Data protection

1                 Foreword

The overall system "bbbserver.de" is operated under the main domains "bbbserver.de" (German language) and "bbbserver.eu" (English language). For the sake of simplicity, this document uses only "bbbserver.de" wherever it is not technically needed to mention both domains.

1.1             Layers of protection

The overall system "bbbserver.de" is divided into three areas, which are collectively referred to as "website" in the following data protection declaration. In our data protection concept, we provide for different security requirements for the areas. The three areas include:

·        The website (recognizable by the domains "bbbserver.de" or "bbbserver.eu"), on which registration is not possible and on which no personal data is requested in the form of online forms

·        The platform system (recognizable by the domains "app.bbbserver.de" or "app.bbbserver.eu"), which offers the user login all program functions for the administration and payment of video conferences

·        The video conference server (recognizable by the domain "*. s.bbbserver.de") which handles the specific video conferences and the associated data transfer

 

In the above order, our concept provides for increasing security requirements for data protection.

 

Protection level 1 (website):

For the economic operation of our platform, the integration of Google Ads, Facebook Pixel and LinkedIn Insight Tag is mandatory on the website so that we can advertise our platform. However, we have restricted the integration of Google Ads, Facebook Pixel and LinkedIn Insight Tag in our website as far as possible. For example, the required scripts are only loaded if a visitor actually comes to our website via an advertisement on Google, Facebook or LinkedIn. We recognize this via the URL and assume that the visitor knows the respective data protection conditions of the service the customer came from. Direct website visitors, on the other hand, do not receive such a script where possible. In order to protect our users, we accept the resulting disadvantages for us in advertising and possibly even in visibility on the Internet in general.

 

Protection level 2 (platform system):

With the exception of credit institutes and PayPal, no other external payment providers are involved in the "app.bbbserver.de" platform system. Since the conferences are planned here (the name of a conference or a conference room could give an indication of the conference content) and personal data is processed (name or e-mails of moderators or conference participants), this level is subject to increased security requirements in terms of data protection.

 

Protection level 3 (video conference server):

The highest protection level is on the video conference servers themselves, which have not integrated any external services or user tracking mechanisms and are additionally protected by special firewall techniques. These servers are set by us to save data and are completely independent systems, which are only "remotely controlled" by our platform through a special interface in order to provide conferences. However, since it cannot be completely ruled out that BigBlueButton or a software component used by BBB writes error messages in log files on the video conference servers, we automatically destroy all video conference servers used after approx. 24 hours, together with all the data on them. Any conference recordings made by the moderators are copied from the servers to a secure data storage beforehand.

We have examined all matters relevant to data protection very critically and we have been extremely cautious with the integration of external services. We only use software, which we can keep under our own control on our own servers.

Request: We are constantly working to improve our customer and data security. However, we are only human and may make mistakes. If you notice something that we missed or where we can improve, please send us a short email to support@bbbserver.de. Thank you in advance!

1.2             Contracts for order data processing (DPA)

After registering on our online interface, you can conclude a data processing agreement (DPA) with us under the menu item "Contracts -> DP-Contract". Simply enter the information you require.

We prepared a demo DP contract for you, so that you are able to preview the contract before signing up for an account.
Click here to open the demo DP contract...

Our DP contract is not enough for you? You have special requirements to the contract? Please understand that the legal review of individual contracts is very time-consuming. Since data protection is important to us, we would have to check every contract for organizational feasibility and legal completeness. With thousands of customers, we have to make sure that we don't have a "patchwork" of individual regulations. For this reason, we do not offer individual regulations for data processing for small customers, but only for a monthly purchase volume of around 10,000 connections and above.

Exception: Church institutions may be obliged to sign an additional agreement (e.g. in accordance with DSG-EKD or KDG). Since we already work with institutions from all major churches in Germany, this is not a problem. Simply send us a corresponding request.

2                 Data protection at a glance

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

However, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps despite all security measures. A complete protection of the data against access by third parties is not possible.

 

If you use this website, various personal data will be collected. The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. See below for detailed information. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

 

Who is responsible for data collection on this website? The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

 

How do we collect your data?On the one hand, your data is collected when you communicate it to us. This can be z. B. be data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter this website.

When you visit this website, your surfing behavior can be statistically evaluated. This is mainly done with cookies and so-called analysis programs.

What do we use your data for?

Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request that the processing of your personal data be restricted. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time at the address given in the imprint or read more about this in detail below if you have any further questions on the subject of data protection.

3                 Hosting and Content DeliveryNetworks (CDN)

This website is hosted by an external service provider within Europe (hoster). The personal data collected on this website is stored on the host's servers. This can primarily be IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para . 1 lit.f GDPR).

Our hoster will only process your data to the extent that this is necessary to fulfill its performance obligations and will follow our instructions in relation to this data.

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

4                 Mandatory information

4.1             Responsible body

The responsible body for data processing on this website is:

invokable GmbH Möllersbaum 1 42477 Radevormwald Telephone: +49 2195 588 25 0 Email: info (at) invokable.gmbh

The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

4.2             Data Protection Officer

As required by law, we have appointed a data protection officer for our company.

KHBL Service- und Wirtschaftsgesellschaft mbH
Altenberger-Dom-Strasse 200
51467 Bergisch Gladbach
Telephone: +49 2195 588 25 0
Email: datenschutz (at) invokable.gmbh

4.3             Your rights

4.3.1          Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to us is sufficient. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.

4.3.2          Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6 Para. 1 lit.e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profilingbased on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profilinginsofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

4.3.3          Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

4.3.4          Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.

4.3.5          Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.

4.3.6          Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the examination, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to demand that the processing of your personal data be restricted instead of being deleted.

If you have lodged an objection in accordance with Art. 21 (1) GDPR, your interests and ours must be weighed up. As long as it has not yet been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State are processed.

4.4             Encrypted payment transactions on this website

If, after the conclusion of a fee-based contract, there is an obligation to send us your payment data (e.g. account number for direct debit authorization), this data is required for payment processing.

Payment transactions using the usual means of payment (Visa/MasterCard, direct debit, Paypal) are carried out exclusively via an encrypted SSL or TLS connection.

4.5             SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

5                 Data collection on this website

For general data collection for general contact with our company, please refer to our stratified data protection information:
https://legal.invokable.gmbh/company/data_protection_quick_info/quick_info_DE.pdf

5.1             Audio/video conferences

Conference attendees do NOT need to register to attend conferences. Invitation links to conferences can be opened without prior registration/login. Names are not validated and can also be so-called nicknames.

The following data is recorded and processed on bbbserver.de to conduct the conferences:

Affected person / group Which dates? Storing Deletion
Registered user on app.bbbserver.de
(People creating and managing conferences)
Name, email address, password Permanent If the account is deleted at the request of the user or an administrator
Contract owner
(Registered user that books subscriptions or manages payments)
Name, e-mail address, password, contract master data of the customer account (e.g. name, address, etc.), as well as payment/account data depending on the selected payment method Permanent If the customer account is deleted at the request of the user
Conference participants
(NO REGISTRATION is needed to participate)
Name, audio data (spoken word), video data (webcam image and screen share), chat messages temporary Automatically when leaving the conference or five minutes after the end of the conference.
Recorded Participants
(Participants in a conference in which the moderator used the recording feature)
Name, chat messages, webcam image (only if activated during recording), screenshareimage (only if activated during recording), audio data (spoken word, only if active during recording) Permanent Conference recording remains stored in the user account until deleted by the conference organizer
Additional data stored by attendance tracking
(Participants in a conference with activated attendance tracking. Explicit consent has to be given by each participant before joining is possible.)
Name, dial-in time, selection time, microphone activation (from, to), webcam activation (from, to), presenter right (from, to) Permanent Attendance tracking remains stored in user account until deleted by the organizer of the conference

5.2             Further data processing - functions and tools

5.2.1          Cookies

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience). on the basis of Art. 6 Para. 1 lit.f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies was requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6 (1) (a) GDPR); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in this data protection declaration and, if necessary, ask for your consent.

5.2.2          Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

·        Browser type and browser version

·        operating system used

·        ReferrerURL

·        Host name of the accessing computer

·        Time of server request

·        IP address

This also results in log files that can be used for error analysis. These log files are either (if possible) completely anonymized (e.g. zeroing of the last two digits of the IP address) or automatically deleted after a maximum of 48 hours.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website; the server log files must be recorded for this purpose.

5.2.3          Contact form

Applicable: at protection level "Platform"

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit.b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit.f GDPR) or on your consent (Art. 6 Para. 1 lit.a GDPR) if this was queried.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

5.2.4          Communication, inquiries by e-mail, telephone

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

For general contract processing and communication, we also refer to our general information on the processing of personal data: Link

This data is processed on the basis of Art. 6 Para. 1 lit.b GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit.f GDPR) or on your consent (Art. 6 Para. 1 lit.a GDPR) if this was queried.

The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

5.2.5          Registration on this site

Applicable: at protection level "Platform"

You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration.

For important changes, such as the scope of the offer or technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, initiating further contracts (Article 6 (1) (b) GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

5.2.6          Analytics Tools and Advertising

5.2.6.1       Matomo(formerly Piwik)

This is how we limit tracking as best we can:

Affected protection level(s):website and platform
Affected website visitors:All
Scope of tracking:Server-side counting of accesses to our website to ensure technical operation. Client-side tracking, including the use of cookies, is not used. All data is anonymized.

 

This website uses the open source software Matomo to collect technical metrics on server utilization, including counting the number of visits to the website. Matomo is NOT used on this website in the "conventional" way (client-side tracking), but the collection takes place by anonymizing the IP address on the server side. Contrary to conventional use, this also eliminates the use of cookies, which could be used to identify individuals or browsers.

This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of website and server usage in order to optimize both its website and its advertising.

5.2.6.2       Google conversiontracking

This is how we limit tracking as best we can:

Affected protection level(s):website only
Affected website visitors:Only visitors who came to our site directly via a Google advertisement AND have consented to tracking in the cookie notice.
Scope of tracking:First entry page and page for completing a registration. No tracking of other sites.

 

This website uses Google Ads. Google Ads is an online advertising program from Google IrelandLimited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

As part of Google Ads, we use so-called conversiontracking. If you click on an ad placed by Google, a cookie will be set for conversiontracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversioncookie is used to create conversionstatistics for Google Ads customers who have opted for conversiontracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversiontracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversiontracking cookie in your Internet browser under user settings. You will then not be included in the conversiontracking statistics.

The storage of " conversioncookies" and the use of this tracking tool are based on Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 Para. 1 lit.a GDPR; the consent can be revoked at any time.

You can find more information about Google Ads and Google ConversionTracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

5.2.6.3       Facebook pixels

This is how we limit tracking as best we can:

Affected protection level(s):website only
Affected website visitors:Exclusively visitors who came to our website directly via the Facebook website (via link or advertising) AND have consented to tracking in the cookie notice.
Scope of tracking:First entry page and page for completing a registration. No tracking of other sites.

 

This website uses the visitor action pixel from Facebook to measure conversion. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected is also transferred to the USA and other third countries.

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of Facebook pixels is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendumhttps://de-de.facebook.com/help/566994660333381

You will find further information on the protection of your privacy and the use of data by Facebook in Facebook's data protection information: https://de-de.facebook.com/about/privacy/

You can also disable the "Custom Audiences" remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

5.2.6.4       LinkedIn Insight Tag

This is how we limit tracking as best we can:

Affected protection level(s):website only
Affected website visitors:Only visitors who came to our website directly from the LinkedIn website (via link or advertising) AND who consented to tracking in the cookie notice.
Scope of tracking:First entry page and page for completing a registration. No tracking of other sites.

 

This website uses LinkedIn's Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag we receive information about the visitors of our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the professional key data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better align our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our website make a purchase or take another action (conversion measurement). The conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with the help of which we can show visitors to our website targeted advertising outside of the website, whereby, according to LinkedIn, the advertising addressee is not identified. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted from LinkedIn after seven days. The remaining pseudonymised data will then be deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's data protection declaration at https://www.linkedin.com/legal/privacy-policy#choices-oblig

LinkedIn Insight is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Article 6 Paragraph 1 lit. the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpahttps://www.linkedin.com/legal/l/eu-sccs

You can object to the analysis of usage behavior and targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

5.2.7          Other and previous plugins and tools

(Compared to the previous version of this document, these are omitted. All external plugins and tools mentioned earlier have been removed from our system.)

5.2.8          eCommerce and payment providers - processing of data (customer and contract data)

Applicable: at protection level "Platform"

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit.b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

5.3             Data transmission upon conclusion of contract for services and digital content

We only transfer personal data to third parties if this is necessary within the framework of contract processing.

Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

5.3.1          Payment transactions

The transmission of your data to the named payment service providers and banks takes place on the basis of Art. 6 Para. 1 lit.a GDPR (consent) and Art. 6 Para. 1 lit.b GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations.

5.3.1.1       SEPA direct debit

Applicable: at protection level "Platform"

On this website we offer the option of paying by SEPA direct debit. If you choose to pay via SEPA direct debit, the payment details you enter will be sent to the banks responsible for processing the payment, which are subject to their own strict data protection regulations. For our part, payment data is passed on to the Volksbank im Bergisches Land, TenterWeg 1-3, 42897 Remscheid, BIC VBRSDE33XXX, BLZ 34060094, which in turn exchanges data with the bank you specified.

5.3.1.2       PayPal

Applicable: at protection level "Platform"

On this website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal(Europe) S.à.rl.et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

If you choose to pay via PayPal, the payment details you enter will be sent to PayPal, which in turn will exchange data with the bank you specified.