Terms of Use

General information on data processing 



Scope of the processing of personal data 


As a general principle, we only process personal data to the extent to which it is necessary to provide a functioning internet presence, our contents, and services. The processing of your personal data takes place regularly only after your consent. 


In cases where prior consent is not possible for actual reasons and processing personal data is permitted by legal regulations, exceptions to this rule can be made. 


Legal basis for processing personal data 


In the framework of the data protection regulations, processing personal data is not permitted as a general principle unless there is a legally permissible reason for doing so. We are obligated to inform you about the legal basis of data processing. 


As far as we require your consent for processing personal data, the consent serves as the legal basis. 


When processing data is necessary for the performance of the contract, of which you are a contracting party, the performance of the contract serves as the legal basis. This is also the case for processing data necessary for executing pre-contractual measures. 


Regarding the processing of personal data necessary for the compliance with a legal obligation our company is subject to, this serves as the legal basis. 


If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, this serves as the legal basis. 


If processing of personal data is necessary to protect a legitimate interest of our company or a third party and if the interest of protecting your basic rights and fundamental freedoms does not outweigh those former interests, this serves as the legal basis for the processing of data. 




Generally, our services are aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. 


Erasure of data and data retention periods 


Once the purpose for storing data no longer applies, we erase or block your personal data. Log data are automatically deleted after 90 days. However, such data can be stored beyond that period if the legal regulations we are subject to require us to do so. This affects data, for example, that needs to be retained due to commercial or fiscal law, such as delivery receipts or billing data. 


Blocking or erasing your data is therefore undertaken at the earliest after a retention period determined by such regulations has expired, unless it is necessary to continue storing data for the conclusion or performance of a contract. 


Transfer of data to third parties. 


As a general principle, we do not transfer personal data to third parties without your express consent. If, in the course of processing, we disclose or send your data to third parties or give them any other access to it, this will exclusively take place on one of the previously mentioned legal bases. 


If necessary, for the performance of a contract, we transmit data to entities such as billing companies or suppliers. If obligated by law or a court order, we have to transmit your data to the respective entity with the right of access. 


To some extent, we may use carefully selected external service providers to process your data. If data is transferred to service providers as part of a so-called processing agreement, this is based on the guidelines of the GDPR. Our processors have been carefully selected, are bound to our instructions, and are checked regularly. We only use processors who offer sufficient guarantees that appropriate technical and organizational measures are implemented to ensure that data is processed in accordance with the requirements of the GDPR and BDSG and that your rights are being protected. 


Transfer of data to third countries. 


The GDPR ensures an equally high level for data protection within the European Union. Therefore, we prioritize European partners in our selection of service providers and cooperation partners for the processing of your personal data. When employing the services of third parties, your data will only be processed outside the European Union on rare occasions. 


We only permit the processing of your data in a third country if the specific requirements of the GDPR are met, meaning your data may only be processed on the basis of special guarantees. Among these guarantees are the official recognition by the EU Commission of a level of data protection equivalent to that of the EU, the compliance with officially recognized specific contractual obligations (the so-called standard contractual clauses) or other agreements between the EU and third countries. 


Automated decision-making 

We abstain from automated decision-making or profiling.



This data protection policy does undergo changes from time to time. Such amendments occur, for instance, when there are changes due to technological progress, legal requirements, or other factors. 


Last update: January 2021 


This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. 


Cookies are small text files that can be used by websites to make a user's experience more efficient.


The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.


This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.


Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy. 


Your consent applies to the following domains: www.inperson365.com 


Your current state: Use necessary cookies only. 

Your consent

ID: wkOHUpBVEFpAw313JITkcnWPz6gQmdm4ntNudm6Dun/rcsoZ+cP3Mw==Consent date: Thursday, October 15, 2020, 02:37:38 PM PDT


Change your consent 


Cookie declaration last updated on 1/20/21 by Cookiebot: 



Necessary (4)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. 

Name                    Provider                             Purpose 


CookieConsent.      WIX.COM                              Stores the user's cookie consent state for the current domain 


fe_typo_user           www.cryptshare.express       Preserves users states across page requests. 


JSESSIONID           New Relic                               Preserves users states across page requests. 


PHPSESSID            www.cryptshare.express         Preserves user session state across page requests. 



Preferences (2) 


Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. 


Name                   Provider                         Purpose 


lang [x2]                  LinkedIn                             Remembers the user's selected language version of a website 



Statistics (5) 


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. 


Name          Provider                                  Purpose 

_ga                www.cryptshare.express             Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 

_gat              www.cryptshare.express              Used by Google Analytics to throttle request rate 

_gid              www.cryptshare.express              Registers a unique ID that is used to generate statistical data on how the visitor use

Name           Provider                                  Purpose 

collect.            Google  m.                                  Used to send data to Google Analytics about the visitor's device and                                                                                   behavior. Tracks the visitor across devices and marketing channels. 




Marketing (29) 


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. 


Name                Provider                      Purpose 


__hssc                  Hubspot Inc                   Collects statistical data related to the user's website visits, such as the                                                                                number of visits, average time spent on the website and what pages

                                                                     have been loaded. The purpose is to segment the website's users

                                                                     according to factors such as demographics and geographical location

                                                                     , in order to enable media and marketing agencies to structure and

                                                                     understand their target groups to enable customised online advertising. 



__hssrc                Hubspot Inc                     Collects statistical data related to the user's website visits, such as the                                                                                number of visits, average time spent on the website and what pages

                                                                     have been loaded. The purpose is to segment the website's users

                                                                     according to factors such as demographics and geographical location,

                                                                     in order to enable media and marketing agencies to structure and

                                                                     understand their target groups to enable customised online advertising. 



__hstc               Hubspot Inc                    Collects statistical data related to the user's website visits, such as the                                                                                 number of visits, average time spent on the website and what pages

                                                                  have been loaded. The purpose is to segment the website's users

                                                                  according to factors such as demographics and geographical location,

                                                                  in order to enable media and marketing agencies to structure and

                                                                  understand their target groups to enable customised online advertising. 



__ptq.gif         Hubspot                         Sends data to the marketing platform Hubspot about the visitor's device and                                                                     behaviour. Tracks the visitor across devices and marketing channels. 



_uetsid          www.cryptshare.express   Collects data on visitor behaviour from multiple websites, in order to present                                                                     more relevant advertisement - This also allows the website to limit the

                                                                  number of times that they are shown the same advertisement. 




Name              Provider                             Purpose 


_uetsid_exp      www.cryptshare.express        Contains the expiry-date for the cookie with corresponding name. 


_uetvid              www.cryptshare.express        Used to track visitors on multiple websites, in order to present relevant                                                                                advertisement based on the visitor's preferences. 


_uetvid_exp     www.cryptshare.express         Contains the expiry-date for the cookie with corresponding name. 


ads/ga-audiences      Google                          Used by Google AdWords to re-engage visitors that are likely to convert                                                                             to customers based on the visitor's online behaviour across websites. 


bcookie           LinkedIn                                     Used by the social networking service, LinkedIn, for tracking the use of                                                                               embedded services. 


bscookie          LinkedIn                                    Used by the social networking service, LinkedIn, for tracking the use of                                                                               embedded services. 


hubspotutk      Hubspot Inc                             Keeps track of a visitor's identity. This cookie is passed to the marketing                                                                            platform HubSpot on form submission

                                                                           and used when de-duplicating contacts. 


IDE                   Google                                    Used by Google DoubleClick to register and report the website user's                                                                                 actions after viewing or clicking one of the advertiser's ads with

                                                                          the purpose of measuring the efficacy of an ad and

                                                                          to present targeted ads to the user. 


lidc                  LinkedIn                                   Used by the social networking service, LinkedIn, for tracking the use of                                                                                 embedded services. 


lissc                LinkedIn                                     Used by the social networking service, LinkedIn, for tracking the use of                                                                                embedded services. 


MUID              Microsoft                                  Used widely by Microsoft as a unique user ID. The cookie enables user                                                                               tracking by synchronising the ID across many Microsoft domains. 



Name                           Provider                      Purpose 


pagead/1p-user-list/#     Google                   Tracks if the user has shown interest in specific products or events                                                                                         across multiple websites and detects how the user navigates

                                                                          between sites. This is used for measurement of advertisement

                                                                          efforts and facilitates payment of referral-fees between websites. 


pagead/landing             Google Inc.              Collects data on visitor behaviour from multiple websites, in order to                                                                                    present more relevant advertisement - This also allows the website to                                                                                 limit the number of times that they are shown the same advertisement. 


RUL                                  Google.                   Used by DoubleClick to determine whether website advertisement has                                                                               been properly displayed - This is done to make their marketing efforts                                                                                 more efficient. 


test_cookie.                    Google                    Used to check if the user's browser supports cookies. 


UserMatchHistory         LinkedIn                   Used to track visitors on multiple websites, in order to present relevant                                                                                 advertisement based on the visitor's preferences. 


VISITOR_INFO1_LIVE                 YouTube    Tries to estimate the users' bandwidth on pages with integrated YouTube                                                                           videos. 


YSC                                              YouTube      Registers a unique ID to keep statistics of what videos from YouTube the                                                                            user has seen. 


yt-remote-cast-installed             YouTube.     Stores the user's video player preferences using embedded YouTube                                                                                 video 

yt-remote-connected-devices   YouTube      Stores the user's video player preferences using embedded YouTube video 


yt-remote-device-id                   YouTube       Stores the user's video player preferences using embedded YouTube                                                                                  video 



Name                                    Provider               Purpose 


yt-remote-fast-check-period    YouTube                Stores the user's video player preferences using embedded                                                                                                  YouTube video 


yt-remote-session-app              YouTube                Stores the user's video player preferences using embedded                                                                                                  YouTube video 

yt-remote-session-name.           YouTube               Stores the user's video player preferences using embedded YouTub

Unclassified (1) 


Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies. 


Name           Provider           Purpose              Expiry 

events/1/#     New Relic           Pending                Session



If you use external links that are offered within the scope of our website pages, this data protection declaration does not extend to these links. When we provide links, we endeavor to ensure that they also comply with our data protection and security standards. However, we have no influence on compliance with data protection and security regulations by other providers. Therefore, please also inform yourself about the data protection declarations provided on the websites of other providers. 


Contact information. 


Name and address of the data protection officer 


Mike Lube Email: mike.lube@enpersona360.com 


If you have any questions about data protection, you can contact our data protection officer directly at any time. 





Online application portal 


We use the Inperson365 demo server for application organization. When using this online service, the following personal data is processed; first name, last name, email address, telephone/mobile number, Upload of attachments for application letters and documents. The transfer of data is encrypted. This data is used exclusively for the application procedure. For this purpose, this data is passed on internally to the responsible divisional managers. The data will be deleted 3 months after completion of the application process. If their application is followed by the conclusion of a contract, the data is included in the employee file. 


Use of special services on our website 


For certain services, e.g. newsletter, demo system, test installation, price inquiries, webinar management tool, login area and build services, it is necessary to collect personal data. Only the data required for the respective purpose is collected and the legal retention periods are taken into account. 



User accounts in the login area


Personal data is required to maintain a user account. The required data is marked with an "*" in the registration form. By registering, you consent to the use of this data for the purpose of account management. 


Delivery of goods 


Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.

Online presence on social media 


We have an online presence on different platforms to provide information and to be able to get in contact with you. 


We have no influence over the processing of personal data by the respective operator of the platform. Generally, the operator of the platform stores cookies on your browser which document your pattern of use or your interests respectively for market research and marketing purposes when you visit our services on said platform. 


By doing so, mostly across devices, platform operators gain user profiles show you personalized ads. It is possible that people are affected by this data processing who are not registered users on the respective platform, and their data is possibly processed outside of the United States of America, which can complicate enforcing your rights. However, we make it a point in the selection of such platforms that the operators agree to comply with data protection standards of the United States of America and the EU. 


The processing of your personal data when visiting one of our presences on social media is based on our legitimate interest in a multifaceted presentation of our company and the use of an effective way to inform and communicate with you. 


You can find detailed information on data processing in the context of the use of our presence on these platforms, the right to object, and claiming your right of access in the data privacy statement of the respective platform operator.


Facebook shared data processing agreement for personal data under the requirements of the GDPR. Data protection policy of the platform operator 


YouTube Data protection policy of the platform operator 


Instagram Data protection policy of the platform operator 


Twitter Data protection policy of the platform operator 


LinkedIn Data protection policy of the platform operator

Privacy and Cookie policy (EU) 


Disclaimer: This document is the version of the EU privacy and cookie policy and it is only intended as a courtesy to EU visitors. If there are any inconsistencies between this version of the privacy and cookie policy and the original EU, then the EU version shall prevail. 


At Enpersona360, we take the protection of personal data very seriously. At this point we would like to explain what data we store, when we store data, and how we use it. We are subject to the terms of the European General Data Protection Regulation (GDPR) as well as the regulations of the supplementary Bundesdatenschutzgesetz (BDSG), the German federal data protection act. In order to guarantee our as well as our external service providers’ compliance with said terms and regulations on data protection, we implemented the appropriate technical and organizational measures. 


This privacy and cookie policy is valid for our online presence, including website, features and contents as well as external online presences, e.g. our social media. Furthermore, this privacy and cookie policy informs you about the processing of your personal data and serves to fulfil our obligation to inform you. 


The terminology used in this privacy and cookie policy, such as controller and personal data, are applied according to the definitions in the GDPR. To improve readability and therefore deliver information in a more comprehensible way, specific articles, paragraphs, etc. in this privacy and cookie policy has been forgone in most instances. 



Contact Information 



The controller in the sense of the GDPR and other national data protection acts of member states of the European Union and other data protection regulation is 




--------------------- United States of America

Email: admin@enpersona360.com 


For any questions, suggestions, or comments on data protection as well as on the enforcement of your rights as listed below, please refer to our supervisory authority.

Service Description for Inperson365 



Inperson365 is a SaaS (“Software-as-a-Service”) offer of Enpersona360 for the 

secure and encrypted transfer of large files and messages. It is designed for commercial 

customers from 1 to up to 10000 employees that have a business address in Unites States, Canada and Mexico. 


Inperson365 is operated in a data processing (service) center at IONOS by 1&1 


located in the United States with Data Centers in the EU. IONOS is certified under ISO (International 


Organization for Standardization) standards 27001. 

You can find more details on the current standards and security measures of IONOS infrastructure at the

following URL: About us - The company at a glance | IONOS by 1&1 


Sign up for Inperson365 is on a self-service portal at www.Inperson365.com During 


that process, a “Business Account” is created free of charge. Following sign up, a welcome 


e-mail is sent to the e-mail address that was used to set up the Business Account. Creating 


the account alone does not grant the user access to the Inperson365 server. 


Once the Business Account has successfully been created, the customer can subscribe 


individual e-mail users by clicking the button “Add a new e-mail user” in user management. 


After successful pre-authorization of the payment process, each e-mail address created on 


the subscription webpage is stored on the Inperson365 server. With their Business Account, a 


customer can subscribe from 1 to thousands of email address, depending on the package purchased. 


In principle, only individual mailboxes may be provided for the creation of e-mail 


users. We only permit the use of collective mailboxes in exceptional cases if the 


customer confirms with his order that a maximum of two persons have access to the 


deposited collective mailbox. Collective mailboxes are, for example: 


billing@ customerservice@ faq@ help@ 

info@ kontakt@ jobs@ legal@ 

mail@ noreply@ no-reply@ postmaster@ 

reply@ root@ sales@ service@ 

support@ invoice@ contact@


All e-mail users that are stored on the Inperson365 server can authenticate themselves with 

the stored e-mail address via the Inperson365 web application or Office 365 & Outlook, and 

they can use the Inperson365 server for sending as well as receiving e-mail. 

The Dedicated-service portal offers all necessary options for managing a Business Account as well 

as new and existing e-mail users: 


➝ Sign up form for creating a “Business Account” necessary for ordering and managing 

Inperson365 e-mail users 

➝ Editing of the master data and the login for the Business Account 

➝ Overview of all current subscriptions and their respective statuses 

➝ Adding new Inperson365.express e-mail users 

➝ Changing the payment method and payment data 

➝ Download of all the invoices and potential credits in pdf format 

➝ Cancelling individual subscriptions 

➝ Video tutorials for the Inperson365 web application and Inperson365 for Office 365 & 


➝ Text templates for simplifying the internal introduction of Inperson365.express 

➝ Downloads of the installation programs 

➝ Links to accessing the available browser integrations 




As outlined in the terms of use provided in the system, Inperson365 enables customers and their internal and external communication partners to bidirectionally exchange confidential messages and files. The terms of use must be accepted by each user when sending data. 


For providing and retrieving data, a web application and an integration into MS Outlook are available. After subscribing to the service, the customer receives information for setting up the access and the software. 


Data is transferred by using TLS encryption between the Inperson365 service and the sending and receiving systems. 


On the server, files are first scanned for malware. If unsuspicious, they are stored in encrypted form. For the encryption, one-time passwords are used that are created for each individual instance of communication. Due to the nature of the service (security by design), it is not possible for the

Inperson365 to decrypt files without knowing the password determined by the sender. The password determined by the sender is neither saved nor transferred by the system. 


Files that cannot be classified as unsuspicious beyond reproach are removed from the transfer and the sender is notified. 


Messages and files provided on the Inperson365 system for transfer purposes are only stored temporarily. The sender is informed about the maximum retention period once the transfer is ready for download. After the retention period has expired, the data is purged and can no longer be retrieved by the recipient. After the data has been sent, the sender no longer has access to it. 


The total file size per transfer is limited based on the service purchased. This limit is indicated on the user interface when uploading the data. 


The maximum amount of uploaded data per month for the sum of all incoming and outgoing transfers must not exceed 100 GB. Maximums might vary depending on the purchased package. 


For the purpose of restoring the system in the event of a catastrophe, the entire system is backed up regularly. These backups are kept for a maximum of three days before they are purged. For users of the system there is no right to have uploaded data restored in the event of a breakdown or a data loss in Inperson365, including during the time period mentioned above. Restoring data only serves to enable a swift resuming of operations of the Inperson365 service. 


Inperson365 ensures that the provided software and the online service is operated on suitable hardware (for the purpose of encrypted e-mail and data transfer), including amount and type of server, regular backups, supply of electrical power, air-conditioning, firewall, virus scans, and broadband internet connection. 


In the event of significant changes in service for Inperson365, we will notify our customers via e-mail before implementation. 


3.Service level 


3.1 Availability 

As a hosted software service, Inperson365 is designed for around the clock availability (24/7), subject to excluded events, particularly pertaining to maintenance. 

Customers will be notified of planned maintenance by notifications on the user sites in a 

timely fashion. 


3.2 Excluded events 

Excluded events are: 

➝ Breakdown caused by maintenance works or new versions 

➝ Disruptions, breakdowns, or issues that can be traced back to the customer, their employees, or agents 

➝ Breakdowns that have been caused by third parties (e.g. DDos attacks)

➝ Force majeure 

➝ Breakdowns caused by IONOS Cloud; the annual average availability service level agreement with IONOS Cloud, however, is 99% at the router exit. 


3.3 Hours of operation 

Hours of operation are Monday through Sunday, 00:00 a.m. to 00:00 p.m. (24/7). 


3.4 Customer Support in case of disruption 

Tickets can be opened 24/7 in English & Spanish. For doing so, there are the following options: 

➝ Via e-mail to support@Inperson365.com 

➝ Or via the chat tool at https://www.inperson365.com 

Events are processed according to their criticality: 

➝ Critical events (disruptions): Processed Monday to Friday, 8:00 a.m. to 5:00 p.m. (PST) 

➝ Non-critical events: Processed Monday to Friday 9:00 a.m. to 4:00 p.m. (PST) 

inperson365 reserves the right to downgrade criticality if the service is available to the extent as described and the customer is responsible for the cause of the disruption. 

Critical events are disruptions that affect the availability of Inperson365. All other disruptions are non-critical events. 

➝ Response time: four hours for Monday to Friday, 8:00 a.m. to 5:00 p.m. (CET). If the response time exceeds 5:00 p.m., processing will be resumed on the following workday at 8:00 a.m. 

➝ Resolution time: Best effort 


4.Customer obligations 

The customer assumes obligations that are necessary for duly delivering the service. These are in particular the following activities that the customer needs to deliver free of charge, in a timely fashion, and to the necessary extent: 


4.1 The customer is obliged and responsible for saving their data in a form that is suitable for restoring with feasible effort. There is not right to having data restored by Inperson365 and neither making Inperson365 responsible for the loss of data. 


4.2 The customer is obliged to protect their operating systems and other applications against misuse and keep them free of malware (e.g. by applying up-to-date security patches, using virus scanners, and appropriate configuration of the firewall).


The customer ensures that they do not send or provide contents for retrieval via Inperson365 if the provision, publishing, transfer, or use of those contents violates applicable law or third-party rights. This is particularly the case for defamatory contents, incitement to hatred, pornographic, or political extremist contents as well as “malicious codes” or other malware. If the customer violates this provision, Inperson365 reserves the right to exclude the customer from using the service any further and to purge the contents of the customer from all Inperson365. systems immediately and without prior notice. 


4.4 The customer is prohibited from using the service for sending unsolicited mass e-mails (SPAM). Inperson365 reserves the right to cancel customers accounts at any time. 


4.5 The customer is solely responsible for checking if the data transferred to us by using Inperson365s constitute personal data and if processing this personal data is admissible. If the customer wants to have personal data processed, they will conclude a data processing agreement according to Inperson365’s template, which Inperson365 will provide. 


4.6 The customer agrees to written correspondence via e-mail and will ensure that a current email address is always on file. The customer has been informed that essential information for delivering services, such as access information, information regarding changes in service, and legal terms are exclusively sent via e-mail. 


4.7 The customer is obligated to use and support the troubleshooting process. 


4.8 The customer must ensure that all data and/or documents provided by Inperson365.express have been retrieved by the respective recipients before deleting their account. After deleting the account, retrieval of data is no longer possible. Once the account has been deleted, Inperson365 will irreversibly delete all other customer data that is relevant for record keeping in accordance with the law or respectively after the retention period under tax regulations has expired. 


4.9 The customer is responsible for compliance with all legal regulations, laws, provisions, and industry-specific rules that are relevant and applicable in the context of using Inperson365 and ensures compliance thereof. This includes, but is not limited to, compliance with confidentiality agreements, for example from employment. The customer assures that data relevant to secrecy are only transferred if effective consent has been obtained

4.10 The customer ensures that their use of Inperson365 does not pose any endangerment or interference of third parties or the infrastructure of Inperson365 and its subcontractors. In case of such endangerment or interference (e.g. by a DDoS attack), Inperson365 has the right to deactivate Inperson365 without prior notice to the customer until such endangerment or interference is resolved. Any downtime that results from this is not considered for the calculation of availability of Inperson365. 


5.Pricing and advertising 


Creating a Business Account via our self-service portal is free of charge. For every subscription and creation of an e-mail user within their Business Account, the customers can select between a monthly subscription charge or one-time subscription payment in advance for the entire service period of 12 months. 

The current prices are published in the Store as well as our websites and are independent from the actual extent to which the service is used. 

Inperson365 reserves the right to show advertising of any kind at the URL of the web application and in the e-mail notifications. 


6.List of abbreviations 

DOS Denial of Service 

DDOS Distributed Denial of Service 

ISO International Organization for Standardization 

CET Central European Time 

SaaS Software-as-a-Service 

TLS Transport Layer Security

The rights of data subjects 


The right to withdraw consent. 


If the processing of your personal data is based on your consent, you have the right to withdraw consent at any time. All data processing up to the point of withdrawal of consent remains unaffected. 


Access to personal data 


You have the right to enquire if we process your personal data. If this is the case, you may request the following information: 


· the purposes of the processing. 

· the categories of personal data that are being processed. 

· the recipients or categories of recipients that the personal data was disclosed to or will be disclosed to; 

· the planned period for which the personal data will be stored, or if that is not possible in concrete terms, the criteria used to determine that period. 

· the right to rectification or erasure of your personal data, the right to restriction of processing by us or the right to object to this processing. 

· the right to lodge a complaint with a supervisory authority. 

· the right to all information concerning the origin of the data if the personal data was not obtained from you. 

· the existence of automated decision-making, including profiling, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences such processing has for you. 


You have the right to enquire if your personal data will be transferred to a third country or international organization. In this context you have the right to demand information about the suitable guarantees regarding the transfer. 


We will provide you with a copy of the personal data that is subject to processing within one month of having received your enquiry. If you made your enquiry electronically, we would provide you the information in a common electronic format, unless requested otherwise. 


Right to rectification 

You have the right to demand from us without undue delay the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed. 

Right to erasure (‘right to be forgotten’) 

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obligated to erase personal data without undue delay if one of the following reasons applies:

· The personal data is no longer necessary to the purposes for which it was processed. 

· You withdraw your consent on which the processing was based and there is no other legal basis for the processing. 

· You object to the processing and there are no overriding legitimate reasons for the processing. 

· The personal data has been processed unlawfully. 

· The personal data has to be erased for compliance with a legal obligation in Union or Member State law. 

· The personal data has been collected in relation to the services according to article 4 of the GDPR. 

· Where we have made your personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data. 


The right to erasure (‘right to be forgotten’) does not apply if processing is necessary: 

· for exercising the right of freedom of expression and information. 

· for compliance with a legal obligation, we are subject to or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; 

· for reasons of public interest in the area of public health. 

· for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of the processing, or; 

· for the establishment, exercise or defense of legal claims. 


Right to restriction of processing 

You have the right to obtain from us restriction of processing your personal data where one of the following conditions applies: 

· you contest the accuracy of the personal data pertaining to you, for a period enabling us to verify the accuracy of the personal data; 

· the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead. 

· we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims. 

· you have objected to processing pending the verification whether the legitimate grounds of us override those of you. 

· Where processing has been restricted under the above-mentioned conditions, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 

If you have obtained a restriction of processing under the above-mentioned conditions, you will be informed by us before the restriction of processing is lifted. 


Right to data portability 

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us provided that the processing is based on consent or on a contract and the processing is carried out by automated means. 

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one us to another controller, where technically feasible. Exercising the right to data portability does not affect the right to erasure (‘right to be forgotten’). That right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. 


Right to object 

You have the right to object, on grounds relating to your situation, at any time to processing of your personal data after a weighing of interests, including profiling based on these terms. We will then no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override the interest, rights and freedoms of you or for the establishment, exercise or defense of legal claims. 

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent to which it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes. 

In the context of the use of services according to article 4 of the GDPR, you may exercise your right to object by automated means using technical specifications. 

Automated individual decision-making, including profiling. 

You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision: 

· is necessary for entering, or performance of, a contract between yourself and us, 

· is authorized by Union or Member State law to which we are subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or 

· is based on your explicit consent. 

We implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on part of the controller, to express his or her point of view and to contest the decision. 


Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual 

residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Use of cookies 


General information for the use of cookies 


When visiting our website, cookies are stored on your device besides the previously discussed data. 


Cookies are small packages consisting of text that can be sent from a website to the browser. The browser then stores them and sends them back to the website. In cookies, various details can be stored that can be read by the entity that set the cookie. They are commonly assigned a particular string of characters (ID) that allow for a clear identification of the browser when returning to the website or leaving it. Their primary function is to make our website more user-friendly and more effective. The data that is collected in cookies are pseudonymised by technical provisions which generally make the assigning of the data to the requesting user no longer possible. If an identification is possible, as is the case with login cookies where the session ID is necessarily linked to the account of the user, we will notify you about this at the respective time.


We use various cookies on our website: 

· So-called “session cookies” are cookies that are deleted after you leave our website and close the browser. In such cookies, language settings and the content of the shopping cart are saved. 

· “Permanent cookies” are stored after the browser has been closed so that for instance the login status or entered search terms can be saved. We also use such cookies for measuring the success of our marketing activities as well as for our marketing purposes. 

· Permanent cookies are automatically deleted after a set period of time that can be different for each cookie. You can, however, delete such cookies at any time with your browser. 


Besides so-called “first-party cookies” that are set by us as the controller for data processing, there are also “third-party cookies” provided by other vendors. 

· We as controller set so-called “first-party cookies”: 


The legal basis for the processing of your personal data in this context is our legitimate interest. 

· External service providers, who do web tracking or measure the success of our marketing activities for us, may also set cookies. 


The legal basis for processing your personal data in this context is your consent. 



A general objection to the use of cookies for marketing purposes can be declared for a number of services on the EU website https://www.youronlinechoices.com or the US website https://www.aboutads.info/choices/. You can also configure your browser settings accordingly and for instance block the acceptance of “third-party cookies” or all cookies or activate the option “do not track”. However, you may then no longer be able to use all of our website’s features.