^{Privacy Policy}

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can personally identify you. For detailed information on data protection, please refer to our Privacy Policy listed below.

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the “Information on the Responsible Entity” section of this Privacy Policy.

Your data is collected either when you provide it to us, for example, by entering information into a contact form, or automatically by our IT systems upon your visit to the website, with or without your consent.

This automatic collection primarily includes technical data such as the internet browser, operating system, or the time of page access and takes place as soon as you enter the website.

Some of the data is collected to ensure the error-free provision of the website, while other data may be used to analyze user behavior.

You have the right to request information, free of charge, about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you may revoke it at any time for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For these matters and any further questions about data protection, you can contact us at any time.

Our website content is hosted by the provider Hetzner Online GmbH, located at Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as Hetzner). Further details can be found in Hetzner’s Privacy Policy at https://www.hetzner.com/de/rechtliches/datenschutz.

The use of Hetzner is based on Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, data processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in accordance with TTDSG. Consent can be revoked at any time.

We have concluded a Data Processing Agreement (DPA) with the provider mentioned above. This legally required contract ensures that personal data of website visitors is processed only in accordance with our instructions and in compliance with GDPR.

The operators of this website take the protection of your personal data very seriously. Your personal data is handled confidentially and in accordance with legal data protection regulations as well as this Privacy Policy.

When you use this website, various personal data is collected. Personal data refers to any information that can personally identify you. This Privacy Policy explains what data we collect, how we use it, and for what purpose.

We would like to point out that data transmission over the Internet (e.g., communication via email) may have security vulnerabilities. It is not possible to fully protect data from third-party access.

The responsible entity for data processing on this website is:

CKM Shared Services GmbH
Steinwiese 18
35685 Dillenburg

E-Mail: info@ckmgroup.de

The responsible entity is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Unless a specific storage period is mentioned in this Privacy Policy, your personal data remains stored until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or withdraw your consent for data processing, your data will be deleted unless we have other legally permissible reasons for retaining your personal data (e.g., tax or commercial retention obligations). In such cases, deletion will take place once these legal reasons no longer apply.

If you have given consent for data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or, in the case of special categories of data under Article 9(1) GDPR, on the basis of Article 9(2)(a) GDPR. If you have expressly consented to the transfer of personal data to third countries, data processing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data based on Article 6(1)(b) GDPR. If data processing is necessary to fulfill a legal obligation, it is based on Article 6(1)(c) GDPR. Additionally, data processing may also be carried out on the basis of our legitimate interest under Article 6(1)(f) GDPR. The specific legal bases used in each case are explained in the following sections of this Privacy Policy.

We have appointed a Data Protection Officer.

Steinwiese 18
35685 Dillenburg
E-Mail: datenschutz@ckmgroup.de

Many data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. The lawfulness of data processing carried out before the withdrawal remains unaffected by the revocation.

Right to Object to Data Collection in Specific Cases and to Direct Marketing (Article 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).

In the event of violations of the GDPR, affected individuals have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged violation. This right exists without prejudice to other administrative or judicial remedies.

You have the right to receive the data that we process automatically on the basis of your consent or in fulfillment of a contract, in a commonly used, machine-readable format, either for yourself or for transmission to a third party. If you request the direct transfer of data to another responsible party, this will only be carried out where technically feasible.

Within the scope of applicable legal provisions, you have the right to request information about your stored personal data, its origin, recipients, and purpose of processing, free of charge at any time. You also have the right to request correction or deletion of this data. For this and any further questions regarding personal data, you can contact us at any time.

You have the right to request the restriction of the processing of your personal data. To exercise this right, you can contact us at any time. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of the personal data stored by us, we generally require time to verify this. During the period of verification, you have the right to request the restriction of processing.

If the processing of your personal data was unlawful, you may request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you may request the restriction of processing instead of deletion.

If you have objected to processing under Article 21(1) GDPR, a balancing of interests must be conducted between your rights and ours. As long as it is not determined whose interests prevail, you have the right to restrict the processing of your personal data.

If your personal data processing has been restricted, this data—apart from storage—may only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://”, and by the lock symbol in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

If you wish to subscribe to the newsletter offered on our website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No additional data is collected, or it is only collected voluntarily. The processing of the newsletter is carried out by the newsletter service provider described below.

This website uses Rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that helps organize and analyze the sending of newsletters. The data you enter to subscribe to the newsletter is stored on Rapidmail’s servers in Germany.

To analyze newsletter performance, emails sent via Rapidmail contain a tracking pixel that connects to Rapidmail’s servers when the email is opened. This allows us to determine whether a newsletter message has been opened.

Additionally, Rapidmail enables us to track which links in the newsletter were clicked. All links in the email are tracking links, which count your clicks. If you do not want Rapidmail to analyze your data, you must unsubscribe from the newsletter. A corresponding unsubscribe link is included in every newsletter.

For more information on Rapidmail’s analysis functions, please visit: https://de.rapidmail.wiki/kategorien/statistiken/.

The data processing is based on your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time. The lawfulness of data processing carried out before withdrawal remains unaffected.

The data you provide for the newsletter subscription is stored until you unsubscribe and will be deleted from the newsletter distribution list after cancellation. Data stored for other purposes remains unaffected.

After unsubscribing, your email address may be stored in a blacklist by us or Rapidmail, if necessary, to prevent future mailings. Blacklist data is used solely for this purpose and will not be merged with other data. This serves both your interest and ours in complying with legal requirements regarding newsletters (legitimate interest under Article 6(1)(f) GDPR). The storage period of the blacklist is not time-limited. You may object to storage if your interests outweigh our legitimate interest.

For more details, refer to Rapidmail’s data security information at: https://www.rapidmail.de/datensicherheit.

We have concluded a Data Processing Agreement (DPA) with the provider mentioned above. This legally required contract ensures that Rapidmail processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

This website uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, your IP address must be stored. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transmission. When Google Maps is activated, Google may use Google Web Fonts to ensure uniform font display. When accessing Google Maps, your browser loads the required Web Fonts into its browser cache to correctly display text and fonts.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and easy location accessibility of the places indicated on our website. This represents a legitimate interest under Article 6(1)(f) GDPR. If consent has been requested, data processing is carried out exclusively based on Article 6(1)(a) GDPR; consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how Google handles user data, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter “IMI”).

The purpose of hCaptcha is to verify whether data entered on this website (e.g., in a contact form) is provided by a human or by an automated program. To do this, hCaptcha analyzes the behavior of website visitors based on various characteristics.

This analysis begins automatically as soon as a visitor accesses a website where hCaptcha is enabled. For the analysis, hCaptcha evaluates various types of information (e.g., IP address, the length of time the visitor stays on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to IMI. If hCaptcha is used in “invisible mode,” these analyses take place entirely in the background. Website visitors are not notified that an analysis is occurring.

The storage and analysis of data is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its online offerings from abusive automated spying and from spam. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG.

This consent can be revoked at any time. Data processing is based on standard contractual clauses, which are included in the data processing addendum to IMI’s General Terms and Conditions or in the relevant data processing agreements.

For more information on hCaptcha, please refer to the Privacy Policy and Terms of Use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the U.S. Each company certified under the DPF is committed to complying with these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/6388.