deutsch | english

General Data Protection Regulation (GPDR)


Privacy Policy

Our Privacy Policy In a Nutshell

This is a summary and not a substitute for our privacy policy, which is described in detail in the next section below.

Cookies, Tracker, Webtraffic Analysis

Our website does not use cookies, trackers or third party analysis tools for web traffic. All resources required by our web pages are hosted on our server directly.

Our web pages have no external resources embedded, instead we use external links, which are marked with a little arrow symbol: Symbol for external link

Logging Access to Our Web Pages

Like all website operators known to us, we also store website access information for detection and investigation of hacker attacks in our server log files for a maximum of 7 days.
Excluded from this deletion is data for the conservation of evidence, which will only be deleted after the final resolution of the respective incident.
Access information includes the name of the accessed web page, file, date and time of access, transferred data volume, notification of successful retrieval, browser type together with version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Calling External Links in Our Web Pages

When calling external links, your browser connects to the corresponding server of a third party website. Be aware that your browser will transmit the URL of our website, in which the link was placed.

Accessing our profiles on social media platforms (Twitter, YouTube, Facebook,...) are considered external links. and therefore the data protection declarations of the respective operators are applicable exclusively.

Sending E-mails

If you send us e-mails, your e-mail and thus your sender address and all other metadata transmitted (e.g. date of dispatch, delivery route,...) in the e-mail will be saved in our e-mail archive along with the contents - similar as if you would send us a letter with your sender address.
Please do not send us an e-mail unless you agree.

Note that the e-mail is delivered in an unencrypted way and therefore will be readable by third parties during the delivery process - like in the case of a postcard.

Privacy Policy


This data protection declaration clarifies the type, scope and purpose of processing of personal data (hereinafter referred to as "data") within our online offer and of the websites, functions and contents connected with it as well as external online services, such as e.g. our Social Media Profile (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "person responsible we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) of the European Union.

Responsible Person

Tilman Sommer
Seracher Str. 27
73732 Esslingen am Neckar, Deutschland

Link zum Impressum: deutsch | english

Types of Data Processed:

Categories of Concerned Persons

Visitors and users of the website (in the following we describe the affected persons in summary also as "users").

Purpose of Processing

General Terms and Definitions

"Personal Information" means any information that relates to an identified or an identifiable natural person (hereinafter referred to as "data subject"); as identifiable is considered a natural person, directly or indirectly, in particular by assignment to an identification such as a name, to an identification number, to location data, to an online identification (e.g. cookie) or to one or more special characteristics can be identified, the expression of physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

"Processing" means any process carried out with or without the aid of automated methods transaction or any such transaction series in connection with personal data. The term goes a long way and covers practically every handling of data.

"Pseudonymisation" means the processing of personal data in such a way that the personal data is no longer accessible without the use of additional information can be assigned to a specific data subject, provided that the data subject additional information must be kept separately and technical and are subject to organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

"Profiling" means any automated processing of personal data, which consists in the use of this personal data, certain personal aspects relating to a natural person, in particular in order to assess aspects relating to work performance, economic Location, health, personal preferences, interests, reliability, behavior, to analyse the whereabouts or relocation of that natural person, or to predict.

The "Person Responsible" is the natural or legal person, authority, institution or other body which, alone or in conjunction with others, has access to the the purposes and means of processing personal data, in the first place.

"Processor" means any natural or legal person, public authority, establishment or other body that collects personal data on behalf of the responsible is processed.

Applicable Legal Basis

In accordance with art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis in the data protection declaration is not mentioned, the following applies: The legal basis for obtaining consents is art. 6 para. 1 lit. a and art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and the performance of contractual obligations. Measures as well as answering inquiries is art. 6 para. 1 lit. b GDPR, which legal basis for the processing for the fulfilment of our legal obligations. obligations is art. 6 para. 1 lit. c GDPR, and the legal basis for the processing for the protection of our legitimate interests is art. 6 para. 1 lit. f GDPR. In the event that the vital interests of the person concerned or any other natural person processing personal data art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security Measures

In accordance with art. 32 GDPR and taking into account the status of the technology, implementation costs and the nature, scope, circumstances, and the purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure that the risk is kept to a appropriate level of protection.
These measures include, in particular, ensuring confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, ensuring data availability and separation. We have also developed procedures which allows the exercise of the rights of data subjects, deletion of data and ensure response to data threats. We also take into account the protection personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by technology design and data protection-friendly settings (art. 25 GDPR).

Cooperation with Contracted Processors and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (contracted processors or third parties), to pass data on to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transfer of data to third parties such as a payment service provider is required for contract fulfillment in accordance with art. 6 para. 1 lit. b GDPR), you have consented to do so, a legal obligation exists or on the basis of our legitimate interests (e.g. when using agents, web hosting providers, etc.).

If we provide third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of of art. 28 GDPR.

Transfers to Third Countries

If we have data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the use of third party services or disclosure, or of data to third parties, this will only take place if it is used for the purpose of fulfilment of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of of our legitimate interests. Subject to legal or regulatory requirements contractual permissions, we process or have the data processed in an third country only if the special requirements of art. 44 et seq. of GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised finding of an EU-compatible data protection levels (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised specific contractual obligations (so-called "Standard contractual clauses").

Rights of Data Subjects

You have the right to request confirmation, whether the data concerned are processed and requested information about them and a copy of the data in accordance with art. 15 GDPR.

In accordance with art. 16 GDPR, you are entitled to request the completion or correction of data concerning you in case of inaccuracy.

In accordance with art. 17 GDPR, you have the right to demand that data in question are deleted immediately, or alternatively in accordance to art. 18 GDPR demand a restriction of the processing of the data.

You have the right to request that the data concerning you, which you had made available to us, in accordance with art. 20 GDPR to get a copy and to demand their transmission to other responsible persons.

Furthermore, according to art. 77 GDPR, you have the right to lodge a complaint with the to the responsible supervisory authority.

Right of Revocation

You have the right to revoke your consent in accordance with art. 7 para. 3 GDPR with effect for the future.

Right of Objection

At any time, you can object against future processing of the data concerning you according to art. 21 GDPR. In particular, the objection may concern the processing for direct marketing purposes.

Cookies and Right of Objection in Direct Advertising

We do not use temporary or permanent cookies or direct advertising.

Collection of Access Data and Log Files

Due to our legitimate interests according to art. 6 para. 1 lit. f. GDPR, we, or our hosting provider, are storing data about each access to the server, on which the service is located (so-called server log files). The access data includes name of the accessed webpage, file, date and time of access, transferred data volume, notification of successful retrieval, browser type together with Version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for investigations of abuse or fraud) for a maximum period of 7 days and then deleted. Excluded from this deletion is data for the conservation of evidence, which will only be deleted after the final resolution of the respective incident.

Created with by RA Dr. Thomas Schwenke - modified by Tilman Sommer (Dokapi).

Translated by Tilman Sommer (Dokapi) with help by