Data Privacy

Data Privacy

Privacy Policy
Update: 18.04.2023

1. Data protection at a glance

General Information

The following provides a general overview as to what happens with your personal data when you visit this website. Personal data is any data that can be used to identify you. Detailed information on data protection can be found in our privacy policy listed below in this text.

Data Collection on This Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find contact details for the website operator in the “Information on the Controller” section of this privacy policy.

How do we collect your data?
Your data is collected in part by you providing it to us. This can be data you enter into a contact form, for example. Other data is automatically collected or collected with your consent through our IT system when you visit our website. These are primarily technical data (e.g., internet browser, operating system or time of website access). Collection of these data occurs automatically as soon as you access this website.

What do we use your data for?
Some data is collected to ensure the proper functioning of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right to request free information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data.

You also have the right to lodge a complaint with the responsible supervisory authority.
You can always contact us for this purpose, as well as for any further questions regarding data protection.

Analysis Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be evaluated for statistical purposes.
This primarily occurs using so-called analysis programmes.

Detailed information regarding these analysis programmes can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

External Hosting
This website is hosted externally. The personal data that is collected on this website is stored on the servers of the host or hosts. This may include, in particular, IP addresses, contact requests, meta and communications data, contract data, contact details, names, website access and other data that is generated through a website.

External hosting is carried out for the purpose of fulfilling our contract with potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online offering securely, quickly and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing will be based solely on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

Our host(s) will process your data only to the extent necessary to fulfil their performance obligations and will follow our instructions regarding this data.

We use the following host:
BIOHOST – Lars-Helge Wilbrandt
Op de Barg 12
24367 Osterby

The data from BioHost is stored in Enge-Sande, Schleswig-Holstein, Germany.

An evaluation of BioHost does not generally take place. BioHost uses Bitninja for defence against attacks, etc. However, the data is not usually transferred over to Bitninja. Bitninja provides BIOHOST with rules for defence against attacks and blacklists of IP addresses.

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) with the above-mentioned provider. This is a data protection-required contract that ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you. This privacy policy explains which data we collect and how we use it. It also explains how and for what purposes this occurs.

We would like to point out, that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information about the Data Controller

The Data Controller responsible for data processing on this website is:
ten&one Eventagentur GmbH
Hans-Peter-Knödler
Meyerbeerstrasse 12
81247 Munich
Phone: +49 (0)89/25 54 19-0
E-Mail: contact@tenandone.com

The Data Controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses etc.).

Storage Duration
Unless a specific duration for storage is specified within this Privacy Policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or revoke your consent for data processing, your data will be deleted, unless we have other legally permissible reasons for storing your data (e.g., tax or commercial retention periods); in the latter case, deletion will occur once these reasons no longer apply.

General Information on the Legal Basis for Data Processing on this Website
If you have given your consent to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data according to Art. 9 para. 1 GDPR are processed. In the case of explicit consent for the transmission of personal data to third countries, data processing also takes place based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing also occurs based on § 25(1) TTDSG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the performance of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfil a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest according to Art. 6(1)(f) GDPR.
The relevant legal bases for each specific case will be explained in the following paragraphs of this Privacy Policy.

Data Protection Officer
We have appointed a Data Protection Officer.

Felicia Müller
Meyerbeerstraße 12
81247 Munich
Phone: +49 (0)89/25 54 19-16
E-Mail: f.mueller@tenandone.com

Information on Data Transfer to the USA and Other Non-Secure Third Countries
We use tools, among other things, from companies located in the USA or in other third countries without adequate data protection measures. When these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that in these countries, a data protection level comparable to that of the EU cannot be guaranteed. For example, US companies are obligated to disclose personal data to security authorities without the possibility of legal recourse for you as an affected party. It is therefore not possible to rule out the possibility that US authorities (e.g., intelligence agencies) may process, analyse, and permanently store your data located on US servers for surveillance purposes. We have no influence over such processing activities.

Withdraw of Your Consent for Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of data processing carried out until the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

WHEN DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their permanent residence, place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability
You have the right to receive the data we process automatically based on your consent or in fulfilment of a contract in a common, machine-readable format, either for yourself or for a third party. If you request direct transmission of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, Deletion and Correction
You have the right, within the scope of applicable legal provisions, to obtain free information about your stored personal data, their origin and recipients, and the purpose of data processing, and you may also have the right to correct or delete this data. You can always contact us for this purpose, as well as for any further questions regarding personal data.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restrict processing applies in the following cases: If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you may restrict the processing of data instead of deletion. If we no longer need your personal data, but you require it for the exercise, defence, or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

If you have filed an objection under Art. 21(1) GDPR, a balance of interests between your interests and ours must be carried out. As long as it is not clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

Once you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the European Union or a Member State.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of your browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails
We hereby object to the use of contact information published in the context of the imprint obligation for sending unsolicited promotional and informational materials. The operators of the website expressly reserve the right to take legal action in the event of unsolicited promotional information, such as through spam emails.

4. Data Collection on This Website

Cookies

Our website uses so-called cookies. Cookies are small text files that do not damage your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your end device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your end device until you delete them yourself or automatic deletion occurs through your web browser.

In some cases, cookies from third-party companies (third-party cookies) may also be stored on your end device when you enter our site. These allow us or you to use certain services of the third-party company (e.g., cookies for processing payment services). Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to evaluate user behaviour or display advertisements. Cookies that are necessary (functional cookies) for the electronic communication process, for providing certain functions you request (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring web audience) are stored based on Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services.
If consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close your browser. Disabling cookies may limit the functionality of this website. If cookies from third-party companies are used or for analytical purposes, we will inform you separately within the scope of this privacy policy and, if necessary, request your consent.

You can find information on which cookies and services are used on this website in this privacy policy.

Consent with Usercentrics
This website uses the consent technology from Usercentrics to obtain your consent for the storage of certain cookies on your end device or for the use of certain technologies and to document this in compliance with data protection regulations.

The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website:

https://usercentrics.com/de/(hereinafter referred to as ‘Usercentrics’).

When you visit our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to our website

Furthermore, Usercentrics stores a cookie in your browser to be able to assign the given consents or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. The use of Usercentrics is carried out to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) GDPR.

Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) with the above-mentioned provider. This is a data protection-required contract that ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

These data are not merged with other data sources.

The collection of these data is based on Art. 6(1)(f) of the GDPR (General Data Protection Regulation). The website operator has a legitimate interest in the technically error-free presentation and optimization of their website – for this purpose, the server log files must be recorded.

Contact Form
If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) of the GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6(1)(f) of the GDPR) or on your consent (Art. 6(1)(a) of the GDPR) if it has been requested; you may revoke your consent at any time.

The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after the completion of your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiry via Email, Telephone or Fax

When you contact us via email, telephone, or fax, your inquiry, including all associated personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) of the GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6(1)(f) of the GDPR) or on your consent (Art. 6(1)(a) of the GDPR) if it has been requested; you may revoke your consent at any time. The data you send to us through contact requests will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after the completion of your inquiry). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

5. Social Media

Facebook
Elements of the social media network Facebook are integrated on this website. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The collected data, according to Facebook, is also transferred to the USA and other third countries.

You can find an overview of the Facebook social media elements here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server.  Facebook thereby receives information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to the Facebook Privacy Policy at:
https://de-de.facebook.com/privacy/explanation.

Where consent has been obtained, the use of the aforementioned service is based on Article 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25 of the Telecommunications Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the broadest possible visibility on social media.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, share joint responsibility for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations jointly incumbent on us have been documented in an agreement on joint processing. You can find the version of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can exercise data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you choose to exercise data subject rights with us, we are obligated to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find details here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php.

Instagram

This website incorporates features of the Instagram service. These features are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thus receives information about your visit to this website.

When you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Where consent has been obtained, the use of the aforementioned service is based on Article 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25 of the Telecommunications Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the broadest possible visibility on social media.

To the extent that personal data is collected on our website and forwarded to Facebook or Instagram using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, share joint responsibility for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Instagram or Facebook. The processing carried out by Facebook or Instagram after the transfer is not part of the joint responsibility. The obligations jointly incumbent on us have been documented in an agreement on joint processing. You can find the version of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-Instagram-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can exercise data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you choose to exercise data subject rights with us, we are obligated to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 and
https://de-de.facebook.com/help/566994660333381.

For more information, please refer to the Instagram Privacy Policy at:
https://instagram.com/about/legal/privacy/.

LinkedIn

This website utilizes elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Whenever you access a page on this website that contains elements from LinkedIn, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited this website with your IP address. If you click on the “Recommend” button from LinkedIn and are logged into your LinkedIn account, LinkedIn can associate your visit to this website with you and your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Where consent has been obtained, the use of the aforementioned service is based on Article 6(1)(a) of the General Data Protection Regulation (GDPR) and § 25 of the Telecommunications Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in achieving the broadest possible visibility on social media. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find details here:
https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

For more information, please refer to the LinkedIn Privacy Policy at:
https://www.linkedin.com/legal/privacy-policy.

Skip to content