Released: February 13, 2024

1. General information

Thank you for your interest in our offer and ALLEHERZEN GmbH (“ALLEHERZEN”). The protection of your privacy is very important to us. 

We process your personal data in accordance with the respective applicable legal data protection requirements for the purposes listed below. Personal data in the sense of this privacy policy is all information that has a reference to your person. Relevant personal data are in particular your personal data (e.g. name, address, contact details and date of birth), your billing data (e.g. bank data), information about your financial situation (e.g. creditworthiness data), advertising and sales data (i.e. findings from customer data analyses).

Below we inform you in detail about how we handle your data.

Responsible party and contact:

The company responsible for processing your personal data is ALLEHERZEN GmbH, Alwinenstraße 3 in 65189 Wiesbaden, Germany, telephone: 0611 / 16 75 10 9-0.

If you have any questions or comments about data protection at ALLEHERZEN (for example, about accessing and updating your personal data), you can also contact us directly at datenschutz@alleherzen.de.

When you access our website or retrieve a file, data about this process is stored in a log file on our web server. In detail, the following data is stored:

• IP address 
• the domain name of the website you came from 
• the web pages you have visited in our offer 
• the names of the retrieved files 
• the date and time of a retrieval 
• the name of your internet service provider 
• and, if applicable, the operating system and browser version of your PC or terminal device.

2. IP addresses

We store IP addresses for a maximum period of seven days. The storage is done for data security reasons to ensure the stability and operational reliability of our system. In particular, this is done to protect against load peaks from individual IP addresses. We reserve the right to statistically evaluate anonymized data records.

3. Recipients of your personal data

3.1 Third parties and processors

Your personal data will also be used by other companies that are active on behalf of ALLEHERZEN (“order processors”) or are active within the scope of business partnerships of ALLEHERZEN (“third parties”). These may also be external companies and partners of ALLEHERZEN. Possible recipients of your data are IT service providers, address service providers, collection companies, network operators, shipping service providers, call centers, marketing and media agencies, market research institutes, social media companies, consultants or consulting companies, logistics companies, service providers for on-site installation, service providers for the purposes of billing and payment activities, telephone customer support, companies involved in the use of cookies and tracking pixels and other service and cooperation partners.

For details, please refer to the detailed descriptions of data processing in this data protection information.The processors mentioned in this data protection information have been commissioned by ALLEHERZEN and committed to ALLEHERZEN’s level of data protection and data security. As part of this obligation, it was stipulated, among other things, that the service providers only receive data that is required for the respective fulfillment of the order.

3.2 Recipients outside the European Union (EU)

ALLEHERZEN has individual services and performances carried out by carefully selected and commissioned service providers who are based outside the European Economic Area (“third country”), e.g. IT service providers, market and opinion research institutes and social media companies. In these cases, a third country transfer takes place. Insofar as legally required to establish an adequate level of protection for your data, ALLEHERZEN uses guarantees that meet the legal requirements guarantees to establish an adequate level of data protection, including EU standard contracts. You have the possibility to request further information at any time and to be provided with copies of corresponding sample agreements (for contact details, see section 1).

4. “Cookies” – information that is automatically stored on your computer

When you visit one of our websites, we may place information on your computer in the form of a “cookie” that we will automatically recognize the next time you visit. We use cookies to optimize our website, to further develop services or for marketing purposes. If you do not want us to recognize your computer, please set your Internet browser to delete cookies from your computer hard drive, block all cookies or warn you before a cookie is stored. However, we would like to point out that the use and especially the comfort of use will be limited without cookies. 

In the information on cookies from other providers or those set by third-party providers (see below), there is always a link through which you can declare your objection. In this context, the provider will set an opt-out cookie on your computer, which prevents further data from being collected. As long as you wish to maintain your objection, you should not delete the opt-out cookie. Insofar as this cookie is subsequently deleted by you, you must carry out the deactivation again. In addition, you can object to the collection and storage of data by many other services under the link http://www.youronlinechoices.com/de/praferenzmanagement at any time with effect for the future.

5. Notes on web analysis

In order to continuously improve and optimize our offer, as well as to display interest-based personalized advertising, we use the third-party web tracking and analysis services described below:

Google Analytics 4

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Nature and purpose of processing

Google Analytics uses cookies that enable your use of our website to be analyzed. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.

We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices].

We use Google Signals. This collects additional information in Google Analytics about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns].

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of “events”. Events can be

• page views
• first visit to the website
• start of the session
• visited web pages
• your “click path”, interaction with the website
• scrolls (whenever a user scrolls to the end of the page (90%))
• clicks on external links
• internal search queries
• interaction with videos
• file downloads
• viewed / clicked ads
• language setting

Also recorded:

• your approximate location (region)
• date and time of your visit
• your IP address (in abbreviated form)
• technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• your internet provider
• the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.

Revocation

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at

https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Google Ads

This website uses the online marketing tool Google Ads by Google (“Google Ads”). Google Ads uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Google Ads can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google Ads ad and later calls up the advertiser’s website with the same browser and buys something there. According to Google, Google Ads cookies do not contain any personal information. 

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. Through the integration of Google Ads, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or are not logged in, there is the possibility that Google learns your IP address and stores it. You can prevent participation in this tracking process in various ways:

a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies will result in you not receiving third-party ads;

b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com”, https://adssettings.google.com, which setting will be deleted when you delete your cookies;

c) by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign, through the link https://www.aboutads.info/choices, this setting being deleted when you delete your cookies;

d) by permanently disabling them in your Firefox, Safari, Internet Explorer, Microsoft Edge or Google Chrome browsers at the link https://www.google.com/settings/ads/plugin. We point out that in this case you may not be able to use all functions of this offer in full.

The legal basis for the processing of your data is a balancing of interests, according to which the processing of your personal data described above for the improvement of online marketing activities or reduction of multiple ad impressions is not conflicting interests on your part (Art. 6 para. 1 sentence 1 lit. f GDPR). You can find more information about Google Ads from Google at https://ads.google.com/intl/de_DE/ home/, and about data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.

Google Remarketing

This website uses the remarketing function of Google. This function is used to present interest-based advertisements to visitors of the website within the Google advertising network. Cookies are used to recognize individual visitors when they visit websites that belong to the Google advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function. According to its own information, Google does not collect any personal data during this process. The legal basis for the processing of your data is a balancing of interests, according to which the processing of your personal data described above is not opposed by any overriding interests on your part (Art. 6 (1) sentence 1 lit. f GDPR).

If you nevertheless do not wish to use Google’s remarketing function, you can deactivate it in principle by making the appropriate settings at https://adssettings.google.com/. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at https://optout.networkadvertising.org. Further information on Google Remarketing and Google’s privacy policy can be found at https://policies.google.com/technologies/ads?hl=de.

CrazyEgg.com

This site uses the tracking tool CrazyEgg.com to record randomly selected individual visits with anonymized IP address only. This tracking tool allows using cookies to evaluate in which way you use the website (e.g. which content is clicked on). For this purpose, a usage profile is displayed visually. Only usage profiles are created using pseudonyms. The legal basis for the processing of your data is a balancing of interests, according to which the processing of your personal data described above is not opposed by any overriding interests on your part (Art. 6 para. 1 p. 1 lit. f GDPR).

You can object at any time to the collection, processing and recording of the data generated by CrazyEgg.com by following the instructions at https://www.crazyegg.com/opt-out. Further information on data protection at CrazyEgg.com can be found at https://www.crazyegg.com/privacy.

Facebook Pixel, Facebook Custom Audiences and Facebook Conversion API

Within our online offer, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our website as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook Pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

We use the tracking tool Facebook Conversion API of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA.

This is a data interface through which we transmit data about your user behaviour on our website to Facebook for evaluation. This enables us to show you advertisements that match your user behaviour on our website. 

In connection with the Conversion API, we use the following data: Email address, telephone number, gender, date of birth, first and last name, city, state and country, postcode, user IDs, IP address, client user agent (the browser you use and your operating system), click IDs, browser ID, product IDs, advertising ID, Facebook login ID.

We transmit this data to Facebook. In the process, the data is also transmitted to Facebook in the USA. 

For data transfers to the USA, there is an adequacy decision by the EU Commission (EU-U.S. Data Privacy Framework) and we have also concluded standard contractual clauses with Facebook.

Privacy policy of Facebook

The processing of data by Facebook takes place within the framework of Facebook’s data use policy. Accordingly, general information on the display of Facebook ads, in the data use policy of Facebook. Specific information and details about the Facebook pixel and how it works can be found in Facebook’s help section.

Order data processing contract

For the processing of data where Facebook acts as an order data processor, we have concluded an order data processing contract with Facebook, in which we oblige Facebook to protect our customers’ data and not to pass it on to third parties.

LinkedIn

https://www.linkedin.com/company/alleherzen

The account is operated under the responsibility of ALLEHERZEN GmbH (hereinafter referred to as “we”). It is operated as a general information medium, in particular on current topics in IT or on our topics, as well as on our company in general. For the service offered by LinkedIn, we use both the technical platform and the services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).

Data processing by LinkedIn

You can find LinkedIn’s detailed privacy policy, in which you are informed about data processing and the rights to which you are entitled vis-à-vis LinkedIn, at the following link https://www.linkedin.com/legal/privacy-policy. We have no influence on the type, scope and purposes of the data processing carried out by LinkedIn. We also have no influence on the use or disclosure of personal data by LinkedIn. There are also no effective control options here.

Data processed by us via LinkedIn

The processing of data on this LinkedIn page is based on an agreement on joint processing of personal data with LinkedIn. LinkedIn and ALLEHERZEN GmbH are therefore joint controllers within the meaning of Art. 26 GDPR.

Service providers used

To operate our company presence on LinkedIn, we use service providers who perform various tasks for us. We have also obligated them to comply with data protection regulations via an agreement on data processing on our behalf in accordance with Art. 28 GDPR.

Entries on LinkedIn

We only use your personal data by responding to posts from us (legal basis Art. 6 para. 1 lit. b GDPR). For example, if you click the “Like” button under one of our posts, your name will appear, including a link to your profile and the type of “Like” option you have selected. Your user name will therefore be displayed. A thumbnail of your profile picture will also be displayed.

Your comments, which you can enter using the “Comment” function, will also appear on our page, as intended by LinkedIn, together with your user name and the image of your profile picture. This information is also visible to people who are not “linked” to you on LinkedIn. In addition, these notices may also be activated for visitors to our site who are not logged in to LinkedIn. LinkedIn is not a platform for transmitting confidential information to us, in particular not about your state of health or similar information. You should treat posts and comments on our site in the same way as other public posts.

Contacting us

If you contact us via our electronic contact options (e.g. by e-mail), we will save your message. The personal data contained therein will be used to process your request and communicate with you (legal basis Art. 6 para. 1 lit. b GDPR).

Technical data collection at LinkedIn 

Furthermore, LinkedIn provides the operators of company pages, including us, with unsolicited anonymized statistics. This involves anonymized data, such as

• page activities
• page views
• the number of subscribers
• “Like” information
• reach
• interactions, such as clicks on certain information, elements or links.

This does not result in a reference to you as a person. We use the statistical data presented to us based on the interest in improving the offer on our social media presences and websites and their design and maintaining security as well as in the event of violations in cooperation with authorities (legal basis is Art. 6 para. 1 lit. c and f GDPR).

Placement of advertising on LinkedIn

We place advertisements on LinkedIn and use statistical data that we receive from LinkedIn to determine target group-specific delivery. This does not result in a reference to your person for us. LinkedIn provides you with information on the settings you can make for advertisements on LinkedIn and other sites, insofar as these are controlled by LinkedIn (https://www.linkedin.com/psettings/advertising-data).

6. General information on usage-based online advertising

Usage-based online advertising, also known as targeting, allows advertisers to identify the user when delivering an ad and assign it to a target group. With the help of this information, it is possible to display more relevant ads to the user. Usage-based advertising takes place in three steps: The collection of data via so-called tracking pixels, the storage and processing of log file information, and the ultimate use of this information in retargeting or lookalike retargeting. We would like to explain these steps in a little more detail below.

Information on your rights under the GDPR can be found below in section “11. Your rights”.

6.1 Use of tracking pixels on the site

Tracking pixels are small graphics on web pages that enable log file recording and log file analysis, which are used for statistical analysis. Tracking pixels write information to the cookie file in the user’s browser when visiting the website.

6.2 Storing log file information in the cookie file

To record your user behavior, a cookie is stored on your computer when you visit our site. Cookies are small text files that are stored on the hard drive of your computer and allow a website to recognize your browser, but do not allow personal identification of you. Information is collected about your activities on the websites you visit (e.g. surfing behavior, sub-pages visited on the Internet, advertising banners clicked, etc.). All usage data is stored using a pseudonym, so that it is impossible to draw conclusions about your person and thus personal identification.

6.3 Use of Cookie Information for Retargeting and Lookalike Retargeting

The cookie with the corresponding information allows the anonymous recognition of the user’s browser and a corresponding retargeting on external websites. 

Furthermore, statistical twins of the original cookie profiles are identified and addressed on the basis of the accumulated cookie information. This is referred to as lookalike retargeting. 

The usage profiles made possible by this so-called retargeting technology are created in accordance with the legal provisions in such a way that it is not possible to draw conclusions about your person and thus personal identification without further ado. For more on the topic of usage-based advertising, see http://www.youronlinechoices.com/de/praferenzmanagement.

7. Newsletter

In the following, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. In the event that you subscribe to our newsletter, you agree to receive it and to the procedures described below.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services, selected projects and us.

Double-Opt-In and logging: The registration for our newsletter takes place in a so-called double-opt-in process. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. GDPR in conjunction with. § Section 7 (3) UWG.

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent.

Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

The newsletter is sent using the “CleverReach” mailing service provider, a newsletter mailing platform of the provider CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany. You can view the data protection provisions of the mailing service provider here: https://www.cleverreach.com/de-de/datenschutz/

The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR and an order processing agreement pursuant to Art. 28 para. 3 p. 1 GDPR.

The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass this data on to third parties.

8. Online appointments and online meetings

8.1 Google Meet

We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings). Google Meet is a service provided by Google Ireland Ltd, a service company of Google LLC based in the USA.

Various types of data are processed when you use Google Meet. The scope of the data also depends on the data you provide before or during participation in an online meeting. The following personal data is processed: User details: first name, surname, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional) Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data of the device can be saved. Text, audio and video data: You may have the opportunity to use the chat function in an online meeting. In this respect, the text entries you make may be processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Google Meet settings. To take part in an online meeting, you must at least enter your name to enter the meeting room.

For participants in online meetings – insofar as the meetings are held within the framework of contractual relationships – Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we have an interest in the effective conduct of online meetings.

Personal data that is processed in connection with participation in online meetings is generally not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of Google Meet necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with Google Meet.Google Meet is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of Google Meet that meets the requirements of Art. 28 GDPR. For data transfers to the USA, there is an adequacy decision by the EU Commission (EU-U.S. Data Privacy Framework).

8.2 MS Teams

We use Microsoft Teams to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: online meetings). As part of our online meetings using Microsoft Teams, we process the following personal data

• communication data (e.g. your email address, if you provide this personal data)
• log files, protocol data
• metadata (e.g. IP address, time of participation, etc.)
• profile data (e.g. your user name, if you provide this yourself)

Thanks to the video conferencing function of Microsoft Teams, we can offer you participation in our online meetings/events via video/audio. We use Microsoft Teams to carry these out. We use the Team Meetings mode in Microsoft Teams. In Team Meetings, audio input and video recordings are prevented by our Microsoft Teams settings. As a rule, appointments are not recorded.

In exceptional cases, a recording may take place under the following conditions:

1. prior explicit announcement of the planned recording to the participants twice (firstly upon invitation and secondly before the start of the event to be recorded)

2. participants will be provided with the following additional data protection information:

• specific purpose of the recording
• person responsible for the recording (function, role)
• persons authorized to access the recording or recipients to whom the recording is to be made available
• recording is to be made available to
• storage location and duration of the recording

For participants in online meetings – insofar as the meetings are held within the framework of contractual relationships – Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we have an interest in the effective conduct of online meetings.

Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, teams, communities and networks that is used across companies. Among other things, it includes a video conferencing function.

Microsoft Office 365 is a software of the company
Microsoft Ireland Operations Limited

One Microsoft Place

South County Business Park

Leopardstown

Dublin 18

D18 P521

Ireland

Microsoft Teams is part of the cloud application Office 365, for which a user account must be created.

Data processing with Office 365 takes place on servers in data centers in the European Union in Ireland and the Netherlands. For this purpose, we have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed extensive technical and organizational measures with Microsoft for Office 365 that correspond to the current state of the art in IT security, e.g. with regard to access authorization and end-to-end encryption concepts for data lines, databases and servers.

Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no control over this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with its legitimate business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection laws. If you require information about the processing by Microsoft, please refer to the relevant Microsoft statement.

8.3 Fathom Video Inc.

The Fathom platform is an AI meeting assistant that records, transcribes, highlights and summarizes video calls. Fathom joins calls as a registered participant, is visible to all participants and provides the user with a live panel to capture key moments during the meeting, highlight or bookmark and identify important action points for future reference. At the end of the meeting, the call recordings are converted into an AI-generated summary and the key moments are accessible in the platform’s web application. These can be shared with the participants. The recordings and notes are synchronized with the CRM or similar systems if necessary.

Only the user ID – either the e-mail address or the user name used – is required for the service. This data alone is transmitted before the meeting. Due to the nature of the service, Fathom records all content communicated in the meeting. Care must therefore be taken during the meeting to ensure that neither personal data of third parties nor confidential information is disclosed without explicit necessity.

We use the service to optimize the documentation of meetings. Our interest in optimizing, simplifying, reducing workload and increasing informative value outweighs the legitimate interests of the data subject. It is possible to cancel the recording at any time or not to start it in advance.

We have concluded an order processing contract with Fathom, including standard contractual clauses. Fathom essentially relies on services and services from Google LLC to provide the service. To find out more about the service, please visit https://fathom.video/

8.4 YouCanBookMe service

In addition, we use the online booking system “YouCanBookMe” to simplify the booking of appointments via our website. This service is provided by the British company YouCanBookMe Ltd, 38 Mill Street, Bedfort, MK40 3HD, UK.

Due to the UK’s withdrawal from the European Union, the data transfer is carried out in accordance with the European Commission’s adequacy decision. The service provider also ensures compliance with the GDPR. If you would like to find out more about the data and its use visit: https://youcanbook.me/privacy

9. Security

ALLEHERZEN takes precautions to ensure the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorized access or disclosure.

10. Links to other websites

The ALLEHERZEN websites contain links to other websites. ALLEHERZEN is not responsible for the data protection strategies or the content of these other websites.

11. Your rights

In accordance with the statutory provisions (including any applicable restrictions from the GDPR and/or the BDSG-neu), you may assert the following rights against us:

11.1 Information

Thus, you have the right to receive information from us about your data stored by us.

11.2 Correction

Upon your request, we will correct the data stored about you if it is inaccurate or incorrect.

11.3 Deletion

If you wish, we will delete your data, provided that other legal regulations (e.g. legal retention obligations) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.

11.4 Restriction

Taking into account the legal requirements, you may request us to restrict the processing of your data.

11.5 Data transfer

You also have the right, subject to the legal requirements, to receive your data in a structured, common and machine-readable format or to transfer it to a third party.

11.6 Complaint

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority. You are welcome to contact our data protection officer first.

11.7 Objection

Furthermore, you may object to the processing of your data.

This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.

To exercise these aforementioned rights, you can contact us using one of the contact details listed in section 1.