
Privacy statement
1. Data controller
The organisation mentioned in the Legal notice is responsible for the data processing outlined below.
2. Usage data
Whenever you visit our website, usage data are temporarily analysed for statistical purposes in the form of a log on our web server in order to improve the quality of our website. This data set comprises
- the name and address of the requested content,
- the date and time of the search,
- the volume of data transferred,
- the access status (content transferred, content not found),
- description of the web browser and operating system used,
- the referral link which shows which page directed you to us,
- the requesting computer’s IP address, abbreviated in such a way that it is no longer possible to establish a link to a specific person.
The above mentioned log data are analysed in anonymised form only.
3. Storage of your IP address for security purposes
We also save the full IP address transmitted by your web browser for seven days. This is done strictly for the specific purpose of being able to identify, limit and eliminate attacks on our website. Once this period has elapsed, we erase or anonymise the IP address. The legal basis for this is Article 6 (1) lit. f) GDPR.
4. Data security
We use technical and organisational measures to protect your data from unauthorised access as comprehensively as possible. We use an encryption process on our web pages. TLS encryption is used to transmit your details from your computer to our server and back via the Internet. You will usually be able to identify this by the closed padlock icon in your browser’s status bar and the address line starting with https://.
5. Necessary cookies
On our website, we use cookies that are necessary for it to operate.
Cookies are small text files that are placed on your device and can be read. A distinction is made between session cookies (these are deleted again as soon as you close your browser) and permanent cookies (these may continue to be stored after the session in question has ended).
We do not use these essential cookies for analytical, tracking or advertising purposes.
Some of these cookies merely contain information about specific settings and cannot be connected to individuals. They may also be necessary in order to facilitate user navigation, to load the page in question and for security purposes.
We use these cookies on the basis of Art. 6 (1) lit. f) GDPR.
You can adjust your browser settings to inform you whether cookies are being used. This means you always know if cookies are being placed on your device. You can also erase the cookies and prevent new cookies from being stored at any time by adjusting the appropriate browser setting. Please note that in this case not all our website pages may be displayed and some technical functions may no longer be available.
PROVIDER | PURPOSE | STORAGE DURATION | APPROPRIATE DATA PROTECTION LEVEL |
Usercentrics A/S | Stores the user’s cookie consent status on the current domain. | 1 year | Processing within the EU/EEA |
Aut O’Mattic A8C Ireland Ltd. (WordPress) | Provision and presentation of content | Session | Processing takes place within the EU/EEA. |
Google Ireland Limited | Sets a time stamp | Persistent | Processing within the EU/EEA |
6. Traffic measurement and tracking technologies for advertising purposes
We use web analysis tools and cross-device tracking technologies to enable us to design our web pages in a way that meets our needs as well as activate and analyse targeted advertising on other Internet pages.
6.1. How traffic analytics works
User profiles are created by using pseudonyms. We do this by placing permanent cookies on your device and reading them. It is also possible for us to download recognition features for your browser or device (e.g. browser fingerprint or your unabbreviated IP address). This enables us to identify returning visitors and count them as such.
We also use the following functions to support our traffic measurement:
- We augment the pseudonymised data with other data supplied to us by third-party providers. This enables us to record visitor demographics, such as age, gender and residence information.
- We use an identification method that allows us to capture and analyse our visitors’ cursor movements.
6.2. How does tracking work?
Whenever you visit our website, it is possible that the third-party providers mentioned below will download recognition features for your browser or device (e.g. browser fingerprint), analyse your IP address, store or read recognition features on your device (e.g. cookies) or gain access to individual tracking pixels.
The third-party provider can use the individual features to re-recognise your device on other websites. We can instruct the corresponding third-party providers to activate advertising that is geared to any of our pages you have visited.
6.3. What does cross-device tracking mean?
As soon as you log on to the website of a third-party provider using your own user data, the respective recognition features for different browsers and devices can be linked. If the third-party provider has created a separate feature for each of the laptops, desktop PCs, smartphones or tablets that you use, for example, these separate features can be allocated to each other as soon as you use your log-in details to use one of the third-party provider’s services. This allows the third-party provider to target manage our advertising campaigns across various devices.
6.4. Which third-party providers do we use for this?
Below is a list of the third-party providers we work with for advertising purposes. If the data from these activities are processed outside the EU or the EEA, please be aware that there is a risk that authorities will access the data for security and monitoring purposes without your knowledge or without giving you the option to lodge an appeal. If we use providers in unsafe third countries and you consent to this, the data will be transmitted to a third country on the basis of Art. 49 (1) (a) GDPR.
Data are processed on the basis of your consent if you have given your consent via our banner. Your consent is voluntary and may be withdrawn at any time.
PROVIDER | MAXIMUM STORAGE DURATION | APPROPRIATE DATA PROTECTION LEVEL |
Google Ireland Limited | 399 days | No appropriate data protection level. Transmission is on the basis of 49 (1) lit. a) GDPR. |
Facebook Ireland Ltd. | 3 months | Processing within the EU/EEA. Transmission is on the basis of your consent. |
LinkedIn Ireland Unlimited Company | 1 year | Processing within the EU/EEA. Transmission is on the basis of your consent. |
Microsoft Ireland Operations Limited | 180 days | Processing within the EU/EEA. Transmission is on the basis of your consent. |
Youtube | Persistent | No appropriate data protection level. Transmission is on the basis of 49 (1) lit. a) GDPR. |
Bitrix24 | Persistent | No appropriate data protection level. Transmission is on the basis of Art. 6(1) lt. f) GDPR. |
Advanced Custom Fields PRO (WP Engine) | As long as the user desires | Standard WordPress security |
Block Visibility (Nick Diego) | No data stored | Not applicable |
Contact Form 7 (Takayuki Miyoshi) | No data stored | Not applicable |
FacetWP (FacetWP, LLC) | Not applicable (no personal data) | WordPress server protection |
FacetWP – Flyout menu (FacetWP, LLC) | Cache-based, dependent on cache settings | WordPress server protection |
Flamingo (Takayuki Miyoshi) | No data stored | Not applicable |
GenerateBlocks Pro | No personal data stored | Not applicable |
Gravity Forms (Gravity Forms) | Customizable by admin | Secure storage and server access |
Gravity Forms Mailchimp Add-On (Gravity Forms) | No data stored | Not applicable |
Lazy Blocks Pro (Lazy Blocks Team) | No personal data stored | Not applicable |
Rank Math SEO (Rank Math) | None unless tracking enabled | WordPress standard security |
Redirection | No data stored | Not applicable |
Studio Vibe Companion | No personal data stored | Not applicable |
WebP Express | No personal data stored | Not applicable |
WP Migrate (WP Engine) | Depends on migration duration | Encryption during transfer |
Yoast Duplicate Post | No data stored | Not applicable |
7. Contact form
You can contact us using our contact form. In order for you to be able to use our contact form, we first need from you the details marked as mandatory.
We use these data to answer your enquiry on the basis of Art. 6(1) lt. f) GDPR.
You can also decide for yourself whether you want to provide us with other details. These details are provided voluntarily and are not necessary in order to contact us. We process your voluntarily provided details on the basis of your consent.
Your details are processed solely in order for us to be able to answer your enquiry. We erase your details if they are no longer required and provided such erasure does not contravene statutory duties of retention.
If your data transmitted using the contact form are processed on the basis of Art. 6 (1) lit. f) GDPR, you can object to such processing at any time. You can also withdraw your consent to processing of the details provided voluntarily at any time. To do this, please contact us at the email address given in the Legal notice or using wecreatespace@legamaster.com.
8. Embedded YouTube videos
On our website we embed YouTube videos that are not stored on our servers. If you access our pages displaying embedded videos, you will reload the content from the third-party provider providing the videos. This tells the third-party provider that you have viewed the video on our site and gives it the technical usage data necessary.
We have no influence over any further processing of the data by the third party. When embedding the videos we have, however, made sure that we activate the enhanced data protection mode offered by the third-party provider. The enhanced data protection mode prevents the third-party provider from placing cookies.
Videos are embedded on the basis of Art. 6 (1) lit. f) GDPR and in order to make our web pages as appealing and informative as possible.
9. Newsletter subscription and dispatch
You can order a copy of our newsletter on our website. Please note that we require specific data (at least your email address) in order for you to subscribe to our newsletter.
The newsletter will only be sent out to you if you have given us your express consent. Once you have subscribed on our website, a confirmation email will be sent to the email address you have provided (known as “double opt-in”). You can withdraw your consent at any time. One simple way to withdraw consent is to click on the unsubscribe link contained in every newsletter.
When you subscribe to the newsletter, we also store other data, if required, in addition to the data already mentioned. This allows us to verify that you have ordered our newsletter. This can include storage of your full IP address when you subscribe or when you confirm that you have subscribed to the newsletter, as well as a copy of the confirmation email sent by us. These data are processed accordingly on the basis of Art. 6(1) lit. f) GDPR and in order to maintain a record of the lawfulness of the newsletter’s dispatch.
If you subscribe to our newsletter, we will ask you to give your consent to ongoing newsletter tracking during the subscription process.
If you give us the corresponding consent, we will incorporate individual tracking pixels into our newsletter to enable us to identify when you download and/or open the newsletter sent to you, as well as to personalise the links in the newsletter in order to analyse which links you click on and when.
If you wish to withdraw your consent, use the unsubscribe link provided in every newsletter. This link allows you to unsubscribe or change your consent. Alternatively, you can also object to receipt of the newsletter by emailing wecreatespace@legamaster.com.
We use MailChimp, operated by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA to structure the content of our newsletter as well as to dispatch it and to analyse feedback. To this end, your email address and any other personal data you have given us to allow us to personalise and track the newsletter will be transmitted to MailChimp. We have concluded a data-processing agreement with MailChimp for this purpose. This agreement ensures that MailChimp processes your personal data exclusively in line with our instructions and in accordance with existing data protection law. In addition, by concluding standard EU contractual clauses for data transfers with MailChimp, we have ensured an appropriate level of data protection when processing personal data. In addition, it is possible for MailChimp to use your data to optimise or improve its own services, such as making newsletter mailing more efficient by recording the language settings, location information or time zones.
As the USA is a third country outside the EU without an appropriate level of data protection, transmission entails the risk of access by authorities without notice, without rights for the data subject, without the right of appeal and consequently a loss of control over your own personal data.
10. B2B surveys
We use your contact data (usually name and business e-mail address) for the purpose to invite you to participate in and to conduct satisfaction, target group, product and other surveys, provided that we have contractually agreed this with you or your employer (Art. 6 (1) sentence 1 lit. b DSGVO) or it is necessary to protect our legitimate interests (Art. 6 (1) sentence 1 lit. f DSGVO).
Depending on the type and scope of the analysis in detail, we may process the following categories of data from you:
- Information about your person (e.g. first and last name, telephone number, e-mail address),
- information about your company as the content of questionnaires,
- other information that you give us in this context.
In order to conduct the survey, the connectivity data required for technical reasons will be processed, including your IP address. We do not store this data.
Unless we have contractually agreed to conduct surveys with you or your employer, you can object to the processing of your data for the purpose of inviting you to and conducting the surveys at any time by sending an e-mail to wecreatespace@legamaster.com.
Momentive Europe UC supports us in the invitation to and implementation of the above-mentioned surveys as a service provider strictly bound by instructions. For this purpose, we have concluded a data processing agreement with them.
11. B2C surveys
We use your contact data (usually name and business e-mail address) for the purpose to invite you to participate in and to conduct satisfaction, target group, product and other surveys, provided that we have received your explicit consent (Art. 6 para. 1 p. 1 lit. a DSGVO) to do so.
Depending on the type and scope of the analysis in detail, we may process the following categories of data from you:
- Information about your person (e.g. first and last name, telephone number, e-mail address),
- information about your company as part of the questionnaires,
- other information that you give us voluntarily in this context.
In order to carry out the survey, the connectivity data required for technical reasons will be processed, including your IP address. We do not store this data.
Participation in the surveys is voluntary and you can revoke your consent at any time without giving reasons by sending an e-mail to wecreatespace@legamaster.com.
In inviting you to participate in and conducting the above surveys, we are supported by Momentive Europe UC as a service provider strictly bound by instructions. For this purpose, we have concluded a data processing agreement with them.
12. Integration of other technical third-party content and functions
We use the technical functions and content from third-party providers indicated below in order to display our website.
If you access our pages, you will reload the content from the third-party provider providing these functions and content. This tells the third-party provider that you have viewed our site and provides it with relevant technical usage data it needs.
We have no influence over the way data are processed by the third-party provider.
Data are processed the basis of your consent if you have previously given your consent via our banner.
Please note that the use of third-party content and functions can mean that your data are processed outside the EU or the EEA. In some countries, there is a risk that authorities will access the data for security and monitoring purposes without your being informed thereof or being able to file a legal appeal. If we use providers in insecure third countries and you consent to such, the data will be transmitted to an insecure third country on the basis of Art. 49 (1) lit. a) GDPR
If you wish to withdraw your consent, please change the appropriate setting via our banner.
PROVIDER | TECHNICAL FUNCTION OR CONTENT | MAXIMUM STORAGE DURATION | TRANSFER TO THIRD STATES ACCORDING TO PROVIDER’S INFORMATION AND SECURING OF AN APPROPRIATE LEVEL OF DATA PROTECTION |
Google Ireland Limited | Google Tag Manager | 2 years | Processing within the EU/EEA. Transmission is on the basis of your consent. |
LinkedIn Ireland Unlimited Company | LinkedIn Insight Tag | 180 days | Processing within the EU/EEA. Transmission is on the basis of your consent. |
edding International GmbH | Stores the website language version selected by the user. | 29 days | Processing within the EU/EEA. Transmission is on the basis of your consent.[JS1] [GG2] [TF3] |
10. Storage duration
If we have not already provided detailed information about the duration of storage, we erase personal data if such data are no longer required for the abovementioned processing purposes and provided there are no statutory duties of retention that conflict with erasure.
11. Other data processors
When processing your data, we pass your data onto service providers who help us operate our website and any associated processes in accordance with Art. 28 GDPR. These include hosting providers. Our service providers are strictly bound by our instructions and contractually obligated accordingly. Insofar as we have not already done so in the above privacy policy, we have listed below the data processors with whom we collaborate. Where data are being transferred outside the EU or EEA in this regard, we have provided information about the appropriate level of data protection.
DATA PROCESSORS | PURPOSE | APPROPRIATE DATA PROTECTION LEVEL |
Studio Vibe (the Netherlands) | Web programming and support | Processing within the EU/EEA |
Rootnet B.V. (The Netherlands) | Webhosting – Processing | Processing within the EU/EEA[JS1] [GG2] [TF3] [GG4] |
12. Your rights as the data subject
When processing your personal data the GDPR grants you, as the data subject, specific rights:
Right of access (Art. 15 GDPR).
You have the right to request confirmation of whether your personal data are being processed; if so, you have a right to access these personal data and the information detailed in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to request immediate rectification of incorrect personal data about you and completion of incomplete data as applicable.
Right to erasure (Art. 17 GDPR)
You have the right to request that your personal data be erased without delay if one of the reasons detailed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request that the processing of your personal data be restricted if one of the conditions set out in Art. 18 GDPR is fulfilled, for instance if you have objected to the processing, for a period enabling the controller to verify the accuracy of the personal data.
Right to data portability (Art. 20 GDPR)
In certain cases detailed in Art. 20 GDPR you have the right to receive the personal data relating to you in a structured, commonly-used and machine-readable format and the right to transmit those data to a third party.
Right to object (Art. 7 GDPR)
If the data is processed on the basis of your consent, according to Art. 7 (3) GDPR you are entitled to withdraw your consent to the use of your personal data at any time. Please note that withdrawal only takes effect in the future. Processing carried out before consent is withdrawn is not affected.
Right to object (Art. 21 GDPR)
If data are collected on the basis of Art. 6 (1) lit. f) GDPR (data processing to uphold a legitimate interest) or on the basis of Art. 6 (1) lit. e) GDPR (data processing for a task carried out in the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons that arise from your particular situation. We will no longer process the personal data unless there are demonstrable, compelling, protectable reasons that outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you are of the opinion that processing of your data violates data protection law provisions. In particular, the right to complain can be lodged with a supervisory authority in the member state where you habitually reside, the member state for your place of work or the place of the presumed violation.
Assertion of your rights
Unless described otherwise above, in order to assert your rights as a data subject please contact the organisation given in the Legal notice or wecreatespace@legamaster.com.
13. Data protection officer’s contact details
Our external data protection officer is available to provide information on the subject of data privacy and can be contacted at this address:
datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg
Internet: www.datenschutz-nord-gruppe.de
Email: office@datenschutz-nord.de
If you contact our data protection officer direct, please also state the responsible organisation named in the Legal notice.