Service Center

Privacy policy

Last update: October 8, 2025

Introduction

Data protection is a particularly high priority for Consolinno Energy GmbH (hereinafter: "we", "us"). We consider it our primary task to maintain the confidentiality of the personal data provided by you and to protect it from unauthorized access. We therefore apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.

The following information provides you with an overview of the processing of your personal data on our website https://consolinno.de/ (hereinafter "website"). The privacy policy also applies to our presence on social and professional networks, our newsletter and the application process.

We would also like to inform you about your rights under data protection laws. We always process your personal data in accordance with the General Data Protection Regulation (hereinafter "GDPR"), the Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (hereinafter "TTDSG") and all applicable country-specific data protection regulations.

 

1. responsibility

The controller within the meaning of the GDPR is

Consolinno Energy GmbH
Franz-Mayer-Straße 1
93053 Regensburg
Germany
Phone number: +49 941 20 300 000
Email: datenschutz@consolinno.de

Consolinno Energy GmbH operates the above-mentioned offers and services. Further contact details, contact persons and mandatory information can be found in the imprint.

 

2. data protection officer

You can reach our data protection officer as follows

secjur GmbH
Mr. Niklas Hanitsch
Steinhöft 9
20459 Hamburg
Germany
Phone number: +49 40 228 599 520
Email: dsb@secjur.com

You can contact our data protection officer directly with all questions and suggestions regarding data protection and the exercise of your rights.

 

3. definitions

This privacy policy is based on the terminology of the GDPR. To simplify matters, we would like to explain some important terms in this context in more detail:

  • Personal data: Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
  • Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Recipient: A recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • Third party: A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent: Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. origin of the personal data

We may receive personal data in the following ways:

4.1 Information provided by you

You have the opportunity to provide information (e.g. contact details) about yourself on our website.

4.2 Automatically collected and generated data

When you use our website, data is automatically collected and generated.

4.3 Data collected by third parties

If we maintain a presence in social and professional networks, we may receive data from you via these networks (e.g. if you contact us via a social or professional network or respond to one of our contents shared there).

5. scope, purpose, legal basis and storage period and, if applicable, recipients and third country transfer of the respective processing of personal data

5.1 General information

Below we provide you with an overview of which personal data we process. To this end, we explain to what extent, for what purposes and on what legal basis we process personal data. We also indicate - if available - which third-party providers we use to receive your data. Finally, we will inform you whether the respective processing by the third-party provider involves a transfer to a third country.

The provision of your personal data is always voluntary. However, it is possible that the respective functionality will only work if you provide your information (e.g. contact form).

We will not pass on your personal data to third parties without your consent, unless this is permitted by law (e.g. because this is necessary for the performance of the contract).

The processing of your personal data may be based in particular on the following legal bases:

  • Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing operation.
  • If the processing of personal data is necessary for the performance of a contract to which you are a party, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures.
  • If we are subject to a legal obligation that requires the processing of personal data, the processing is based on Art. 6 para. 1 lit. c GDPR in conjunction with the respective standard from which the obligation arises.
  • Furthermore, processing operations may also be based on Art. 6 para. 1 lit. f GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Insofar as we transfer personal data to a third country for processing, we ensure compliance with Art. 44 et seq. GDPR, i.e. before each transfer of personal data to third parties in a country outside the European Union ("EU") or the European Economic Area ("EEA"), we check whether an adequate level of protection is ensured.

An adequate level of protection can be ensured, among other things, by the existence of an adequacy decision by the EU Commission, by the fact that we have concluded standard data protection clauses with the recipient and have taken other additional measures, or by the fact that the third country transfer is permitted under other guarantees regulated in Art. 46 et seq. GDPR is permissible. If the data transfer takes place on the basis of Art. 46, 47 or 49 para. 1 GDPR, you can obtain a copy of the guarantees for the existence of an adequate level of data protection with regard to the data transfer or a reference to the availability of a copy of the guarantees from us.

5.2 Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Our data protection notices may also contain further information on the storage and deletion of data, which apply primarily to the respective processing.

5.3 Safety measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. We have also set up procedures to ensure that the rights of data subjects are exercised, data is deleted and we respond to data threats.

Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

5.4 Transmission of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

5.5 Website in general

5.5.1 Provision of the website and server log files

5.5.1.1 Scope of processing

To provide our website, we use storage space, computing capacity and software that we rent from a corresponding server provider (web host). These services also include sending, receiving and storing e-mails. In addition, data that your browser transmits to our server is automatically processed when you visit our website. This general data and information is stored in the server's log files (so-called "server log files"). The following can be recorded

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
5.5.1.2 Purpose of the processing

When using this data and information, we do not draw any conclusions about your person. The purposes we pursue include in particular

  • Provision of our website
  • Provision of our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems)
  • Provision of contractual services
  • Customer service
  • Provision of e-mail communication
  • Ensuring a smooth connection to the website,
  • Clarification of acts of abuse or fraud,
  • Problem analysis in the network, and
  • Evaluation of system security and stability.
5.5.1.3 Legal basis

The legal basis for data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. We have an overriding legitimate interest in providing a website and being able to offer our services in a technically flawless manner.

5.5.1.4 Storage duration

The log files are stored for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.

5.5.1.5 Recipients of personal data

This website runs on the network of . The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter: Hetzner). When you visit our website, Hetzner collects the above-mentioned data. Hetzner offers services related to the provision and support of web hosting accounts, domains, and servers. Further information on data processing by Hetzner can be found here: Hetzner | Privacy Policy.

5.5.2 Use of cookies

5.5.2.1 General information

We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our website. Information is stored in the cookie that results in each case in connection with the specific end device used.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

When you visit our website or a sub-website for the first time and it contains cookies, you will be shown "Data protection settings". There you will be informed about the individual cookies that we use. For each individual cookie, you can obtain information about the processing company, the purpose of the data processing, the data collected, the legal basis and the storage period. You can also allow us to use non-essential cookies and reverse this decision there.

From a legal perspective, a distinction must be made between essential and non-essential cookies.

5.5.2.2 Essential cookies

We use essential cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is in accordance with Art. 6 para. 1 lit. f GDPR. We have an overriding legitimate interest in being able to offer our website in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6 para. 1 lit. b GDPR, the provision of our contractual services.

5.5.2.3 Non-essential cookies

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behavior on our website and to improve our offer. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The cookies are only set after you have given your consent via our cookie banner.

5.5.2.4 Storage duration

A distinction is made between the following types of cookies with regard to the storage period:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

5.5.3 Cookie banner

5.5.3.1 Scope of processing

We use a cookie banner on our website to provide you with information about cookies in the form of "data protection settings". With our cookie banner, we inform you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. Among other things, the following can be processed

  • Usage data (e.g. websites visited, time of access)
  • Meta and communication data (e.g. IP address)
5.5.3.2 Purpose of the processing

We process your personal data for the following purposes:

  • Informing the user about the cookies we use
  • Enabling you to consent to cookies that are not technically necessary.
5.5.3.3 Legal basis of the processing

The legal basis for the use of the cookie banner is Art. 6 para. 1 lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.

5.5.3.4 Storage duration

The cookie banner stores the preferences until you reset or customize them.

5.5.3.5 Recipients of personal data

We use the cookie banner of the provider Borlabs Cookie on our website. The provider is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany (hereinafter: "Borlabs"). Further information on data processing by Borlabs can be found here: Borlabs | Privacy Policy.

5.5.4 Contact form

5.5.4.1 General information

You can contact us via our website
using the "contact form." When you contact us
and we respond to your inquiry, we process the following personal data
about you:

  • First and last name
  • E-mail address
  • Phone number
  • address information
  • Date and time of the request
  • IP address
  • Communication content, if applicable
5.5.4.2 Purpose of the processing

We process your data to respond to
your inquiry and other matters arising from it.

5.5.4.3 Legal basis

If you contact us within the framework of an existing
contractual relationship or contact us in advance for information about
our range of services or our other services, the
personal data you provide will be processed for the purpose of processing and
responding to your contact request in accordance with Art. 6 (1) (b) GDPR
. Furthermore, in order to protect our legitimate interests in accordance with
Art. 6 (1) (1) (f) GDPR, we process your personal data for the purpose of responding appropriately to
customer/contact inquiries. 

5.5.4.4 Storage duration

We delete your personal data,
as soon as it is no longer required for the purpose for which it was collected,
. In the context of contact requests, this is generally the case when
it is clear from the circumstances that the specific matter has been conclusively dealt with,
.

5.5.4.5 Recipients of personal data

Our contact form
is provided via the pipedrive service of Pipedrive OÜ, Mustamäe tee 3a 10615, Tallinn, Estonia
(hereinafter: Pipedrive). We have concluded a
order processing agreement with the provider for its use. This is
a contract required by data protection law, which ensures that
the provider processes your personal data only in accordance with our instructions and in
compliance with the GDPR. In cases where no
adequacy decision has been made by the European Commission, we have agreed with
the data recipients on other suitable safeguards within the meaning of Art. 44 et seq. GDPR
. Unless otherwise specified, these are
Standard Contractual Clauses (SCCs) of the European Commission in accordance with the
Implementing Decision (EU) 2021/914 of June 4, 2021.

Personal data may also be transferred to
in the USA. The European Commission has issued an
adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data
Privacy Framework. Based on this decision, data transfers
to organizations based in the USA that are certified accordingly
are permitted. Affiliated company Pipedrive Inc. is certified under the EU-U.S. Data
Privacy Framework and is therefore committed to complying with
appropriate data protection standards.

Further information on data processing
by Pipedrive can be found at:

https://www.pipedrive.com/en/privacy.

5.5.5 Other ways to contact us

5.5.5.1 General information

You have the option of contacting us by e-mail, telephone or other means of communication.

We process the following personal data, among others, when contacting you and responding to your inquiry:

  • First and last name
  • e-mail
  • Phone number
  • Date and time of the request
  • Other personal data that you provide to us when contacting us.
5.5.5.2 Purpose of the processing

We process your data to answer your request and other resulting matters.

5.5.5.3 Legal basis

If your request is related to pre-contractual measures or an existing contract with us, the legal basis is the fulfillment of the contract and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

If your request is independent of contractual or pre-contractual measures, the legal basis for responding to your request in accordance with Art. 6 para. 1 lit. f GDPR is our overriding legitimate interest in responding to your request and reacting to the contact you have initiated.

5.5.5.4 Storage duration

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected and there are no statutory retention obligations to the contrary. In the case of contact inquiries that have not led to a contractual relationship, this is generally the case when it is clear from the circumstances that the specific matter in question has been conclusively dealt with.

5.5.5.5 Recipients of personal data

We use the WordPress plugin Gravity Forms to integrate our contact form. The provider is Rocketgenius Inc, 1620 Centerville Turnpike, Suite 102, Virginia Beach VA 23464-6500, United States (hereinafter: "Gravity Forms"). Further information about Gravity Forms can be found here: WordPress Gravity Forms | Privacy Policy.

5.5.6 Newsletter

5.5.6.1 Scope of processing

If you have provided us with your e-mail address when purchasing one of our services, we will use it to inform you about our own similar goods or services via newsletter.

You can unsubscribe from our newsletter at any time. To do this, you will find a corresponding "Unsubscribe" button in each of our newsletters. You can also inform us of your revocation by e-mail or post using the contact details given above.

Our newsletters contain so-called tracking pixels. This is a miniature graphic that is embedded in emails. This allows us to track, for example, whether and when an e-mail was opened by you and which links in the e-mail were accessed by you. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected by the tracking pixels is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests.

We process the following personal data, among others, as part of sending the newsletter:

  • E-mail address
  • First and last name
  • Organization
  • Preferred language
  • Metadata (e.g. device information, IP address, date and time of login)
  • Interaction with the newsletter.
5.5.6.2 Purpose of processing

We process your personal data for the following purposes:

  • Newsletter distribution: implementation of marketing measures
  • Newsletter tracking: measuring success.
5.5.6.3 Legal basis
  • The legal basis for sending our newsletter is your consent in accordance with Art. 6 para. 1 lit. a. You can revoke your consent at any time with effect for the future.
  • The legal basis for sending our newsletter is Art. 6 para. 1 lit. f GDPR in conjunction with Art. 7 para. 3 UWG. § Section 7 (3) UWG, our overriding legitimate interest in strengthening or maintaining customer relationships with our existing customers by offering our own similar products by email.
  • The legal basis for newsletter tracking is our overriding legitimate interest in finding out whether our newsletter meets your interests and expectations in accordance with Art. 6 para. 1 lit. f GDPR.
5.5.6.4 Storage duration

We delete your personal data as soon as it is no longer required for the purpose for which it was collected. In the context of sending newsletters, this is generally the case if you object to the processing.

5.5.6.5 Recipients of personal data

We use Campaign Plus for the purpose of sending newsletters and newsletter tracking. The provider is Campaign Plus GmbH, Wollmarktstraße 115b, 33098 Paderborn (hereinafter: "Campaign Plus"). Further information on data protection by Campaign Plus can be found here: Campaign Plus | Privacy Policy.

5.5.7 Application

5.5.7.1 General information

We also offer you the opportunity to apply for vacancies and send us your application online or by post. To do this, you will be redirected to the page https://consolinno.jobs.personio.de/.

We process the following personal data as part of the application process:

  • Master data (e.g. first and last name, address)
  • Contact details (e.g. e-mail address, telephone number)
  • Application data (e.g. cover letter, CV, certificates and other supporting documents).
5.5.7.2 Purpose of processing

The purpose of the processing is to carry out the application procedure.

5.5.7.3 Legal basis

The legal basis for the processing of personal data is the fulfillment of the contract and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 Federal Data Protection Act (BDSG).

If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 para. 1 lit. a GDPR.

5.5.7.4 Storage duration

If an employment relationship is established after completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months after the application process has ended. We then delete all personal data. Longer storage is possible if we include the personal data in our applicant pool after obtaining your consent.

5.5.7.5 Recipients of personal data

Your data will be processed as part of the application process by Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (hereinafter: "Personio"). Further information on data processing by Personio can be found here: Personio | Privacy Policy.

5.5.8 Service Center

5.5.8.1 General information

To use the Service Center, you can register and log in as a user on our website under "Service Center". The mandatory information requested during login must be completed in full.

We process the following personal data from you as part of the login process:

  • Name
  • E-mail address.

There you can select the information you need from a collection of documents on our products.

5.5.8.2 Purpose of the processing

We process your data exclusively for the purpose of using and providing the service center.

5.5.8.3 Legal basis

The legal basis for the processing of personal data is the fulfillment of the contract and in accordance with Art. 6 para. 1 lit. b GDPR.

5.5.8.4 Storage duration

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected. We store the collected data for the duration of the contract. Your data will be deleted if the contract is terminated. Statutory retention periods remain unaffected.

5.5.8.5 Recipients of personal data

We use Zoho Desk to provide the service center. The provider is Zoho Corporation GmbH, Trinkausstraße 7, 40213 Düsseldorf, Germany (hereinafter: Zoho). Further information on data protection by Zoho can be found here: Zoho | Privacy Policy.

5.5.9 Our presence on social and professional networks

5.5.9.1 General information

We maintain a presence in social and professional networks in order to communicate with you, to inform you about our services and to find new employees.

If you visit one of our pages maintained there, we may be responsible with the provider of the respective platform within the meaning of Art. 26 GDPR with regard to the processing operations triggered thereby, which concern personal data.

To the best of our knowledge, the following data is processed as part of the processing operations:

  • Inventory data (e.g. first and last name, address, age, gender)
  • Content data (e.g. texts, photographs, videos)
  • Usage data (e.g. visits to websites, interests)
  • Metadata (e.g. device information, IP address).

This usage data is often processed in social and professional networks for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this. In addition, the providers often create user profiles that can then be used as the basis for user-based advertising within and outside the network. Cookies are often used for this purpose or the usage behavior is assigned directly to your own member profile of the network (if you are logged in here).We also use the user data to communicate with you via the respective network and to provide you with information. If you interact with our company profile in the respective network (e.g. visit our company profile, comment on something or "like" something), there is a possibility that your user profile, including the personal data, will be made public.

Information on the processing of your data in social and professional networks and the possibility of exercising your right of objection or revocation (opt-out) is listed below.

5.5.9.2 Purpose of processing

We process your personal data for the following purposes:

  • Public relations and marketing purposes, i.e. we provide information about our services and offers and communicate with you
  • (Only in professional networks:) Recruitment, i.e. we engage in "active sourcing".
5.5.9.3 Legal basis
  • The legal basis for our public relations work and the associated marketing purposes is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
  • The legal basis for recruitment is our overriding legitimate interest in finding new employees in accordance with Art. 6 para. 1 lit. f GDPR.
5.5.9.4 Storage period

In principle, your data is stored by the respective provider of the network and not directly by us. We store your activities and personal data published via our presence until the purpose of the processing no longer applies or your consent has been revoked, provided there are no retention obligations to the contrary.

5.5.9.5 Recipients of personal data

We maintain presences in the following social and professional networks.

Network Provider Third country Guarantees Further information
LinkedIn LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland USA Standard data protection clauses

Data protection information

Opt-out and advertising settings

Joint responsibility agreement
Facebook Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland USA Standard data protection clauses

Data protection information

Objection settings

Joint responsibility agreement
Xing New Work SE
Am Strandkai 1
20457 Hamburg
Germany		 - - Data protection information
Instagram Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland USA Standard data protection clauses Data protection information
X X Internet Unlimited Company
One Cumberland Place,
Fenian Street, Dublin 2,
D02 AX07, Ireland		 USA Standard data protection clauses Data protection information
YouTube Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland USA Standard data protection clauses

Data protection information

Settings for advertising

5.5.10 Integration of third-party services and content

5.5.10.1 General information

On the basis of your consent within the meaning of Art. 6 para. 1 lit. a. GDPR, we use content or service offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

5.5.10.2 Google reCAPTCHA

We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by means of a program. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user's mouse movements in order to distinguish automated requests from human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

The service is used on the basis of our legitimate interests, i.e. for protection during the transmission of forms in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: Google | Privacy Policy.

5.5.10.3 Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage so-called website tags on our website and to centrally control the integration of third-party services on our website. Website tags are code elements that are used, for example, to evaluate online campaigns or to measure visitor behavior on our website in order to continuously optimize our services for you.

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR. You can revoke your consent at any time by clicking the "Cookie settings" button at the bottom of the screen.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: Google | Privacy Policy.

5.5.10.4 Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users. We use Google Analytics with activated IP anonymization.

This information is used, among other things, to compile reports on website activity.

We process data with the help of Google Analytics for the purpose of optimizing our website and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: Google | Privacy Policy.

Revoke your consent using the button below:

5.5.10.5 Google Fonts

We use Google Fonts on our website to display external fonts from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Fonts is installed locally on our servers, so we do not pass on any personal data to Google.

The legal basis for the use of Google Fonts is our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, whereby our legitimate interest lies in the user-friendly presentation of our website.

Further information can be found in Google's privacy policy: Google | Privacy Policy.

5.5.10.6 Microsoft Advertising (formerly Bing Ads and Bing Conversion)
Our website uses Microsoft Advertising from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter referred to as Microsoft) for marketing and analysis purposes. Microsoft Advertising collects and stores various types of data, from which usage profiles are created using pseudonyms in order to provide and optimize personalized ads:
· Device and usage data: Microsoft Ads collects information about the device you use to access Microsoft services, such as the device type, IP address, browser type and version, device settings and configurations, and usage data such as the pages you visit and search queries.
· Location data: If you allow access to location services, Microsoft Ads will collect your location to display ads that are relevant to your location.
· Demographic data: Microsoft Ads may collect information about your age, gender, and other demographic data in order to provide personalized ads.
· Interest-based data: Microsoft Ads may collect data about which ads you have clicked on, which searches you have performed, and which pages you have visited in order to understand your interest in certain topics and deliver personalized ads.
Microsoft Advertising enables us to track user activity on our website if users have accessed our website via Bing Ads advertisements. If you access our website via such an advertisement, a cookie will be set on your device.
In addition, a UET tag is integrated into our websites. This is a code that, with your consent, stores pseudonymized data about your use of the website in connection with the cookie. In combination with the cookie, the tag collects pseudonymized data to track what actions you take on our websites after clicking on an advertisement on Microsoft Ads. This includes, among other things, the length of time spent on the website, which areas of the website were accessed, and which ad brought users to the website. Your IP address is only collected in encrypted form. The cookie also collects a so-called Global UID (Globally Unique Identifier), which is assigned to your browser, and/or a user ID, which is assigned to your Microsoft account.
Among other things, the length of time spent on the website, which areas of the website were accessed, and which advertisement led you to the website are collected. In particular, Microsoft and we learn the total number of users who clicked on an advertisement and reached a predefined landing page. Microsoft processes and uses the cookies to create usage profiles using pseudonyms and to analyze user behavior.
and advertisements. In addition, Microsoft can track your usage behavior across multiple electronic devices using cross-device tracking.
The legal basis for using the service is Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the relevant settings in your browser or cookie banner or by deleting the cookies. Data is stored by Microsoft for 36 months. A period of 13 months is also provided for cookie storage.
In addition, Microsoft may be able to track your usage behavior across multiple electronic devices using cross-device tracking, enabling it to display personalized advertising on or in Microsoft websites and apps. You can disable this behavior at http://choice.microsoft.com/de-de/opt-out.
We have concluded a data processing agreement for the use of Microsoft Advertising. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
Personal data is also transferred to the United States. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the United States that are certified accordingly are permitted. Microsoft is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards.
Further information on how your data is handled can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

6 Your rights

6.1 Right to confirmation (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

6.2 Information (Art. 15 GDPR)

You have the right to receive free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

6.3 Rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

6.4 Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

6.5 Restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the legal requirements is met.

6.6 Data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In exercising your right to data portability pursuant to Art. 20 (1) GDPR, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

6.7 Objection (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on data processing in the public interest pursuant to Art. 6 para. 1 lit. e GDPR or on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

In individual cases, we process personal data for the purpose of direct advertising. You can object to the processing of your personal data for the purpose of such advertising at any time. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

6.8 Revocation of consent under data protection law (Art. 7 para. 3 GDPR)

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

6.9 Complaint to a supervisory authority (Art. 77 GDPR)

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data. The supervisory authority responsible for us:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach

Mailing address:
P.O. Box 1349
91504 Ansbach

Phone: +49 (0) 981 180093 0
Fax: + 49 (0) 981 180093 800
Email: poststelle@lda-bayern.de

7 Up-to-dateness and changes to the privacy policy

This privacy policy is currently valid and has the following status: November 2023.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this privacy policy.