Privacy policy lemon.markets GmbH

In this privacy policy, we inform you about the processing of personal data when using our website https://www.lemon.markets/.

Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows conclusions to be drawn about your identity, for example your name, your telephone number, your address or e-mail address. But also certain identifiers such as your IP address or the device ID of your used end device belong to personal data.

Content of this privacy policy

1.     Responsible person and contact person

2.     Data processing on our website

2.1    Calling up our website / connection data

2.2    Contact

2.3    Applications

3.     Use of tools on the website

3.1    Technologies used

3.2    Legal basis and revocation

3.3    Necessary tools

3.4    Analysis tools

3.5    Marketing tools

4.     Online presence in social networks

5.     Data disclosure

6.     Data transfer to third countries

7.     Storage period

8.     Your rights, in particular revocation and objection

9.     Changes to the privacy policy

1.          Responsible and contact person

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (GDPR) is the

lemon.markets GmbH

Kottbusser Damm 79

10967 Berlin

Email: info@lemon.markets.

For all questions regarding data protection in connection with our services or the use of our website, you can also contact our data protection officer ISiCO Datenschutz GmbH at any time. This can be contacted at the postal address: Am Hamburger Bahnhof 4, 10557 Berlin, Germany as well as at the given e-mail address: datenschutz@lemon.markets. We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, please therefore first contact us directly via this e-mail address.

2.          Data processing on our website

2.1       Calling our website / connection data

Each time you use our website, we process connection data that your browser automatically transmits to enable you to visit the website. This connection data includes the so-called HTTP header information, including the user agent, and includes in particular:

·       IP address of the requesting device;

·       Method (e.g. GET, POST), date and time of the request;

·       Address of the requested website and path of the requested file;

·       if applicable, the previously accessed website/file (HTTP referrer);

·       Information about the browser and operating system used;

·       HTTP protocol version, HTTP status code, size of the delivered file;

·       Request information such as language, type of content, encoding of content, character sets;

·       cookies of the accessed domain stored on the terminal device.

The data processing of this connection data is absolutely necessary to enable the visit of the website, to ensure the permanent operability and security of our systems as well as for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, in order, for example, to find the cause of repeated or criminal calls that endanger the stability and security of our website and to take action against them.

The legal basis for this processing is Art. 6 (1) lit. b DSGVO, insofar as the page call occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 (1) lit. f DSGVO due to our legitimate interest in enabling the website call and permanent functionality and security of our systems. However, the automatic transmission of the connection data and the log files developed from it do not constitute access to the information in the end device in the sense of the implementation laws of the ePrivacy Directive of the EU member states, in Germany § 25 TTDSG. For the rest, however, it would be absolutely necessary anyway.

The log files are generally stored for 60 minutes  and then anonymized. Exceptionally, individual log files and IP addresses are stored longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.

2.2       Contact

You have the possibility to get in contact with us. For this purpose, you can use the contact form. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 (1) lit. b DSGVO, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 (1) lit. f DSGVO due to our legitimate interest that you contact us and we can answer your inquiry. We only make promotional telephone calls if you have given your consent for this. If you are not an existing customer, we will send you promotional e-mails only on the basis of your consent. The legal basis in these cases is Art. 6 para. 1 lit. a DSGVO in conjunction with. § Section 7 (2) No. 1 or 2 UWG.

The data collected by us when you contact us will be automatically deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations (cf. para. 7 "Storage period").

2.3        Applications

You can apply to us for open positions at jobs.lemon.markets (applicant management system "Recruitee"). The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. For the purpose of receiving and processing your application, we process the following personal data in particular (hereinafter "application data"):

·       First and last name;

·       E-mail address;

·       Application documents (certificates, curriculum vitae);

·       Date of earliest possible job start;

·       Salary requirement;

·       LinkedIn profile (if available);

·       Membership of a protected group.

The legal basis for the processing of your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 DSGVO in conjunction with Section 26 para. 1 sentence 1 BDSG.

We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data for as long as it is necessary for the employment relationship and to the extent that legal regulations require us to retain it.

If we reject your application, we will store your application data for a maximum of three months after rejecting your application, unless you give us your consent to store it for a longer period. If you have separately given us your consent in accordance with Art. 6 Para. 1 lit. a DSGVO, we will store your data submitted as part of the application in our pool of applicants for a further twelve months after the end of the application process in order to identify any further positions of interest to you and, if necessary, to approach you again. After this period, the data will be deleted. You can revoke this consent at any time with effect for the future.

3.          Use of tools on the website

3.1       Technologies used

This website uses various services and applications (collectively, "Tools") that are provided either by us or by third parties. These include, in particular, tools that use technologies to store or access information in the terminal device:

·       Cookies: information stored on the terminal device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.

·       Web Storage (Local Storage / Session Storage): information stored on the end device, consisting of a name and a value. Information in Session Storage is deleted after the session, while information in Local Storage has no expiration date and basically remains stored unless a mechanism for deletion has been set up (e.g. storage of a Local Storage with time entry). Information in Local and Session Storage can also be removed manually.

·       JavaScript: programming codes (scripts) embedded in or called up from the website that set cookies and web storage, for example, or actively collect information from the end device or about the usage behavior of visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer function.

·       Pixel: Tiny graphic automatically loaded by a service, which can make it possible to recognize visitors by automatically transmitting the usual connection data (in particular IP address, information about browser, operating system, language, address called up and time of call-up) and to determine, for example, whether an e-mail has been opened or a website visited. With the help of pixels, "passive fingerprinting" and the creation of usage profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, for example in e-mails, although the display is then severely restricted.

With the help of these technologies and also through the mere establishment of a connection on a page, so-called "fingerprints" can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, run scripts, and display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block cookies from being stored, graphics from being displayed, and scripts from being run, our services are not expected to function properly or at all.

In the following, we list the tools we use by category, informing you in particular about the providers of the tools, the storage duration of the cookies or information in local storage and session storage, and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke it.

3.2       Legal basis and revocation

3.2.1   Legal basis

We use tools necessary for website operation based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 (1) lit. b DSGVO. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions based on your consent pursuant to Art. 6 (1) a DSGVO. Access to and storage of information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 (1) TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance.

If personal data is transferred to third countries (e.g., the USA), we refer you, also with regard to the risks that this may entail, to para. 6 ("Data transfer to third countries"). We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we (also) transfer the data processed when using the tools to third countries on the basis of this consent pursuant to Art. 49 (1) a DSGVO.

3.2.2   Obtaining your consent

To obtain and manage your consents, we use the tool CookieFirst, available at https://cookiefirst.com. This generates a banner informing you about data processing on our website and giving you the option to consent to all, some or no data processing through optional tools. This banner will appear the first time you visit our website and when you revisit the selection of your preferences to change them or withdraw consents. The banner will also appear on subsequent visits to our website, provided that you have disabled the storage of cookies or the cookies or information in CookieFirst's Local Storage have been deleted or have expired.

Your consent or revocation, your IP address, information about your browser, your terminal device and the time of your visit are transmitted to CookieFirst as part of your website visit. In addition, CookieFirst stores necessary information on your terminal device in order to document the consents and revocations you have given. The data collected in this way is stored until you request us to delete it, delete the CookieFirst cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The data processing by CookieFirst is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of CookieFirst is Art. 6 (1) lit. f DSGVO, justified by our interest in fulfilling the legal requirements for consent management. The access to and storage of information in the end device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

3.2.3   Revocation of your consent or change of your selection

You can revoke your consent for certain tools, i.e. for the storage and access to information in the terminal device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do so, click on the Data Privacy Settings in the footer. There you can also change the selection of tools to whose use you wish to consent, as well as obtain supplementary information on the tools used. Alternatively, you can assert your revocation for certain tools directly with the provider.

3.3       Necessary tools

We use certain tools to enable the basic functions of our website ("necessary tools"). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud, and to ensure the security of our website. Without these tools, we could not provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfillment of a contract or for the performance of pre-contractual measures, the legal basis for data processing is Art. 6 (1) lit. b DSGVO. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to Section 25 (2) TTDSG.

In the event that personal data is transferred to third countries (such as the USA), we refer in addition to the information provided below to para. 6 ("Data transfer to third countries").

3.3.1   Google Tag Manager

Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together "Google").

The Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, for example through scripts. If these are optional tools, they are only integrated by the Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and basically does not use cookies.

The legal basis is Art. 6 (1) lit. f DSGVO, based on our legitimate interest to include and manage multiple tags on our website in a straightforward manner.

For purposes of ensuring stability and functionality, Google collects information about which tags are integrated by our website within the scope of using the Google Tag Manager. However, the Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data about user behavior or the pages visited.

We have concluded an order processing agreement with Google Ireland Limited. In the event that personal data is transferred by Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 (2) lit. c DSGVO.

For more information, see Google's information on Tag Manager: https://support.google.com/tagmanager/answer/6102821.

3.4       Analysis tools

In order to improve our website, we use optional tools for the recognition of visitors and for the statistical collection and analysis of general usage behavior based on access data ("analysis tools"). We also use analytics services to evaluate the use of our various marketing channels. The usage information collected is processed in aggregated form and enables us to track usage habits of our visitors. This is used to adapt and optimize the design of our website and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent according to Art. 6 para. 1 lit. a DSGVO. The access to and storage of information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent see 3.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the transfer of data (Art. 49 Para. 1 lit. a DSGVO). For the associated risks, please refer to para. 6 ("Data transfer to third countries").

3.4.1  Google Analytics 4

Our website uses the Google Analytics 4 service ("Google Analytics"), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for individuals from Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively "Google") for all other individuals.

Google Analytics uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. This is used to analyze your usage behavior and to improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. This is done in particular for forecast metrics on the future behavior of visitors based on structured event data, such as forecast revenue, purchase probability, and churn probability. The forecast metrics can also be used for forecast target groups. To learn more, visit: https://support.google.com/analytics/answer/9846734 In addition, Google Analytics 4 models conversions where insufficient data is available to optimize analysis and reports. Find out more at: https://support.google.com/analytics/answer/10710245. Data evaluations are automated using artificial intelligence or based on specific individually defined criteria. You can find out more about this at: https://support.google.com/analytics/answer/9443595.

We have made the following privacy settings for Google Analytics:

·       IP anonymization (shortening of the IP address before evaluation);

·       Automatic deletion of old visit logs by limiting the storage period to 2 months;

·       No reset of the retention period in case of new activity.

The following data is processed by Google Analytics:

·       IP address;

·       User ID;

·       Referrer URL (previously visited page);

·       Pages viewed (date, time, URL, title, time spent);

·       Downloaded files;

·       Clicked links to other websites;

·       If applicable, achievement of specific goals (conversions);

·       Technical Information: Operating system; browser type, version, and language; device type, brand, model, and resolution;

·       Approximate location (country and city, if applicable, based on anonymized IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage period:

·       "_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors by a user ID;

·       "_ga_[GA-ID]" (2 years): Retention of the information of the current session;

·       "_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and, if applicable, linking with Google Ads Conversion Tracking.

For more information about Google Analytics 4 cookies, please visit: https://support.google.com/analytics/answer/11397207?hl=de.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO. Access to and storage of information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

We have concluded an order processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred by Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 (2) lit. c DSGVO. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 (1) a DSGVO.

For more information, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245.

3.5       Marketing Tools

We also use optional tools for advertising purposes ("marketing tools"). Some of the access data collected when using our website is used to create usage profiles, which store in particular your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. In doing so, we also analyze your usage behavior in order to recognize you on other sites and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (especially so-called conversions and leads).

Marketing tools also include optional social network tools used to share posts and content through these networks ("social media plugins").

The legal basis for the marketing tools is your consent pursuant to Art. 6 (1) lit. a DSGVO, which you give via the consent banner or with the respective tool itself by individually allowing its use via a banner (overlay) placed over it. The access to and storage of information in the terminal device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent see 3.2.3: "Revoking your consent or changing your selection".

In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Art. 49 para. 1 lit. a DSGVO). For the associated risks, please refer to para. 6 ("Data transfer to third countries").

In the following section, we would like to explain the tools and the providers used for this purpose in more detail. The data collected may include in particular:

·       the IP address of the device;

·       the information of a cookie and in local or session storage;

·       the device identifier of mobile devices (e.g. device ID, advertising ID);

·       Referrer URL (previously visited page);

·       Pages viewed (date, time, URL, title, time spent);

·       Downloaded files;

·       Clicked links to other websites;

·       If applicable, achievement of specific goals (conversions);

·       Technical Information: Operating system; browser type, version, and language; device type, brand, model, and resolution;

·       Approximate location (country and city, if applicable).

However, the data collected is only stored pseudonymously, so that no direct conclusions can be drawn about individuals.

3.5.1   Microsoft Advertising (formerly Bing Ads)

Our website uses Microsoft Advertising, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"). Microsoft uses JavaScript, cookies and local storage to present you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on prior visits to our site or other sites on the Internet. The data generated in this context may be transferred by Microsoft to a server in the USA for analysis and stored there.

The following cookies are set and read by Microsoft Advertising for the specified purpose with the respective storage period:

·       "_uetsid" (24 hours): Session ID;

·       "_uetvid" (13 months): Recognition of visitors, usage analysis, display of personalized advertising;

·       "MUID" (13 months): Recognition of visitors, usage analysis, playout of personalized advertising.

The following information in Local Storage is stored and read by Microsoft Advertising:

·       "_uetsid", "_uetvid": same purposes as the corresponding cookies;

·       "_uetsid_exp", "_uetvid_exp": Information about the expiration date of the information in the Local Storage.

The legal basis for this data processing is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TTDSG. The transfer of your data to the USA and other third countries takes place on the basis of your express consent in accordance with Art. 49 Para. 1 lit. a DSGVO.

In addition to withdrawing your consent, you also have the option to opt out of personalized ads at Microsoft Advertising or in the Ads settings in your Microsoft account:

·       Personalized ads: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen;

·       Display settings: https://account.microsoft.com/privacy/ad-settings/signedout.

For more information, see Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

4.          Online presence in social networks

We maintain online presences in social networks in order to communicate there with customers and interested parties, among others, and to provide information about our products and services. The users' data is generally processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, for example, advertisements are then placed within the social networks but also on third-party websites.

As part of the operation of our online presences, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with our online presences (e.g., likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presence and to optimize it for our audience. Please see the list below for details and links to the social network data that we, as operators of the Online Presence, can access. The collection and use of these statistics is generally subject to joint responsibility. Where this applies, the relevant agreement is listed below.

The legal basis for data processing is Art. 6 (1) lit. f DSGVO, based on our legitimate interest in effective information and communication with users, and Art. 6 (1) lit. b DSGVO, in order to stay in contact with and inform our customers, as well as to carry out pre-contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. For example, this may be through direct messages or posted articles. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network as a messenger and platform service. As soon as we transfer or further process personal data from you into our own systems, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 (1) lit. b DSGVO.

For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection notices of the respective social network. The following links also provide you with further information on the respective data processing and the options to object.

We would like to point out that data protection requests can be asserted most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

Below is a list of information about the social networks on which we operate online presences:

• Facebook (USA and Canada: Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
  undefinedundefinedundefinedundefined
• Instagram (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
  undefinedundefinedundefinedundefined
• Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
  undefinedundefined
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
  undefinedundefinedundefinedundefined

5.          Data sharing

The data we collect will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

·       you have given your express consent to this in accordance with Art. 6 para. 1 lit. a DSGVO,

·       the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 lit. f DSGVO and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,

·       we are legally obliged to disclose data according to Art. 6 (1) lit. c DSGVO, in particular if this is necessary for legal prosecution or enforcement due to official requests, court decisions and legal proceedings, or

·       this is legally permissible and necessary according to Art. 6 para. 1 lit. b DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which take place upon your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting companies. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

6.          Data transfer to third countries

As explained in this Privacy Policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 DSGVO, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

7.          Storage duration

In principle, we store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

8.          Your rights , in particular revocation and objection

You are entitled to the data subject rights formulated in Art. 7 (3), Art. 15 - 21, Art. 77 DSGVO at any time if the respective legal requirements are met:

·       Right to withdraw your consent (Art. 7 (3) DSGVO);

·       Right to object to the processing of your personal data (Art. 21 DSGVO);

·       Right to information about your personal data processed by us (Art. 15 DSGVO);

·       Right to rectify your personal data that we have stored incorrectly (Art. 16 DSGVO);

·       Right to erasure of your personal data (Art. 17 DSGVO);

·       Right to restrict the processing of your personal data (Art. 18 GDPR);

·       Right to data portability of your personal data (Art. 20 DSGVO);

·       Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims even longer. The legal basis is Art. 6 para. 1 lit. f DSGVO, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 DSGVO and fulfilling our accountability obligations under Art. 5 para. 2 DSGVO.

You have the right to revoke your consent at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which we will also implement without giving reasons.

If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

Finally, you have the right to complain to a data protection supervisory authority. For example, you can exercise this right at a supervisory authority in the member state of your residence, your workplace or the location of the alleged violation. In Berlin, our headquarters, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

9.          Changes to the privacy policy

We may occasionally update this privacy statement, for example, if we make changes to our website or if legal or regulatory requirements change.

This privacy policy is currently valid and has the status 08 June 2023.