We inform you below in accordance with the statutory Requirements of data protection law (esp. according to BDSG n.F. and the European Data Protection Regulation ‘DS-GVO’) about the type, scope and purpose of the Processing of personal data by our company. This Privacy policy also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “Processing” we refer to Art. 4 DS-GVO.

Name and contact details of the person(s) responsible
Our responsible person(s) (hereinafter “responsible person”) in the sense of Art. 4 Zif. 7 DS-GVO is:

Katja Hainz
Herzog Maximilian Way 24
Kirchheim at Munich
Managing Director: Katja Hainz
E-mail address:

Data protection officer
Katja Hainz
Herzog Maximilian Way 24
Kirchheim near Munich

Types of data, purposes of Processing and categories of data subjects

In the following, we inform you about the type, scope and purpose of the Collection, processing and use of personal data.

1. types of data we process
Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact data (phone number, e-mail, fax, etc.), dates of birth

2. purposes of processing according to Art. 13 para. 1 c) DS-GVO
Processing contracts, customer service and customer care,

3. categories of data subjects according to Art. 13 para. 1 e) DS-GVO

The data subjects are collectively referred to as “Users”. designated.

Legal bases of the processing of personal Data

Below we inform you about the legal basis of the Processing of personal data:

  1. If we obtain your consent for the processing have obtained personal data is Art. 6 para. 1 p. 1 lit. a) GDPR Legal basis.
  2. If the processing is necessary for the performance of a contract or The implementation of pre-contractual measures required in response to your request. shall be made, Art. 6 para. 1 p. 1 lit. b) DS-GVO Legal basis.
  3. If the processing is necessary for compliance with a legal obligation to which we are subject (e.g. legal requirements). retention obligations), Art. 6 para. 1 p. 1 lit. c) DS-GVO Legal basis.
  4. If the processing is necessary in order to protect vital interests of the data subject or of another natural person, the data subject’s Art. 6 par. 1 p. 1 lit. d) DS-GVO Legal basis.
  5. If the processing is necessary to protect our or the legitimate interests of a third party and in this respect your interests outweigh your interests or fundamental rights and freedoms, Art. 6 para. 1 S. 1 lit. f) DS-GVO Legal basis.

Disclosure of personal data to third parties and Processor

Without your consent, we do not disclose any data to third parties as a matter of principle more. Should this nevertheless be the case, then the transfer takes place on the Basis of the aforementioned legal bases, e.g. when passing on data to online payment providers for the purpose of fulfilling contracts or due to judicial Order or because of a legal obligation to hand over the data. for the purpose of law enforcement, the prevention of danger or the enforcement of the Intellectual property rights.
We also use order processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. If, within the framework of an agreement on commissioned processing to the If data is transferred to a processor, this is always done in accordance with Art. 28 of the German Data Protection Act. GDPR. In doing so, we carefully select our order processors, regularly monitor these and have given us the right to issue instructions regarding the Allow data. In addition, processors must provide appropriate have taken technical and organizational measures and have Data protection regulations acc. Comply with BDSG n.F. and DS-GVO

Data transfer to third countries

Due to the adoption of the European General Data Protection Regulation (GDPR), a uniform basis for data protection in Europe was established. created. Therefore, your data is mainly processed by companies, for the GDPR to apply. However, should the processing by services Third party outside the European Union or the European Economic Area take place, these must meet the special requirements of Art. 44 et seq. DS-GVO comply. This means that the processing is carried out on the basis of special guarantees, such as the statement officially recognized by the EU Commission a level of data protection equivalent to that of the EU or the observance of official recognized special contractual obligations, the so-called “Standard Contractual Clauses.
To the extent that we are liable for damages due to the invalidity of the so-called “Privacy Shields,” pursuant to Art. 49 para. 1 p. 1 lit. a) GDPR the express obtain consent from you for the transfer of data to the U.S., we will instruct you to in this regard to the risk of secret access by U.S. authorities and the Use of the data for monitoring purposes, possibly without any legal remedy for EU citizens.

Deletion of data and storage period

Unless expressly stated in this Privacy Policy, your personal data will be deleted or blocked as soon as the data required for the processing consent is revoked by you or the purpose for the storage no longer applies or the data is no longer required for the purpose unless their continued retention is necessary for evidentiary purposes. or this is precluded by statutory retention obligations. Below This includes, for example, obligations under commercial law to retain business letters in accordance with § 257 para. 1 HGB (6 years) as well as retention obligations under tax law in accordance with § 147 para. 1 AO of supporting documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, it will be unless the storage is still required for the conclusion of a contract or for the Contract performance required.

Existence of automated decision making

We do not use automated decision making or profiling one.

Provision of our website and creation of Log files
  1. If you use our website for informational purposes only (i.e. no registration and also no other transmission of information), we only collect the personal data that your browser sends to our server. transmitted. If you wish to view our website, we collect the following data:
    – IP address;
    – Internet service provider of the user;
    – Date and time of retrieval;
    – Browser type;
    – Language and browser version;
    – Contents of the call;
    – Time zone;
    – Access status/HTTP status code;
    – Data set;
    – Websites from which the request comes;
    – Operating system.
    Storage of this data together with other personal data is not permitted. data from you does not take place.

  2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.

  3. The legal basis for this is our privacy policy as set out in the above legitimate interest in the data processing pursuant to Art. 6 para. 1 S.1 lit. f) GDPR.

  4. For security reasons, we store this data in Server log files for the storage period of days. After this period they are automatically deleted, unless we need to keep them for a longer period of time. for evidence purposes in the event of attacks on the server infrastructure or other Infringements.

  1. We use so-called cookies when you visit our website. Cookies are small text files, which your internet browser stores on your computer and stores. When you visit our website again, these cookies give information to recognize you automatically. Cookies include also the so-called “user IDs”, where user information is collected by means of pseudonymized Profiles are saved. We inform you about this when you call up our website by means of a reference to our privacy policy on the use of cookies for the aforementioned purposes and how you can object to them and/or prevent their storage (“opt-out”).

    The following types of cookies are distinguished:

    Necessary, essential cookies: Essential cookies are Cookies that are strictly necessary for the operation of the website to perform certain Functions of the website such as logins, shopping cart or user input, e.g. regarding the use of the website. Save language of the website.

    Session cookies: Session cookies are used for the Recognition of multiple use of an offer by the same user (e.g. if you have logged in to determine your login status) is required. When you revisit our site, these cookies provide information to Recognize them automatically. The information thus obtained is used to, to optimize our offers and to provide you with easier access to our site. to enable When you close the browser or when you log out, we will the session cookies are deleted.

    Persistent cookies: These cookies remain even after the saved after the browser is closed. They are used to store the login, the Reach measurement and for marketing purposes. These are automated according to deleted for a specified duration, which may differ depending on the cookie. In the security settings of your browser, you can disable the cookies at any time. Delete

    – Cookies from third-party providers (third-party cookies esp. from advertisers): According to your wishes, you can choose your Configure browser settings and, for example, refuse to accept third-party cookies. or reject all cookies. However, we would like to point this out to you at this point, that you may then not be able to use all the functions of this website. Read more about these cookies at the respective privacy statements of the third-party suppliers.

  2. Data categories: User data, cookie, user ID (inb. the pages visited, device information, access times and IP addresses).

  3. Purposes of the processing: The information thus obtained serve the purpose of optimizing our web offers technically and economically and to provide you with easier and more secure access to our website. enable

  4. Legal bases: When we collect your personal data process with the help of cookies based on your consent (“opt-in”), then is Art. 6 para. 1 p. 1 lit. a) DSGVO the legal basis. Otherwise we have a legitimate interest in the effective functionality, improvement and economic operation of the website, so that in that case Art. 6 para. 1 S. 1 lit. f) DS-GVO Legal basis. The legal basis is also Art. 6 para. 1 S. 1 lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. in the case of orders. be set.

  5. Storage period / deletion: The data will be deleted, as soon as they are no longer required to achieve the purpose for which they were collected. are. In the case of the collection of data for the provision of the website this is the case when the respective session is finished.

    Cookies are otherwise stored on your computer and from this to our site. transmitted. Therefore, you as a user also have full control over the Use of cookies. By changing the settings in your Internet browser, you can disable the transmission of cookies or restrict. Cookies that have already been saved can be deleted at any time. This can also be automated. Are cookies for our website disabled, you may no longer be able to use all the functions of the website. be used to the full extent.

    Here you can find information about deleting cookies after Browsers:



    Firefox: refox-delete

    Internet Explorer: xplorer-delete-manage-cookies

    Microsoft Edge: ookies

  6. Objection and “Opt-Out”: The storage of cookies on your hard drive, you can, regardless of consent or legal permission in general, by including in your Select “Do not accept cookies” in your browser settings. However, this can be a This may result in a restriction of the functionality of our offerings. You can add to the use of cookies from third-party providers for advertising purposes via a so-called “opt-out” via this American website ( or this European website ( disagree.

Settlement of contracts
  1. We process inventory data (e.g., company, title/academic degree, names and addresses as well as contact data of users, e-mail), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who is the contracting party; justification, The content and execution of the contract; review for plausibility of the data) and services (e.g. contacting the Customer service) acc. Art. 6 par. 1 p. 1 lit b) DS-GVO. The information contained in online forms marked as obligatory, are mandatory for the conclusion of the contract. required.

  2. As a matter of principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims (e.g. handover to lawyer for collection) or for the fulfillment of the contract (e.g. transfer of the data to payment provider) is required or there is a legal obligation to do so. Obligation acc. Art. 6 par. 1 p. 1 lit. c) GDPR.

  3. We may also process the data you provide to let you to find out about other interesting products from our portfolio or Send you emails with technical information.

  4. The data is deleted as soon as it is no longer necessary to achieve the purpose. of their collection are no longer necessary. This is essential for the inventory and contractual data if the data is required for the performance of the contract. are no longer required and no longer assert any claims under the contract. can be made because they are time-barred (warranty: two years / Standard limitation period: three years). We are subject to taxation on the basis of commercial and tax law. your address, payment and order data for the duration of the contract. of ten years to store. However, in the event of termination of the contract after three years, the processing will be restricted, i.e. your data will be used only for used to comply with legal obligations. Information in the User account remain until its deletion.

Contact us via contact form / e-mail / fax / mail
  1. When contacting us via contact form, fax, mail or e-mail, your data will be used for the purpose of processing the contact request. processed.

  2. The legal basis for the processing of the data is in the case of a Consent from you Art. 6 para. 1 p. 1 lit. a) GDPR. Legal basis for the processing of data supplied in the course of a contact request or e-mail, a letter or fax, Art. 6 para. 1 p. 1 lit. f) GDPR. The controller has a legitimate interest in the processing and Storage of the data in order to be able to respond to user requests, for Preservation of evidence for liability reasons and, if necessary, to comply with its statutory to be able to comply with retention obligations for business letters. Aims the contact is aimed at the conclusion of a contract, the additional legal basis is for the processing Art. 6 para. 1 p. 1 lit. b) GDPR.

  3. We may store your information and contact request in our Customer Relationship Management System (“CRM System”) or a comparable Save system.

  4. The data is deleted as soon as it is no longer necessary to achieve the purpose. of their collection are no longer necessary. For the personal data from the input mask of the contact form and those sent by e-mail. this is the case if the respective conversation with you has been is finished. The conversation is terminated when the circumstances indicate that the that the facts of the case have been conclusively clarified. Requests from users who have an account or contract with us, we store until the expiry of two years after termination of the contract. In the case of legal archiving obligations, the deletion takes place after their expiry: End of commercial law (6 years) and tax law (10 years) Retention requirement.

  5. You have the option at any time to withdraw your consent pursuant to Art. 6 para. 1 S. 1 lit. a) DS-GVO to the processing of personal data. If you contact us by e-mail, you can consent to the storage of the personal data at any time.

Contact by phone
  1. When contacting us by phone, your phone number will be used for the processing of the contact request and its handling is processed and temporarily stored in the RAM / cache of the phone device / display stored or displayed. The Storage is done for liability and security reasons, in order to provide proof of the call and for economic reasons, in order to be able to return a call. enable In the event of unauthorized advertising calls, we block the Call numbers.

  2. The legal basis for the processing of the telephone number is Art. 6 para. 1 S. 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

  3. The device cache stores the calls for 70 days and overwrites resp. successively deletes old data, when the device is disposed of, all data is erased and the memory destroyed if necessary. Blocked phone number will be annually checked for the necessity of blocking.

  4. You can prevent the phone number from being displayed by pressing call suppressed phone number.

Social media presence
  1. We maintain profiles or fan pages in social media. At the Use and the call of our profile in the respective network by you apply. the respective privacy policy and terms of use of the respective Network.

  2. Data categories and description of data processing: Usage data, contact data, content data, inventory data. Furthermore, the As a rule, user data is processed within social networks for market research and advertising purposes. For example, on the basis of usage behavior and resulting interests of the users, usage profiles are created. The usage profiles can in turn be used, for example, to display advertising inside and outside the networks that are presumed to be in the interests of of the users. For these purposes, cookies are generally placed on the computers of the users, in which the usage behavior and the interests of the users are stored. Furthermore, in the usage profiles data is also stored regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the possibilities to object (opt-out) we refer to to the data protection declarations and information provided by the operators of the respective Networks. Also in the case of requests for information and the assertion of data subjects’ rights, we point out that these are most effectively exercised by the providers can be asserted. Only the providers have access in each case to the data of the users and can directly take appropriate measures and Provide information. If you still need help, then you can contact contact us.

  3. Purpose of the processing: communication with the persons registered on the social networks connected and registered users; information and Advertising of our products, offers and services; external representation and Image cultivation; evaluation and analysis of the users and contents of our presences in the social media.

  4. Legal basis: The legal basis for the Processing of personal data is our in the above purposes legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR. As far as you have given us or the person responsible for the social network consent in the processing of your personal data, is Legal basis Art. 6 para. 1 p. 1 lit. a) in conjunction with. Art. 7 DS-GVO.

  5. Data transfer/recipient category: Social Network.

  6. The data protection notices, information options and Opt-out options of the respective networks / service providers you can find here:

    Facebook – Service Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website:; Privacy Policy:, opt-out: and; Opposition:; Agreement on joint processing of personal data on Facebook pages (Art. 26 DS-GVO):, privacy notices for Facebook pages: ghts_data.

    Instagram – Service Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy/ Opt-Out:, Objection:; Agreement on joint processing of personal data on Instagram pages (Art. 26 DS-GVO):

Rights of the data subject
  1. Objection or revocation against the processing of your Data

    Insofar as the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO is based, you have the right to withdraw consent revoked at any time. The lawfulness of the data processed on the basis of consent until to the revocation is not affected by this.

    Insofar as we process your personal data on the weighing of interests pursuant to Art. 6 para. 1 p. 1 lit. (f) GDPR may be based on you object to the processing. This is the case when the Processing in particular not for the performance of a contract with you is required, which is explained by us in each case in the following description of the functions is displayed. When exercising such an objection, we ask to explain the reasons why we do not collect your personal data as requested by us should process carried out. In case of your justified objection we will review the situation and either discontinue data processing or adjust or show you our compelling reasons worthy of protection, on the basis of which we continue the processing.

    You may object to the processing of your personal data for purposes of advertising and data analysis at any time. The You can exercise your right of objection free of charge. About your advertising opposition you can inform us at the following contact details:

    Katja Hainz
    Herzog Maximilian Way 24
    Kirchheim near Munich
    Managing Director Katja Hainz
    E-mail address:

  2. Right to information
    Sie haben das Recht, von uns eine Bestätigung darüber zu verlangen, ob Sie personal data are processed. If this is the case, you have a right to information about your personal data stored by us. Data according to Art. 15 DS-GVO. This includes in particular the information about the Purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of their data, if this is not directly with have been levied on you.

  3. Right to rectification
    You have a right to correct any inaccurate information or to Completion of correct data according to Art. 16 DS-GVO.

  4. Right to deletion
    You have a right to have your data stored by us deleted after Art. 17 DS-GVO, unless legal or contractual retention periods or other legal obligations or rights to further storage stand against this.

  5. Right to restriction
    You have the right to request a restriction in the processing of your personal data if one of the conditions in Art. 18 Para. 1 lit. a) to d) of the GDPR is fulfilled:
    – If you question the accuracy of the personal data concerning you for a duration, which allows the person responsible to verify the accuracy of the to verify personal data;

    – the processing is unlawful and you request the erasure of the personal data and instead request the restriction of the use of the personal data;

    – the controller uses the personal data for the purposes of the processing is no longer necessary, but you need it to assert your rights, exercise or defense of legal claims, or

    – if you object to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the responsible outweigh your reasons.

  6. Right to data portability
    You have a right to data portability according to Art. 20 DS-GVO, which is means that you can use the personal data we have stored about you in in a structured, common and machine-readable format, or may request the transfer to another responsible party.

  7. Right to complain
    You have a right to complain to a supervisory authority. In the As a rule, you can contact the supervisory authority for this purpose, in particular in the Member State of their residence, their place of work or the place of the alleged infringement.

Data security

In order to protect all the personal data that is transmitted to us, we protect and to ensure that the data protection regulations are complied with by us, but We have implemented suitable measures to ensure that our external service providers are also compliant. technical and organizational security measures have been taken. Therefore among other things, all data between your browser and our server via a secure SSL connection.

Status: 29.03.2021