Privacy policy

Introduction

Responsible

Definitions

Processing of your personal data

• When you call up our website

  When you access our Website, meaning when you transmit information to us by any other means, we — or the host provider acting on our behalf — only collect the personal data that your browser transmits to our server. If you wish to view our Website, we collect the following data:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transmitted
  • Website from which the request originates
  • Operating system
  • Language and version of the browser software

  This data is technically necessary for us to display and provide our Website. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR. For security reasons (e.g., to clarify cases of misuse or fraudulent activities), this data is stored for a maximum duration of 7 days and is then deleted. Data that must be retained further for evidentiary purposes is exempt from deletion until the respective incident is fully clarified. The hosting service provider we employ processes personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR.

• Detection of automated queries through Google ReCaptcha

  We use Google ReCaptcha technology to ensure that the publicly accessible part of our website is not misused for automated requests (e.g., spam). If you are not logged in as a registered user and interact with our website (e.g., via a contact form or by submitting a review), Google checks whether the data entry on our websites (e.g., in a contact form) is made by a human or by an automated program. For this purpose, ReCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For analysis, ReCaptcha evaluates various types of information (e.g., IP address, duration of the visit on the website, or mouse movements made by the user). The data collected during this analysis is transmitted to Google. The ReCaptcha analysis runs entirely in the background. This verification is intended to distinguish whether the input is made by a human or is being misused by automated, machine processing. Therefore, we transmit the following data to Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)::

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Amount of data transmitted
  • Website from which the request originates
  • Browser and browser plugins
  • Language and version of the browser software
  • Screen and window resolution
  • Duration of the website visit
  • Mouse movements made by the user

  Google evaluates the data to detect an automated request in order to ensure that the contact form is not misused. Cookies are used for this purpose, which enable recognition of your internet browser. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. In the context of using Google ReCaptcha, data is also transmitted from Google to group companies and/or subcontractors. In this context, the above-mentioned data may be transferred to and stored in the USA. The data protection level in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.

• Usage analysis through Google Analytics

  Our website optionally uses Google Analytics so that we can further improve future websites. You can consent to the use of Google Analytics when you access the website. You may withdraw your consent to the use of Google Analytics at any time. If you grant us your consent, we analyze your usage of the website. To do this, we process the following personal data from you:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transmitted
  • Website from which the request originates
  • Browser
  • Information
  • Operating system and its interface
  • Language and version of the browser software
  • Screen and window resolution
  • Your approximate location
  • Information about your duration of stay
  • Information about actions you perform on the website

  Therefore, we transmit the aforementioned data to Google for analytical purposes. On our behalf, Google analyzes the data regarding the manner in which you use the website, as this data is necessary for us to ensure the stability and security of the website and to further develop it in accordance with our interests. The data collected in this way is not merged with your other profile information but is included in anonymous statistics that help us better understand our users and tailor the website more closely to their needs. As mentioned above, we process this data solely with your consent. The legal basis for this is Art. 6 (1) sentence 1 lit. a GDPR.

  In the context of using the services of Google Analytics, data is also transmitted from Google to group companies and/or subprocessors. In this context, the aforementioned data may be transferred to and stored in the USA. The data protection level in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.

• YouTube embedded videos

  We have embedded videos from the platform YouTube on our website. YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for data protection regarding the operation of the YouTube platform. You can find YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

  In this context, to the best of our knowledge, YouTube processes the following personal data from you:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transmitted
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Data regarding interaction with the YouTube plug-in
  • If applicable, the device identifier of your device
  • The version of the YouTube software we use
  • Information on the previous playback of the video
  • Information about the manner of playback (e.g., full screen)

  The integration of YouTube videos is carried out in our interest to present you with high-quality content directly on our website. Instead of merely providing you with a link to an interesting video, you can watch the video directly on our site. This enhances our service and makes it easier for you to access engaging content. The legal basis for processing personal data in connection with the integration of YouTube videos and the associated transfer of personal data to Google LLC is Art. 6 (1) sentence 1 lit. f GDPR.

  In the context of using YouTube's services, data is also transmitted by Google to group companies and/or subprocessors. In this context, the above-mentioned data may be transferred to and stored in the USA. The level of data protection in the USA is considered inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE, alternatively you can also request these documents from us using the contact details provided in Section 2.

• Use of Calendly

  We use the scheduling tool Calendly (Calendly LLC, 3423 Piedmont Rd NE, Atlanta, GA 30305, USA) on our website to enable you to conveniently book meetings and product demos. When you use the embedded Calendly widget, data such as your name, email address, and selected time slot is transmitted to and processed by Calendly. The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Art. 6(1)(f) GDPR (our legitimate interest in efficient appointment scheduling).

  Calendly may transfer personal data to the USA. For further information on data processing by Calendly, please refer to Calendly's Privacy Policy.

• When contacting us via e-mail

  E-mails that you transmit to us and that we transmit to you are processed using the services of our e-mail provider. In the context of e-mail communication, our e-mail provider processes your personal data (i.e., your e-mail address and the information you provide in the e-mail) on our behalf, in order to enable e-mail communication with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete the data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.

• When contacting us via telephone

  When you contact us by telephone, we require your personal data (e.g., name, telephone number, address, or e-mail address) in order to process your inquiry or concern. This data processing is necessary for us to be able to communicate with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete this data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.

• When contacting us via contact form

  When you contact us via the contact form, we require your personal data (e.g., name, contact details, etc.) in order to process your inquiry or concern. This data processing is necessary for us to be able to communicate with you or, if you are our customer, for contract processing. The processing of your personal data is based on Art. 6 (1) sentence 1 lit. f and/or Art. 6 (1) sentence 1 lit. b GDPR. We delete the data once it is no longer required and provided that no legal obligations prevent us from doing so. We review the necessity of retention every six months.

• As part of the subscription to our newsletter

  If you subscribe to our newsletter, we will regularly inform you about current offers, products, promotions, and news about our company. For the purpose of sending the newsletter and addressing you personally, we process your e-mail address and, if provided, your name. The processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO. You can withdraw your consent at any time with effect for the future, for example, by using the unsubscribe link included in each newsletter or by contacting us at [email protected].

  We will process your data in this context until you withdraw your consent or unsubscribe from the newsletter.

  The newsletter service provider we use processes personal data on our behalf and in accordance with our instructions as a processor pursuant to Art. 28 DSGVO.

When registering and using our platform

• Mandatory data for registration on our event platform

  When you register on our platform, you must provide certain mandatory information about yourself. We therefore process the following personal data from you:

  • E-mail address
  • Password

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account. Afterwards, your data will be deleted in relation to the user account, unless its retention is necessary for commercial or tax reasons pursuant to Art. 6 (1) sentence 1 lit. c GDPR.

• Optional profile information for musicians / artists

  In addition to the required mandatory information, you can provide additional details that make it easier for other users to get to know you better and, for example, to book you as a project. We may therefore process personal data that you voluntarily add to your profile, such as

  • Nickname/artist name or project name
  • If your profile is associated with a project: status within the project ("Admin" / "Member" / "Guest")
  • Profile photo
  • Hometown and details regarding the radius within which jobs should be accepted
  • Skills, instruments, equipment
  • Details about your artistic career
  • Genres
  • Details about lineup/cast
  • Details about bookable events
  • Self-description
  • Age
  • Physical features (eye color, hair color, etc.)
  • Voice, accents & languages
  • Contact information
  • Homepage
  • Address
  • Songs in the setlist (for music projects)

  Other users can view, share, or link to this data. Certain information about you may be accessible by default to other users of our platform (e.g., your username, your profile picture, content added to your profile). In addition, we will inform you via e-mail if there are details missing in your profile or if your profile is incomplete. For this purpose, we use your e-mail address and your name (to be able to address you personally).

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform, or completely when you delete your account on our platform.

• Contact management through Hubspot

  We use Hubspot (hubspot.com) for the management of user and customer data (CRM) and especially for capturing process data (e.g., e-mails, notes from conversations, etc.). This provides us with an overview of previous communications. In addition, we use Hubspot for lead generation via our blog (blog.connactz.com) and for the automated sending of e-mails. In doing so, we sometimes transfer data from sections 5.1 and 5.2 as well as usage statistics and usage-relevant information, such as the number of new event inquiries, to Hubspot’s servers in order to make the e-mails with personalized content more relevant to you.

  The European subsidiary of Hubspot Inc. is located at 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. The legal basis for processing personal data in connection with the use of Hubspot and the associated transfer of personal data to Hubspot Inc. is Art. 6 (1) sentence 1 lit. f GDPR. In the context of using Hubspot’s services, data may also be transmitted to group companies and/or subprocessors. In this context, the aforementioned data may be transferred to and stored in the USA. The level of data protection in the USA is deemed inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE; alternatively, you can also request these documents from us using the contact details provided in Section 2.

• Live chat and support through Intercom

  We use Intercom (intercom.com) to provide live chat support on our website and within our platform. When you use our chat function, Intercom may process your name, e-mail address, the content of your messages, and technical data such as your IP address, browser type, and device information. If you are a logged-in user, your account data may also be shared with Intercom to provide personalized support.

  Intercom R&D Unlimited Company is located at 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Ireland. The legal basis for processing personal data in connection with the use of Intercom is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in providing efficient customer support). In the context of using Intercom’s services, data may also be transmitted to subprocessors. In this context, data may be transferred to and stored in the USA. The data transfer is based on Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. By using our chat function, you consent to the processing of your data by Intercom as described above. For more information, please refer to the Intercom privacy policy at https://www.intercom.com/legal/privacy.

• Use of your e-mail address for system notifications

  We send you e-mails when a message is received in your connactz inbox or when an appointment is approaching. This is to ensure that you do not overlook a message sent to you by another user and that you do not miss an appointment. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. We delete this data once it is no longer required for the purpose for which it was collected, i.e., for the personalization of your profile. Typically, this is the case when you delete your profile with us. We review the necessity every six months.

• Personalization of your search results

  We also process your data to suggest to you, if you are an organizer, those projects/artists or, if you are a project/artist, those organizers and events as well as other projects/artists that best match you. This requires a user-specific evaluation of the relevance of products and content, i.e., personalization. Only with such personalization can we present you with results that truly match you. In doing so, your profile information and your previous use of our platform are analyzed and compared using an algorithm with the anonymized profiles of other users with similar characteristics. This is intended to ensure that the suggestions presented to you better match you. Of course, you have access to all profiles despite the personalization. The personalization merely serves to draw your attention earlier to the profiles that are more relevant to you.

  For the purpose of personalization, we use the following data that we collect as part of your use of our platform:

  • Types of events
  • Desired genres
  • Desired lineups
  • Special requirements of an event
  • Date information
  • Information about your use of our platform (e.g., booked or performed events, requested fee or planned budget, songs on your setlist)
  • Data from Section 5.2

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. We delete this data once it is no longer required for the purpose for which it was collected – in this case, the personalization of your profile. Typically, this is the case when you delete your profile with us. We review the necessity every six months.

• When you create an event

  When you, as an organizer, create a call for artists on our platform, we collect various pieces of information from you that may include personal data. These include:

  • Name of the event for which you are searching for artists/projects
  • Date and time of the event
  • Details regarding any available equipment
  • Details about the desired act (genre, lineup, etc.)
  • E-mail address
  • Telephone number (optional)
  • Details about your budget

  With the exception of your contact data (i.e., your e-mail address and telephone number) and the budget, these details are visible to other users of our platform. If another user contacts you and you initiate contact with another user, the entire communication takes place via the chat function on our platform, so that your communication partner does not automatically receive your contact details. However, you can optionally activate the publication of your contact data. In that case, they will be visible to other users of our platform.

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account.

  If you reach an agreement with an artist/project, that artist/project has the option to generate a contract and invoices using our contract and invoice generator (see also Section 5.7 of this Privacy Policy). These documents will be enriched with the contact data stored in your profile. This data transfer only occurs with your explicit consent and only if you reach an agreement with an artist/project.

• When submitting a bid for an event

  When you, as an artist/project, submit an offer for a call for artists on our platform, we collect various pieces of information from you that may include personal data and transmit them to the respective organizer for whose event you are submitting an offer. These include:

  • The price at which you are willing to perform the event
  • Information provided in the comment field

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store your data until you cancel your user account. Afterwards, your data in relation to the user account is deleted.

• When connecting calendar services

  We offer our users the option to display their private calendars on our website by connecting through the Google Calendar API, the Microsoft Outlook integration, or by sharing their iCloud (Apple) calendars, in order to check scheduling conflicts and make availabilities visible to team members (members of the same project). Members of the same project can view the availability of their teammates but not the reasons for any scheduling conflicts. Only the user themselves can view the details of events and the reasons for scheduling conflicts. connactz does not store any data from the Google Calendar API, Microsoft Outlook, or iCloud calendars. The information is reloaded through the connection each time the service is used and thereby kept up to date.

  To enable this functionality, you will be asked to provide your Google or Microsoft account credentials and authorize the API integration, or, for iCloud (Apple) calendars, to set up an app-specific password for the connection. By using the Google Calendar API, the Microsoft Outlook integration, or the iCloud (Apple) connection, we can access your calendar events and display them on our website. We take appropriate measures to ensure that your calendar events are treated confidentially and processed in accordance with applicable data protection laws. Please note that we do not have access to your Microsoft or Google account credentials and that you can deactivate and delete the integration at any time by removing these connections within connactz or from your Microsoft/Google account settings, or by changing or removing the app-specific password for Apple.

  The use or disclosure of information obtained through Google APIs to other apps is subject to the Google API Services User Data Policy (available at https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes) and the Limited Use requirements.

• When using our contract or invoice generator

  When you, as an artist/project, use our contract and invoice generator, we create contracts and invoices for you with organizers or other artists/projects with whom you have reached an agreement. In this context, we process the following data which may include personal data:

  • Your contact details stored in your profile
  • The contact details stored in the profile of the respective contractual partner
  • For invoices, details regarding your tax attributes (tax rate, tax ID, VAT ID)
  • Settings and contract options that you enter during the contract generation process (arrangements for accommodation, payment formalities, etc.)

  In addition, you have the possibility, within your project, to make an internal division of your fee and to create corresponding invoices and receipts. For this, we process the following data:

  • The agreed fee
  • The internal division of the fee within the project
  • The names and contact details of the team members
  • The expenses to be credited and information about them (such as travel costs, accommodation costs, etc.)

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. We store this data until you cancel your user account. Afterwards, your data is deleted in relation to the user account. Please remember, however, that you must archive these documents in compliance with tax regulations at all times.

• When you communicate with other users of our platform

  You have the option to get in touch with other users of our platform. As part of this communication, we generally process all data that you provide within this context and transmit it to the recipient you have selected. This data includes, in particular:

  • Message content
  • Shared files

  The legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform or completely for all data when you delete your account on our platform.

• Processing of Personal Data in Connection with Invitations for Guest Users

  Artists have the option to invite other individuals to a project or event on the platform via e-mail. In this context, the provider processes the e-mail address of the invited person, as provided by the inviting artist, solely for the purpose of carrying out the invitation and enabling participation in the respective project or event. The processing is based on Art. 6 (1) lit. b GDPR, insofar as the invitation serves the initiation or execution of a project- or event-related collaboration, as well as on Art. 6 (1) lit. f GDPR within the legitimate interest of the inviting artist or project in organizing the event or project. In cases where the invited person has previously consented to being contacted by the artist, the processing of the e-mail address for sending an invitation is based on Art. 6 (1) lit. a GDPR. The inviting artist is responsible for ensuring that the invited individuals have consented to electronic contact via e-mail based on Art. 6 (1) lit a DSGVO. The e-mail address of the invited person will be stored for the duration of the invitation and, if applicable, the event or project participation, and subsequently deleted unless statutory retention obligations prevent this.

• Processing of Personal Data of Guest Users

  Guest users are individuals who are invited to a project via e-mail without registering their own user account on the platform. Scope of data processing:

  • For the invitation and communication with guest users, their e-mail address is processed.
  • Guest users can send messages to the respective event/project via e-mail. These messages are published in the overview of the event/project and are visible to participants involved in the event/project.
  • Guest users can view the overview of the event/project.
  • No further use or processing of data takes place.

  The processing is carried out pursuant to Art. 6 (1) lit. b GDPR for the purpose of carrying out the invitation and enabling communication within the event/project, as well as pursuant to Art. 6 (1) lit. f GDPR on the basis of the legitimate interest of the inviting artist or project in collaborating with external individuals. In cases where the invited person has previously consented to being contacted by the artist, the processing of the e-mail address for sending an invitation is based on Art. 6 (1) lit. a GDPR. The personal data processed in the context of invitations and guest user communication are visible within the platform to users involved in the respective event/project. Data will not be shared with third parties outside the platform unless required by law. The personal data processed in connection with invitations and guest users are stored only for as long as necessary for the respective purposes:

  • Unaccepted invitations: The e-mail address of an invited person will be deleted no later than 30 days after the invitation is sent, unless registration or participation in the project occurs.
  • Guest user data: Data of guest users (in particular e-mail addresses and transmitted messages) are stored for the duration of the event/project and deleted after its completion or removal, unless statutory retention obligations prevent this.
  • Log data: Technical logs related to the sending and delivery of invitations are retained for security and verification purposes for up to 90 days and then deleted.

Processing of your data as a paying artist / project

• Processing of your data for contract management

  If you are or become our customer, we process data from you that may include personal data in the context of processing your order and fulfilling our contractual obligations. The data processed includes master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) as well as payment data (e.g., your bank details, payment history). We require this data to fulfill the contract. If this includes personal data, the processing is based on Art. 6 (1) lit. b GDPR. There is no legal or contractual obligation to provide this data.

  All data processed for contractual purposes is processed by us for at least the duration of the contractual relationship plus the applicable warranty period. Afterwards, the data is deleted if it is no longer required for the purpose stated and no retention obligations prevail.

• In the context of receiving marketing emails

  We process certain personal data from you in order to regularly send you status e-mails as well as advertising for our own similar products and services or surveys for our own market research purposes. This includes the following personal data from you:

  • Name
  • E-mail address

  This processing is carried out in our interest in direct marketing and maintaining customer relationships. The legal basis for this is Art. 6 (1) sentence 1 lit. f GDPR. The deletion of this data occurs either selectively for specific details when you remove them from our platform or completely when you delete your account on our platform.

• Stripe payment processing

  The execution and thus the collection, processing, and storage of electronic payment transaction data is carried out by our payment service provider, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland ("Stripe"). Through Stripe, it is possible to offer various payment methods, such as credit card payments or direct debit.

  With every payment transaction, Stripe receives data for processing the electronic payment transaction, such as the information you provided during the order process along with the details of your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number). The processing of your data by Stripe is necessary for the payment processing and thus for the fulfillment of the contract. The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. This data is deleted after the statutory retention periods have expired. Stripe processes your personal data on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR.

  The service provider we use in this context, Stripe, which processes personal data for us on our behalf and in accordance with our instructions as a so-called processor pursuant to Art. 28 GDPR, transfers data to group companies in the USA. The level of data protection in the USA is considered inadequate by the European Commission. The data transfer to the USA is therefore based on the Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. The Standard Contractual Clauses can be retrieved at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32010D0087&from=DE; alternatively, you can also request these documents from us using the contact details provided in Section 2.

• Processing of your data for contact management purposes

  We store master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) of customers, prospects, suppliers, and other business partners for later contact purposes. These personal data may be stored in a CRM system ("Customer Relationship Management System") or comparable systems for managing inquiries. This enables us to efficiently organize incoming contacts. The processing of your personal data is carried out on the basis of Art. 6 (1) lit. f GDPR. All data processed in this context is stored by us for at least the duration of the contractual relationship plus an additional period of three years.

• Processing of your data for accounting purposes

  In addition, we process your data, in particular your master, contract, and payment data, for accounting purposes. This processing is carried out in part on the basis of legal obligations pursuant to Art. 6 (1) lit. c GDPR.

  Under legal requirements in Germany, we are further obliged to retain or store certain data, so that we may not delete or destroy it even after the intended purpose has been achieved; see Art. 17 (3) lit. b GDPR. This applies to master data (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers), contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history). In particular, the retention or storage of books, records, inventories, annual financial statements, management reports, opening balances, as well as the work instructions and other organizational documents necessary for their understanding, the received and sent commercial or business letters, the accounting documents, and other documents, insofar as they are relevant for taxation, is prescribed for ten years in accordance with § 147 (1) of the Fiscal Code (AO). This also applies to any personal data of the data subjects contained in the documents mentioned above. The legal basis for this retention or storage is Art. 6 (1) lit. c GDPR.

• Transfer of your data to external consultants and professional secrecy holders and for accounting purposes

  In addition, we may sometimes transfer your personal data to advisors such as tax consultants, lawyers, auditors, or accountants. This is done in our interest in legally compliant business operations or for financial accounting purposes. The legal basis for this is Art. 6 (1) sentence 1 lit. f GDPR or § 24 (1) no. 2 of the new BDSG.

Deletion of data

Data subject rights

• in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request details regarding the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data (if it was not collected by us), as well as the existence of any automated decision-making including profiling and, where applicable, meaningful information about its details;
• in accordance with Art. 16 GDPR, to request the prompt rectification of inaccurate or the completion of your personal data stored with us;
• in accordance with Art. 17 GDPR, to request the deletion of your personal data stored with us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
• in accordance with Art. 18 GDPR, to request the restriction of processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, yet you refuse their deletion and we no longer require the data, but you need them for the assertion, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller;
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you may contact the supervisory authority of your usual place of residence or place of work, or that of our company headquarters.

Revocation of consent given

Objection in case of processing based on legitimate interest

Security measures

Changes to this privacy policy