All personal data are treated confidentially. Our data protection practices comply with the German Federal Data Protection Act (FDPA) and the General Data Protection Regulation (GDPR). We inform you about the data protection details below:





Aspelohe 27c, D-22848 Norderstedt


Phone: (040) 535 91-0

Fax: (040) 535 91-500




The data protection officer of the responsible party is:


GDI Gesellschaft für Datenschutz- und Informationssicherheit mbH,

Computer scientist Olaf Tenti

Fleyer Str. 61, D-58097 Hagen


Tel. 02331/ 3568320





We collect and process your data so we can make our website available to you and to provide you with the best possible services through the convenient access to our services.




2.1       VISITING OUR Website


When you access our webpages, our servers automatically collect general information, especially for the purpose of establishing the connection, the functionality and for system security. The information includes the type of browser used, the operating system used, the domain name of the internet service provider, the connection data of the used computer (IP address), the website from which you are visiting us (referrer URL), the pages that you visit in our website as well as the date and duration of your visit. From these data, we cannot infer the identity of certain persons owing to pseudonymization. These data are not combined with other data sources.


2.2       ContaCt form

If you contact us through the contact form, you must include your name and e-mail address in the message you send to us. All the other details are voluntary and therefore you do not have to provide them. The data are stored to process your inquiry and we will not forward them without your consent. We delete the data received in this context after storage is no longer necessary or we limit the processing if legal storage obligations apply. The legal foundation for the processing of your personal data is Art. 6 Para. 1 Letter b) of the GDPR.


3.         DELETION


Personal data are deleted or blocked as soon as the storage purpose no longer applies or you request the deletion. The data are deleted even when the storage period prescribed by the above-mentioned norm expires unless there is a requirement to keep storing the data to conclude or fulfill a contract or you have given your consent for this.


4.         Cookies


Cookies are used so the webpages and preferences of the website visitors can be attractively designed. Therefore, your information for selecting a language are stored, for example. Cookies are text files stored on your hard drive that allow the identification of the browser when you visit the website again.


You can prevent the storage of cookies on your hard drive by setting your browser accordingly. Cookies already stored can be deleted at any time; consult the respective browser instructions to find out how you can delete cookies or prevent their storage. If you do not accept cookies, the use of our internet offerings may be affected.

The legal foundation for the processing of cookies is Art. 6 Para. 1 Letter f) of the GDPR.


5.         Data sECURiTY


We secure our website and other systems by taking technical and organizational measures against loss, destruction, access, change or dissemination of your data by unauthorized persons. Depending on the browser used, data are transmitted with 128-bit to 256-bit SSL encryption. In spite of regular checks and continuous improvement of our security measures, full protection against all dangers is not possible.




If your personal data are processed, you are an affected person within the meaning of the GDPR and you have the following rights vis-à-vis the responsible party:




You can request a confirmation from the responsible party stating whether we are processing your personal data.

If there is such processing, you can request the following information from the responsible party:


·         The purposes for which the personal data are being processed;

·         The categories of personal data that are being processed;

·         The recipients or categories of recipients to whom your personal data were or will still be disclosed;

·         The planned length of storage of your personal data or, if no specific information on this is possible, the criteria for establishing the length of storage

·         The existence of a right to correct or delete your personal data, a right to limit the processing by the responsible party or to an objection against this processing;

·         The existence of a right to complain to a supervisory authority;

·         All available information about the origin of the data when the personal data are not collected from the affected person.




You are entitled to correction and/or completion vis-à-vis the responsible party, provided your processed personal data are incorrect or incomplete. The responsible party must correct them at once.




You can request the processing of your personal data to be restricted under these prerequisites:


·         If you dispute the accuracy of your personal data for a period of time that allows the responsible party to verify the accuracy of the personal data;

·         When the processing is unlawful and you reject the deletion of the personal data and request limiting the use of the personal data instead;

·         When the responsible party no longer needs the personal data for the processing purposes, but you need them for asserting, exercising or defending legal claims, or

·         When you have filed an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and it is still uncertain whether the justified reasons of the responsible party outweigh yours.


If the processing of your personal data was restricted, these data may – apart from their storage –only be processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or owing to reasons related to an important public interest of the Union or a member state.

If the processing restriction was restricted acc. to the above-mentioned prerequisites, you will be notified by the responsible party before the restriction is lifted.





You can request the responsible party to delete your personal data immediately and the responsible party is obligated to delete them at once if one of these reasons applies:

-               The purposes for which your personal data were collected or otherwise processed are no longer necessary.

-               You revoke your consent on which the processing was based acc. to Art. 6 Para. 1 Letter a) or Art. 9 Para. 2 Letter a) of the GDPR, and there is no other legal foundation for the processing.

-               You file an objection against the processing acc. to Art. 21 Para. 1 of the GDPR and there are no overriding legally justified reasons for the processing, or you file an objection against the processing acc. to Art. 21 Para. 2 of the GDPR.

-               Your personal data were illegally processed.

-               The deletion of your personal data is necessary to fulfil a legal obligation acc. to Union or member state legislation to which the responsible party is subject.

-               Your personal data were collected in relation to offered services of the information society acc. to Art. 8 Para. 1 of the GDPR.


·         Information TO THIRD PARTIES

If the responsible party has made your personal data public and he is obligated to delete them acc. to Art. 17 Para. 1 of the GDPR, then taking the available technology and implementation costs into account, he takes reasonable measures (also technical ones) to inform those responsible for the data processing that process personal data that you, as affected person, have requested them to delete all links to these personal data or of copies or replications of these personal data.


·         EXCEPTIOnS

There is no right to deletion if the processing is necessary:

-               To exercise the right to the free expression of opinion and information;

-               To comply with a legal obligation that requires the processing according to the law of the Union or the member states to which the responsible party is subject, or to carry out a task that lies in the public interest or takes place in the exercise of public authority that was transferred to the responsible party;

-               Owing to reasons of public interest in the public health sector acc. to Art. 9 Para. 2 Letters h) and i) as well as Art. 9 Para. 3 of the GDPR;

-               To assert, exercise or defend legal claims.




If you have asserted the right to the correction, deletion or restriction of the processing vis-à-vis the responsible party, the latter is obligated to communicate to all recipients to whom your personal data were disclosed this correction or deletion of the data or restriction of the processing unless this turns out to be impossible or this entails an unreasonable effort. Vis-à-vis the responsible party, you are entitled to be notified about these recipients.




You are entitled to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. Additionally, you are entitled to transmit these data to another responsible party, without interference from the responsible party, to whom you provided the personal data as long as:

-           The processing is based on a consent acc. to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a) of the GDPR or on a contract acc. to Art. 6 Para. 1 Letter b) of the GDPR and

-           The processing is done with the help of automated methods.


In the exercise of this right, you are additionally entitled to see to it that your personal data are transmitted directly from one responsible party to another responsible party as far as this is technical feasible. The rights and freedoms of other persons may not be affected by this.


6.7       rIGht TO OBJECT


For reasons resulting from your special situation, you are entitled at any time to file an objection against the processing of your personal data, which takes place owing to Art. 6 Para. 1 Letter e) or f) of the GDPR; this also applies to a profiling based on these provisions.

The responsible party no longer processes your personal data unless he can prove mandatory reasons worth protecting for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

If your personal data are processed to engage in direct advertising, you are entitled to file an objection against the processing of your personal data at any time for the purposes of such advertising; this also applies to the profiling as far as it is related to such direct advertising.

If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposes.

In connection with the use of services of the information society and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to objection using automated methods that use technical specifications.




You are entitled to revoke your legal data protection declaration of consent at any time. The revocation of the consent does not affect the legality of the processing that took place until the revocation due to the consent.





You are entitled not to be subject to a decision based exclusively on an automated processing – including profiling – that affects you legally or significantly affects you in a similar way. This does not apply if the decision:

·         Is necessary for concluding or fulfilling a contract between you and the responsible party,

·         Is permissible and these legal regulations contain reasonable measures to safeguard your rights and freedoms as well as your justified interests owing to the legislation of the Union or member states to which the responsible party is subject, or

·         Takes place with your express consent.

However, these decisions may not be based on special categories of personal data acc. to Art. 9 Para. 1 of the GDPR, if Art. 9 Para. 2 Letter a) or g) of the GDPR does not apply and reasonable measures were taken to protect your rights and freedoms as well as your justified interests.




Irrespective of another court or administrative law remedy, you are entitled to complain to a supervisory authority, especially in a member state of your place of residence, workplace or the place where the alleged violation occurred if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted notifies the complainant about the status and results of the complaint, including the possibility of a legal remedy acc. to Art. 78 of the GDPR.