Privacy policy
General Provisions
The protection of your personal data is taken very seriously. This declaration is intended to inform you about how personal data is processed when either alone or in conjunction with others, decisions are made regarding the purposes and means of processing data. It is of paramount importance to the controller to provide transparent information about the nature, scope, purpose, duration, and legal basis of data processing.
Definitions
To make this privacy statement as comprehensible as possible for the reader, the following definitions are applied:
“Personal Data” (Article 4(1) GDPR)
All data by which you are or can be personally identified constitute personal data under Article 4(1) GDPR. Data that is completely anonymized no longer has any personal reference and is not considered personal data.
“Processing” (Article 4(2) GDPR)
Refers to any operation involving personal data, whether automated (digital) or analog. This includes all types of processing, from collection, storage, alteration to disclosure, and deletion. This term is intentionally broadly defined and encompasses almost any process involving your personal data.
“Controller” (Article 4(7) GDPR)
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data, is the controller under Article 4(7) GDPR.
“Third Party” (Article 4(10) GDPR)
Any natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data, is considered a third party under Article 4(10) GDPR.
“Processor” (Article 4(8) GDPR)
Any natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, especially according to its instructions (e.g., IT service providers), is a processor under Article 4(8) GDPR. In terms of data protection law, a processor is not a third party.
“Consent” (Article 4(11) GDPR)
Consent exists when an action has occurred that clearly indicates that the data subject voluntarily, for the specific case, in an informed manner, and unambiguously agrees to the processing of his data.
Legal Basis for Data Processing
The processing of your personal data is only permitted under certain conditions of the GDPR and national data protection laws. Without one of the following legal bases, your data will not be processed.
Consent (Article 6(1)(a), Article 9(1)(a) GDPR)
If you have given explicit consent to the processing of your data, these data may be used for the specified purpose.
Contract Performance (Article 6(1)(b) GDPR)
If the processing of your data is necessary for the performance of a contract to which you are party, your data may be processed accordingly.
Compliance with a Legal Obligation (Article 6(1)(c) GDPR)
To the extent that there is a legal obligation for data processing, this will be complied with.
Protection of Vital Interests (Article 6(1)(d) GDPR)
There is a right to process your data if it is necessary for the protection of your vital interests.
Performance of a Task in the Public Interest (Article 6(1)(e) GDPR)
There is a right to data processing if the processing of your data occurs in the public interest or in the exercise of official authority.
Legitimate Interests (Article 6(1)(f) GDPR)
If there is a predominant legitimate interest in data processing, there is a right to data processing.
Data Transfer to Third Countries (Article 44 et seq. GDPR)
Insofar as your personal data are processed in third countries, data processing only occurs if an adequacy decision exists or if an agreement on standard contractual clauses has been reached. A transfer to third countries always takes place according to the legal requirements of Article 44 et seq. GDPR.
Device Fingerprinting (§ 25 TTDSG)
Insofar as consent has been given for the storage of cookies and access to information on your end device occurs, the additional requirements of the TTDSG are always observed.
Controller for the Processing of Your Data
The controller for data processing is:
Alisa Saric
Drehmoment Pole.Aerial.Dance
Mühlenstr. 8a
14167 Berlin
Telephone: 030 / 351 262 85
E-Mail: team@drehmomentpole.de
Storage Duration
Unless a more specific storage period has been mentioned within this privacy policy, your personal data will be stored as long as the purpose for data processing applies (Article 5(1) GDPR). If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless there are other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion occurs after these reasons no longer apply.
Purposes of Data Processing
Personal data is processed only for explicit purposes (Article 5(1)(b) GDPR). Once the purpose of processing no longer exists, your personal data will be deleted or protected by technical and organizational measures (e.g., by anonymization).
Rights of Data Subjects
The following will clarify the rights you have as a data subject regarding your personal data:
Right to Information (Articles 13 and 14 GDPR):
You have the right to know who is collecting your personal data, why they are being collected, and how they are being used. This information should be provided in a clear and understandable manner.
Right to Access (Article 15 GDPR):
You have the right to request a copy of your personal data that are being processed by the controllers. This includes the right to receive information about the source of your data, the recipient or category of recipients, the purpose, and the duration of storage of your data.
Right to Rectification (Article 16 GDPR):
If your personal data are inaccurate or incomplete, you have the right to request a correction or completion of these data. The organization processing your data should implement this as quickly as possible.
Right to Erasure (Article 17 GDPR):
Under certain circumstances, you can request the deletion of your personal data. If your data are no longer needed for the original purpose, you have revoked your consent, or the processing is unlawful, the controller must delete your data.
Right to Restriction of Processing (Article 18 GDPR):
You have the right to restrict the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, or the organization no longer needs the data. While processing has been restricted, your data can only be used in a limited way.
Right to Data Portability (Article 20 GDPR):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer these data to another controller. This applies if the processing is based on your consent or a contract.
Right to Object (Article 21 GDPR):
You can object to the processing of your personal data if they are used for direct marketing purposes or if the processing occurs in the public interest or on our legitimate interests under Article 6(1)(f) GDPR, unless compelling legitimate grounds for the processing exist. This includes, in particular, cases of direct advertising or newsletter marketing.
Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR):
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent state commissioner for data protection and freedom of information.
Contact details of Meike Kamp, the competent state data protection commissioner for Berlin:
Meike Kamp
Alt-Moabit 59-61
10555 Berlin
Entrance: Alt-Moabit 60
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de
E-mail or Telephone Requests
Insofar as you contact the responsible party by e-mail or telephone, all resulting personal data (name, request) will be stored and processed for the purpose of processing your concern.
The processing of these data takes place based on Article 6(1)(b) GDPR, insofar as your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.
If your request is not related to the initiation or execution of a contract, we process this request within the framework of our legitimate interest pursuant to Article 6(1)(f) GDPR. The responsible party has a legitimate interest in communication on behalf of the company and the associated communication capability and external presentation.
Insofar as consent is requested, we rely on Article 6(1)(a) GDPR as the legal basis. The consent can be revoked at any time. Should no consent be given, an alternative reference to Article 6(1)(f) GDPR is not permissible and will accordingly not be used as an alternative legal basis.
This privacy policy separately addresses data processing regarding requests made through other communication channels.
The personal data you send via contact requests will remain with the controller until you request their deletion. Provided consent exists, this can be revoked at any time. Furthermore, personal data will be deleted as soon as the purpose for data storage no longer applies (e.g., after the processing of the concern has been completed). Mandatory legal provisions – especially legal retention periods – remain unaffected.
Data Processing in Third Countries
In the context of using services, tools, and platforms from third-party providers or collaborations with other entrepreneurs, personal data may also be processed outside the EU, in so-called “third countries”. Such processing is only lawful if it is exceptionally justified in accordance with Art. 44 et seq. GDPR.
Justification exists, for example, when an “adequacy decision” is in place. This typically exists when the EU recognizes a third country as largely comparable to the data protection regulations applicable in the EU.
A list of countries that have been certified with such an adequacy decision can be found at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
Particularly with data transfer to the United States of America, since the introduction of the “Data Privacy Framework” (DPF), there is an opportunity for U.S. companies to have their business certified. If a company is issued a certificate under the DPF, data transfer to this company is considered compliant with data protection, as long as the other data protection legal requirements are met.
A list of U.S. companies certified under the DPF can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search
In countries that have not been certified with an adequacy decision, data transfer can still be lawful according to Art. 46 Para. 1, Para. 2 lit. c GDPR, provided the respective company contractually commits to subject itself to the so-called Standard Contractual Clauses pre-formulated by the EU Commission, thus guaranteeing compliance with the comparable data protection regulations prescribed in the GDPR.
The Standard Contractual Clauses can be read at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE
Individual Data Processing
Newsletter
If you actively register for the newsletter, data requested and entered in the input mask are processed by the controller initially for confirmation purposes to consent to receive the newsletter using the so-called “Double-Opt-In procedure.” In this process, after submitting the registration on the input mask, a confirmation email is sent to your provided email address. Only after the second confirmation is the consent to process your data for newsletter marketing considered free and unequivocal.
Furthermore, your data, particularly email address and name, are used for the purpose of logging the consent and for sending the requested newsletter.
The processing of data for sending the newsletter only occurs if you have given explicit consent in accordance with the aforementioned procedure as per Art. 6 Abs. 1 lit. a GDPR. The granted consent for the storage of data, the email address, and their use for sending the newsletter can be revoked at any time, for instance via the “unsubscribe” link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
Mailchimp
For the optimization and efficient design of newsletter marketing, we use the service of Mailchimp by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp).
Data are collected, enabling us to analyze newsletter campaigns. It is measured whether the newsletter message was opened and which links were interacted with.
In addition to names and contact data such as email addresses, data on what time the message was read by the user may also be collected.
The data are processed on the servers of Intuit Inc.
Further information on the data processing by Mailchimp can be found here: https://www.intuit.com/privacy/statement/
The legal basis for data processing is always Art. 6 Abs. 1 lit a and § 25 TTDSG. Consent is always sought for both the analysis and tracking data that were not collected anonymously and such contact data necessary for conducting the newsletter campaign.
Data Processing Contract
A data processing contract (DPC) in the sense of Art. 28 GDPR has been concluded. This is a legally required contract. A DPC is necessary as soon as the controller of data processing commissions a subcontractor to process personal data on its behalf. The data processing contract ensures that the latter processes the personal data only according to the instructions of the controller and in compliance with data protection regulations.
The agreement on data processing can be found at the following link: https://mailchimp.com/de/legal/data-processing-addendum/?_gl=1*3vow6g*_up*MQ..*_ga*ODU2MTM1MTA3LjE3MDI5ODQyMzI.*_ga_N5HD1RTH6E*MTcwMjk4NDIzMi4xLjAuMTcwMjk4NDIzMi4wLjAuMA..#11.__Beziehung_zur_Vereinbarung
Data Privacy Framework
Intuit Inc. (Mailchimp) has certification under the so-called “Data Privacy Framework,” agreed upon between the European Union and the USA. This is intended to ensure compliance with European data protection standards in the processing of personal data in the USA. Each company certified under the DPF commits to adhering to these data protection standards.
Further information on the certification of the aforementioned company can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TXVKAA4&status=Active
Zoom
The controller uses the service of Zoom Video Communications Inc., Almaden Boulevard, 6th Floor. CA 95113, San Jose, USA (Zoom) to conduct online meetings.
This process may involve the collection and processing of personal data such as names, email addresses, IP addresses, browser data, technical data regarding camera type, microphone and speaker type, approximate location, and other technical data specified in user profiles or video conferences via Zoom. Information from the services “Zoom Email” and “Zoom Calendar” and contents from integrations of third-party providers may also be collected and processed in a limited form.
Further information can be found in Zoom’s privacy policy: https://explore.zoom.us/de/privacy/
The use of Zoom is usually based on Art. 6 Para. 1 lit. b GDPR, insofar as the processing of personal data is necessary for the fulfillment of a contract or pre-contractual measures. In other cases, if no explicit consent as per Art. 6 Para. 1 lit. a in conjunction with Art. 7 GDPR has been given or was refused upon request, reliance is on the legitimate interest in efficient communication with customers and the simple and synchronous presentation of work results and other process simplifications.
The data are processed as long as necessary to fulfill the aforementioned purposes and or other legal retention periods indicate this processing.
Data Processing Contract
By registering and creating a user profile with the service provider Zoom, consent to the Terms of Service (https://explore.zoom.us/en/terms/) was given. These integrate consent to the data processing contract, which contains the Standard Contractual Clauses of the EU Commission.
Further information on the data processing contract can be found here: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf
VirtuaGym
The controller uses the services of Virtuagym B.V. Keizersgracht 424, 1016 GC Amsterdam, Netherlands (VirtuaGym) for the purpose of organizing customer profiles, sharing schedules, interacting with customers and profile owners, providing access to courses, and processing purchase and payment options. Your personal data are processed in various ways.
Your Profile on VirtuaGym
You can register on this website at VirtuaGym. During and after registration, you will be redirected to the VirtuaGym website. Registration gives you access to the functions of VirtuaGym. In this virtual space set up by VirtuaGym, you can interact with your created profile with other profiles and gain access to the course offerings and schedules of the controller.
Furthermore, registration is used for the purpose of booking the services offered. The mandatory details requested during registration must be provided completely and correctly. Otherwise, the controller reserves the right to reject the registration.
VirtuaGym also serves the controller as a Customer Relationship Management system and offers the possibility to manage customer payments.
For important changes such as the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.
The processing of the data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if necessary, initiating further contracts (Art. 6 Para. 1 lit. b GDPR).
The legal basis for cataloging and organizing customer data is Art. 6 Para. 1 lit. f GDPR. The controller has a legitimate interest in organizing its customer data for the purpose of optimizing contract performance and user experience.
The data collected during registration are stored by us as long as you are registered on this website and are subsequently deleted by us, provided they do not violate legal retention periods.
During the registration process, you have the opportunity in the input mask of VirtuaGym to provide personal data such as name, surname, weight, age, and height. The processing of this data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if necessary, initiating further contracts (Art. 6 Para. 1 lit. b GDPR).
Since the input mask is not adjustable by us and data such as your weight and height are not required, please do not provide these optional data. Should you provide such information, they will not be stored by the controller.
SEPA Direct Debit
VirtuaGym offers the option to enter your bank details for contract execution purposes into an input mask. These details are used for the execution of the SEPA direct debit mandate concluded for contract settlement.
The legal basis is Art. 6 Para. 1 lit. b GDPR. The payment option details are used for the execution of the contract entered into with the responsible party.
Mollie
The responsible party uses the payment service provider Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (Mollie) to simplify contract-compliant payment processing. Mollie organizes customer and payment data and offers the possibility to use further payment services as subcontractors via their services.
The legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Only such personal data are processed via Mollie, which are necessary to fulfill the contractual services.
Mollie also offers the possibility of simplifying the organization and integration into the website of payments via PayPal or Klarna.
More information on data processing via Mollie can be found at the following link:
https://www.mollie.com/de/privacy
Klarna
Via the organization tool Mollie, the service of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (Klarna) is used. Klarna receives an order for the settlement of payment claims within the framework of a separate order on your part. For the data exchanged between you and Klarna, Klarna is responsible according to the GDPR.
More information on data processing in connection with Klarna can be found here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
Paypal
The responsible party uses the service of PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (PayPal). Paypal receives an order for the settlement of payment claims within the framework of a separate order on your part. For the data exchanged between you and Paypal, Paypal is responsible according to the GDPR.
More information on data processing in connection with Paypal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Data Processing on the Website
Your data is collected firstly by you providing it yourself. This may be data that you have communicated in a contact form, order form, or via another digital communication tool.
Furthermore, technical data in the form of log data (so-called server log files) can be collected. The log file typically consists of:
- The page from which the page was requested (so-called referrer URL)
- The name and URL of the requested page
- The date and time of the call
- The description of the type, language, and version of the web browser used
- The IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established
- The amount of data transferred
- The operating system
- The message whether the call was successful (access status/HTTP status code)
- The GMT time zone difference
Data processing for the analysis of user behavior (through analysis programs, cookies, and/or device fingerprinting) occurs only with your consent.
The responsible party points out that data transmission over the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data from access by third parties is not possible.
Detailed information about the type, scope, purpose, duration, and legal basis of the processing can be found in the following privacy policy.
Cookies
We use cookies on our website. Cookies are small text files that are stored on your hard drive assigned to the browser you use and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They are used to make the Internet offer more user-friendly and effective overall, making it more pleasant for you. Cookies can contain data that makes it possible to recognize the device used. However, cookies can also contain only information about certain settings that are not personally identifiable. Cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Regarding their function, cookies are again differentiated between:
- Technical Cookies: These are mandatory to navigate the website, use basic functions, and ensure the security of the website; they do not collect information about you for marketing purposes nor store which websites you have visited.
- Performance Cookies: These collect information about how you use the website, which pages you visit, and, for example, whether errors occur during website usage; they do not collect any information that could identify you. All information collected is anonymous and is only used to improve our website and find out what interests our users;
- Advertising Cookies, Targeting Cookies: These are used to offer website users needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and Targeting Cookies are stored for a maximum of 13 months.
- Sharing Cookies: These are used to improve the interactivity of our website with other services (e.g., social networks); Sharing Cookies are stored for a maximum of 13 months.
The legal basis for cookies that are absolutely necessary to provide the service you have expressly requested is § 25 Para. 2 No. 2 TTDSG. Any use of cookies that is not technically necessary for this purpose represents data processing that is only permitted with your explicit and active consent according to § 25 Para. 1 TTDSG in conjunction with Art. 6 Para. 1 S. 1 lit. a GDPR. This applies in particular to the use of performance, advertising, targeting, or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent according to Art. 6 Para. 1 S. 1 lit. a GDPR.
Hosting
Strato
The responsible party uses the hosting service of Strato AG, Pascalstraße 10, 10587 Berlin (Strato). As with most websites, information such as the IP address, your browser type and version, language settings, date and time of the call, operating system, GMT time zone difference, and other technical as well as personal data are automatically captured by Alfahosting.
The legal basis for processing is Art. 6 lit. f GDPR. There is a legitimate interest in providing the web offer as error-free and secure as possible. In addition, the responsible party has a legitimate interest in the reliable external presentation of its company.
Further information on the data processed by Strato can be found at: https://www.strato.de/datenschutz/
Contract Processing
A contract processing agreement (AVV) has been concluded with Strato according to Art. 28 GDPR. This is a data protection contract required by law. An AVV is necessary as soon as the person responsible for data processing commissions a subcontractor to process personal data on their behalf. The contract processing agreement ensures that the latter processes the personal data only on instruction of the responsible party and in compliance with data protection regulations. The AVV obtained its validity through the inclusion of Strato’s terms and conditions. The AVV became an integral part of the contract as part of the terms and conditions. You can view the terms and conditions at the following link: https://www.strato.de/agb/
The contract processing agreement can be viewed at the following link: https://www.strato.de/agb/avv/
Google Tag Manager
The Google Tag Manager is a tool that can be used to implement tracking or statistical tools and other technologies on the website. The Google Tag Manager itself does not create user profiles, store cookies, or perform any independent analyses. It serves only for the management and playback of the tools integrated via it. However, the Google Tag Manager captures the IP address of website visitors, which can also be transmitted to Google’s parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on its website. If a corresponding consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Standard Contractual Clauses
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/
Contract Processing
A contract processing agreement (AVV) has been concluded with Google Inc. according to Art. 28 GDPR. This is a data protection contract required by law. An AVV is necessary as soon as the person responsible for data processing commissions a subcontractor to process personal data on their behalf. The contract processing agreement ensures that the latter processes the personal data only on instruction of the responsible party and in compliance with data protection regulations.
Data Privacy Framework
Google Inc. is certified under the “Data Privacy Framework” agreement between the European Union and the United States. This certification is intended to ensure compliance with European data protection standards in data processing within the United States. Every company certified under the DPF commits to adhere to these data protection standards.
For more information on this, you can visit the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Google reCAPTCHA
The controller uses Google reCaptcha from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “reCAPTCHA”).
reCAPTCHA is software that uses user behaviour on a website to recognize whether the user is a human or an automated program, e.g. a bot.
Various data is collected for this purpose. For example, data that is entered into the input mask of a contact form, the IP address, the length of stay or the way the mouse is moved are analyzed to determine whether this typically comes from a human or a program. These analyses run in the background.
The legal basis for the use of reCAPTCHA is Art. 6 para. 1 lit. f GDPR. The controller has a legitimate interest in the error-free and secure provision of its website without SPAM or other abusive behavior
Further details on processing by reCAPTCHA can be found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de
Standard contractual clauses
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/
Order processing
An order processing contract (AVV) has been concluded with Google Inc. within the meaning of Art. 28 GDPR. This is a contract prescribed by data protection law. A DPA is required as soon as the data controller commissions a subcontractor to process personal data on its behalf. The data processing agreement ensures that the subcontractor processes the personal data only on the instructions of the controller and in compliance with data protection regulations.
Data Privacy Framework
Google Inc. is certified in accordance with the so-called “Data Privacy Framework” between the European Union and the USA. This is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.
Further information on this can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Hotjar
The Controller uses Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (hereinafter “Hotjar”) to deepen its insight into the needs of users and to continuously improve both the service and the user experience of the application.
Hotjar is a technological service that enables the controller to research user behavior in more detail. This includes analyzing aspects such as length of stay on certain websites, preferred links, individual user preferences and dislikes as well as comparable factors. By collecting such data, we can design and continuously improve our service with the help of user feedback.
Hotjar uses cookies and similar technologies to collect information about user behavior and the end devices used. This information includes the IP address of a device (which is processed during the usage session and stored in anonymized form), the screen dimensions, specific device identifiers, browser data, the geographical location (only in the form of the country) and the preferred language for displaying our website. This collected data is stored by Hotjar in a pseudonymized user profile on behalf of our company. It is contractually stipulated that Hotjar will not pass on any data collected on our behalf to third parties for sale.
Order processing contract
An order processing contract (AVV) has been concluded with the above-mentioned service within the meaning of Art. 28 GDPR. This is a contract prescribed by data protection law. A DPA is necessary as soon as the data controller commissions a subcontractor to process personal data on its behalf. The data processing agreement guarantees that the subcontractor will only process the personal data on the instructions of the controller and in compliance with data protection regulations. The DPA became valid through the inclusion of the GTC. As an integral part of the GTC, the DPA became part of the contract.
You can view the GTC at the following link: https://www.hotjar.com/legal/policies/terms-of-service/
You can view the data processing agreement at the following link: https://www.hotjar.com/de/legal/support/dpa/
Technical and Organizational Measures
The responsible party consistently prioritizes your privacy by ensuring the integrity and confidentiality of information technology systems. All necessary security measures are taken to ensure your data is adequately protected. However, even the highest level of security cannot guarantee complete protection against hacker attacks, cybercriminal activities, or unauthorized third-party access. The responsible party is aware of this and accordingly aligns its IT systems for necessary security.
SSL/TLS Encryption
The responsible party’s website is encrypted using Transport Layer Security and Secure Socket Layer protocols. This encryption helps protect your personal data from unauthorized access.
Social Media Presence
Privacy Policy for Online Presence on LinkedIn
The responsible party maintains profiles on the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn).
Interacting with these profiles triggers various data processing activities, including the processing of personal data. LinkedIn processes personal data that you have provided, such as your name, age, nationality, or industry and company affiliation. LinkedIn also processes your data for user analysis, such as your interactions with our profile or whether you have followed the responsible party’s profile. Other data you have published may also be processed.
Additionally, LinkedIn uses cookies, which are stored on your device even if you do not have a LinkedIn profile or are not logged into your profile during your visit. These cookies enable LinkedIn to create user profiles based on your preferences and interests and to show you tailored advertising (both within and outside LinkedIn). These cookies may remain on your device until you delete them.
The legal basis for data processing is Article 6(1)(f) of the GDPR. The responsible party has a legitimate economic interest in presenting its company.
The legal basis for publishing images is Article 6(1)(a) GDPR if consent has been given. If there is a contractual agreement, the legal basis is Article 6(1)(b) GDPR. In exceptional cases, image publication may also be based on a legitimate interest according to Article 6(1)(f) GDPR in conjunction with § 23(1) No. 3 KUG.
If you contact us via our LinkedIn presence (e.g., through reactions to our posts or private messages), the data you provide will be processed solely for the purpose of communicating with you. The legal basis is Article 6(1)(a) GDPR if consent has been given and Article 6(1)(b) GDPR if the data processing is necessary for the performance of contractual or pre-contractual measures.
The responsible party deletes stored data as soon as their storage is no longer necessary, or you request their deletion, provided there are no legal retention obligations.
For more details on data processing on LinkedIn, visit: https://www.linkedin.com/legal/privacy-policy
Data Processing Agreement
A data processing agreement (DPA) has been concluded for the use of the aforementioned service. This is a legally required contract that ensures the data is processed only according to the instructions of the responsible party and in compliance with GDPR regulations.
LinkedIn may transfer data to the United States. According to LinkedIn, they comply with the standard contractual clauses of the EU Commission.
For more information, visit this link: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=en-us&intendedLocale=en
Contact LinkedIn’s Data Protection Officer: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Insights
n connection with “Page Insights” from LinkedIn, data on user behavior can be collected. When using Page Insights, LinkedIn provides us with usage statistics on user demographics or growth. It is also possible to see which profile has accessed the Page Insight user’s profile. We do not have access to the exact usage data nor influence how LinkedIn collects the data necessary to create these statistics.
In this process of personal data processing, the responsible party and LinkedIn are jointly responsible. This joint responsibility exists because the responsible party and LinkedIn, through the provision of the “Page Insights” service, jointly determine the purposes and means of processing (Art. 26 GDPR). This means that the data subject can enforce their rights under Articles 12-22 GDPR, including Article 77 GDPR, against both parties.
Therefore, we have concluded an agreement with LinkedIn on joint responsibility (Joint Controller Addendum) according to Art. 26 GDPR. Details can be found here: https://legal.linkedin.com/pages-joint-controller-addendum
Privacy Policy for Online Presence on Instagram
The responsible party maintains profiles on the social network Instagram of Meta Platforms Ireland Limited (Instagram) (profile URLs: https://www.instagram.com/drehmomentberlin/ and https://www.instagram.com/2112alisa/). Interaction with this profile initiates various data processing activities, including the processing of personal data. Instagram processes personal data that you have provided, such as your name, age, nationality, or industry and company affiliation. Instagram also uses your data for user analysis, such as how you have interacted with our profile or whether you have followed the responsible party’s profile. Other data you have published may also be processed.
In addition, Instagram uses cookies, which are stored on your device even if you do not have an Instagram profile or are not logged into your profile during your visit. These cookies enable Instagram to create user profiles based on your preferences and interests and to show you tailored advertising (both within and outside Instagram). These cookies may remain on your device until you delete them.
The legal basis for data processing is Article 6(1)(f) GDPR. The responsible party has a legitimate economic interest in presenting its company.
The legal basis for publishing images is Article 6(1)(a) GDPR if consent has been given. If there is a contractual agreement, the legal basis is Article 6(1)(b) GDPR. In exceptional cases, image publication may also be based on a legitimate interest according to Article 6(1)(f) GDPR in conjunction with § 23(1) No. 3 KUG.
If you contact us via our Instagram presence (e.g., through reactions to our posts or private messages), the data you provide will be processed solely for the purpose of communicating with you. The legal basis is Article 6(1)(a) GDPR if consent has been given and Article 6(1)(b) GDPR if the data processing is necessary for the performance of contractual or pre-contractual measures.
The responsible party deletes stored data as soon as their storage is no longer necessary, or you request their deletion, provided there are no legal retention obligations.
For more details on data processing on Instagram, visit: https://help.instagram.com/155833707900388
Data Processing Agreement
A data processing agreement (DPA) has been concluded for the use of the aforementioned service. This is a legally required contract that ensures the data is processed only according to the instructions of the responsible party and in compliance with GDPR regulations.
For more information, visit: https://privacycenter.instagram.com/policy
Data Privacy Framework
Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, personal data may also be transferred to the United States or other third countries.
Therefore, the company is certified under the “Data Privacy Framework” between the European Union and the United States. This certification is intended to ensure compliance with European data protection standards in data processing within the United States. Every company certified under the DPF commits to adhere to these data protection standards.
For more information, visit the following link: https://www.facebook.com/privacy/policies/data_privacy_framework
Contact Instagram’s Data Protection Officer: https://www.facebook.com/help/contact/713679366292426?IG_EU_PP_Redirect
Insights
In processing personal data, the responsible party and Instagram are jointly responsible. This joint responsibility exists because the responsible party and Instagram, through the provision of the “Insight” service, jointly determine the purposes and means of processing (Art. 26 GDPR). This means that the data subject can enforce their rights under Articles 12-22 GDPR, including Article 77 GDPR, against both parties.
In connection with “Instagram Insights,” data on user behavior can be collected. When using Instagram Insights, Instagram provides us with anonymous usage statistics, such as user demographics or growth. We do not have access to the usage data nor influence how Instagram collects the data necessary to create these statistics.
We have concluded an agreement with Instagram on joint responsibility (Joint Controller Addendum) according to Art. 26 GDPR. Details can be found here: https://www.facebook.com/legal/controller_addendum
Privacy Policy for Online Presence on Vimeo
The responsible party maintains a profile on the social network Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, USA (Vimeo) (profile link: https://vimeo.com/drehmomentpole). Interaction with this profile initiates various data processing activities, including the processing of personal data. Vimeo processes personal data that you have provided, such as your name, age, nationality, or industry and company affiliation. Vimeo also uses your data for user analysis, such as how you have interacted with our profile or whether you have followed the responsible party’s profile. Other data you have published may also be processed.
you visit our profile, even if you do not have a Vimeo profile or are not logged in to it during your visit to our profile. These cookies allow Vimeo to create user profiles based on your preferences and interests and to show you advertising tailored to you (both inside and outside of Vimeo). Cookies may remain on your device until you delete them.
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The responsible party has a legitimate economic interest in the external presentation of its company.
The legal basis for the publication of images is Art. 6 Para. 1 lit. a GDPR, provided that consent has been given. If a contractual agreement exists in this regard, the legal basis is Art. 6 Para. 1 lit. b GDPR. In exceptional cases, the publication of images can also be based on a legitimate interest according to Art. 6 Para. 1 lit. f GDPR in conjunction with § 23 Para. 1 No. 3 KUG.
If you contact us via our Vimeo presence (e.g., by reacting to one of our posts or by sending us private messages), the data you provide will be processed by us exclusively for the purpose of contacting you. The legal basis is Art. 6 Para. 1 lit. a GDPR if consent has been given and Art. 6 Para. 1 lit. b GDPR if the data processing serves the execution of contractual or pre-contractual measures.
The responsible party deletes stored data as soon as their storage is no longer necessary, or you request their deletion, and no legal retention obligations stand in the way.
For more details on data processing on Pinterest, please visit: https://policy.pinterest.com/de/privacy-policy
Privacy Policy for Online Presence on YouTube
The responsible party maintains its own profile on the social network YouTube of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (YouTube). The interaction with this profile initiates several data processing operations, including the processing of personal data. YouTube processes personal data that you have provided to YouTube, such as your name, age, nationality, or industry or company affiliation. YouTube also processes your data for user analysis, such as how you interacted with our profile or whether you followed the responsible party’s profile. Other data you have published may also be processed.
In addition, YouTube uses so-called cookies, which are stored on your device when you visit our profile, even if you do not have your own YouTube profile or are not logged into it during your visit to our profile. These cookies allow YouTube to create user profiles based on your preferences and interests and to show you advertising tailored to you (both inside and outside of YouTube). Cookies may remain on your device until you delete them.
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. There is a legitimate economic interest in the external presentation of our company.
The legal basis for the publication of images and videos is Art. 6 Para. 1 lit. a GDPR, provided that consent has been given. If a contractual agreement exists in this regard, the legal basis is Art. 6 Para. 1 lit. b. In exceptional cases, the publication of images or videos can also be based on a legitimate interest according to Art. 6 Para. 1 lit. f GDPR in conjunction with § 23 Para. 1 No. 3 KUG.
If you contact us via our YouTube presence (e.g., by reacting to one of our posts or by sending us private messages), the data you provide will be processed by us exclusively for the purpose of contacting you. The legal basis is Art. 6 Para. 1 lit. a GDPR if consent has been given and Art. 6 Para. 1 lit. b GDPR if the data processing serves the execution of contractual or pre-contractual measures.
We delete stored data as soon as their storage is no longer necessary, or you request their deletion, and no legal retention obligations stand in the way.
For more details on data processing on YouTube, please visit:
ttps://policies.google.com/privacy
Data Processing Agreement
A data processing agreement (AVV) in accordance with Art. 28 GDPR has been concluded. This is a legally required contract. An AVV is necessary as soon as the responsible party of data processing commissions a subcontractor to process personal data on their behalf. The data processing agreement ensures that the subcontractor processes the personal data only on instructions of the responsible party and in compliance with data protection regulations.
Data Privacy Framework
Google Inc. has certification under the so-called “Data Privacy Framework” between the European Union and the USA. This is intended to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards.
For more information, please visit the following link:
Contact the data protection officer of YouTube:
https://policies.google.com/privacy
Privacy Policy for Online Presence on Facebook
The responsible party maintains its own profiles on the social network Facebook of Meta Platforms Ireland Limited (Facebook) (URLs of the profiles: https://www.instagram.com/drehmomentberlin/ and https://www.instagram.com/2112alisa/). The interaction with these profiles initiates several data processing operations, including the processing of personal data. Facebook processes personal data that you have provided to Facebook, such as your name, age, nationality, or industry or company affiliation. Facebook also processes your data for user analysis, such as how you interacted with our profile or whether you followed the responsible party’s profile. Other data you have published may also be processed.
In addition, Facebook uses so-called cookies, which are stored on your device when you visit our profile, even if you do not have your own Facebook profile or are not logged into it during your visit to our profile. These cookies allow Facebook to create user profiles based on your preferences and interests and to show you advertising tailored to you (both inside and outside of Facebook). Cookies may remain on your device until you delete them.
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The responsible party has a legitimate economic interest in the external presentation of its company.
The legal basis for the publication of images is Art. 6 Para. 1 lit. a GDPR, provided that consent has been given. If a contractual agreement exists in this regard, the legal basis is Art. 6 Para. 1 lit. b. DSGVO In exceptional cases, the publication of images can also be based on a legitimate interest according to Art. 6 Para. 1 lit. f GDPR in conjunction with § 23 Para. 1 No. 3 KUG.
If you contact us via our Facebook presence (e.g., by reacting to one of our posts or by sending us private messages), the data you provide will be processed by us exclusively for the purpose of contacting you. The legal basis is Art. 6 Para. 1 lit. a GDPR if consent has been given and Art. 6 Para. 1 lit. b GDPR if the data processing serves the execution of contractual or pre-contractual measures.
The responsible party deletes stored data as soon as their storage is no longer necessary, or you request their deletion, and no legal retention obligations stand in the way.
For more details on data processing on Facebook, please visit: https://de-de.facebook.com/privacy/policy/
Data Processing Agreement
A data processing agreement (AVV) for the use of the above-mentioned service has been concluded. This is a legally required contract, which ensures that the subcontractor processes the personal data only under the instructions of the responsible party and in compliance with the GDPR.
For more information, please visit:
Data Privacy Framework
Facebook primarily processes personal data at its European location of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, personal data may also be transferred to the United States or other third countries.
Therefore, the company has certification under the so-called “Data Privacy Framework” between the European Union and the USA. This is intended to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards.
For more information, please visit the following link:
https://www.facebook.com/privacy/policies/data_privacy_framework
Contact the data protection officer of Facebook: https://www.facebook.com/help/contact/713679366292426?IG_EU_PP_Redirect
Insights
In the processing of personal data, the responsible party is jointly responsible with Instagram. This joint responsibility arises because the responsible party and Instagram, through the provision of the “Insight” service, jointly determine the purposes and means of processing (Art. 26 GDPR). This means for the data subject that he can assert his rights under Art. 12-22 GDPR including Art. 77 GDPR against both responsible parties.
In connection with “Instagram Insights,” data on user behavior can be collected. When using Instagram Insights, Instagram provides us with only anonymous usage statistics, such as user demographics or user growth. We do not have access to the exact usage data nor do we influence how Instagram collects the data necessary to create these statistics.
We have concluded a contract with Instagram on joint responsibility (Joint Controller Addendum) in accordance with Art. 26 GDPR. Details can be found here: https://www.facebook.com/legal/controller_addendum
© Drehmoment 2024
Made with ❤️ by Flora Voelcker
