Privacy Policy

We hereby inform you in accordance with the legal requirements of data protection law (especially according to the BDSG n.F. and the European General Data Protection Regulation 'GDPR') about the nature, scope, and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. Regarding the definition of terms such as "personal data" or "processing," we refer to Art. 4 GDPR.

Name and contact details of the responsible person
Our responsible person (hereinafter referred to as "responsible") in the sense of Art. 4 No. 7 GDPR is:

Mirjam Hiller
Bunsenstrasse 4
75173 Pforzheim
Germany
Email address: info{at}mirjamhiller.com

Types of data, purposes of processing, and categories of affected persons
Below we inform you about the type, extent, and purpose of the collection, processing, and use of personal data.
1. Types of data we process
Usage data (access times, visited websites, etc.), inventory data (name, address, etc.), contact data (telephone number, email, fax, etc.), payment data (bank details, account information, payment history, etc.), contract data (subject of the contract, duration, etc.), content data (text inputs, videos, photos, etc.), communication data (IP address, etc.).

2. Purposes of processing according to Art. 13 para. 1 c) GDPR
Contract processing, technical and economic optimization of the website, enabling easy access to the website, fulfillment of contractual obligations, contact in case of legal complaints by third parties, fulfillment of legal retention obligations, optimization and statistical evaluation of our services, supporting commercial use of the website, improving user experience, making the website user-friendly, preventing SPAM and abuse, customer service and care, handling contact inquiries, security measures, uninterrupted and secure operation of our website.

3. Categories of affected persons according to Art. 13 para. 1 e) GDPR
Visitors/users of the website, customers, suppliers, prospects, employees of customers or suppliers.

The affected persons are collectively referred to as "users".

Legal basis for the processing of personal data Below, we inform you about the legal bases for the processing of personal data:

1. If we have obtained your consent for the processing of personal data, Art. 6 para. 1 s. 1 lit. a) GDPR is the legal basis.
2. If processing is necessary for the performance of a contract or for carrying out pre-contractual measures, which occur at your request, Art. 6 para. 1 s. 1 lit. b) GDPR is the legal basis.
3. If processing is necessary to fulfill a legal obligation to which we are subject (e.g., legal retention obligations), Art. 6 para. 1 s. 1 lit. c) GDPR is the legal basis.
4. If processing is necessary to protect the vital interests of the affected person or another natural person, Art. 6 para. 1 s. 1 lit. d) GDPR is the legal basis.
5. If processing is necessary to protect our or a third party's legitimate interests and do not override your interests or fundamental rights and freedoms, Art. 6 para. 1 s. 1 lit. f) GDPR is the legal basis.

Disclosure of Personal Data to Third Parties and Data Processors Without your consent, we generally do not share data with third parties. If this does occur, it will be based on the legal grounds mentioned above, for example, when sharing data with online payment providers for contract fulfillment or due to a court order or legal obligation to disclose data for the purpose of law enforcement, security, or protecting intellectual property rights.
We also use data processors (external service providers, e.g., for web hosting of our websites and databases) to process your data. When data is shared with data processors as part of a data processing agreement, it always complies with Art. 28 GDPR. We carefully select our data processors, regularly monitor them, and have the right to give instructions regarding the data. Data processors must also have suitable technical and organizational measures in place and comply with data protection regulations according to BDSG n.F. and GDPR.

Transfer of Data to Third Countries The European General Data Protection Regulation (GDPR) has established a unified basis for data protection in Europe. Therefore, your data is primarily processed by companies subject to GDPR. If data processing does take place by third-party services outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that data processing takes place based on special guarantees, such as the EU Commission's officially recognized determination of an adequate level of data protection or compliance with officially recognized specific contractual obligations, the so-called "standard contractual clauses."
In the event that, due to the invalidity of the so-called "Privacy Shield," we request your explicit consent for data transmission to the USA under Art. 49(1) lit. a) GDPR, we hereby inform you of the risk of secret access by US authorities and the use of data for surveillance purposes, possibly without legal remedies for EU citizens.

Data Deletion and Storage Period Unless explicitly stated in this privacy policy, your personal data will be deleted or blocked as soon as your consent for processing is revoked or the purpose of storage no longer applies, or the data is no longer necessary for the purpose, unless further storage is required for evidence purposes or legal retention obligations apply. This includes, for example, commercial retention obligations for business letters according to § 257 para. 1 HGB (6 years) and tax retention obligations according to § 147 para. 1 AO for documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted unless continued storage is necessary for concluding a contract or fulfilling a contract.

Existence of Automated Decision-Making We do not use automated decision-making or profiling.

Provision of Our Website and Creation of Log Files

1. When you use our website for informational purposes only (i.e., no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data:
   • IP address;
   • User's internet service provider;
   • Date and time of access;
   • Browser type;
   • Language and browser version;
   • Content of the request;
   • Time zone;
   • Access status/HTTP status code;
   • Data volume;
   • Websites from which the request comes;
   • Operating system.
   We do not store this data together with other personal data from you.
   
   
2. These data serve the purpose of user-friendly, functional, and secure delivery of our website to you with features and content as well as their optimization and statistical evaluation.
   
   
3. The legal basis for this is our legitimate interest in data processing for the purposes mentioned above according to Art. 6 para. 1 sentence 1 lit. f) GDPR.
   
   
4. For security reasons, we store this data in server log files for a storage period of 70 days. After this period, they are automatically deleted unless we need to retain them for evidence purposes in the event of attacks on the server infrastructure or other violations of the law.
   

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser stores on your computer. When you revisit our website, these cookies provide information to automatically recognize you. Cookies also include "user IDs" where user information is stored using pseudonymous profiles. We inform you about the use of cookies for the purposes mentioned above and how to object to or prevent their storage ("opt-out") when you visit our website through a notice in our privacy policy.
   
   The following types of cookies are distinguished:
   
   • Necessary, essential cookies: Essential cookies are cookies that are absolutely necessary for the operation of the website to store certain functions of the website such as logins, shopping carts, or user inputs, e.g., regarding the language of the website.
   
   • Session cookies: Session cookies are required to recognize repeated use of an offer by the same user (e.g., if you have logged in to determine your login status). When you revisit our site, these cookies provide information to automatically recognize you. The information obtained in this way is used to optimize our offers and to facilitate your access to our site. When you close your browser or log out, the session cookies are deleted.
   
   • Persistent cookies: These cookies remain stored even after closing the browser. They are used to store login information, measure reach, and for marketing purposes. These are automatically deleted after a specified duration, which may vary depending on the cookie. You can delete the cookies at any time in your browser's security settings.
   
   • Third-party cookies (especially from advertisers): Depending on your preferences, you can configure your browser settings to reject third-party cookies or all cookies. However, we would like to point out that this may result in not being able to use all the functions of this website. For more information on these cookies, please refer to the respective privacy policies of the third parties.
   
   
2. Data Categories: User data, cookie, user ID (including visited pages, device information, access times, and IP addresses).
   
   
3. Purposes of Processing: The information obtained is used to optimize our web offerings technically and economically and to facilitate easier and secure access to our website.
   
   
4. Legal Basis: If we process your personal data using cookies based on your consent ("opt-in"), Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis. Otherwise, we have a legitimate interest in the effective functionality, improvement, and economic operation of the website, so in this case, the legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR. The legal basis is also Art. 6 para. 1 sentence 1 lit. b) GDPR when cookies are set for contract initiation, e.g., for orders.
   
   
5. Storage Period/Deletion: The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is terminated.
   
   Cookies are stored on your computer and transmitted to our site from there. As a user, you also have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Previously stored cookies can be deleted at any time, including automated deletion. If cookies are deactivated for our website, you may not be able to use all the functions of the website to their full extent.
   
   Here you can find information on deleting cookies by browser:
   
   Chrome: https://support.google.com/chrome/answer/95647
   
   Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac
   
   Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
   
   Internet Explorer: https://support.microsoft.com/de-at/help/17442/windows-internet-explorer-delete-manage-cookies
   
   Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies
   
   
6. Objection and "Opt-Out": You can generally prevent the storage of cookies on your hard drive independently of your consent or legal permission by choosing "do not accept cookies" in your browser settings. However, this may result in limited functionality of our offers. You can object to the use of cookies by third parties for advertising purposes via a "opt-out" on this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).
   
   Edit cookie settings or object to them:
   
   
   You can adjust the settings on every page via the icon in the lower left corner.

Cookie Consent Solutions

Usercentrics Consent Management Platform

1. We have integrated the Usercentrics Consent Management Platform (service provider: Usercentrics GmbH, Rosental 4, 80331 Munich) as a consent management service on our website.
   
   
2. Data Categories and Description of Data Processing: Cookies, date and time of visit, device information, browser information, anonymized IP address, opt-in and opt-out data. Through this service, we can obtain your consent for the storage of cookies and document it. In addition, a cookie is stored in your browser to associate the given consent or its revocation. You can find further information in the privacy policy of the data processor Usercentrics: https://usercentrics.com/privacy-policy/
   
   
3. Purposes of Data Processing: Compliance with legal obligations, consent storage.
   
   
4. Legal Basis: The legal basis for the processing of personal data is our legitimate interest in the purposes mentioned above according to Art. 6 para. 1 sentence 1 lit. f) GDPR, as well as the fulfillment of legal obligations according to Art. 6 para. 1 sentence 1 lit. c) GDPR.
   
   
5. Storage Duration: Data will be stored until you manually delete the CMP cookie in your browser or the purpose for data storage no longer applies. The revocation record of a previously given consent is kept for a period of three years. The retention is based on our accountability according to Art. 5 para. 2 GDPR, which requires compliance with the processing of personal data under the General Data Protection Regulation. In addition, it is based on the regular limitation period according to § 195 of the German Civil Code (BGB) of three years. This limitation period starts at the end of the year in which the claim arose (§ 199 BGB). Therefore, the three-year limitation period begins at the end of December 31st and ends three years later at 31st December, 24:00.
   
   
6. Data Transfer/Recipient Category: CMP provider. We have concluded a data processing agreement according to Art. 28 GDPR with the data processor for this reason.
   
   

Contract Processing

1. We process inventory data (e.g., company, title/academic degree, names and addresses, as well as contact information of users, email), contract data (e.g., services used, names of contact persons), and payment data (e.g., bank details, payment history) for the purpose of fulfilling our contractual obligations (knowing who the contract partner is; establishing, structuring, and processing the contract; checking the plausibility of the data) and providing services (e.g., contacting customer service) in accordance with Art. 6 para. 1 sentence 1 lit b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
   
   
2. In principle, these data will not be disclosed to third parties unless it is necessary to pursue our claims (e.g., transfer to a lawyer for debt collection) or to fulfill the contract (e.g., transfer of data to payment service providers), or there is a legal obligation to do so according to Art. 6 para. 1 sentence 1 lit. c) GDPR.
   
   
3. We may also process the data you provide to inform you about other interesting products from our portfolio or send you emails with technical information.
   
   
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for inventory and contract data when the data is no longer required for the execution of the contract and no claims can be asserted from the contract because they have become time-barred (warranty: two years / regular limitation period: three years). Due to commercial and tax regulations, we are obliged to store your address, payment, and order data for a period of ten years. However, we restrict processing after three years of contract termination, meaning your data will only be used to fulfill legal obligations. Information in user accounts remains until the account is deleted.
   
   

Contact via Contact Form / Email / Fax / Mail

1. When contacting us via contact form, fax, mail, or email, your information will be processed for the purpose of handling the contact request.
   
   
2. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR if you have given your consent. The legal basis for processing data transmitted in the course of a contact request or email, letter, or fax is Art. 6 para. 1 sentence 1 lit. f) GDPR. The data controller has a legitimate interest in processing and storing the data in order to be able to respond to user inquiries, secure evidence for liability reasons, and, if necessary, to fulfill legal retention obligations for business letters. If the contact aims at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
   
   
3. We may store your information and contact request in our Customer Relationship Management System ("CRM System") or a similar system.
   
   
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form and those sent by email, this is the case when the respective conversation with you is finished. The conversation is considered finished when it can be inferred from the circumstances that the matter in question has been conclusively clarified. For users who have an account or contract with us, we store inquiries until two years after the contract has ended. In the case of legal archiving obligations, deletion takes place after their expiration: end of commercial (6 years) and tax (10 years) retention obligation.
   
   
5. You have the option to revoke your consent to the processing of personal data at any time in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. If you contact us by email, you can object to the storage of personal data at any time.
   
   

Contact via Phone

1. When contacting us by phone, your phone number will be processed for the purpose of processing the contact request and its handling, and temporarily stored in the RAM/cache of the phone/device/display. Storage is carried out for liability and security reasons, in order to provide evidence of the call and for economic reasons, to enable a callback. In the case of unauthorized marketing calls, we block the phone numbers.
   
   
2. The legal basis for processing the phone number is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the contact aims at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR.
   
   
3. The device cache stores calls for 30 days and gradually overwrites or deletes old data. When the device is disposed of, all data is deleted, and the storage may be destroyed. Blocked phone numbers are reviewed annually for the need for blocking.
   
   
4. You can prevent the display of the phone number by calling with a suppressed phone number.
   
   

Matomo (formerly PIWIK)

1. We have installed the web analysis service / open-source software "Matomo" on our website to analyze and improve the usage of our website.
   
   
2. Data Category and Description of Data Processing: IP address, technical information about the browser and provider, as well as end devices, location, interests, and visited pages. For analysis, the software places cookies on your computer. We have activated "IP Anonymization," which truncates your IP address to the last 6 digits. This makes it impossible to identify individuals from the data. Furthermore, this IP is not merged with other data collected by us. The data is processed and stored on our servers in Germany.
   
   
3. Purpose of Processing: This data is collected and stored for marketing, analysis, and optimization of our website.
   
   
4. Legal Basis: If you have given your consent ("Opt-in") for the processing of your personal data through "tracking," then Article 6(1)(a) GDPR is the legal basis. The legal basis is also our legitimate interest in data processing for the purposes mentioned above, according to Article 6(1)(f) GDPR. For services provided in connection with a contract, tracking and user behavior analysis are carried out based on Article 6(1)(b) GDPR to offer optimized services for the fulfillment of the contract's purpose.
   
   
5. Storage Duration: After data collection, it is anonymized. The storage duration of cookies is a maximum of 13 months or until you delete them as a user. Server logs are automatically deleted after 180 days.
   
   
6. Objection: You can object to the collection and storage of data at any time, free of charge, with future effect. You can object to or prevent the installation of Matomo cookies in various ways:
   
   • You can block cookies, including third-party cookies, in your browser settings by selecting "do not accept cookies."
   
   • You can disable Matomo cookies using this link:
   
   You can also object to the storage of Matomo cookies through our consent banner at any time. You can find the setting under the icon at the bottom left of each page. This cookie is only valid for our website and your current browser and lasts until you delete your cookies. In that case, you would need to set the cookie again.
   
   
7. For further information, refer to Matomo's privacy policy at: https://matomo.org/privacy/.
   
   

Rights of the Data Subject

1. Objection or Withdrawal of Consent for Data Processing
   
   If processing is based on your consent according to Article 6(1)(a), Article 7 GDPR, you have the right to withdraw your consent at any time. The legality of the processing carried out based on your consent before the withdrawal will not be affected by the withdrawal.
   
   If we base the processing of your personal data on the balancing of interests according to Article 6(1)(f) GDPR, you can object to the processing. This applies when processing is not necessary for the performance of a contract with you, as described in the subsequent description of functions. If you exercise such an objection, please explain the reasons why we should not process your personal data as we have done. In the case of a justified objection, we will examine the situation and either cease or adapt the data processing, or show you our compelling legitimate reasons for continuing the processing.
   
   You can object to the processing of your personal data for advertising and data analysis purposes at any time. This right to object can be exercised free of charge. You can inform us of your objection to advertising using the following contact information:
   
   Mirjam Hiller
   Bunsenstrasse 4
   75173 Pforzheim
   Germany
   Email address: info{at}mirjamhiller.com
   
   
2. Right to Information
   You have the right to request confirmation from us whether personal data concerning you is processed. If this is the case, you have the right to information about your personal data stored with us under Article 15 GDPR. This includes information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it was not collected directly from you.
   
   
3. Right to Rectification
   You have the right to correction of incorrect data or completion of correct data under Article 16 GDPR.
   
   
4. Right to Erasure
   You have the right to request the deletion of your data stored with us under Article 17 GDPR, unless statutory or contractual retention periods, other legal obligations, or rights to further storage conflict with this.
   
   
5. Right to Restriction of Processing
   You have the right to request the restriction of processing of your personal data under certain conditions specified in Article 18(1)(a) to (d) GDPR:
   • When you dispute the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;
   
   • the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use;
   
   • the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims, or
   
   • if you have objected to processing pursuant to Article 21(1) GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds.
   
   
6. Right to Data Portability
   You have the right to data portability under Article 20 GDPR, which means that you can receive the personal data about you that you have provided to us in a structured, commonly used, and machine-readable format, or you can request the transmission of this data to another controller.
   
   
7. Right to Lodge a Complaint
   You have the right to lodge a complaint with a supervisory authority. In most cases, you can contact the supervisory authority, especially in the member state of your habitual residence, your place of work, or the place of the alleged infringement.
   
   

Data Security To protect all personal data transmitted to us and to ensure compliance with data protection regulations by us and our external service providers, we have taken appropriate technical and organizational security measures. Therefore, all data between your browser and our server is transmitted via a secure SSL connection.


As of: 15.01.2024