Privacy policy

Do you need assistance?
arrow-right

The following privacy policy applies to the use of the website www.streifeneder.de/ (hereinafter “website”). If you leave our website via a link or access a social media platform from there, you also leave the scope of this privacy policy.

As a Streifeneder Group company (hereinafter referred to as “Streifeneder”), we attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above-mentioned website. This statement describes how and for what purpose your data is collected and used and what choices you have in connection with personal data. By using this website, you consent to the collection, use and transfer of your data in accordance with this privacy policy.

Our aim is to collect, process and use as little personal data as possible. When we collect your personal data, we endeavour to keep it accurate and up to date. If personal data collected by us is no longer required and we are not legally obliged to retain it, we will do our utmost to delete it.
We always work to protect your personal data from unauthorised access or unauthorised modification, publication or destruction. We implement security measures to protect your data. We regularly check our systems for possible vulnerabilities and attacks.

1. Responsible body

Streifeneder ortho.production GmbH, Moosfeldstr. 10, 82275 Emmering, Germany is responsible for the collection, processing and use of your personal data within the meaning of the GDPR.

2. Hosting

We host the content of our website with the following provider:

External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.

We use the following hosters:
SiteGround Spain S.L.
Calle de Prim 19
28004 Madrid Spain

3. General use of the website

3.1 Access data

In order for us to display the website to you, it is necessary to process certain information. This already takes place when you access our website. We also offer various functionalities on our website that require further data processing.

When you use our services and access our website, various information is forwarded to our servers. We need this information to establish and maintain the connection. The data also includes your IP address, which we treat as personal data. The following data is also collected:

IP address and source port of the client Time stamp
Type of connection request
Website requested by the client
Any error code from Squid / detailed error description ( = status code)
HTTP status code from the requested server
HTTP status code forwarded to the client
Browser version
Operating system

We store this data for 3 days in so-called server log files and we use the data to compile anonymised statistics. This data is not merged with other data about you. The storage of log files including your IP address serves the legitimate interest of providing our website and preventing its misuse. Stored log files are deleted unless longer storage is necessary, for example to prevent or investigate an attack on our website.

 

3.2 E-mail contact, contact form, telephone and fax

You can contact us by email, via contact forms, telephone or fax which you can find on our website. For general enquiries, the following information is requested: type of enquiry, your company, surname, first name, address, email address, telephone number and your message. All other data that you send us as part of the enquiry, including via the free text field, is provided voluntarily.

We use this data exclusively for the purpose of responding to your enquiry and the associated communication. The legal basis for this processing of your data depends on the content of your enquiry. In principle, our legitimate interest in providing the contact functionality and responding to your enquiry transmitted via it applies here. If your enquiry is aimed at the conclusion of a contract with us, the processing takes place within the framework of this pre-contractual obligation.

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 b) GDPR.

Your data will be deleted as soon as your enquiry has been finally processed. If a contract is concluded, we may process the data further to fulfil the contract.

4. Analysis tools and advertising

4.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

4.2 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data records collected and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymisation
Google Analytics IP anonymisation is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on how Google Analytics handles user data in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de

Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

4.3 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Activ

4.4 Meta pixel (formerly Facebook pixel)

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behaviour of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy ( https://de-de.facebook.com/about/privacy/ ). This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/

You can also deactivate the remarketing function “Custom Audiences” in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

 

4.5 LinkedIn Insight Tag

This website uses the LinkedIn Insight tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight Tag With
the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that we can use to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig

Legal basis
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. If consent has not been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures including social media.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs

Objection to the use of LinkedIn Insight Tag
Objection to the analysis of user behaviour and targeted advertising by LinkedIn under the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Order processing
We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

4.6 Algolia

  1. a) Algolia SAS.
    We use the search service of Algolia Inc. Algolia SAS, 55 Rue d’Amsterdam, 75008 Paris, France (“Algolia”) to
    search for content and for indexing. Among other things, the following information may be collected IP address, date and time of the page view, information about the browser you are using and the operating system you are using. The data is stored on the Algolia server for 90 days.

Legal basis

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR in the context of our legitimate interest in making our online offers and information easily accessible and easy to find for you. Algolia is a technically necessary tool.
We have concluded an order processing contract
with Algolia.

Further information can be found in Algolia’s privacy policy: https://www.algolia.com/policies/privacy

5. Social Media

5.1 Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

 

5.2 Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The joint obligations incumbent on us have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/ and
https://de-de.facebook.com/help/566994660333381
Further information on this can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000GnywAAC&status=Active

 

5.3 LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains elements from LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: 11 / 18 https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de
Further information on this can be found in LinkedIn’s privacy policy at:
https://www.linkedin.com/legal/privacy-policy.

6. Cookies

We use cookies to establish and maintain the connection. A cookie is a small text file containing information that is transmitted by your browser and stored on your computer. You can also control the use of cookies in your browser and delete cookies yourself at any time. Cookies may be required to establish a connection or to improve the use of the website.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

The use of technical cookies and the associated data processing is based on our legitimate interest in the technically flawless and convenient use of our website. Technical cookies are usually deleted automatically when you close your browser (session cookies), in other cases only after some time (persistent cookies). The storage duration of persistent cookies is determined by the provider and can be viewed by you in your browser, for example.

 

6.1 Borlabs

Consent with Borlabs Cookie
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Borlabs Cookie data processing can be found at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ Borlabs Cookie Consent technology is
used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

 

6.2 Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

 

6.3 Matomo

This website uses the web analysis service software Matomo (www.matomo.org) to collect and store data for marketing and optimisation purposes. This data is used to create user profiles under a pseudonym; cookies are used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor’s Internet browser. The cookies enable the internet browser to be recognised. The data collected using Matomo technology (including your anonymised IP address) is transmitted to our server and stored for usage analysis purposes, which helps us to optimise our website. The information generated by the cookie in the pseudonymised user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. You can prevent the use of cookies and thus participation in tracking by setting your browser software accordingly, but in this case you may not be able to use all the functions of this website to their full extent.

The legal basis for the processing of users’ personal data is Art. 6 para. 1 sentence 1 a) GDPR.

The processing of users’ personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of the website. This helps us to constantly improve the website and its user-friendliness. Data is only collected and stored with express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

Cookies are stored on the user’s computer and transmitted by it to our website. You therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. You can find more information on the privacy settings of the Matomo software at the following link https://matomo.org/docs/privacy/.

7. Newsletter

Information on the newsletter and consent
With the following information, we inform you about our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described. We only send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) with the consent of the recipient or with legal authorisation. If the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the user.

 

7.1 Double opt-in and logging

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that no-one can register using other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

 

7.2 Brevo

Our website uses the provider Brevo (Köpenicker Straße 126, 10179 Berlin (formerly Sendinblue GmbH)) to send the newsletter. Brevo enables the organisation and analysis of the newsletter. This information is collected for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations or access times. The statistical surveys also include determining whether the newsletters are opened and when they were opened. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of Brevo to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Further data protection information on Brevo can be found at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/

Personal data collected: Cookie; e-mail; Usage Data.
Place of processing: Germany, France

The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

We have concluded an order processing contract with Brevo. Through this agreement, Brevo has undertaken to protect our customers’ data and not to pass it on to third parties.

Duration

Your data stored by us will be stored until your cancellation/revocation. After any cancellation/revocation, the data will be deleted from our server as well as that of Brevo. Data stored by us for purposes other than sending the newsletter remain unaffected by this.

Cancellation/revocation
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. There is a link
in every newsletter to revoke your consent. Your consent to the newsletter being sent via Brevo and the statistical analyses will expire at the same time. Unfortunately, it is not possible to revoke your consent to the newsletter being sent via Brevo or to the statistical analyses separately.

8. Application procedure

For applications, we use the services of our partner, rexx systems GmbH, Süderstraße 75-79, 20097 Hamburg. rexx systems processes the application data on behalf of Friedrich Georg Streifeneder KG. We will of course use your data exclusively for processing your application. Your personal data will be processed in the application process; this may vary depending on the vacancy. The legal basis for processing your personal data as part of the application process is § 26 BDSG and Art. 6 para. 1 sentence 1 lit. a), b) and f) GDPR. If no contract is concluded, your personal data will be deleted 6 months after completion of the application process, unless you have given us your express consent to store your data for longer.
The Human Resources department of F. G. Streifender KG manages the job vacancies advertised throughout the Group.
If you go to the job vacancies on our website, you will be taken to our applicant portal (www.karriere.streifeneder.de), which is operated by the processor rexx systems GmbH. An order processing agreement has been concluded with F.G. Streifeneder KG specifically for this purpose.

In the applicant portal of rexx systems GmbH you can apply directly for the advertised vacancies and upload documents.
After successful receipt of your application, your documents will first be reviewed by the personnel department of F.G. Streifeneder KG and, if the job offer is directed at us, will then be forwarded to one of our department heads. Your personal data will therefore be exchanged between the companies of the Streifeneder Group.
We store the following personal data that you send us: Applicant master data, qualifications and certificates
Your rights to your personal data as an applicant (data subject rights such as deletion, information or the right to rectification) can be found in this data protection declaration under the heading “Data subject rights”.

As already mentioned, your personal data will be stored by us for 6 months from receipt of your documents; this period may be extended in the event of a dispute. For further information on your data protection rights, in particular your right to object, please refer to the section “Data subject rights” in this privacy policy.

 

Applicants under the age of 16

If the applicant has not yet reached the age of 16, the transmission of the application and thus the consent to the processing of the data by the Streifeneder group of companies is only permissible if this consent is given by the applicant’s legal guardian or with their consent. The applicant assures that the application will be sent to the Streifeneder Group with the consent of the legal guardian.

9. Elopage

We also offer digital products such as online courses for purchase via our website. We use the elopage service for this.

As soon as you click on one of our product buttons, you leave our website and are redirected to our individual elopage sales page.

elopage is a service of:
elopage GmbH
Kurfürstendamm 208
10719 Berlin

All functions on the sales page as well as the entire downstream sales processing are carried out via elopage. You can find elopage’s privacy policy at https://elopage.com/privacy.

We have a separate privacy policy on our elopage sales website, which you should also note, which you can find at https://academy.streifeneder.de/s/streifeneder-academy/document/privacy

We have concluded a corresponding contract with elopage GmbH as our processor in accordance with Art. 28 GDPR. The legal basis for the processing of personal data when forwarding from our website to the sales page via elopage results in this case from Art. 6 para. 1 sentence 1 lit. b).

Legal basis and storage period
The legal basis for data processing in accordance with the above paragraphs is Article 6(1)(f) GDPR. Our interests in data processing are, in particular, to ensure the operation and security of the website, to analyse the way in which visitors use the website and to simplify the use of the website. Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued.

10. Plugins and tools

10.1 YouTube with enhanced data protection

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise surfing on YouTube. Ads that are played in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used to recognise the user. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Activ

 

10.2 Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the standardised display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de

11. eCommerce and payment providers

elopage

We offer digital goods and services for sale on this website. We use elopage to sell these products on our website. The provider is elopage GmbH, Kurfürstendamm 208, 10719 Berlin, Germany (hereinafter referred to as elopage).

If you click on one of our products, you will be redirected to our sales page on elopage. The contract is then processed via elopage. Details can be found in elopage’s privacy policy at: https://elopage.com/privacy?locale=de
The use of elopage is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in using a fast and professional sales page to sell our products. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

12. Audio and video conferencing data processing

We use online conferencing tools, among others, to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “contextual information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.

Please note that we do not have full control over the data processing procedures of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used
We use the following conference tools: Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

13. Rights of data subjects

13.1 Right to confirmation and information

You have the right to obtain confirmation from us at any time as to whether or not personal data concerning you is being processed. If this is the case, you have the right to obtain information from us free of charge about the personal data stored about you together with a copy of this data. You also have the right to the information specified in Art. 15 GDPR.

 

13.2 Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the , you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
If you wish to exercise your right to rectification of data, please contact us using the contact form on our website at https://www.streifeneder.de or by email at office@streifeneder.de and state the reason for contacting us in the subject line (e.g. “Exercising the right to rectification”)

 

13.3 Right to erasure (“right to be forgotten”)

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. The personal data was processed unlawfully.
  5. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.

 

If you wish to exercise your right to erasure of data, please contact us via the contact form on our website at https://www.streifeneder.de or by email at office@streifeneder.de and state the reason for contacting us in the subject line (e.g. “Exercising the right to erasure”)

 

13.4 Right to restriction of processing

You have the right to demand that we restrict processing if one of the following conditions is met:

  1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
  4. you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.

 

If you wish to exercise your right to restrict data processing, please contact us via the contact form on our website at https://www.streifeneder.de or by email at office@streifeneder.de and state the reason for contacting us in the subject line (e.g. “Exercising the right to restrict data processing”)

 

13.5 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where

  1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
  2. the processing is carried out using automated procedures.

 

When exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible.
If you wish to exercise your right to data portability, please contact us using the contact form on our website at https://www.streifeneder.de or by email at office@streifeneder.de and state the reason for contacting us in the subject line (e.g. “Exercising the right to data portability”).

 

13.6 Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

14.7 Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

 

13.8 Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time. To do so, please contact us using the contact form on our website at https://www.streifeneder.de or by email at office@streifeneder.de and state the reason for contacting us in the subject line (e.g. “Exercising the right to withdraw consent”).

 

13.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.

 

13.10 SSL or TLS encryption

SSL or TLS encryption This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

14 Automated decision-making

Automated decision-making based on the personal data collected does not take place.

15. disclosure of data to third parties, data transfer to non-EU countries

In principle, we only use your personal data within our company. However, we engage subcontractors in the fulfilment of contracts (in particular logistics service providers or, in the case of patient care, billing service providers). They only receive personal data from us to the extent that the transfer is necessary for the corresponding service. In the event that we outsource certain parts of data processing (“order processing”), we contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject. Data will not be transferred to bodies or persons outside the EU or outside the cases mentioned in this declaration.

16. Data protection officer

If you have any questions or concerns about data protection, please contact our data protection officer:

Sebastian Braun
Logo-Type GmbH
Schwarzwaldstrasse 64
78532 Tuttlingen
mailto: dsb@logo-type.net

Please note that the binding version of this privacy policy is the German version. You can save and print out this privacy policy at any time.