General Information about Data Privacy

Definitions

The data protection declaration of the anirec GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Rights of the data subject

Privacy Policy | anirec GmbH

We are very delighted about your interest in our offerings. Data protection is of a particularly high priority at anirec!

Regarding our background in veterinary services and the associated sensitive data, since the beginning and already in the concept phase we pay special attention to processing data securely while respecting the rights of any person affected by this processing. We restrict the processing of personal data to the necessary minimum for offering our services, and the data you transmit to us voluntarily.

At no time individual data will be sold to third parties, neither personal nor animal related data.

Objective, Principles and Purpose of this declaration

To follow our objective of improving examinations, treatments and the well-being of animals indirectly, we process animal related data anonymized (or in some cases pseudonymised) internally to improve our services, for associated statistics and research on systems for supporting veterinary medicine. This data for research and development purposes is processed in such a way that it does not allow a connection back to you or other persons.

The use of the websites and (web-)apps of the anirec GmbH is possible without any indication of personal data, except the data transmitted by the device, that is technically required for access; however, if a data subject wants to use special services via any of our online platforms, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, as defined in the following sections shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the anirec GmbH.

By means of this data protection declaration, our enterprise would like to inform:

• the general public of the nature, scope, and purpose of the personal data we collect, use and process.
• data subjects of the rights to which they are entitled.

As the controller, the anirec GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through our online-services. But Internet-based data transmissions, as every other means of transmission, may in principle have security gaps, so absolute protection may not be guaranteed. However, through constant reviews and improvements we try to minimize that risk continuously.

Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

anirec GmbH

Jakob-Hagenbucher-Straße 3

80993 Munich - Bavaria - Germany

Phone: +491778405374

E-mail: info

Data protection contact: privacy

Website: animalrecords.org

Collection of general data and information

The websites and (web-)apps of the anirec GmbH collect a series of general data and information when a data subject or automated system calls any of them up. This general data and information are stored in the server log files.

Collected may be:

1. the browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our websites or (web-)apps (so-called referrers),
4. the sub-websites,
5. the date and time of access to the websites / (web-)apps,
6. an Internet protocol address (IP address),
7. the Internet service provider of the accessing system, and
8. any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, the anirec GmbH does not draw any conclusions about the data subject.

Rather, this information is needed to:

1. deliver the content of our websites and (web-)apps correctly,
2. optimize the content of our websites and (web-)apps as well as their advertisement,
3. ensure the long-term viability of our information technology systems and website / (web-)app technology, and
4. provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

Therefore, the anirec GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Registration and purchase of digital services in our (web-)apps

The data subject has the possibility to register in the (web-)apps for services by the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. In most cases an e-mail address is sufficient for registration, to be able to assign the user account and to enable the necessary communication, e.g. to regain access to the user account. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes.

Beyond the registration, the data subject has the possibility to purchase digital services for a fee, that extend the scope of the services offered by a free registration. Purchasing those services take place through unambiguous consent with respective buttons that inform about related costs. With this action a contract is formed between the data subject and the controller. The processing of personal data, such as name, address and payment information is necessary to fulfill contractual obligations and they are solely processed for this purpose. The pre-contractual or for contract fulfillment necessary processing includes e.g. the collection and transmission of personal data to a payment provider and the recording of such data in an invoice that is transmitted to the data subject. The legal basis for this processing is defined in a later section of this declaration.

The controller may request transfer of personal data, such as registration, address or payment data to one or more processors, e.g. a Web-Hoster, that also uses personal data for an internal purpose which is attributable to the controller.

By registering in the (web-)apps of the controller, the IP address assigned by the Internet service provider (ISP) and used by the data subject, as well as date and time of the registration are stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. To that extent, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller. With deletion of the personal data specified during the registration, the data subject also loses access to the user account at the same time and for further use of our services a new registration is necessary.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller's employees are available to the data subject in this respect as contact persons.

Contact possibility via the websites and (web-)apps

The websites and (web-)apps of the anirec GmbH contain information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

Voluntary entry of data and media including image and audio by the user; Data related to animals; Personal data related to third parties

Our services represent a platform to centrally manage, analyse and share data with other persons. This data mentioned in this section is beyond the scope of data necessary for registration, access and usage and it is not needed to fulfill the contractual relationship between the users and anirec GmbH in providing our services. Therefore we use the term “voluntary data” in the following for this type of data.

This includes among other things data related to animals in the form of textual entries, images, videos and audio recordings, that you enter in the (web-)apps. The texts as well as image/video/audio recordings may potentially contain personal data, like e.g. images of people or recordings of voices. It is your liability as the creator of the recordings to ensure that you either avoid recording persons or that you inform the data subjects, whose personal data you process, about the processing via our services and that you obtain their permission if necessary. Furthermore you have the option to enter contact information that you can transfer with the already mentioned data to other users; For easy contact to e.g. a veterinarian.

All of this voluntary data described here will be only collected once you enter or record them yourself. At no point you are obliged to enter this data inside our (web-)apps. You are free to enter as much data as you want and as it is in your interest to obtain an extent of data management and communication that is sufficient for you. With the transmission you therefore consent to the processing of this data and if you transmit personal data of third parties, you confirm that you have a legal basis for that processing. The rights as a data subject, explained in the beginning, also apply to voluntary personal data. These include access, rectification and erasure of personal data by the controller. All employees of the controller are available as a contact for the data subject in this context.

If you share voluntary data, including possibly contained personal data, with other persons, they will remain accessible for the recipients as long as their legitimate interests are not overridden. As they are shared with the purpose of transmitting a copy to the recipients, it is in their interest to store that copy for own purposes. Further information about these legitimate interests are explained in a later section.

All data related to animals is stored separately to any personal data, so that all personal data can be rectified, erased or accessed, without affecting the animal related data. If you become aware, that animal related data (e.g. videos or images of animals) contains personal data, please inform us immediately, so that we can anonymize that data. Because of the large amount of data it is not possible for us to verify every transmitted dataset, if it contains personal data. Furthermore, it is not possible for us to verify if the transmitted data is related to you or a third party; We cannot verify who is the data subject. Therefore it is your liability to avoid the collection of personal data related to third parties or to inform them about the processing of their personal data via the services of anirec and obtain their permission, if necessary. For this purpose you can always refer to this privacy policy and transmit a copy of it. We reserve the right to delete, without notice, personal data of third parties that has been processed by a user unlawfully, as soon as we become aware of and have reviewed the situation.

Data related to animals, not related to any person, including animal data that has been anonymized or pseudonymised is used internally, without being able to connect it to a person, statistically, for research purposes and the improvement of our offered services.

Hosting

Strato

We host our websites, (web-)apps and services at Strato on servers located in germany to ensure certified data security and privacy. Provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (in the following „Strato“). If you are visiting our websites and use our (web-)apps, Strato collects various logfiles including your IP addresses. Further information can be taken from the privacy policy of Strato: https://www.strato.de/datenschutz/

The utilization of Strato is based on point (f) of Article 6(1) of the GDPR. We have a legitimate interest in a reliable presentation of our websites, (web-)apps and services. If consent has been requested, the processing is solely based on point (a) of Article 6(1) of the GDPR and sect. 25 para. 1 TTDSG if the consent is related to the storage of cookies or the access of information on the users device (e.g. device fingerprinting) according to TTDSG. The consent can be withdrawn at any time.

Data processing agreement

We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a contract mandated by privacy law which ensures that the personal data of our website visitors and users of our (web-)apps and services is only processed by the provider according to our instructions and in compliance with the GDPR.

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

SSL-/TLS-Encryption

Our websites, (web-)apps and services use SSL-/TLS-Encryption for security reasons and to protect the transmission of confidential information that you send us, like orders, payment information and requests.

You can recognize an encrypted connection, when the address in the address bar of your browser changes from „http://“ to „https://“ and by the presence of a (closed) lock symbol in the address bar.

When the SSL-/TLS-Encryption is active, third parties are not able to read the data transmitted to us.

Plugins and Tools

Google Web Fonts (local hosting)

The websites and (web-)apps use so-called web fonts for consistently displaying content, that are provided by Google. Those web fonts are installed locally. A connection attempt to Google's servers will never be executed. If your browser does not support web fonts, a default font from your device will be used. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq.

Font Awesome (local hosting)

The websites and (web-)apps use Font Awesome for consistently displaying symbols and fonts. Font Awesome is installed locally. A connection attempt to servers owned by Fonticons, Inc. will never be executed. Further information about Font Awesome can be found in their privacy statement at: https://fontawesome.com/privacy.

Communication, video-/telephone-conferences, online meetings, webinars: Microsoft Teams

General information about Microsoft Teams

The anirec GmbH uses Microsoft Teams to conduct video-/telephone-conferences, online meetings, and webinars (in the following: “online conferences”). Microsoft Teams is a service/tool by Microsoft Corporation.

The European service provider of Microsoft Corporation is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

When accessing the website of Microsoft Teams for downloading the software, Microsoft Corporation is the controller responsible for the related processing. Alternatively to using the software you have the option to use Microsoft Teams in your web-browser. The service is provided accordingly via its website.

Overview of the processed data

The scope of the processed data depends on which details you provide before and during participation in an online conference.

The following personal data can be processed:

• User details: e.g. Username, e-mail address (if applicable), profile picture (optional), preferred language
• Conference metadata: e.g. Date, time, conference id, phone numbers, location
• Text-, audio- and video-data: If you can and want to use the chat function during an online conference, the text you enter will be processed to show it to the other participants. For displaying video and playing back audio, data from the microphone and a camera of your device, if connected and activated, is processed for the duration of the online conference. You can deactivate your camera or mute your microphone at any time yourself in the Microsoft Teams software and thereby prevent processing of the respective data.

If we intend to record online conferences, we will communicate this transparently beforehand and ask for permission if necessary. To keep a record of the results of an online conference, we will save the contents of the chat if necessary.

Legal basis for the processing

When processing personal data of employees of the anirec GmbH the legal basis is generally sect. 26 BDSG (Federal Data Protection Act). For conferences within the scope of contractual relations the legal basis for the data processing is Article 6(1) lit. f GDPR.

Differing from that, the legal basis is Article 6(1) lit. f GDPR:

• For internal company communication, where the data processing is not necessary to justify, execute or terminate the employment, but nevertheless integral part of using Microsoft Teams.
• As well as for external communication, if no contractual relationship exists.

In these cases our interest is the effective conduct of online conferences.

Transfer of personal data and country of processing

The aforementioned personal data in the context of online conferences will not be transferred to third parties, unless they are intended for being transferred. Please note that contents of online conferences, as with in person meetings, are often intended exactly to communicate information with clients, stakeholders or third parties and are therefore intended to be transferred.

Necessarily, the provider of Microsoft Teams gains knowledge of the aforementioned data, as far as it is provided within our data processing agreement with Microsoft Corporation.

Data is generally not processed outside of the European Union (EU), as we limited our storage location to data centers inside the European Union. If processing on the part of Microsoft Corporation still takes place outside the EU, the Standard Contractual Clauses by Microsoft Corporation take effect (see section of this privacy policy about data transfers to the USA). We further cannot rule out, that data might be transported via internet servers outside the EU. This might be the case in particular, if participants in the online conferences reside in a third country. However, the data is encrypted during the transport and therefore protected from unauthorized access by third parties.

The current privacy statement by Microsoft Corporation can accessed at https://privacy.microsoft.com/en-us/privacystatement. There you also get additional information about the processed data.

Notice about transfer of data to the USA and other third countries when using Apple-/Google-Services; Standard Contractual Clauses - Microsoft Teams

To use our apps and services via the stores of the device software manufacturers, by name Apple App Store und Google Play Store, personal data will be transmitted to the USA. Your personal data is processed by those manufacturers, inter alia, to call up apps and services, make purchases inside the apps, prevent misuse, create invoices and to enable other services in connection with the use of the apps on your device. Further information can be gathered from your respective device software manufacturer, the stores for apps and at the following links to the privacy statements:

• Apple https://www.apple.com/legal/privacy/en-ww/ (Controller responsible for data protection in the EU: Apple Distribution International Limited; Hollyhill Industrial Estate, Hollyhill; Cork; Ireland)
• Google https://policies.google.com/privacy?hl=en (Controller responsible for data protection in the EU: Google Ireland Limited; Gordon House, Barrow Street; Dublin 4; Ireland)

You are free to use that service of the stores. When using the devices and their stores you already consent to the data transfers, before using our apps and services. Therefore we cannot influence those data processing procedures. Alternatively you have the possibility to use the apps via the web-browser of your device.

We inform, that in the USA a data protection level comparable to the level in the EU cannot be guaranteed. For example enterprises in the USA are obliged to hand over personal data to security authorities, without you as data subject being able to take legal action against it. Therefore it cannot be ruled out, that for surveillance purposes US-authorities (e.g. secret service) process, analyze and permanently store your data, that are stored on US-servers. We cannot influence those data processing procedures.

All in this declaration mentioned service providers from the USA use so called Standard Contractual Clauses (SCC - Article 46(2) and (3) of the GDPR) as templates, provided by the EU-Commission. These shall ensure that the service providers process your data according to European data protection standards, even if they are transferred to third countries (such as e.g. the USA) and stored, processed or organized there. The service providers thereby commit to follow the European data protection level when processing your data. These SCC are based on a Implementing Decision by the EU-Commission, that can be found together with the respective SCC at the following link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Information about the SCC by the mentioned service providers can be found at the following links:

• Apple https://www.apple.com/legal/privacy/en-ww/
• Google https://policies.google.com/privacy/frameworks?hl=en-US
• Microsoft https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

Payment methods

The following payment methods only apply if they are available during the payment process. This includes primarily payments made on the websites or inside the web-apps of anirec GmbH. Payments in apps provided via the stores of the device software manufacturers usually only take place through the respective store on which we have no influence. Further information about these stores can be gathered from the previous section of this privacy policy.

Data protection provisions about the use of PayPal as a payment processor

On the websites and in the (web-)apps, the controller has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxemburg.

If the data subject chooses "PayPal" as the payment option during the ordering process of a digital service, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data might be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed on their behalf.

The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Data protection provisions about the use of giropay as a payment processor

On the websites and in the (web-)apps, the controller has integrated components of giropay. giropay is an online payment service provider by german banks. Payments are processed via interfaces to the account managing banks or via a user account at giropay. giropay also offers buyer protection services.

The operating company of giropay is paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany.

If the data subject chooses "giropay" as the payment option during the ordering process of a digital service, we automatically transmit data of the data subject to giropay. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to giropay is usually IBAN, BIC and the name of the account holder as well as a giropay ID, which is used for identifying the transaction, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to giropay, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between giropay and the controller for the processing of the data might be transmitted by giropay to other companies for fraud prevention.

giropay will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed on their behalf.

The data subject has the possibility to revoke consent for the handling of personal data at any time from giropay. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of giropay may be retrieved at https://www.giropay.de/agb/index.html.

Subscription to our newsletter

On the websites or in the (web-)apps of the anirec GmbH, users are given the opportunity to subscribe to our enterprise's newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

The anirec GmbH informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise's newsletter may only be received by the data subject if

1. the data subject has a valid e-mail address and
2. the data subject registers for the newsletter shipping.

A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. If the data subject is already registered and signed in when ordering the newsletter and the e-mail address has been verified during registration, no additional confirmation e-mail will be sent.

This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter. For signed in and fully confirmed users it can be assumed that through signing in with the credentials only known by them, the ordering of the newsletter can only be authorised by themselves. Registration for and termination of the newsletter is possible any time for signed in users in the user account.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties.

The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the websites or in the (web-)apps of the controller, or to communicate this to the controller in a different way.

Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.

Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

Voluntary data that you shared with other persons will remain accessible for them as long as their legitimate interests as a recipient are not overridden. This also includes personal data that you shared together with the voluntary data. The recipients of this data have a legitimate interest to store a copy of the shared data for their own purposes, as they are shared for exactly that purpose. The purposes of storing the shared data include e.g. the easy contact of a veterinarian or the management of patients and their owners as a veterinarian.

An erasure of the shared personal data from our system is only possible if the legitimate interests of the recipients are verifiably overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. This will be verified in every individual case. If the data subject wishes to exercise their rights in such a case, they may at any time contact any employee of the anirec GmbH.

Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner).

Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with them. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.

Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This privacy policy has been generated and adapted to our requierements. The generator used is developed by the specialists for LegalTech at Willing & Able that also developed the system for gdpr certification. The legal texts contained in that privacy policy generator have been provided and published by Prof. Dr. h.c. Heiko Jonny Maniero from the German Association for Data Protection and Christian Solmecke from WBS law.