Data Protection

Version: May 26, 2020 (Older versions)

The protection and security of your data is an important concern for us, INTERSEROH Dienstleistungs GmbH, which we take into account in all our business processes. In this data privacy statement, we would therefore like to give you an overview of the aspects of our online offering that are relevant to data protection. In the following we explain:

  • Which data we collect when you use the online offering of INTERSEROH Dienstleistungs GmbH.
  • The purposes for which this data is processed by INTERSEROH and third parties.
  • What rights and choices you have regarding the processing of your data.
  • How to contact us about data privacy.

When does this data privacy statement apply?

This data protection statement applies to the online offering of INTERSEROH Dienstleistungs GmbH LIZENZERO under the domain and the social media presence of Lizenzero at Youtube and Facebook (hereinafter “social media presence"). INTERSEROH Dienstleistungs GmbH's own data privacy statements, which you can call up within the corresponding offerings, apply in each case to online offerings of the company other than those mentioned above.

1.    Controller and personal contact

The controller for data processing within the meaning of the European General Data Protection Regulation (GDPR) is

INTERSEROH Dienstleistungs GmbH

Stollwerckstr. 9a
51149 Cologne, Germany

When this data privacy statement refers to "we", "us" or "Interseroh", this refers exclusively to INTERSEROH Dienstleistungs GmbH.

If you have any questions about data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. The latter can be reached at the above postal address (attn. data protection officer) as well as at [email protected].

2.    Data processing when visiting our websites

2.1.    Access data that is automatically recorded 

You can visit our websites without providing any personal information. Only access data that is automatically transmitted to us by your browser will then be recorded. This includes, for example, your online identifiers (e.g. IP address, session IDs, device IDs); information about the web browser and operating system used; if applicable, the web page from which you access our websites (i.e. if you have accessed one of our web pages via a link); the names of the files requested (i.e. which texts, videos, images, etc. you have viewed on our websites); the language settings of your browser, error reports, if applicable, and the times of individual access.

The processing of this access data is necessary to enable you to visit and comfortably use our websites and to guarantee their long-term functionality and security.

The access data is also stored for 14 days in internal log files in order to compile statistical data on the use of our website. This enables us to continuously optimise and further develop our websites with regard to the usage habits and technical equipment of our users and to eliminate disruptions and security risks.

The legal basis for this data processing is Article 6 Paragraph 1 Letter f GDPR (weighing of interests on the basis of our aforementioned legitimate interests).

2.2. Cookies

We use our own cookies and cookies of third-party providers on our websites. A cookie is a standardised text file that is stored by your browser for a defined period of time. Cookies enable the local storage of information such as language settings and temporary identification features which can be requested by the server that set the cookie during subsequent web page views. You can view and delete the cookies used in the security settings of your browser. You can configure your browser settings according to your wishes and thus e.g. refuse the acceptance of cookies of third-party providers or all cookies. We would like to point out that in this case you may not be able to use all the functions of our websites.

Our own cookies are used to make your visit to our websites more user-friendly and secure. The legal basis for the associated data processing is Article 6 Paragraph 1 Letter f GDPR (weighing of interests on the basis of our aforementioned legitimate interests).

We use cookies of third-party providers for web analysis and advertising purposes. You will find more detailed information on this under Section 2.5. of this data privacy statement.

2.3.    Your messages and communications

We collect all information and data that you provide to us through our websites. For example, at various points on our websites you have the option of sending us messages via functions such as the "contact form" or "contact". Any mandatory information required for these functions is marked as such.

Your details will be used by us exclusively to process your request.

We delete the resulting data after the storage is no longer necessary, or limit the processing if there are legal storage obligations.

Your message will only be forwarded to another Interseroh company or to external third parties if this is necessary to process your request (for example, we will forward your message to another Interseroh company if it is responsible for your request). If you do not want your message to be passed on to another Interseroh company, you can inform us of this directly in your message - also as a precaution, of course. We will then forward your message to the other Interseroh company without any information that could identify you (e.g. your name, customer numbers or contact details).

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter b of the GDPR.

2.4. Integration of YouTube videos

We have incorporated YouTube videos into parts of our websites. YouTube is a video platform operated by the Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). The integrated YouTube videos can be played directly on our websites. These are integrated in "Advanced Privacy Mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will data be transferred to YouTube. We have no influence on this data transmission. By calling up a website with integrated YouTube videos, YouTube and Google receive the access data that is generated as well as the information that you have called up the corresponding subpage of our website. This occurs regardless of whether you are logged in to YouTube or Google or not. When you are logged in to Google, your information will be directly assigned to your Google Account. If you do not want assignment with your profile at YouTube, you must log out before playing a video. YouTube and Google may use your access data to create user profiles for the purposes of advertising, market research and tailoring their own websites to meet your needs. You have the right to object to the creation of these user profiles, whereby the objection must be addressed directly to YouTube or Google. You can also find more information in the Google’s Privacy Policy that applies for YouTube.

The legal basis for the data processing described above, insofar as we are responsible for it, is Article 6 Paragraph 1 Letter f GDPR (weighing of interests on the basis of our legitimate interest in the integration of video content). 

2.5. Web Analysis 

2.5.1. Google Analytics 

Our websites use the web analysis service Google Analytics, which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies to collect your access data when you visit our websites. The access data is summarised by Google on our behalf into pseudonymous user profiles and transferred to a Google server in the USA. Your IP address will be anonymised first. We are therefore unable to determine which user profiles belong to a particular user. The data Google collects does not allow us to identify you or how you use our sites.

Google will use the information obtained from cookies on our behalf to evaluate the use of our websites, compile reports on website activity and provide other services relating to website activity and internet usage for us. You can also find further information on this in the Data Privacy Statement of Google Analytics.

You can object to the creation and evaluation of pseudonymous user profiles by Google described above at any time. You have several options for this:

  1. You can set your browser to block cookies from Google Analytics.
  2. You can adjust your Google ads settings on Google.
  3. You can set a deactivation” cookie by clicking here: Disable Google Analytics
  4. You can install the deactivation plug-in provided by Google at on your Firefox, Internet Explorer or Chrome (this option does not work on mobile devices).

2.5.2. Google Optimize

Our website also uses Google Optimize. Google Optimize analyses the use of various versions of our website and helps us improve user friendliness in accordance with user behaviour on the website. Google Optimize is a tool integrated in Google Analytics. How to object to use of the services or analysis services is described in 2.5.1.

2.5.3. Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for the purpose of optimising our website. 

Google Adwords will place a cookie (see section 2.2) on your computer if you have accessed our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on the AdWords customer’s website and the cookie has not expired, Google and the customer will be able to see that the user clicked on the ad and was directed to that page. Each Adwords customer receives a different cookie. Therefore it is not possible to trace cookies via the websites of Adwords customers. The information collected with the aid of the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. 

Adwords customers learn the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, they do not receive information enabling them to personally identify users. Should you not wish to participate in the tracking procedure, you may also refuse to set a cookie as required for this purpose – for example, by setting your browser to deactivate the automatic setting of cookies in general. 

You may also disable cookies for conversion tracking by setting your browser to block cookies from the domain “”. Google’s privacy instruction on conversion tracking can be found here  ( 

2.5.4. Google Tag Manager

Our website uses Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The Tag Manager is used to manage website tags more efficiently. A website tag is a placeholder that is stored in the source code of our website, for example, to record the integration of frequently used web page elements (e.g. code for the web analysis service). The Google Tag Manager manages without the use of cookies. Some of the data is processed on a Google server in the USA. Further information can also be found in the Google Tag Manager information.

The legal basis for the data processing described above is Article 6 Paragraph 1 Letter f of the GDPR (weighing of interests on the basis of our legitimate interest in evaluating general usage patterns).

2.5.5. Google Display & Video 360 (DV360)

DV360 is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). DV360 uses cookies in order to present ads that are relevant for you. A pseudonymous identification number (ID) will be assigned to your browser to check what ads have been shown in your browser and what ads you have called up. The cookies contain no personal data. Use of the DV360 cookies merely enables Google and its partners websites to place ads based on previous visits to our or other websites online. Google will transfer the information generated by the cookie to a server in the USA for evaluation, where it will be stored. Transfer of the data by Google to any third parties will only take place based on statutory provisions or within the scope of processing activities based on a contract. In no case will Google combine your data with any other data recorded by Google.

You can prevent the cookies from being stored by adjusting a particular setting on your browser-software. Please note, however, that it is possible that you will not be able to use all the functions of this website in that case.

Moreover, you can prevent or control transmission of data generated by the cookie and pertaining to your use of the website to Google, as well as the processing of this data by Google, by clicking the following link:

You may also deactivate the DV360 cookies on the Digital Advertising Alliance website under the following link!/.

2.5.6. Mouseflow

This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. Furthermore, Mouseflow also serves multiple choice surveys on select pages to measure user satisfaction with the website or specific content. Surveys displayed and survey results are also stored in the cookie.

The Mouseflow cookie will be deleted after 90 days. The data collected by Mouseflow are non-personal and will not be disclosed to third parties and will be stored for a period of 3 months. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link:

2.6 Data transmission to the USA

In the event that personal information is transferred to the United States, Google, Facebook and YouTube have agreed to the EU-US Privacy Shield.

Data processing within the framework of Google, Facebook and YouTube is therefore subject to an adequacy decision by the EU Commission, i.e. the level of data protection is recognised as adequate, even if processing takes place exceptionally in the USA.

3. Orders in the Lizenzero shop

For orders in the Lizenzero Shop, a customer account and participation in the Interseroh Dual System are required. You can find the conditions of participation at For the registration for the customer account we require the following mandatory information from you:

  • First name
  • Surname
  • Email address
  • Password
  • Company
  • VAT ID No.
  • Tax number
  • Billing address

For the processing of orders we require the following additional data from you:

  • Registration number of the Zentrale Stelle Verpackungsregister (National Authority Packaging Register)
  • Payment method and payment data
  • Information on packaging quantaties

In addition, you can provide voluntary information after registration, e.g. your telephone number. 
We process the data provided by you in order to set up and provide your customer account and to fulfil the contract. The purposes primarily depend on the service you have commissioned and include, for example:

  • Provision of licensing services
  • Payment processing
  • Execution of customer service

The legal basis for this processing of your data is Article 6 Paragraph 1 Letter b GDPR.

4. Payment processing via BS Payone

We have commissioned BS PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel, with the processing of payments (PayPal, SEPA direct debit, bank transfer). For this purpose, BS PAYONE GmbH requires, among other things, your name and address, account number and sort code or credit card number (including validity period), invoice amount and currency as well as the transaction number. BS PAYONE GmbH may use this information for the purpose of payment processing and forward it to us. BS PAYONE is obliged to treat the information in accordance with the data protection laws. You can read the data protection regulations of PAYONE GmbH under

5. Data processing for social media presences

Lizenzero is represented on the following networks with its own social media accounts:

On these sites we tell you the latest news from Lizenzero and everything we have been doing, and we are glad to use the facilities provided by the social networks to communicate directly with their members.

Please note, however, that we have no influence of the data processing carried out by the social networks. Therefore please check carefully what personal information and what messages you send us via the social networks and, in case of doubt, use other ways of contacting us which we provide. We therefore cannot undertake any liability for the conduct of the operators of these social networks and of their other members.

If you communicate with us via our social media accounts, we shall process the information supplied to us for this purpose by the social network in question (e.g. your name, your profile page and the contents of the messages which you have sent to us) in accordance with the purpose for which you have sent it (e.g. service requests, suggestions and criticism). We shall erase the data thus accrued after their storage is no longer necessary, or we shall restrict their processing should statutory data retention obligations exist. In the case of public posts on our social media accounts, we shall decide in the individual case, weighing your interests and ours, whether and when we may delete these.  

The legal basis for the foregoing data processing will depend on the purpose of your message. Should the purpose be that of using our customer service or of requesting provision by Interseroh, the legal basis will be Article 6 (1) (b) of the GDPR. Otherwise the legal basis will be Article 6 (1) (f) of the GDPR (balance of interests grounded on our legitimate interest in processing your message). Insofar as you have consented to the processing of the foregoing data, the legal basis is Article 6 (1) (a) of the GDPR.

6. Online advertising

We use the access data which is generated when you visit our websites to place advertisements in the online offerings of other providers (retargeting). In this way, we would like to present you with personalised advertising, i.e. advertising that is aligned to your interests and is therefore more relevant for you. For this purpose we also participate in the advertising networks of Google (Google advertising network), Microsoft Bing Ads ("Bing advertising network") or Outbrain (Outbrain advertising network). This enables us to place personalised advertisements in the online offerings of other providers who participate in these advertising networks (as so-called publishers). Further information can be obtained from the operators of the respective advertising networks:

The legal basis for the data processing described below is Article 6 Paragraph 1 Letter f GDPR (balancing of interests on the basis of Interseroh's legitimate interest in carrying out personalised online advertising).

6.1 Google Analytics Audience

We also use Google Analytics' Audience feature on our websites. This feature enables Google to contact you on our behalf with personalised advertising when you visit websites of other providers that also participate in the Google advertising network. Google uses the pseudonymous usage profiles and cookies generated by Google Analytics (see Section 2.5.1.) during use of our websites to determine your interests. On the basis of these pseudonymous usage profiles, Google can present you with personalised advertisements on the advertising spaces connected to the Google advertising network (e.g. Google can present you with advertising for a service or product offered by Interseroh about which you have previously informed yourself on one of our websites).

You can deactivate the processing of your data for personalised online advertising within the Google advertising network at any time. There are several ways to do this:

  1. You can set your browser to block cookies from the domain.
  2. You can customise your ad settings on Google at
  3. You can install the free deactivation plug-in from Google in your browsers Firefox, Internet Explorer or Google Chrome under the link (this does not work with browsers for mobile devices).
  4. In addition, you can also deactivate personalised advertising from Google and many other providers that are part of the self-regulatory campaign "Your Online Choices", also centrally on the website

Please note that if you opt out of personalised advertising, Google will only display general advertising that has not been selected based on the access data collected about you.

In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. This means that data processing within the framework of Google is subject to an adequacy decision by the EU Commission, i.e. the level of data protection is recognised as adequate, even if processing takes place exceptionally in the USA.

6.2 Bing Ads

Our website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft uses cookies and similar technologies to present you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on previous visits to our or other sites on the Internet. The access data collected in this context can be transferred by Microsoft to a server in the USA for evaluation and stored there. In the event that personal information is transferred to the United States, Microsoft has submitted to the EU-US Privacy Shield. This means that data processing within the framework of Google is subject to an adequacy decision by the EU Commission, i.e. the level of data protection is recognised as adequate, even if processing takes place exceptionally in the USA.

If you do not want Microsoft to process your access data in this way, you may opt out of the setting of cookies of third-party providers required for this purpose. You can also prevent the collection and processing of this data by Microsoft by declaring your objection under the following link: For more information about data privacy and the cookies used by Microsoft and Bing Ads, visit the Microsoft website at

6.3 Integration of the Trusted Shop Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any ratings collected as well as to offer the Trusted Shops products to buyers after an order.

This serves to safeguard our overriding legitimate interests in optimal marketing within the framework of a balancing of interests by enabling secure purchasing in accordance with Art. 6 Par. 1 Sentence 1 Letter f GDPR. The Trustbadge and the services advertised thereby are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN (Content-Delivery-Network) provider as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured in accordance with the data privacy statement of Trusted Shops GmbH. You can find this statement here

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. Individual access data is stored in a security database for the analysis of security vulnerabilities. The log files are automatically deleted 90 days after creation at the latest.

Further personal data is transferred to Trusted Shops GmbH if you decide after conclusion of an order to use Trusted Shops products or have already registered for the use. The contractual agreement between you and Trusted Shops applies. For this an automatic collection of personal data from the order data takes place. Whether you as a buyer are already registered for a product use is automatically checked on the basis of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted for Trusted Shops, before transmission. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional valuation services in accordance with Art. 6 Par. 1 Sentence 1 Letter f GDPR. Further details, including regarding objections, can be found in the Trusted Shops data privacy statement linked above and in the Trustbadge.

6.4 Outbrain

In some areas of our website we use the technology of the provider Outbrain UK Ltd., Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JAUK. With the help of a so-called widget, users are made aware of further content within our website and on third-party websites that may also be of interest to them. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.

The reading recommendations usually integrated below an article are determined on the basis of the previous content read by the user. Outbrain uses cookies which are stored on the end device or in the user's browser to display this interest-related content. Outbrain collects the device source, browser type, and IP address of the user where the last octet is deleted for anonymization. Outbrain assigns a so-called Universally Unique Identifier (UUID) which can identify the user in relation to the device when he visits a website on which the Outbrain widget is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or device are aggregated to derive the preferences of the UUID.

The use of Outbrain's services serves to safeguard our overriding legitimate interests in an optimal marketing of our website in accordance with Art. 6 Par. 1 Sentence 1 Letter f GDPR within the scope of a weighing of interests.

You may opt-out of Outbrain's tracking to display interest-based recommendations at any time by clicking on the "Opt-out" button under Outbrain's data privacy statement, available at Here you will also find further information on data protection at Outbrain UK Ltd. The opt-out only applies to the device you are using and also loses its validity if you delete your cookies.

7. Newsletter

You have the possibility to subscribe to our newsletter, in which we inform you regularly about innovations to our products and promotions.

We use the so-called double opt-in procedure for the ordering of our newsletters, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided (this step may be omitted if we already know your e-mail address from other contexts, in particular a registration for a customer account). If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose to send you the newsletter and to be able to prove your registration. The legal basis for the processing is your consent (Article 6 Paragraph 1 Letter a GDPR).

In our newsletter we use technologies that are usual on the market to measure the interactions with the newsletter (e.g. opening of the e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimisation and further development of our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is collected exclusively under a pseudonym and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest pursuant to Article 6 Paragraph 1 Letter f GDPR. We want to use our newsletter to share content that is as relevant to our customers as possible and to better understand what readers are actually interested in. If you do not wish the analysis of user behaviour to be carried out, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default. The data relating to the interaction with our newsletters is stored pseudonymously for 30 days and then completely anonymised.

Unsubscribing from the newsletter is possible at any time, e.g. via the unsubscribe link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time to the contact details listed above.

8. Disclosure of data

8.1. General Principle

As a matter of principle, we only pass on your data if:

  • you have given your express consent pursuant to Article 6 Paragraph 1 Letter a GDPR,
  • the disclosure is required pursuant to Article 6 Paragraph 1 Letter f GDPR for the assertion, exercise or defence of Interseroh's legal claims and there is no reason to assume that you have an overriding interest that is worthy of protection in not disclosing your data,
  • we are legally obliged under Article 6 Paragraph 1 Letter c GDPR to disclose or
  • the disclosure is permitted by law and required under Article 6 Paragraph 1 Letter b GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures which are taken at your request.

8.2. Transfer to external Interseroh service providers 

Part of the data processing described in this data privacy statement may be carried out on our behalf by external service providers. In addition to the service providers mentioned in this data privacy statement, this may include, in particular, data centres that store our websites and databases, IT service providers that maintain our systems, and consulting firms.

If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures at their disposal to protect the rights of the persons concerned and are regularly monitored by us.

If we pass on your data beyond the scope of this data privacy statement to a service provider based in a country outside the European Economic Area (EEA), we will, if applicable, inform you separately about this circumstance and on which concrete guarantees the data transfer is based. If you would like to receive copies of guarantees proving an adequate level of data protection, please contact our Data Protection Officer (see Section 1).

8.3. Weitergabe an Cloudflare

We use Cloudflare, a Content Delivery Network of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Content delivery networks such as Cloudflare provide server capacity for website operators so that the services can be used optimally even with high data throughput. Therefore Cloudflare accelerates our online service and at the same time protects it from attacks by third parties. Further information can be found in the Cloudflare data privacy provisions:

In the event that personal data is transferred to the USA, Cloudflare has submitted to the EU-US Privacy Shield. This means that data processing within the framework of Google is subject to an adequacy decision by the EU Commission, i.e. the level of data protection is recognised as adequate, even if processing takes place exceptionally in the USA.

8.4. Forwarding to Zendesk

We process customer queries using the ticket system Zendesk, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. For this, necessary data, such as name, first name, postal address, phone number, email address, are recorded via our website in order to respond to your request for information. If you do not agree to data collection via and data storage in the external Zendesk system, we offer you alternative contact options to submit service queries. Direct contact by phone, fax and mail can be found in our imprint. This service provider is certified under the EU-US-Privacy Shield. You can view a current certificate here. Based on this convention between the USA and the European Commission, the latter has determined an adequate data protection level for companies certified under the Privacy Shield.

8.5. Transfer to reCAPTCHA

To protect our website from automatic, computer-controlled input, we use the "reCAPTCHA" service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google". The use of this service makes it possible to differentiate whether the corresponding input is of human origin or whether it constitutes misuse by automated mechanical processing. The legal basis for the data processing described is Article 6 Paragraph 1 Letter f GDPR. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated input (attacks).

To the best of our knowledge, the referrer URL, the IP address, the behaviour of website visitors, information on the operating system, browser and length of visit, cookies, display instructions and scripts, the user's input behaviour and mouse movements in the "reCAPTCHA" checkbox area are transmitted to "Google".

The IP address provided as part of "reCAPTCHA" will not be merged with any other data held by Google unless you are logged into your Google account at the time you use the "reCAPTCHA" plug-in. If you wish to prevent "Google" from transmitting and storing data about you and your behaviour on our website, you must log out of "Google" before visiting our site or using the reCAPTCHA plug-in.

The use of the information obtained through use of the "reCAPTCHA" service takes place according to the Google Terms of Use

In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. This means that data processing within the framework of Google is subject to an adequacy decision by the EU Commission, i.e. the level of data protection is recognised as adequate, even if processing takes place exceptionally in the USA.

9. Storage period

Unless otherwise stated in this data privacy statement, we will store and use your data only as long as it is necessary to fulfil our contractual or legal obligations or the purposes for which the data was collected. However, after the statutory limitation period has expired, we will restrict the processing, i.e.  your data will only be used to comply with legal obligations.

We shall then delete the data without delay, unless we need the data until the end of the statutory limitation period for purposes of proof for civil law claims or because of statutory storage obligations. We may still have to store your data for accounting reasons afterwards. We are obliged to do so because of legal documentation obligations which may arise from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time limits specified there for the retention of documents are between two and ten years.

The legal basis for this data processing for the purpose of fulfilling legal documentation and storage obligations is Article 6 Paragraph 1 Letter c GDPR.

10. Your rights

In order to assert your statutory data protection rights described below, you can contact our data protection officer (see Section 1) at any time:

  • You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you in the context of the provision of information and provide you with an overview of the data stored about your person.
  • If data stored by us is incorrect or no longer up-to-date, you have the right to have this data rectified.
  • You can also request the deletion of your data. Should deletion not be possible in exceptional cases due to other legal provisions, the data will be blocked so that they are only available for this legal purpose.
  • You can also have the processing of your data restricted, e.g. if you are of the opinion that the data stored by us is incorrect.
  • You have the right to data transferability, i.e. that we send you a digital copy of the personal data provided by you upon request.

You also have the right to complain to a data protection supervisory authority. For Interseroh, this is the State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf.

11. Right of revocation and objection 

If you would like to make use of your following rights of revocation or objection, an informal communication to the contact data mentioned above under Section 1 is sufficient.

Revocation of consent

Pursuant to Article 7 Paragraph 2 GDPR, you have the right to revoke your consent to us at any time. The consequence of this is that we will no longer continue the data processing based on this consent in the future. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

Objection to the processing of your data

If we process your data on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Letter f GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your data if there are reasons which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection which will be implemented by us even if no reasons are given.

12. Data security

For our online services, we maintain appropriate technical measures to guarantee data security, in particular to protect your data from the dangers of data transmissions and from unauthorised access by third parties. These will be adapted in each case to the current state of the art accordingly. We use Transport Layer Security (TLS), which encrypts the information you enter, to secure the personal information you provide on our website.

13. Changes to this data privacy statement

From time to time we update this data privacy statement, for example if we adapt our website or if the legal or regulatory requirements change.