objection, and Removal Possibility

Personal data from the contact request will be deleted when further storage is no longer necessary. This is the case when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and the conversation with the user has ended. Contract-relevant data will be retained for six years after the end of the order (§ 257 HGB), and tax-relevant data for 10 years (§ 147 AO).

By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically.

d) Transfer to Third Countries

Data processing may also take place outside the EU or EEA, particularly on servers located in the USA. This may pose risks for users, as it may, for example, make it more difficult to enforce users‘ rights. Further information can be found at: https://www.linkedin.com/help/linkedin/answer/62533 https://www.linkedin.com/help/linkedin/answer/62533.

2. Instagram

This website uses a link to Instagram. The links are recognizable by the Instagram logo.

a) Description and Scope of Data Processing

This website uses a link to Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA).

Our mutual obligations arising from joint responsibility are set out in an agreement between Facebook and us, the so-called „Page Insights Controller Addendum.“ This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum https://www.facebook.com/legal/terms/page_controller_addendum.

We point out that you use this Instagram page and its functions at your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting or rating).

When visiting our Instagram page, Instagram collects, among other things, your IP address and other information stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page.

When accessing an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymized (for „German“ IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (e.g., as part of the „login notification“ function); if necessary, Instagram is thus able to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Through embedded Instagram buttons on websites, Instagram is able to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be tailored to you.

Further information on the use of cookies can be found at: https://help.instagram.com/1896641480634370?ref=ig https://help.instagram.com/1896641480634370?ref=ig.

The Instagram privacy policy can be found in its current version at: https://help.instagram.com/519522125107875 https://help.instagram.com/519522125107875.

b) Legal Basis for the Processing of Personal Data

The legal basis is our legitimate interest in informing users and communicating with them in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If you communicate with us via Instagram, the legitimate interest lies in responding to your inquiry in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If your request aims at the conclusion of a contract or the implementation of pre-contractual measures, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

c) Duration of Storage, Objection, and Removal Possibility

Personal data from the contact request will be deleted when further storage is no longer necessary. This is the case when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and the conversation with the user has ended. Contract-relevant data will be retained for six years after the end of the order (§ 257 HGB), and tax-relevant data for 10 years (§ 147 AO).

By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically.

If you wish to avoid Instagram collecting data about your behavior on the internet, you should log out of Instagram, deactivate the „stay logged in“ function, delete the cookies on your device, and restart your browser. This way, you can use our Instagram page without revealing your Instagram ID. If you access interactive features of the page (like, comment, messages, etc.), an Instagram login screen will appear. After logging in, you will again be recognizable to Instagram as a specific user.

Instagram stores data until it is no longer needed to provide services and Meta products or until your account is deleted, whichever comes first. This is determined on a case-by-case basis and depends on factors such as the nature of the data, why it is collected and processed, and relevant legal or operational storage needs. For example, if you search for something on Facebook, you can access and delete that query from your search history at any time; however, the log of that search is deleted after 6 months.

d) Transfer to Third Countries

Instagram is a global service. By using Instagram, data may also be transferred outside your home country, including to the United States.

Data is also shared with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).

13. Rights of the Data Subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right to Access

You can request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing is taking place, you can request information from the controller about the following:

8. The purposes for which the personal data is processed;
9. The categories of personal data being processed;
10. The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
11. The planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage duration;
12. The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
13. The existence of a right to lodge a complaint with a supervisory authority;
14. All available information about the origin of the data if the personal data is not collected from the data subject;
15. The existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and intended consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to Restriction of Processing

Under the following conditions, you can request the restriction of the processing of personal data concerning you:

16. If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
17. The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
18. The controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims;
19. If you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to Erase

You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

20. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
21. You withdraw your consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
22. You object to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
23. The personal data concerning you has been unlawfully processed.
24. The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union or Member State law