We collect and use personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data regularly takes place only after prior consent has been obtained. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (for example, if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art 6 (1) lit b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “data processing agreement”, this is done based on Art 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art 44 ff GDPR. We will not use your personal data for purposes incompatible with the processing purposes about which you have been informed unless such use is required or permitted by law or is in your own vital interests.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art 6 (1) (a) GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art 6 (1) c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art 6 (1) lit f GDPR serves as the legal basis for the processing.