Privacy Notice

HOME / PRIVACY NOTICE

Privacy Notice

We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used. Personal data refers to specific details regarding the personal or factual circumstances of an identified or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This therefore refers to data that enables us to identify you. In addition, you will also find occasional information here regarding data processing activities outside this website (e.g. video conferences or newsletters).

Data controller responsible person

For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

CCR Benelux B.V.

Nevelgaarde 50

3436 ZZ Nieuwegein

Netherlands

Data Protection Officer

exkulpa gmbh

Waldfeuchterstr. 266

52525 Heinsberg

Phone: 02452 / 99 33 11

General information

In addition to the data, you actively provide to us on this site (e.g. via our contact form), we collect certain technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you visit our website (including browser, operating system and timestamps). We use this data to ensure that our website is displayed correctly. In addition, we may collect data via integrated third-party providers (e.g. for external media such as map services or analytics tools). We explain the specific purposes and legal bases for this in the course of this privacy policy.

Retention period

Unless a specific retention period is stated elsewhere in this privacy policy, we will retain your personal data for as long as the purpose of the data processing remains valid. If you submit a valid request for erasure or withdraw your consent, we will erase your data. Statutory retention obligations remain unaffected.

Legal basis for data processing

If you have consented to the processing of your data, your personal data will be processed on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, where special categories of data are processed in accordance with Article 9(1) of the GDPR. Where you have given your explicit consent to the transfer of personal data to third countries, the data will also be processed in accordance with Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. through device fingerprinting), data processing will additionally take place on the basis of Section 25(1) of the TDDDG. Your consent may be withdrawn at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation, on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The following sections of this privacy policy provide information on the respective legal bases in individual cases.

Note on data transfers to third countries and US companies without DPF certification

Please note that we use tools provided by companies based in third countries where data protection standards are not adequate or in the USA, and which are not covered by the EU-US Data Protection Framework (DPF). When using these tools, your personal data may be transferred to and processed in these countries. Please note that in these non-EU countries, a level of data protection comparable to that of the EU cannot be guaranteed.

We would like to clarify that the US generally offers a level of data protection comparable to that of the EU. The transfer of data to the US is permitted if the recipient holds DPF certification or provides appropriate additional safeguards. Information regarding data transfers to third countries, including data recipients, can be found in our Privacy Policy.

Automated decision-making

We do not process your personal data for the purposes of automated decision-making.

Your rights

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

Right of access: You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to receive further information about the processing and copies of the data being processed (Art. 15 GDPR).
Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you and, where necessary, the completion of incomplete personal data (Art. 16 GDPR).
Right to erasure: You have the right to request the immediate erasure of your personal data if the legal conditions are met, in particular if the data is no longer necessary for the purposes for which it was collected and the processing is unlawful (Art. 17 GDPR).
Right to restriction of processing: You have the right to request that we restrict the processing of your personal data where the legal conditions are met, in particular if you contest the accuracy of the data, the processing is unlawful and you object to its erasure (Art. 18 GDPR).
Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided this is technically feasible (Art. 20 GDPR).
Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, where the processing is carried out on the basis of Article 6(1)(e) or (f) of the GDPR (Article 21 of the GDPR).
Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data at any time, with effect for the future. Withdrawing your consent does not affect the lawfulness of processing carried out on the basis of your consent prior to its withdrawal (Article 7(3) of the GDPR).
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 of the GDPR).

Other data processing operations

General disclosure requirements

This information is intended for customers, prospective customers, suppliers and employees. We process your personal data for the following purposes:

To fulfil our contractual obligations towards you (Article 6(1)(b) of the GDPR).
To fulfil pre-contractual obligations (Article 6(1)(b) of the GDPR).
To respond to enquiries (Article 6(1)(b) of the GDPR).
If you have given us your consent to process your personal data for specific purposes (such as to receive our newsletter), the data processing is carried out on the basis of your consent (Article 6(1)(a) of the GDPR).
To comply with legal obligations to which our company is subject (Article 6(1)(c) of the GDPR).
Where necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes, or to ensure IT security; to consult with and exchange data with credit reference agencies to assess creditworthiness and default risks; for direct marketing and market research, provided you have not objected to the use of your data for this purpose; in connection with measures for business management and the further development of services and products; in connection with measures for product and sales optimisation; in connection with risk management measures; and for the prevention or investigation of criminal offences (Art. 6(1)(f) GDPR).

Categories of recipients of personal data

Within our company, only those employees who absolutely need the data to perform their duties have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers, commissioned in accordance with data protection regulations, who are based within the EEA. Where service providers commissioned by us gain access to personal data whilst performing their services, data processing agreements have been concluded with them in accordance with Article 28(3) of the GDPR.

Duration of data storage

The data we process is stored for the duration of the contractual relationship and its fulfilment, in compliance with statutory retention periods. These include, in particular, retention obligations under commercial and tax law as set out in the German Commercial Code (HGB) and the German Fiscal Code (AO). The standard retention and documentation periods amount to up to ten years. If no contractual relationship is established, we process the data only for as long as the specific purpose requires.

Cookies

Cookies are small text files that are stored on your device by your browser to retain certain information whilst you are using the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.

There are various types of cookies, each serving different purposes. Temporary cookies, also known as session cookies, are stored only for the duration of your visit to the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your device for a longer period and enable us to recognise you and your preferences when you visit the website again.

Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, whilst third-party cookies are set by other websites or service providers whose content is integrated into our website, such as plugins or analytics tools.

Cookies are used for various purposes, such as ensuring the website functions properly, storing user settings, compiling anonymous statistics on user behaviour, or displaying personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest pursuant to Article 6(1)(f) of the GDPR, in order to make our website functional and user-friendly. As the website operator, we have a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of our services. Where we seek your consent for the use of cookies, processing is carried out on the basis of Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. Your consent may be withdrawn at any time.

Data processing in detail

Below, we provide information on the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective retention period. No automated decision-making, including profiling, takes place in individual cases.

Website operation

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a log file:

IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
The website from which the access originates (referrer URL)
The browser you are using and, where applicable, your computer’s operating system, as well as the name of your internet service provider

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website, in accordance with Article 28 of the GDPR.

The use of the hosting provider is for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) of the GDPR) and in the interest of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR).

Contact form

Nature and scope of processing

When you send us enquiries (e.g. via the contact form, email or telephone), we store all the data provided (e.g. name, email address, subject of the enquiry, etc.). We require this data to process your enquiry and to be able to answer any follow-up questions. We will not pass this data on to third parties without your consent.

Purpose and legal basis

The processing of this data is carried out on the basis of Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if you have previously given it.

Retention period

The data you enter in the contact form will be retained by us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Data Access Request

If you wish to access, correct, update or erase your Personal Information, or if you have questions about CCR’s privacy practices in general or a complaint, submit your request via the CCR webform available on the website here. In the event that you are located in a country that is governed by the General Data Protection Regulation and would like to contact the local Data Protection Officer, please indicate this in the form and your inquiry will be directed to the appropriate person.

Contact form for applicants

Nature and scope of processing

We collect and process the personal data of job applicants. Such data processing may also be carried out electronically, for example, when applicants submit their application documents to us by email or via a web form on our website. On our website, we offer you the option of submitting applications for advertised vacancies to us by email.

Purpose and legal basis

We process applicants’ personal data in accordance with legal requirements for the purpose of establishing an employment relationship (Article 6(1)(b) of the GDPR). You are not obliged to provide us with this data. However, without this data, we cannot proceed with your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Article 6(1)(b) of the GDPR and, insofar as you provide us with special categories of personal data such as health information, on the basis of Article 9(2)(b) for the purpose of carrying out the employment relationship.

We also use the professional networking services LinkedIn and XING to approach potential applicants. In this respect, the operators of these networks act as data processors on our behalf in accordance with our instructions. The legal basis for data processing when contacting potential applicants on our behalf is Article 6(1)(f) of the GDPR (our legitimate interests). If, following such contact, you send us your application, we process your data for the purpose of establishing an employment relationship as described above on the basis of Article 6(1)(b) of the GDPR.

Retention period

If your application is unsuccessful, your data will be retained for a period of 6 months following the conclusion of the application process. This is done to safeguard our legitimate interests, to assess whether we may need the data to defend against any claims arising from the application process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without any direct personal reference for statistical analysis (for example, the proportion of female and male applicants, the number of applications per period, etc.).

If it becomes apparent that further storage of the data is necessary after the expiry of the 6-month period to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for continued storage no longer applies. The legal basis for this further data storage is our legitimate interest in the assertion, exercise or defence of civil law claims (Art. 6(1)(f) GDPR in conjunction with Section 24(1)(2) BDSG or, where special categories of personal data are stored, Art. 9(2)(f) GDPR in conjunction with Section 24(2) BDSG).

Inclusion in the candidate pool

As part of the application process, we offer candidates the opportunity to be included in our “talent pool” for a period of 24 months, subject to their consent in accordance with Article 6(1)(a) and Article 9(2)(a) of the GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, without this data, we cannot consider you for future vacancies unless you submit a new application.

Consent to the inclusion of application data in the Talent Pool is voluntary and may be withdrawn at any time with future effect. Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.

Your application documents will be deleted from the talent pool at the latest upon expiry of the retention period, or in the event of a withdrawal of consent, or upon acceptance of a job offer from one of the companies responsible for the talent pool.

If, as part of the application process, you receive an offer of employment from us and accept it, we or that company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Article 6(1)(b) of the GDPR or, insofar as you provide us with special categories of personal data such as health information, Article 9(2)(b).

Presence on social media

We maintain public profiles on various social media platforms via our website. You can find more detailed information about the social media platforms we use in the relevant sections of our privacy policy.

Social networks such as Facebook, Twitter and others can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. ‘Like’ buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can link this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the relevant social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media platforms can create user profiles containing your preferences and interests. This enables interest-based advertising to be displayed to you both within and outside the respective social media platform. If you have an account with the relevant social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.

Please note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis for data processing

Our social media presence is intended to ensure the widest possible online presence. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR).

Data controller and exercising your rights

When you visit our social media pages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by your visit. You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability and the right to lodge a complaint) both with us and with the operator of the relevant social media portal (e.g. Facebook).

Despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Duration of data storage

Data collected directly by us via our social media presence will be deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence over the duration of storage of your data that is stored by the operators of social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. via their privacy policy, see below).

LinkedIn page

Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfers to the US are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For further information on how your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

Video conferencing

Data processing

We use online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and the provider of the relevant tool.

The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you joined the conference, the number of participants and other metadata.

In addition, the tool provider processes all technical data required to facilitate the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If you share content via this service, it is stored on the providers’ servers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos that you have shared whilst using this service.

Please note that we do not have full control over the data processing operations of the tools used. For further details on data processing by the conference tools, please refer to the privacy policies of the respective tools used.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If you have previously given your consent to data processing, the processing of your data takes place solely on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Retention period

Data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the retention period of your data stored by the operators of the conferencing tools for their own purposes. For further details, please contact the operators of the conferencing tools directly.

Services and tools used

Google reCAPTCHA

This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Nature and scope of data processing

reCAPTCHA is used to verify data entry (e.g. into a contact form) on this website. Specifically, it determines whether the entry is made by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of website visitors based on various characteristics. The analysis begins automatically as soon as the visitor accesses the website. The data collected during the analysis, such as the IP address, the duration of the website visitor’s stay or the mouse movements made, is forwarded to Google.

Website visitors are not notified that an analysis is taking place; this occurs entirely in the background.

Legal basis

The storage and analysis of data is carried out on the basis of our legitimate interest in protecting our websites from malicious automated scanning and spam (Article 6(1)(f) of the GDPR). Where consent has been requested, data processing takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time.

Google’s privacy policy and terms of service can be found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified under the ‘EU-US Data Privacy Framework’ (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

YouTube Video

This website embeds videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that no information about visitors to the website is stored before the video is viewed. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. YouTube establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.

When you play a YouTube video on this website, a connection is established with their servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you also allow YouTube to associate your browsing behaviour with your personal profile. You can prevent this by logging out of your account. After starting a video, YouTube may store various cookies on your device or use comparable recognition technologies, such as device fingerprinting. This allows YouTube to obtain information about visitors to this website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. It cannot be ruled out that further data processing operations may take place after a video has started, over which we have no control.

Legal basis

The use of YouTube is based on our legitimate interest in presenting our online services in an appealing manner (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data is carried out exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TDDDG. This consent may be withdrawn at any time.

Further information on data protection at YouTube can be found in the privacy policy: https://policies.google.com/privacy?hl=de.

Google Fonts

Nature and scope of data processing

This website uses web fonts provided by Google to ensure consistent font display. When you visit the site, your browser loads the required web fonts into your browser cache so that text and fonts are displayed correctly. To do this, the browser you are using establishes a connection to Google’s servers. As a result, Google becomes aware of your IP address.

Legal basis

The use of Google Web Fonts is based on our legitimate interest in ensuring a consistent appearance of the typography on our website (Article 6(1)(f) of the GDPR). If consent has been requested (e.g. consent to the storage of cookies), the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found here: https://developers.google.com/fonts/faq. Google’s privacy policy can be found here: https://policies.google.com/privacy?hl=de.

Bunny Fonts

Nature and scope of processing

We use Bunny Fonts from BunnyWay d.o.o., Škofjeloška cesta 13, 1215 Medvode, Slovenia, as a service for providing fonts for our online offering. To access these fonts, a connection is established with servers operated by BunnyWay d.o.o., during which your IP address is transmitted.

Purpose and legal basis

The use of Bunny Fonts is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG.

Retention period

We have no influence over the specific retention period of the processed data; this is determined by BunnyWay d.o.o. Further information can be found in the privacy policy for Bunny Fonts: https://bunny.net/privacy/.

Unpkg CDN

On this website, we use services and features provided by Unpkg CDN, a content delivery network (CDN) operated by Cloudflare, Inc.

Nature and scope of data processing

The CDN is used to deliver content from our website, such as graphics and scripts, quickly and efficiently. The content is stored on servers distributed across different regions or globally so that it can be made available to users more quickly. Each time this content is accessed, a connection is established with Cloudflare’s servers, during which your IP address and, where applicable, further browser data such as your user agent are collected and processed. This data processing serves solely to optimise and ensure the functionality of the service. Further information on this can be found in the privacy policy for Unpkg CDN at: https://www.cloudflare.com/privacypolicy/.

Legal basis

The use of Unpkg CDN is based on our legitimate interest in the secure and efficient provision of our online services, in accordance with Article 6(1)(f) of the GDPR.

Data processing

To ensure that personal data is processed in accordance with our guidelines and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.

FlippingBook

We use the “FlippingBook” service provided by FlippingBook Limited, Sqaq Cordina, Cospicua BML 1900, Malta, to present PDF documents as interactive online publications. As part of this service, a banner for FlippingBook may be displayed, via which you can voluntarily provide your email address so that we can contact you after you have downloaded the eBook (e.g. for queries, feedback or additional information). Providing your email address is voluntary; you can skip the banner and use the eBook without providing any personal data.

Nature and scope of data processing

When you access eBooks provided via FlippingBook, technical usage data (e.g. IP address, access time, browser and device information) is processed in order to deliver the content, ensure system security and prevent technical faults. In addition – provided you indicate this in the banner – your email address and any associated metadata (time of entry, content of the respective eBook) may be processed in order to contact you following the download of the relevant eBook. The personal data collected via the banner is used exclusively for the contact purposes described and is stored by us only for as long as is necessary to carry out the communication and to document your consent, unless statutory retention obligations prevent this.

Purpose & Legal Basis

The processing of technical usage data when using FlippingBook to provide eBooks is based on our legitimate interest in presenting our content in an attractive, secure and technically reliable manner, in accordance with Article 6(1)(f) of the GDPR. The processing of your email address for the purpose of contacting you after downloading the eBook is carried out exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with effect for the future, without this affecting the lawfulness of the processing carried out prior to the withdrawal.

Data processing

FlippingBook acts on our behalf under a data processing agreement in accordance with Article 28 of the GDPR. To this end, we have entered into a data processing agreement (DPA) with the provider, which specifically governs the subject matter and duration of the processing, the nature and purpose of the processing, the categories of data subjects, and the obligations and rights of the parties. FlippingBook processes personal data exclusively in accordance with our instructions and using appropriate technical and organisational measures to protect the data.

Transfers to third countries

Depending on the provider’s server location, the use of FlippingBook may involve the transfer of personal data to third countries outside the European Union or the European Economic Area. Where no adequacy decision has been issued by the European Commission for these countries, we base transfers to third countries on appropriate safeguards within the meaning of Articles 44 et seq. of the GDPR, in particular on the conclusion of the Standard Contractual Clauses adopted by the European Commission, as well as additional technical and organisational safeguards. Further information on data processing by FlippingBook can be found in the provider’s privacy policy: https://flippingbook.com/de/help/common/privacy-policy-and-disclaimer?from=footer.

Last Updated: April 2026