Data protection

I. DATA PROTECTION ACCORDING TO ART. 4 EU GENERAL DATA PROTECTION REGULATION (EU-GDPR)

To ensure that you are informed about how and why your information is used, we emphasize the importance of reading both this privacy policy and any additional privacy notices and fair data processing information. We provide these to you in the context of the collection or processing of your personal data for specific occasions. The terms we use are based on the definitions according to Article 4 of the EU General Data Prob.1. Google Tag Managertection Regulation (GDPR).

II. RESPONSIBLE ENTITY

The responsible entity for the processing of your personal data on this website is:

Die Energiewerker
a brand of lean buy e2e GmbH
Friedensstraße 66
65510 Idstein
Germany

Commercial register: HRB 286 46
Register court: Amtsgericht Wiesbaden
VAT ID: DE304134069

Represented by the managing directors: Philipp Stephan, Martin Blum, René Süssig

Phone: +49 611 1675 1020
E-mail: info@die-energie-werker.de

For questions about data protection, you can reach our data protection officer Mr. Philipp Stephan at:
E-Mail:   datenschutz@die-energie-werker.de

III. EXECUTIVE SUMMARY

When you access our websites, your browser automatically transmits various information to us, including your IP address. The processing of data is essential for the operation of our website. We need your contact details to process your requests. To make continuous improvements to our online offering, we rely on the support of analysis services. Furthermore, we maintain profiles under the name “Die Energiewerker” on selected social networks, through which we may be able to view information about you. We also cooperate with selected partners and service providers who may have access to your data as part of their specific tasks.

IV. ACTIVITY TRACKING VIA SERVER LOG FILES

The website provider automatically collects and stores information in so-called server log files, which are automatically transmitted and provided by your browser.

This information includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

The storage in log files is necessary to deliver the website to you. Furthermore, we use the data for technical optimization of the website and to secure our information technology systems. No evaluation of the data for marketing purposes takes place in this context. The legal basis for data processing is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR). Our legitimate interest lies in the technically flawless presentation of our website, for which the collection of server log files is necessary.

V. PROVISION OF THE WEBSITE

We make use of managed hosting provided by Hetzner Online GmbH.

As part of this, we process the data according to point IV of this statement and all data related to you that arises during the use of our website, such as content and communication data. This data processing is essential to efficiently and smoothly provide you with our web content. Consequently, our web offerings are transmitted to you from the servers of our hosting provider. We have concluded a contract for order processing with Hetzner Online GmbH.

The legal basis for data processing under Article 6(1)(f) of the EU General Data Protection Regulation (GDPR) is based on our demonstrated legitimate interest in using the services of Hetzner Online GmbH. For further details on data protection at Hetzner, please refer to their privacy policy [LINK].

VI. CUSTOMER COMMUNICATION

a. Consultation Contact Form
You can take advantage of our free consultation service by filling out a contact form. In this context, we process the following data from you:

Personal Data

  • First and last name
  • Postal code, street, house number
  • Phone number
  • Email address

Project related Data

  • Images and drawings
  • Residential and property details of the relevant property
  • Other project-specific information as per your message

We process this data based on Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of initiating a contractual relationship. In the case of contract conclusion, the processing is carried out for the execution and termination of the contract, as well as based on Article 6(1)(f) of the GDPR. Our legitimate interest arises from responding to your inquiry.

As a general practice, we retain your data for up to 10 years for commercial and tax reasons, and for any warranty claims, up to 2 or 5 years (§ 438 BGB). For pure inquiries, we typically delete this information after 1 year.

b. Contact Options 
On our website, we offer you the opportunity to get in touch with us via email, phone, and/or a contact form. In this context, the information you provide for processing your inquiry is stored and processed.

If you contact us by phone, the data is also processed according to the guidelines described above. These inquiries are recorded in our internal ticket system.

The processing of the provided information is either based on Article 6(1)(b), if they relate to contractual matters, or Article 6(1)(f) of the GDPR. Our legitimate interest lies in responding to your inquiry and efficiently organizing our communication.

c. Advertising Communications (according to § 7 UWG) 
We intend to inform you about future updates and relevant offers related to your previous purchases or interests with us. In other words, we would like to send you promotional messages. For this purpose, we use your contact details such as email address and name. The legal basis for this data processing is Article 6(1)(f) of the GDPR. We have a legitimate interest in using your data for promotional purposes, especially if you have already made purchases with us.

Right to Object 

You have the right to object to the processing of your personal data for advertising purposes at any time, free of charge. Further information about your rights can be found in the following details.

d. Meta Instagram
We operate an Instagram profile managed by Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Dublin 2, Ireland (collectively referred to as “Meta,” including platforms “Facebook” and “Instagram”). Through this profile, we communicate with you and other interested parties, providing information about “Die Energiewerker” (a brand of lean buy e2e GmbH) and our range of services.

In the context of our Instagram presence, we process the following types of data:

  • Communication Content: This includes messages and comments.
  • Interactions: Such as “likes,” views of stories, and sharing of posts.
  • Profile Information: Including images and other details you have publicly shared.

Among the mentioned data, there may also be special categories of personal data, the processing of which is privileged under Article 9(2)(e) of the GDPR.

Independently of us, Meta analyzes your usage behavior on the platforms and utilizes insights for various purposes. Further details can be found both below and in the “Insights” section.

If you are a Meta member and visit our Instagram profile while logged into your account, Meta associates your visit with your personal user account.

Meta stores your data as user profiles and may use them for advertising purposes, market research, and/or customization of its services. You have the right to object to the creation of these user profiles, and for this, you should directly contact Meta.

Meta transfers data related to your usage behavior, particularly to Meta Platforms Inc., located at 1601 Willow Rd, Menlo Park, CA, USA, as well as to other companies within the Meta corporate group, which process this data independently. The exact scope of this transfer is explained by Meta here: [LINk]

Meta may transfer your data worldwide, including locations in countries without adequate data protection levels. For data transfers to the USA, Meta has implemented standard data protection clauses according to Article 46(2)© of the GDPR. As Meta is part of a corporate group headquartered in the USA, it may also be subject to requests from US authorities. The subsequent use of data by these authorities may be unclear, and currently, there is no equivalent legal protection as in the EU, which poses an increased risk to your rights and freedoms.

Regarding the processing of your personal data within the operation of the Instagram profile, you have the rights mentioned in this privacy statement. If you wish to assert your rights against Meta, the best approach is to do so directly with Meta: [LINK]

Meta provides details about the technical operation of the platform, data processing, and the specific purposes of data processing. If necessary, Meta can take action when you exercise your rights. We are here to assist you and will forward your inquiries to Meta.

Given that data availability and presentation may change due to Instagram’s continuous development, we recommend referring to Meta’s privacy policy for further information:
[LINK].

The legal basis for this data processing is Article 6(1)(f) of the GDPR, based on our legitimate interest as described above.

e. Meta Insights
Through the so-called “Insights” of our Instagram page, we have access to anonymous statistical data across various categories. These statistics are generated and provided by Meta. The use of this feature cannot be disabled, and the creation and processing of the data cannot be prevented. For further information, please refer to the following link: Meta Terms – Page Controller Addendum.

Regarding the processing of personal data for Insights statistics, particularly concerning data collection and transmission to Meta, we and Meta are jointly responsible under Article 26 of the GDPR. Meta provides an agreement in this context, which you can review here: Meta Page Controller Addendum.

For the “Insights,” Meta processes at least (but not exclusively) the following information related to you:

  1. Interaction Data: This includes actions such as viewing posts, stories, videos, profiles, marking posts as “liked,” and recommending pages.
  2. User Data: Such as name, age, Meta ID, gender, region, etc.

While direct identification of individuals is not possible from our side, Meta has the capability to do so.

The legal basis for this data processing is Article 6(1)(f) of the GDPR, based on our legitimate interest in communicating with you, providing information, and leveraging the reach of Meta products.

f. LinkedIn

We operate a LinkedIn page and an Instagram profile managed by LinkedIn Ireland Unlimited Company, located at Wilton Plaza Wilton Place, Dublin 2, Ireland (“LinkedIn”). Through these platforms, we communicate with you and other interested parties, providing information about “Die Energiewerker” (a brand of lean buy e2e GmbH) and our range of services.

We process the following categories of data:

  1. Communication Content: This includes messages and comments.
  2. Interactions: Such as “likes,” page visits, and sharing of posts.
  3. Profile Information: Including images and other details you have publicly shared.

Among the mentioned information, there may also be special categories of personal data, the processing of which is privileged under Article 9(2)(e) of the GDPR.

Independently of us, LinkedIn analyzes your usage behavior on the platforms and utilizes insights for various purposes. Further information can be found on LinkedIn’s privacy pages: [LINK].

LinkedIn considers our collaboration regarding the provided Insights statistics as data processing under Article 28 of the GDPR and provides a data processing agreement that we have concluded with LinkedIn: [LINK].

If you are a LinkedIn member and visit our page while logged into your profile, LinkedIn associates your visit with your personal user account.

LinkedIn stores your data (such as logins, cookie information, device details, IP addresses) as user profiles and may use them for advertising purposes, market research, and/or customization of its services. You have the right to object to the creation of such user profiles, which you can exercise directly with LinkedIn.

LinkedIn transfers data related to your usage behavior, particularly to the LinkedIn Corporation in the USA, and other companies within the corporate group for independent processing. The exact scope is explained here: [LINK].

LinkedIn may transfer your data worldwide, including to countries without adequate data protection levels. For transfers to the USA, LinkedIn has implemented standard data protection clauses according to Article 46(2)© of the GDPR. As LinkedIn is part of a corporate group headquartered in the USA, it may be subject to data requests from US authorities. The subsequent use of data by these authorities may be unclear, and currently, there is no equivalent legal protection as in the EU, posing an increased risk to your rights and freedoms.

Regarding the processing of your personal data within the operation of the page, the rights mentioned in this privacy statement apply. If you wish to assert your rights against LinkedIn, the easiest approach is to do so directly with LinkedIn: [LINK].

LinkedIn kennt sowohl die technischen Details des Plattformbetriebs und der damit verbundenen Datenverarbeitung als auch die konkreten Zwecke der Datenverarbeitung. Auf Anfrage können angemessene Maßnahmen umgesetzt werden, wenn Sie von Ihren Rechten Gebrauch machen. Wir unterstützen Sie gerne bei der Ausübung Ihrer Rechte, soweit es uns möglich ist, und leiten Ihre Anfragen an LinkedIn weiter.

LinkedIn is knowledgeable about the technical details of platform operation and associated data processing, as well as the specific purposes of data processing. Upon request, appropriate measures can be implemented when you exercise your rights. We are here to assist you in exercising your rights to the extent possible and will forward your inquiries to LinkedIn.

Given that data availability and presentation may change due to LinkedIn’s continuous development, we recommend referring to LinkedIn’s privacy policy for further information: [LINK]

The legal basis for this data processing is Article 6(1)(f) of the GDPR, based on our legitimate interest as described above.

VII. COOKIES, TOOLS AND SERVICES

a. Cookies
We partially use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. They serve to make our offering more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

When visiting our website, you have the option to adjust your cookie settings.

Most of the cookies we use are called “session cookies.” They are automatically deleted once you leave our website. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser during your next visit.

You can configure your browser to inform you about the placement of cookies, allow cookies only in specific cases, reject cookies for certain situations, or generally exclude them. You can also set your browser to automatically delete cookies when you close it. If you disable cookies, the functionality of this website may be limited.

b. Google Services
We utilize various services provided by Google on our website. Google is a conglomerate of multiple companies. The responsibility for the services used and the associated data processing is shared with you in the description of each service. Unless otherwise specified, Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for the data processing.

By visiting our website, Google receives information that you have accessed the corresponding subpage of our website. Unless otherwise described, at least the data mentioned in Section 4 is transmitted to Google. This occurs regardless of whether you are logged in to Google or have a user account. For logged-in users, the association is directly linked to your account. If you do not wish this association, you must log out before activating the respective service. Google stores your data as usage profiles and may use them for advertising, market research, and customization of its services. You have the right to object to the creation of these usage profiles, which you can exercise by contacting Google. Google primarily transfers data related to your usage behavior to Google LLC for independent processing.

Google may transfer your data worldwide, including to countries without adequate data protection levels. For data transfers to countries without adequate data protection, such as the USA, Google has implemented standard contractual clauses according to Article 46(2)© of the GDPR. As Google is part of a corporate group headquartered in the USA, data requests from US authorities may occur, with the subsequent use of your data by these authorities being at least unclear. Currently, there is no EU legal protection against such requests, which poses an increased risk to your rights and freedoms.

We have no influence over further data processing by Google beyond the purposes mentioned. The information provided represents our current knowledge.

For more information on data protection at Google, please visit: [LINK]

b.1. Google Tag Manager
On our website, we utilize the Google Tag Manager provided by Google.

This service manages JavaScript tags and HTML tags, particularly for implementing tracking and analysis tools. The data processing aims to customize and optimize our website.

The Google Tag Manager only stores your IP address. However, it enables the triggering of additional tags that may collect and process personal data.

The use of the Google Tag Manager is based on your voluntary consent under § 25 TTDSG (German Telemedia Act) and Article 6(1)(a) of the GDPR.

You can revoke this consent at any time for the future.

b.2. Google Analytics
If you have given your consent, we use Google Analytics on this website.

Through the data and analyses provided by Google Analytics, we identify which areas of our web offering are particularly attractive to you and where we need further improvement. The data also helps us better understand you as a visitor. Additionally, it assists in making our advertising and marketing efforts more individualized and cost-effective. Google Analytics uses cookies to analyze your usage of our web pages.

During your visit to our website, your interactions are recorded in the form of “events.”

These events can include:
  • Page views
  • Initial website visits
  • Session starts
  • Interactions on the website (click paths, links, videos, downloads, etc.)
  • Scrolling (whenever a user scrolls to the end of the page, approximately 90%)
  • Clicks on external links
  • Internal search queries
  • Interactions with videos
  • File downloads
  • Viewed/clicked advertisements
  • Language settings
Furthermore, Google Analytics captures:
  • Your approximate location (region)
  • Your IP address (anonymized)
  • Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
  • Your internet service provider
  • The referrer URL (the website or advertising medium through which you accessed our site)
  • Google Analytics reports on demographic characteristics and interests

We have enabled advertising reporting features in Google Analytics, including reports on demographic characteristics and interests. These reports provide information about age, gender, and interests without identifying individual persons. Google generates reports on user behavior and provides them to us, including:

Conversion Reports:
These show the effectiveness of our marketing efforts by indicating how many visitors took a desired action (e.g., making a purchase or subscribing to a newsletter) due to a marketing message.

Acquisition Reports:
These give insights into how we can best reach people for our products.

Audience Reports:
These provide information about our users.

Behavior Reports:
We learn how you interact with our website, the paths you take, and which links you click.

Advertising Reports:
These allow us to better analyze and improve our online advertising.

Real-Time Reports:
Here, we gain immediate insights into the current activity on our website.

Google offers the “User ID” feature, which assigns a unique, persistent ID to one or more sessions for cross-device user behavior analysis. We also utilize “Google Signals” to capture additional information about users who have enabled personalized ads, such as interests and demographic data. Based on this information, personalized ads can be delivered to these users in cross-device remarketing campaigns.

More information on Google Analytics advertising features can be found here: [LINK]. If you do not want your activities and information from your Google account to be used for advertising purposes, you can disable this via the “Ad Settings” checkbox at this link: [LINK]

IP Anonymization:
In Google Analytics, IP address anonymization is enabled by default. This means that your IP address is truncated within the European Union or other contracting states of the European Economic Area before being transmitted to Google. In exceptional cases, the full IP address may be transferred to a Google server in the USA and truncated there. According to Google, the IP address is not merged with other Google data.

Data Retention:
The data sent by us and associated with cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

The use of Google Analytics is based on your voluntary consent under § 25(1) TTDSG (German Telemedia Act) and Article 6(1)(a) of the GDPR.

You can revoke this consent at any time for the future.

b.3. Google Ads Marketing Platform
We utilize the Google Marketing Platform by Google to raise awareness of our services through advertisements (known as Google Ads) on external websites. The information collected using the conversion cookie is used to create conversion statistics. This allows us to determine the total number of users who clicked on one of our ads and were then redirected to a page with a conversion tracking tag. However, we do not receive information that allows us to personally identify users. Our goal is to display relevant advertising to you and make our website more interesting for you.

These advertising materials are delivered via so-called “ad servers” from Google. Your browser automatically establishes a direct connection to Google’s server. The ad server cookies used provide information for measuring success, such as ad impressions or clicks by users. If you arrive at our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually have a validity period of 90 days and are not intended to personally identify you. Typically, this cookie stores analysis values such as the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed).

These cookies allow Google to recognize your browser. If a user visits specific pages of a client’s website and the cookie stored on their computer has not expired, Google and we can recognize that the user clicked on the ad and was redirected to the corresponding page. Each advertiser is assigned a different cookie. Therefore, cookies cannot be tracked across advertisers’ websites. In the mentioned advertising measures, we do not collect or process personal data. We only receive statistical evaluations from Google, showing which advertising measures are particularly effective. We do not receive any further data from the use of advertising materials, and in particular, we cannot identify users based on this information.

The use of the Google Ads Marketing Platform is based on your voluntary consent under § 25(1) TTDSG (German Telemedia Act) and Article 6(1)(a) of the GDPR.

You can revoke this consent at any time for the future.

b.4. Google Dynamic Remarketing
On our website, we use the dynamic remarketing function of Google AdWords, a service provided by Google. This technology allows us to automatically display audience-targeted advertising after your visit to our website. The ads are based on the products and services you clicked on or viewed during your last visit to our website. Google uses cookies to create interest-based ads.

The use of Google Dynamic Remarketing is based on your voluntary consent under § 25(1) TTDSG (German Telemedia Act) and Article 6(1)(a) of the GDPR.

You can revoke this consent at any time for the future, including through our cookie consent management tool on the website.

b.5. DoubleClick by Google
We utilize the online marketing tool DoubleClick by Google. DoubleClick uses cookies to display relevant ads to users, improve the performance of advertising campaigns, and prevent users from seeing the same ads repeatedly. By using a cookie ID, Google captures information about which ads are displayed in which browser to prevent the repeated display of the same ads. DoubleClick can also track conversions related to ad requests using cookie IDs. For example, it can track a user’s purchase if they see a DoubleClick ad and later visit the advertiser’s website with the same browser to make a purchase. Google emphasizes that DoubleClick cookies do not contain personally identifiable information.

Since we employ DoubleClick, your browser will automatically connect to Google’s server. However, we have no control over the data collected by Google through the use of this tool and provide information based on our current knowledge. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or not logged in, Google may still capture and store your visit based on identification features such as your IP address.

The use of DoubleClick, particularly the setting of cookies, is based on your voluntary consent under § 25(1) TTDSG (German Telemedia Act) and Article 6(1)(a) of the GDPR.

You can revoke this consent at any time for the future.

For more information about DoubleClick by Google, visit [LINK]and[LINK]

VIII. APPLICATIONS

We process your application data to assess whether you possess the suitability, qualifications, and professional performance required for the position you are applying for (Article 6(1)(b) of the GDPR, Section 26(1) of the BDSG).

If your application documents contain special categories of personal data, such as information about health, religious beliefs, or ethnic origin, we additionally base our processing on Article 9(2)(b) of the GDPR and Section 26(3) of the BDSG due to our legal obligations as an employer and to protect your fundamental rights. Furthermore, we process your information in accordance with Article 9(2)(h) of the GDPR and Section 26(3) of the BDSG to assess the work capacity of potential employees and, if necessary, to take occupational medical and health precautionary measures.

In the application process, we use the information you provide to process your application and determine whether we can offer you a position. This also serves to fulfill our legal obligations as an employer. The provision of personal data is necessary for the lawfulness of the selection process. Missing relevant personal data in the application documents may result in non-consideration for the position.

The information you provide will not be shared with third parties. Recipients of the personal data contained in the application documents are the respective responsible personnel managers.

We use your contact details exclusively to communicate with you and keep you informed about the progress of the application process. Other information in the application documents is used solely to assess your suitability for the position.

Your personal data will be deleted when it is no longer needed for the purpose of collection. If an employment relationship, training relationship, internship, or similar arises after the application process, the data will initially be stored and transferred to the personnel file. Otherwise, the application process for you will end with a rejection.

After rejecting your application, your personal data will be deleted two months after receiving the rejection, unless longer storage is necessary to defend legal claims. If you wish us to consider your application documents for future selection processes, we will store them based on your consent under Article 6(1)(a) of the GDPR. We will obtain this consent separately from you. The application documents will be kept until the next selection process and deleted two months after receiving the rejection, unless longer storage is necessary to defend legal claims.

IX. RECIPIENTS OF YOUR DATA

a. Sales Representatives
Consultation meetings, proposal creation, sales, and installation of your energy system are carried out or accompanied by our sales partners (sales representatives). For this purpose, it is necessary to share your data according to Section 5 with these sales partners. The legal basis for this data transfer is Article 6(1)(f) of the GDPR. Our legitimate interest is to involve our sales partners in the process, allowing us to focus on our main tasks: providing and improving our products and services for you.

As a rule, we store your data for commercial and tax reasons for up to 10 years and for any warranty claims for up to 2 or 5 years (according to § 438 of the German Civil Code).

In this cooperation, we process your data jointly with the sales partners. Therefore, we have entered into an agreement with them according to Article 26 of the GDPR. This agreement specifies, among other things, that we (Die Energiewerker – a brand of lean buy e2e GmbH) are your contact for exercising your rights and for all questions related to data processing. Nevertheless, you can also contact the sales partner directly. The sales partner is responsible for collecting and storing your data on-site according to Section 4 and for transmitting your data to us. Die Energiewerker – a brand of lean buy e2e GmbH takes responsibility for your data in the further course, e.g., for construction planning, quotation creation, etc.

b. Others
Primarily, we share your data with the partners described above to implement your project. Unless otherwise explained in the previous sections, we internally forward your data to the responsible employees and, if necessary, to other recipients such as authorities, tax consultants, lawyers, web hosts, and other third parties involved in the usual business process. Data may also be disclosed to third parties if necessary to enforce our claims or if legal obligations exist.

Important partners in your project are also our installation partners, freight forwarders, and the manufacturers of our products. They receive the data necessary for their tasks. To implement your project, we also collaborate with other trades involved in the construction phase and provide them with your contact details, address, and specific construction information to achieve the project goal.

The disclosure of your data to third parties for independent use always occurs within the requirements of lawfulness. The integration of all service providers complies with the requirements of the GDPR.

X. DELETION OF DATA

Your personal data will only be stored for as long as necessary for the purposes for which it was collected. This also includes compliance with legal accounting or reporting requirements.

We are legally obligated to retain basic information about our customers (including contact, identity, and transaction data, business letters) for a period of six years after the end of the business relationship or ten years after the end of the current tax year in which the invoice was issued, for commercial and tax reasons (according to § 257 of the German Commercial Code (HGB), § 147 of the German Tax Code (AO), and other corresponding regulations).

Individual deletion periods may also apply, which we have detailed in the respective sections.

Under certain circumstances, you have the right to request the deletion of your personal data. For more information, see the “Right to Erasure” section.

XI. YOUR RIGHTS

Regarding your personal data, you have the following rights under certain circumstances:

Right to Information (Article 15 of the GDPR):
You have the right to know what personal data is being processed about you and how it is used.

Right to Rectification (Article 16 of the GDPR):
You can request the correction of inaccurate or incomplete data processed about you.

Right to Erasure (Article 17 of the GDPR):
You can request the deletion of your personal data unless there are legitimate reasons for further processing.

Right to Restriction of Processing (Article 18 of the GDPR):
Under certain circumstances, you can request the restriction of processing your personal data.

Right to Data Portability (Article 20 of the GDPR):
You have the right to receive your personal data in a structured, machine-readable format and, if necessary, transmit it to another controller.

Right to Object (Article 21 of the GDPR):
You can object to the processing of your personal data if it is based on a legitimate interest.

Right to Withdraw Consent (Article 7(3) of the GDPR):
If the processing of your data is based on your consent, you can withdraw this consent at any time. However, this does not affect the lawfulness of processing before the withdrawal.

Right to Lodge a Complaint with a Supervisory Authority:
If you believe that your data protection rights have been violated, you can file a complaint with the competent data protection authority:

Hessian Commissioner for Data Protection: Prof. Dr. Alexander Roßnagel
Email: poststelle@datenschutz.hessen.de
Phone: 061114080
Fax: 06111408611
Postal address: :Postfach 3163, 65021 Wiesbaden
Visiting address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany

XII. CHANGES TO THIS PRIVACY POLICY

This privacy policy may be updated or modified from time to time. Such changes will be announced by publishing the updated version on the website. Please note that older versions of this privacy policy are available upon request.

The most recently updated version of this privacy policy is dated August 16, 2023.