Information on data processing for this website

konzepthaus Web Solutions GmbH is responsible for this website and, as a provider of a teleservice, must inform you at the beginning of your visit about the type, scope and purpose of the collection and use of personal data in a precise, transparent, comprehensible and easily accessible form in clear and simple language. This content must be available to you at all times.

We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the European and national laws currently in force.

With the following data protection information, we would like to show you how we handle your personal data and how you can contact us:

konzepthaus Web Solutions GmbH
Flurstraße 1a
87527 Sonthofen
Sonthofen, Germany

Phone: +49 8321 60 78 787
E-mail: info@konzepthaus-ws.de

Managing directors: Thorsten Heissel, Monika Wisser

Sven Lenz
Data protection law firm Lenz GmbH & Co KG
Bahnhofstraße 50
87435 Kempten
Germany

If you have any questions about data protection or other data protection concerns, you are welcome to send an e-mail to the data protection team: datenschutz@konzepthaus-ws.de

A. General information

For better comprehensibility, we refrain from gender-specific differentiation. In the interests of equal treatment, the relevant terms apply to all genders. The meaning of the terms used, such as "personal data" or their "processing", can be found in Art. 4 GDPR.

The personal data processed on this website includes

• Inventory data (e.g. names and addresses of customers),
• usage data (e.g. pages visited on our website) and
• content data (e.g. entries in online forms).

B. Specific

Data protection information:
We guarantee that we will only process your data in connection with the processing of your inquiries and for internal purposes as well as to provide the services you have requested or to provide content.

We process your personal data only in compliance with the relevant data protection regulations and on the basis of the following legal bases:

• Processing for the performance of our services and implementation of contractual measures
  Art. 6 para. 1 lit. b) GDPR
• Processing for the fulfillment of our legal obligations
  Art. 6 para. 1 lit. c) GDPR
• Consent
  Art. 6 para. 1 lit. a) and Art. 7 GDPR
• Processing for the protection of our legitimate interests
  Art. 6 para. 1 lit. f) GDPR

We would like to point out that data may be transferred when you use our website if you select services offered via the "cookie consent tool" provided on the website or due to the Hubspot service used for certain forms.

Further information on data transfers can be obtained from the respective service.

If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area.

Data is transferred to a third country or an international organization because our website is hosted by Cloudflare in the USA.

A further data transfer to a third country may take place if you select services offered via the "cookie consent tool" provided on the website or due to the Hubspot service used for certain forms.

Further information on data transfers can be obtained from the respective service.

The adequacy decision of the EU Commission is taken into account here. This states that it is a secure third country or a secure international organization that offers an adequate level of protection.

The following applies to data transfers to the USA: Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA.

We adhere to the principles of data minimization and data avoidance. This means that we only store your data for as long as necessary to fulfill the aforementioned purposes or for as long as the various storage periods stipulated by law require. If the respective purpose no longer applies or after the corresponding periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions.

Personal data is processed when you contact us electronically (e.g. via contact form or email). The information you provide will be stored exclusively for the purpose of processing the request and for possible follow-up questions.

We would like to inform you of the legal basis for this:

• Processing for the fulfillment of our services and implementation of contractual measures
  Art. 6 para. 1 lit. b) GDPR

We would like to point out that emails can be read or changed without authorization and unnoticed during transmission. We would also like to draw your attention to the fact that we use software to filter unwanted emails (spam filter). The spam filter can reject emails if they have been falsely identified as spam due to certain characteristics.

What rights do you have?

1. Right to information
   You have the right to obtain information about your stored data free of charge. On request, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.
   
   
2. Right to rectification
   You have the right to have your data stored by us corrected if it is incorrect. You can also request that processing be restricted, e.g. if the accuracy of your personal data is disputed.
   
   
3. Right to blocking
   You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be kept in a lock file for control purposes.
   
   
4. Right to erasure
   You can request the erasure of your personal data, provided that there are no statutory retention obligations. If such an obligation exists, we will block your data on request. If the relevant legal requirements are met, we will delete your personal data even without your request.
   
   
5. Right to data portability
   You are entitled to request that we provide you with the personal data transmitted to us in a format that allows it to be transmitted to another location.
   
   
6. Right to lodge a complaint with a supervisory authority
   

   You have the right to lodge a complaint with a data protection supervisory authority.

   
   The data protection authority responsible for us:

   Bavarian State Office for Data Protection Supervision (BayLDA)

   Promenade 27, 91522 Ansbach, Germany

   Phone: +49 981 53-1300

   Fax: +49 981 53-981300

   
   

   You can open the complaint form via the following link: https://www.lda.bayern.de/de/beschwerde.html

   
   

   Note: It is also possible to lodge a complaint with any data protection supervisory authority within the EU.

7. Right of objection
   

   You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data in accordance with Art. 6 (1) (e) and (f); this also applies to profiling based on these provisions.

   We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

   Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purposes of direct advertising. All you need to do is send us an email to this effect.

8. Right of revocation
   

   You have the option to revoke your consent to the processing of your data at any time with effect for the future without giving reasons. You will not suffer any disadvantages as a result of the revocation. All you need to do is send us an email to this effect.

   However, such a revocation does not affect the legality of the processing carried out up to the time of revocation on the legal basis of Art. 6 para. 1 letter a) GDPR.

   To assert your rights as a data subject, please send us an email to one of the email addresses listed above.

We take contractual, technical and organizational security measures in accordance with the state of the art to ensure that data protection laws are complied with and to protect the processed data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server. For this purpose, 256-bit SSL (AES 256) encryption technology is used.

Your personal data is protected within the scope of the following points (excerpt)

1. Safeguarding the confidentiality of your personal data
   In order to protect the confidentiality of your data stored by us, we have taken various measures to control access.
2. Safeguarding the integrity of your personal data
   In order to protect the integrity of your data stored by us, we have taken various measures to control the transfer and input of data.
3. Safeguarding the availability of your personal data
   In order to ensure the availability of your data stored by us, we have taken various measures to control orders and availability.

The security measures in use are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the insecure nature of the Internet. For this reason, any data transmission by you is at your own risk.

Persons who have not yet reached the age of 16 may only provide us with personal information if they have the express consent of their legal guardians. This data will be processed in accordance with this privacy policy.

Server log files that your browser automatically transmits to us. These are

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

The basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

We offer applicants a career section on our website in which we advertise vacancies. Applications for the positions can be made via an online form, which is forwarded to a subpage. In order to be included in the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection via the form.

The form is implemented via HubSpot, a software-based marketing service of HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Further information on data processing by Hubspot can be found below.

You will receive information obligations as part of the application process directly with the application form. You can also access this at the following link: https://www.konzepthaus-ws.de/informationspflicht-bewerber

Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies make it possible, for example, to recognize the Internet browser. The files are used to help the browser to navigate through the website and to make full use of all functions.

We use a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent.

This website uses the cookie consent tool "Cookiebot". Cookiebot is a company of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

The "Cookie Consent Tool" is displayed to users when they access the website in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the user's end device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is not processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Another legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

We use the system of the following provider to host our website and display the page content: Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA.

You can find Cloudflare, Inc's privacy policy here: https://www.cloudflare.com/de-de/privacypolicy/

All data collected on our website is processed on the provider's servers.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Data is transferred to a third country (in this case the USA) or an international organization. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

This website uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

The parent company is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA.

HubSpot serves us as a customer relationship management (CRM) and marketing tool for managing and optimizing communication with our website visitors and customers.

With the help of HubSpot, various customer service and customer management services can be digitally synchronized and processed via a central user interface. HubSpot enables the generation of leads, centralized email and newsletter marketing, contact management in the form of user segmentation and through CRM and the management of contact forms.

To perform the various functions, HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyze your use of the website. The cookies collect certain information such as the IP address, the location, the time of the page view, etc. Information collected by HubSpot is stored on HubSpot servers and analyzed on our behalf.

Insofar as legally required, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG.

You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

We have no influence on some topics and cookies that HubSpot sets (e.g. due to the use of the contact form). We base this processing on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest here lies in the provision of the relevant services, e.g. for making contact and ensuring efficient customer communication.

Data may be transferred to a third country (in this case the USA) or an international organization. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Hubspot Inc. is listed as a certified company.

We have concluded an order processing agreement with HubSpot, in which we oblige HubSpot to protect our customers' data and not to pass it on to third parties.

You can find more information about Hubspot's data protection provisions at the following Internet address: https://legal.hubspot.com/de/datenschutz

On our website, we also use the so-called "Facebook pixel" of the social network Meta, which is operated by Meta Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook").

When a user clicks on an advertisement displayed on Facebook, an addition is added to the URL of our linked page by Facebook Pixel on the basis of the user's express consent. This URL parameter is then written into the user's browser via a cookie after redirection, which our linked page sets itself. The cookie is then read by Facebook Pixel and enables the data, including the specific customer data, to be forwarded to Facebook.

Facebook Pixel enables Facebook to determine the visitors to our website as a target group for the display of ads (so-called "Facebook ads").

We use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "custom audiences").

In addition, we also evaluate the effectiveness of our Facebook ads for statistical or market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The data collected does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/).

The data can enable Facebook and its partners to place advertisements on and outside of Facebook.

The data processing associated with the use of the Facebook pixel is only carried out with your express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG

You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the check mark next to the setting for the "Facebook Pixel" in the "Cookie Consent Tool" integrated on the website.

Data may be transferred to a third country (in this case the USA) or an international organization. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Meta Platforms, Inc. is listed as a certified company.

If you subscribe to our email newsletter, we will regularly send you information about our offers. Personal data is collected for this purpose. The only mandatory information for sending the newsletter is your email address. The provision of any other data is voluntary and is used to address you personally.

This data is used by us for our own advertising purposes in the form of the email newsletter and for tracking purposes if you have expressly consented to this as follows: "Yes, I would like to subscribe to the newsletter & agree to tracking!"

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to the newsletter being sent. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in future by clicking on the corresponding link.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a) GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending us a corresponding message to info@konzepthaus-ws.de. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list and stored in a block file to ensure that it can be revoked.

Our email newsletters are sent via "HubSpot, a software-based marketing service of HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, to which we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) is stored on Hubspot's servers.

The parent company is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA.

Hubspot uses this information to send and statistically analyze the newsletter on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

We have concluded an order processing contract with Hubspot.

Data may be transferred to a third country (in this case the USA) or an international organization. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Hubspot Inc. is listed as a certified company.

We have concluded an order processing agreement with HubSpot, in which we oblige HubSpot to protect our customers' data and not to pass it on to third parties.

You can find more information about Hubspot's data protection provisions at the following Internet address: https://legal.hubspot.com/de/datenschutz

In addition to this online offer, we also maintain presences in various social media, which you can reach via corresponding buttons on our website. When you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the specific data you enter in this social medium, further information may also be processed by the provider of the social network.

Further information can be found in our social media privacy policy

We reserve the right to adapt our data protection information at short notice so that it always complies with current legal requirements or to implement changes to our services. This may concern, for example, the introduction of new services. The new data protection information will then apply to your next visit.