Privacy Policy

The data controller within the meaning of the EU’s General Data Protection Regulation (GDPR), the Hessen Data Protection and Freedom of Information Act (HDSIG), other national data protection acts of the Member States, and other data protection regulations is:

Hessen Trade & Invest GmbH
Mainzer Str. 118
65189 Wiesbaden
Germany

Phone: +49 611 95017 85
E-mail: info@htai.de
CEO: Dr. Rainer Waldschmidt

The Data Controller’s Data Protection Officer can be contacted at the following e-mail address: datenschutzbeauftragter@hessen-agentur.de


Personal Data

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

We describe how we process your personal data in the following.

1. Provision of the Website and Generation of Log Files

    You can visit our website at any time without having to register or provide personal details. However, our system automatically records data and information relating to the accessing computer’s system each time our web pages are accessed.

    Description and Scope of Data Processing: The following data is collected automatically when a page is accessed:

    • The browser type and version,
    • The operating system used,
    • The referrer URL,
    • The website you visit,
    • The date and time you accessed the page,
    • Your Internet Protocol (IP) address.

    We need to collect the data relating to the provision of the website, and to store it in log files, in order to be able to operate the website.

    Legal Basis for Data Processing: The legal basis for temporarily storing the data and log files is Art. 6 (1) letter f of the General Data Protection Regulation (GDPR).

    Purpose of Data Processing: The system needs to temporarily store the IP address in order to deliver the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session. Storing it in log files is designed to ensure the website’s ability to function and stability. In addition, the data helps us to optimize the website and ensure the security of our IT systems. The data is not analyzed for marketing purposes in this context. The abovementioned purposes also represent our legitimate interest in data processing pursuant to Art. 6(1) letter f of the GDPR.

    Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. With data collected to make the website content available, this is the case when the session in question has ended. Data stored in log files is erased at the latest after seven days.

    2. E-Mail Contact

    Description and Scope of Data Processing: If you contact us using the e-mail address provided, the personal data transmitted with your e-mail is stored.

    Legal Basis for Data Processing: The legal basis for processing the data transmitted when an e-mail is sent is set out in Art. 6(1) letter f of the GDPR. We have a legitimate interest in answering the sender’s e-mail inquiry. If the reason for making contact by e-mail is to enter into a contract, an additional legal basis for processing is provided by Art. 6(1) letter b of the GDPR.

    Purpose of Data Processing: Personal data contained in e-mails is processed solely to handle the inquiry concerned.

    Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. With personal data sent by e-mail, this is the case when the conversation with the user has ended. The conversation has ended when it can be seen from the circumstances that the issues involved have been finally clarified. This does not apply if legal or contractual obligations, and in particular retention periods, prohibit the erasure of the data.

    3. Business Development Communications (Newsletter, Mailings, Info Mails)

      Description and Scope of Data Processing: We send you up-to-the-minute information by post or e-mail. To do this, we process your name, postal address, and e-mail address, depending on the communications channel involved.

      When you register for one of our free newsletters, the data from the input mask is transmitted to us and processed by us for the purpose of sending you the desired newsletter. In addition, the user’s IP address and the date and time of the registration are stored when you send us the newsletter registration.

      When you register for a newsletter via our website, we verify your e-mail address using a double opt-in procedure. After submitting your registration, you will be sent an e-mail asking you to confirm, by a given deadline, your data and your consent to receiving the newsletter.

      When you open one of our newsletters or click on a link it contains, this may be logged by the webserver (date, time, e-mail address). This is for internal statistical purposes and is intended to enable us to tailor our information offering even better to the interests of our newsletter users. This is also our legitimate interest in processing the data. The data is not used for personalized usage analyses or merged with other data to produce usage profiles.

      You are not obliged to provide us with personal data, but we will be unable to send you a newsletter if you do not provide us with the personal data that has been defined as mandatory.

      Legal Basis for Data Processing: The legal basis for processing data in connection with sending our newsletters is the consent given by you (Art. 6(1) letter a of the GDPR). The legal basis for any statistical analyses performed in connection with sending the newsletters is Art. 6(1) letter f of the GDPR. We meet our legal obligation to verify your e-mail set out in Art. 6(1) letter c of the GDPR by sending you the e-mail forming part of the double opt-in procedure.

      As a business development company that has been mandated by the State of Hessen, we also carry out tasks in the public interest or in the exercise of official authority pursuant to Art. 6(1) letter e of the GDPR by sending information.

      Purpose of Data Processing: The data is used solely for sending the newsletter. Your e-mail address is collected in order to deliver the newsletter to you. To the extent that other personal data is collected in the course of the registration procedure, this serves to customize the newsletter and to prevent misuse of the services or the e-mail address used.

      Duration of Storage: You can object to receiving information at any time. You can withdraw your consent to receiving a newsletter at any time without giving any reasons. If you object to receiving information or withdraw your consent to receiving a newsletter, your e-mail address that is used to send information/newsletters will be flagged as blocked to document that you no longer wish to be contacted by us. Any data that is no longer required will be erased without undue delay. The blocking flag and your e-mail address will be erased three years after the end of the calendar year in which the blocking flag was set. If you do not confirm your newsletter registration using the double opt-in procedure, we will block your data and erase it after one month.

      4. Use of CleverReach to Dispatch Newsletters

        We employ CleverReach GmbH & Co. KG (Mühlenstrasse 43, 26180 Rastede, Germany, hereinafter referred to as “CleverReach”) as a contract data processor when sending our newsletter to registered subscribers. CleverReach was carefully selected by us as a specialized service provider and is subject to regular checks by us to ensure that your privacy is preserved. CleverReach processes your personal data only on our behalf and in line with our instructions, and is only permitted to use your personal data for the purposes specified by us. Compliance with these data protection regulations and the necessary security measures is guaranteed at all times.

        5. Comments Function

          Description and Scope of Data Processing: If you use our comments function to express your opinion about contributions on our website, your comments, including the user name you choose, will be visible to other visitors to the website. Use of the comments function is voluntary. There is no obligation to submit comments.

          Legal Basis for Data Processing: The legal basis for data processing if the comments function is used is your consent (Art. 6(1) letter a of the GDPR).

          Purpose of Data Processing: The data is processed to publish comments on our website.

          Duration of Storage: The data is stored for the period for which your comment is published on our website and is erased without undue delay thereafter.

          6. Contact Form

            Description and Scope of Data Processing: When you send an inquiry using our contact form, the data entered in the input mask is transmitted to us and stored. In addition, the user’s IP address, and the date and time the inquiry was sent are stored when you send the message.

            You are not obliged to provide us with personal data, but you will be unable to contact us using the contact form if you do not provide us with the personal data that has been defined as mandatory, since we cannot process your inquiry without this data.

            Legal Basis for Data Processing: The legal basis for processing data transmitted using the contact form is our legitimate interest (Art. 6(1) letter f of the GDPR). Our legitimate interest is to answer the inquiry sent by the sender. If the reason for making contact is to enter into a contract, an additional legal basis for processing is provided by Art. 6(1) letter b of the GDPR.

            Purpose of Data Processing: Personal data from the input mask is processed solely to process the inquiry concerned.

            Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. With personal data from the contact form’s input mask, this is the case when the conversation with the user has ended. The conversation has ended when it can be seen from the circumstances that the issues involved have been finally clarified.

            This does not apply if legal or contractual obligations, and in particular retention periods, prohibit the erasure of the data. The additional personal data collected during the sending procedure is erased at the latest after seven days.

            7. Registering for Events

              Description and Scope of Data Processing: When you send a registration via a registration form, the data entered in the input mask is transmitted to us and stored. In addition, the user’s IP address, and the date and time of registration are stored when you send the registration.

              You are not obliged to provide us with personal data, but we will be unable to enter into an agreement for you to participate in the event you are interested in, or implement this, if you do not provide us with the personal data that has been defined as mandatory.

              Legal Basis for Data Processing: The legal basis for processing the data is Art. 6(1) letter b of the GDPR, since processing the data is necessary for registering you for the event you have selected and for conducting this. If we obtain your consent separately, Art. 6(1) letter a of the GDPR also applies.

              Purpose of Data Processing: The personal data is processed solely to perform the registration and conduct the event.

              Duration of Storage: Data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. Personal data collected during registration is erased at the latest one month after the event has finished, unless you have agreed to its further use or processing (e.g., if you have consented to receive invitations to future events).

              The additional personal data collected during the sending procedure is erased at the latest after seven days.

              8. Registering for Event Partnering

                Description and Scope of Data Processing: Before certain events, visitors can register for partnering activities and create partnering profiles. When registrations for partnering and partnering profiles are sent, the data entered in the input masks is transmitted to us and stored. In addition, the user’s IP address, and the date and time of registration are stored when you send the registration. Your consent to data processing is sought during sending and reference is made to this Privacy Policy.

                You are not obliged to provide us with personal data, but you will be unable to participate in partnering if you do not provide us with the data that has been defined as mandatory.

                All participants who have registered for partnering receive access to the other participants’ profiles before the event and can set up individual 10-minute information-sharing meetings during it.

                Legal Basis for Data Processing: The legal basis for data processing is your consent (Art. 6(1) letter a of the GDPR).

                Purpose of Data Processing: The personal data is processed solely to perform the registration and conduct the partnering activities.

                Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. The personal data collected in the partnering profile during registration for partnering is erased at the latest one month after the end of the event.

                Additional personal data collected during the sending procedure is erased after seven days at the latest.

                9. Taking and Publishing Photos and Videos

                  Description and Scope of Data Processing: As part of our special public mandate to promote and enhance business development in the State of Hessen, we have been commissioned to inform the public about events in suitable publications using both words and pictures. For this purpose, photos and videos may be taken at events and published in print media, our own publications, on our websites, and/or on social media (e.g., Facebook, Twitter, Instagram). We obtain your consent to publication on social media pages and refer to this Privacy Policy.

                  Legal Basis for Data Processing: The legal basis for processing photos and videos is the public mandate conferred on us to promote business development in Hessen (Art. 6(1) letter e of the GDPR). If you have consented to photos and videos showing you being published on social media channels, this is the legal basis for data processing (Art. 6(1) letter a of the GDPR).

                  Purpose of Data Processing: The purpose of publishing photos and videos is our special public mandate to promote and enhance business development, and hence to inform interested members of the public about events.

                  Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. Photos that are not published are erased at the latest one month after the end of the event. Published photos are stored for as long as the publications concerned are accessible or obtainable.

                  Recipients and Data Transmission to Third Countries: With respect to publication in print media, the photos taken are sent to daily newspapers and publishing houses in particular. If you consented during registration to photos showing you being published on social media, the data is transmitted to the operators of these social networks. You are informed when you give your consent that some social media operators have their registered office outside the European Union and the European Economic Area (EEA), and in particular in the USA, and that these countries do not have an appropriate level of data protection. Material may be transmitted to the following social media operators in particular:

                  • Facebook

                  The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data privacy at Facebook at https://www.facebook.com/policy.php.

                  • Instagram

                  The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data protection in Instagram’s privacy policy at https://help.instagram.com/about/legal/privacy.

                  • XING

                  The service provider is New Work SE (Dammtorstrasse 30, 20354 Hamburg, Germany). You can find further information about data protection in XING’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.

                  • LinkedIn

                  The service provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). You can find further information about data protection in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy and in its cookie policy at https://www.linkedin.com/legal/cookie-policy.

                  • Google+

                  The service provider is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

                  You can find further information about data protection in Google’s privacy policy at https://policies.google.com/privacy/update?hl=de&gl=de. Google processes your personal data, among other places, in the USA.

                  • Twitter

                  The service provider is Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland). You can find further information about data protection in Twitter’s privacy policy at https://twitter.com/de/privacy.

                  • YouTube

                  The service provider is YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA); a company of Google LLC, USA. You can find further information about data protection in Google’s privacy policy at https://policies.google.com/privacy/update?hl=de.

                  • Vimeo

                  The service provider is Vimeo, Inc. (555 West 18th Street, New York, New York 10011, USA). You can find further information about data protection in Vimeo’s privacy policy at https://vimeo.com/privacy. Vimeo processes personal data in the USA.

                  • Pinterest

                  The service provider is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). You can find further information about data protection in Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy.

                  No assurance can be given that, even if social media operators have a registered office in the EU, the personal data will not also be transmitted to group companies in the USA or another country outside the EU or the EEA, and/or that it will not also be stored on servers in the USA or another country outside the EU or the EEA.

                  10. Recording and Streaming Online Events

                    Description and Scope of Data Processing: We record some online events or parts of events and offer them for streaming on our websites and/or social media channels. Chats posts are stored separately during recording and are not published. In addition, individual photos and videos of participants can be taken during online events for public relations purposes. Participants’ connection data can also be stored.

                    The photos and videos can be published in print media, our own publications, on our websites and/or on our social media pages. We obtain your consent during event registration to publish photos and videos on social media channels and refer to this Privacy Policy. If the recording of an online event shows individual participants, we also obtain your consent in advance to this recording and to streaming it on websites and/or on social media.

                    Connection data is stored automatically. This is a technical requirement for participating in online events.

                    Legal Basis for Data Processing: The legal basis for processing the data is your consent (Art. 6(1) letter a of the GDPR). Film and video recordings are published on print media, on websites, or in other own publications on the basis of our public mandate to promote business development and perform public relations work (Art. 6(1) letter e of the GDPR). The legal basis for storing your connection data is Art. 6(1) letter f of the GDPR; our legitimate interest is to ensure the functioning of the systems used to hold the online events.

                    Purpose of Data Processing: Your personal data is processed for the purposes set out in the section entitled “Description and Scope of Data Processing.”

                    Duration of Storage: The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. Published recordings of online events are stored for as long as the publications concerned are accessible or obtainable.

                    The connection data is erased at the latest after seven days.

                    Recipients and Data Transmission to Third-party States: If you consented during registration to the publication of photos or videos or a recording of the online event being shown on social media, the data are transmitted to the operators of these social networks. You are informed when you give your consent that some social media operators have their registered office outside the European Union and the European Economic Area (EEA), and in particular in the USA, and that these countries do not have an appropriate level of data protection. Material may be transmitted to the following social media operators in particular:

                    • Facebook
                      The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data privacy at Facebook at https://www.facebook.com/policy.php.
                    • Instagram
                      The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data protection in Instagram’s privacy policy at https://help.instagram.com/abo....
                    • XING
                      The service provider is New Work SE (Dammtorstrasse 30, 20354 Hamburg, Germany). You can find further information about data protection in XING’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.
                    • YouTube
                      The service provider is YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA), a company of Google LLC, USA. You can find further information about data protection in Google’s privacy policy at https://policies.google.com/privacy/update?hl=de.
                    • Vimeo
                      The service provider is Vimeo, Inc. (555 West 18th Street, New York, New York 10011, USA). You can find further information about data protection in Vimeo’s privacy policy at https://vimeo.com/privacy. Vimeo processes personal data in the USA.
                    • Pinterest
                      The service provider is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). You can find further information about data protection in Pinterest’s Privacy Policy at https://policy.pinterest.com/de/privacy-policy.

                    No assurance can be given that, even if social media operators have a registered office in the EU, the personal data will not also be transmitted to group companies in the USA or another country outside the EU or the EEA, and/or that it will not also be stored on servers in the USA or another country outside the EU or the EEA.

                    11. Transmission of Personal Data

                      We will not pass on your data to third parties unless you have given your express consent to this in advance or the transmission is prescribed or permitted by law. An exception is made for our service partners that are required in order to perform the contract and that we have commissioned as contract data processors to process personal data according to our instructions.

                      To the extent that we have been mandated by the Hessen State Chancellery or a ministry of the State of Hessen to act as a contract data processor or project manager and support a project or campaign, the data collected during the said project or campaign may also be made available to the principal concerned. To the extent that no such contract data processing is performed, the legal basis for this is our own and the principal concerned’s legitimate interest (Art. 6(1) letter f of the GDPR). The legitimate interest is, in particular, the assessment of the success of the project or campaign concerned. Our employees are bound to maintain confidentiality and to comply with the data protection regulations.

                      12. Use of Technically Necessary Cookies

                      Description and Scope of Data Processing: We use cookies on various web pages to make visiting our website attractive and to enable the use of certain functions. Cookies are small text files which are placed on your device.

                      You can set your browser so that you are informed when cookies are set and can decide individually about whether to consent to these or to rule out their acceptance either in certain cases or generally. If you do not accept cookies, the functionality of our website may be restricted. The links below show you how to adjust the settings for the following common browsers:

                      Chrome: https://support.google.com/chrome/answer/95647?hl=de

                      Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

                      Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

                      Safari: https://support.apple.com/kb/PH21411?viewlocale=de_DE&locale=de_DE

                      If you use different devices to visit our website (your computer, your smartphone, your tablet, etc.), you should make sure that you define the cookie settings you want in each browser and on each device.

                      Legal Basis for Data Processing: Where personal data is processed using technically necessary cookies, the legal basis is Art. 6(1) letter f of the GDPR.

                      Purpose of Data Processing: Technically necessary cookies are used to make visiting our website attractive and enable the use of certain functions, such as language selection, storing articles in a shopping cart, or recognizing the browser again after a user has registered on the member section of a page. Some website functions cannot be provided without using technically necessary cookies.

                      The user data collected by cookies is not used to generate user profiles.

                      Duration of Storage: We use session cookies. These are cookies that are erased automatically after users have closed their browser.

                      13. Social Plug-ins from Social Network Providers

                      We use social plug-ins from social network providers on our websites. These plug-ins can be used to send personal data to the service providers (including outside Europe), where the data may be used by them.

                      We ourselves do not capture any personal data using social plug-ins or about their use. We have configured the social plug-ins in such a way, and integrated them with our website using an HTML link, that initially no personal data is transmitted to the providers of the individual social plug-ins when you visit our website. If you click on one of the social plug-ins, a new window opens in your browser and displays the social media page of the service provider concerned; you can then click on the “like” or “share” button, for example. Only when you click on this button on the social media service’s page is data transmitted to the service provider and stored there.

                      When you click on a service provider’s button, the provider receives the information that you have accessed the relevant subpage on our website. You do not need to have an account with this service provider or be logged in there. If you are logged in to the service provider, the data is assigned directly to your account. If you click on a social plug-in and, for example, link the page, the service provider stores this information in your user account as well and may disclose this publicly to your contacts.

                      If you do not want the data to be assigned to your profile at the service provider, you must log out before clicking on social plug-ins.

                      We have no influence on whether the service providers collect personal data and, if so, to what extent. Equally, we do not know the scope and purpose for which data is captured or the period for which it is stored. It must be assumed that, at the least, the IP address and device data are recorded and used. In addition, it is possible that the service provider may use cookies.

                      Please note that some social media operators have their registered office outside the European Union and the European Economic Area (EEA), and in particular in the USA, and that these countries do not have an appropriate level of data protection. No assurance can be given that, even if social network service providers have a registered office in the EU, the personal data will not also be transmitted to group companies in the USA or another country outside the EU or the EEA and/or that it will not also be stored on servers in the USA or another country outside the EU or the EEA.

                      Additional information on the individual service providers:

                      • Facebook
                        The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data privacy at Facebook at https://www.facebook.com/policy.php.
                      • Instagram
                        The service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). You can find further information about data protection in Instagram’s privacy policy at https://help.instagram.com/abo....
                      • XING
                        The service provider is New Work SE (Dammtorstrasse 30, 20354 Hamburg, Germany). You can find further information about data protection in XING’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.
                      • Google+
                      • The service provider is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). You can find further information about data protection in Google’s privacy policy at https://policies.google.com/privacy/update?hl=de&gl=de. Google processes your personal data, among other places, in the USA, .

                      14. Embedded Videos

                      • YouTube Videos and Related Data Collection and Use

                      You can use our website to watch videos that have been embedded using a plug-in from YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA, a company of Google LLC). YouTube uses cookies to collect data and for statistical data evaluation. Among other things, YouTube uses cookies to collect reliable video statistics, to prevent fraud, and to improve user friendliness. The YouTube cookies provide the website operator with statistical information relating to viewings of the individual videos embedded in the website that is not tied to individual users. If you watch a video that has been embedded in this way, YouTube may store this data and use it for other purposes. Should you be logged into your YouTube account at the same time, YouTube may be able to assign your surfing behavior to your YouTube user profile. You can prevent the data being processed in this way by logging out of your YouTube account before visiting our websites.

                      The “extended data protection mode” has been activated for YouTube videos on our website. This means that YouTube does not store cookies for users who view a website with an embedded YouTube video player but do not click on the video to start playing it back. In addition, before viewing a video you are informed that, if you click on a video link, you will leave the data controller’s website and will be transferred to the YouTube video portal, together with information on the website you are currently viewing. If you agree to this, YouTube may store cookies on your computer; however, no personal cookie information relating to the playback of embedded videos is stored.

                      Since this is a third-party service, we have no influence on how YouTube processes the relevant data. Please see the privacy policy information at https://policies.google.com/privacy/update?hl=de&gl=de for information on the purpose and scope of data collection, the further processing and use of the data by YouTube or Google, your rights in relation to this, and the configuration options that can be used to protect your privacy. Google processes your personal data in the USA, among other places.

                      • Vimeo Videos and Related Data Collection and Use

                      You can view our video offerings at Vimeo (provided by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA) using our video library or directly at https://vimeo.com/htai/videos. Since this is a third-party service, we have no influence on how Vimeo processes the relevant data. Vimeo’s data privacy policy states that user information (including personal data) may be transmitted to, stored, and processed in the USA, where Vimeo’s servers are located and its central database is operated. Please see Vimeo’s data privacy policy at https://vimeo.com/privacy for further information on the purpose and scope of data collection, the further processing and use of the data by Vimeo, your rights in relation to this, and the configuration options that can be used to protect your privacy.

                      • We use a content delivery network (CDN) provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States.

                      A CDN is an internet-based network of geographically distributed servers that is used to deliver our online content, and in particular large media files such as graphics and scripts, more rapidly. User data is processed solely for the purposes previously mentioned and to preserve the CDN’s security and functioning.

                      We have a legitimate interest in its use, i.e., an interest in the secure and efficient provision, analysis, and optimization of our online offering in accordance with Art. 6(1) letter f of the GDPR.

                      Please see CloudFront’s data privacy policy for further information: https://aws.amazon.com/de/compliance/eu-data-protection/.

                      15. Embedded Maps

                      • Use of Google Maps

                      Our website uses services from Google Maps, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These allow us to display interactive maps directly on the website for you and enable you to use the map function easily.

                      If you have clicked on the relevant button to consent to data being transmitted to Google, Google receives the information that you have viewed the relevant subpage on our website. In addition, the data given in the section entitled “Provision of the Website and Generation of Log Files” is transmitted. This happens independently of whether Google provides a user account that you have logged in to, or whether no such user account exists. If you are logged in to Google, your data is assigned directly to your account. If you do not want the data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses these for advertising, market research and/or needs-based website design. Such analyses are performed in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; please contact Google to exercise it.

                      Further information on the purpose and scope of data collection and processing by Google is available at https://policies.google.com/privacy/update?hl=de&gl=de. You will also find additional information there on your rights in relation to this, and the configuration options that can be used to protect your privacy. Google processes your personal data in the USA, among other places.

                      • Use of Open Street Map

                      We use map tiles based on the OpenStreetMap (OSM) open data project on our website.

                      If you have consented to your data being transmitted, information about your use of the website (e.g., your IP address) is transmitted to retrieve map tiles. Depending on which tiles are viewed, data may also be transmitted to countries outside Germany and the EU or EEA, including to the USA. The main server and infrastructure are currently operated in London, UK.

                      This service is an open source offering and we have no influence on how data is collected and processed. Data that is collected may potentially be transmitted to third parties, processed on behalf of third parties, and potentially merged with additional personal data that is stored about the user; however we have no information about this.

                      You can deactivate data collection from the use of OpenStreetMap by not using the map display function.

                      Please see http://wiki.osmfoundation.org/wiki/Privacy_Policy for further information about how OpenStreetMap uses personal data.

                      16. Automated Decision-Finding Including Profiling

                      No automated decision-finding including profiling is performed.

                      17. Rights of the Data Subject

                      If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:

                      Right of Access by the Data Subject: You have the right under Art. 15 of the GDPR to obtain information about the personal data concerning you that we process; in particular, you can request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, the storage period envisaged, the existence of a right to rectify, erase, restrict, or object to processing, or the right to lodge a complaint, the source of your data where this was not collected by us, and the deployment of automated decision-making, including profiling and, where appropriate, meaningful information about the details of this.

                      Right to Rectification: You have the right under Art. 16 of the GDPR to obtain without undue delay the rectification of inaccurate data, or the completion of incomplete personal data, that is stored with us.

                      Right to Erasure (“Right to be Forgotten”): You have the right under Art. 17 of the GDPR to obtain the erasure of personal data stored with us, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

                      Right to Restriction of Processing: You have the right under Art. 18 of the GDPR to obtain restriction of the processing of your personal data, where the accuracy of the data is contested by you, where the processing is unlawful but you oppose the erasure of the data, where we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or where you have objected to processing pursuant to Art. 21 of the GDPR.

                      Right to Data Portability: You have the right under Art. 20 of the GDPR to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to obtain transmission to another responsible person.

                      Right to Lodge a Complaint: You have the right under Art. 77 of the GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your place of usual residence, your workplace, or our registered office. In the present case, the competent supervisory authority is the Hessen Data Protection Commissioner. Visitors’ address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany; postal address: P.O. Box 3163, 65021 Wiesbaden, Germany; e-mail: Poststelle@datenschutz.hessen.de, Phone: +49 611 1408-0, Fax: +49 611 1408-900.

                      Right to Object: You have the right to object, on grounds relation to your particular situation, at any time to processing of your personal data based on Art. 6(1) letter f of the GDPR.

                      If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing.

                      Right to Withdraw Consent: You have the right to withdraw the consent issued by you to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before such withdrawal. You can direct any withdrawal of consent to the e-mail address given during the registration/ordering process or in all cases also to info@hessen-agentur.de or by post using the address given above.

                      18. Security during Data Transmission

                      The protection of data transmitted as part of data communications using open networks such as the Internet cannot be fully guaranteed using current technology, and such data cannot be protected completely against access by third parties. Therefore, please do not send us confidential data via the Internet (e.g., via contact forms or e-mails) without ensuring it is adequately protected. However, all forms on this website that are used to capture personal data have been encrypted using at least the TSL 1.2 protocol. In addition, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. We continuously enhance our security measures in line with technological developments.

                      19. Changes to Our Privacy Policy

                      We reserve the right to amend this Privacy Policy from time to time to ensure that it always complies with current legal requirements or that it reflects changes to our services and website content, e.g., when we introduce new services. The current version of this Privacy Policy, as amended, applies to all further visits to our website.

                      Version dated: February 2021