Privacy policy

 

The protection of your personal data (hereinafter referred to as "data") is a very important concern for us. In this respect, the data protection information fulfills the information obligations in accordance with the requirements of Art. 12 ff. of the EU General Data Protection Regulation (hereinafter "GDPR"). We would like to inform you in detail about the data we process about you when you use our website and our services (hereinafter referred to as "services"). In addition, we would like to inform you about the rights to which you are entitled and the technical and organizational protective measures we have taken with regard to the processing of your data.

1. Who is responsible for processing my data?

The

Amplify Tech Agency GmbH (hereinafter referred to as the "Company")
Harscheidweg 43
45149 Essen, Germany

E-mail: ycnega.hcet-yfilpmaobfsctd-3c9a24@ofni

is the operator of the website and is responsible under data protection law for the personal data collected about you here. The company processes personal data in accordance with the provisions of the GDPR and relevant national data protection laws.

You can contact the company's data protection officer at the above postal and e-mail address, with the addition "To the Data Protection Officer".

2. Personal data

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an e-mail address, a postal address or an online identifier such as an IP address or a cookie identifier.

Personal data may only be processed with legal permission. Hence, your personal data will only be processed when you visit and use the website and the services offered on it and if the company has legal permission to do so.

3. What data is recorded?

When you use our website, information is automatically collected from the accessing computer or mobile device (hereinafter referred to as "access data"). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the Internet service provider, the date and time of use of the website, the previously visited websites and newly accessed websites via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when the Internet connection is used and the Internet provider can assign it to a person. Log files are stored on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR) to ensure the functionality of the website for 7 days.

In addition, when using the website, pseudonymous user profiles and/or the data you enter on the website (e.g. search terms, login data, ratings, form or contract entries, click data) are processed by the company. In principle, however, you can use the website without providing your data.

If we process data other than the data mentioned here when you visit or use our website, the relevant data categories and the purposes of data processing, the legal basis for data processing, the storage period and criteria for storage, possible data recipients and your rights in connection with the data processing concerning you are described in detail in section 4 of this privacy notice.

If you have any questions about this data processing, you can contact us at any time using the contact details listed in section 1 of this data protection notice with the subject "To the Data Protection Officer".

4. For what purposes is my data collected?

The purposes of data processing within the scope of our services may result from technical, contractual or legal requirements and, if applicable, from consent.

The company uses the data referred to in section 3 and the data referred to in section 4 for the following purposes, among others:

  • to provide the website and ensure technical security, in particular to correct technical errors and to ensure that unauthorized persons do not gain access to the website systems;
  • to process your contact request;
  • for the purpose of improving the website;
  • for the purpose of web tracking and analysis of user behavior and
  • for direct marketing purposes.

Further information on the listed purposes of data processing can be found in the following sections of this privacy notice. If personal data is processed for purposes other than those just listed, you will be informed in the following section about the subject matter, the manner, the duration, the purpose and the legal basis used.

4.1 Use of cookies

Cookies are small text files that are used by websites to improve the user experience. We use cookies to technically provide the services offered, to personalize content and advertisements and to analyze access to our website.

Under applicable law, we may store cookies on your device if they are strictly necessary for the operation of the site. For all other types of cookies, we need your consent. You can change or withdraw your consent to the use of cookies at any time using our Cookie Consent Manager.

Our website uses different types of cookies. Some cookies, for example, are placed by third parties that appear on our pages. Which cookies are used in detail and to what extent can be tracked at any time via our Cookie Consent Manager. Roughly speaking, the cookies we use can be assigned to the following categories.

  1. Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  2. Functional cookies help us to understand how visitors interact with the website by collecting and analyzing information anonymously.
  3. Marketing cookies are cookies that help us to optimize user-friendliness and carry out analyses of the content offered on the website. With the help of these cookies, we are able to record and evaluate user behavior on the site (personalized). However, web tracking does not usually require the personal identification of the user concerned, so that when your access data is recorded, the stored IP address is either not used or is only used in abbreviated form (shortened by the last octet) and pseudonymous user profiles are created. Personal user profiles are only created in exceptional cases and if you have given your consent to the setting of the cookie in question via our Cookie Consent Manager. These cookies can generally share the information collected with other organizations or advertisers. These are persistent cookies that almost always originate from third parties. Web tracking services are regularly provided by our service providers, who only process user profiles in accordance with our instructions and not for their own purposes. This is ensured by means of data processing agreements. If the service providers are based outside the European Union or the European Economic Area (hereinafter referred to as the "EU or EEA"), a so-called third country transfer takes place. This is permitted if you have consented to it, we have created a guarantee for a level of data protection appropriate to the European standard or the EU Commission has classified the respective third country as a safe third country. If there is a transfer to a third country when using our cookies, we will inform you of this by providing appropriate information. Further information on the recipients of your data and the topic of third country transfers can be found in sections 6 and of this privacy notice.

4.1.1 Legal basis for data processing

The legal basis for the setting of necessary cookies is Art. 6 para. 1 lit. f GDPR. Necessary cookies are set to ensure the technical provision and usability of the website. The legal basis for the setting of optional cookies for the purpose of e.g. collecting and evaluating pseudonymous user profiles is Art. 6 para. 1 lit. a GDPR. The processing activity is therefore carried out on the basis of your consent with the help of our cookie consent manager.

4.1.2 Duration of storage or criteria for determining this duration

The data that is collected and analyzed when functional and optional cookies are used is generally stored until you made an objection to their use. However, analysis cookies are stored for a maximum of 30 days.

4.1.3 Possibility of objection and removal

You have the right to object to the processing of your personal data when using necessary cookies in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. If you would like to exercise your right to object, please contact us at the address given in section 1. If you object to this data processing, you will only be able to use the website to a limited extent or not at all.

Furthermore, you can revoke your consent to the processing of your data in the context of the use of optional cookies at any time with effect for the future. The objection can be made technically by opting out in our Cookie Consent Manager on this website or technically by clearing cookies using your browser.

We use various analysis and tracking mechanisms on our website in order to improve our website offering. What all analysis and tracking mechanisms have in common is that we only use them if and insofar as we have received your consent for it via our Cookie Consent Manager.

4.2 Analysis & tracking mechanisms

Specifically, we use the following technologies and services for the specified purposes:

  • LinkedIn Analytics

We use LinkedIn Analytics to analyze and measure the success of advertising measures. It measures how many website visitors were directed to the website by clicking on ads we placed on various other locations. This is used to measure the effectiveness and to improve and optimize advertising campaigns.

  • LinkedIn Sales Navigator

Capture new leads and integration to Salesforce.

  • Google Analytics

We use Google Analytics on our website to be able to analyze the usage of our website with the help of cookies and white pixel technology. The information generated hereby is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization, your IP address will first be truncated by Google within the European Economic Area (European Union and other member states). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activities and to provide us with other services relating to website activities and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We also share anonymized data with Google for benchmarking purposes in order to conduct research and market analysis and to continuously optimize our services. The data is aggregated and anonymized so that it cannot be used to identify the company, account or user.

  • Google Tag Manager

We use Google Tag Manager which helps us to manage so called website tags via a user interface. Google Tag Manager is a cookie-free domain that does not collect any personal data. Instead, Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. Google Tag Manager ensures that other components are loaded, which in turn may collect data. However, Google Tag Manager does not access this data.

For our Google products, we use so-called global site tags so that we do not have to integrate Google via a corresponding script on every subpage, but Google is automatically delivered as an application in the tag with every page view.

We utilize Google Tag Manager (GTM) to manage and deploy various tags on our website for marketing and analytics purposes. Through GTM, we may collect the following types of data:

User Interaction Data: This includes information about how users interact with the website, such as clicks, form submissions, page views, and scrolling behavior.

Cookies and Tracking Pixels: GTM is used to deploy cookies and tracking pixels from various third-party services, which can collect information about user behavior and preferences.

4.2.1 Legal basis for data processing

The legal basis for the processing of your data in connection with the use of our analysis and tracking mechanisms is Art. 6 para. 1 lit. a GDPR. The processing of your data is therefore based on your consent to data processing, which you have given us via our Cookie Consent Manager. The use of the Cloudflare Web Application Firewall, on the other hand, is based on Art. 6 para. 1 lit. f GDPR in conjunction with §25 para. 2 no. 2 TTDSG. Our legitimate interest in the use of this technology lies in the prevention of (unlawful) misuse and the secure provision of our website. The use of our consent management platform Usercentrics is based on Art. 6 para. 1 lit. c GDPR i.V.m. §25 para. 2 no. 2 TTDSG.

4.2.2 Categories of personal data

As part of the processing activities described here, we process the following categories of data:

  • IP address
  • Browser information
  • Operating system information
  • End device information (screen resolution, operating system)
  • Duration of the website visit
  • Device identification
  • Referral URL
  • Information on installed add-ons
  • Click paths
  • Status information
  • Amount of data transferred
  • Installed Flash version
  • Website movement data (click paths, pages visited, mouse movements)
  • Widget interactions
  • Date and time of visits
  • Time of the server request
  • Social media account data
  • Geographical information (e.g. location)
  • Form submissions
  • Product interest (based on click path)

4.2.3 Recipients of personal data

We use the services of the following data recipients to process your data as part of the processing activities described here. These have been commissioned through corresponding data processing agreements, which guarantee that the data processing is subject to instructions issued by us and ensures its integrity and safety. Further information on the data recipients we use can be found in section 5 of this data protection notice.

  • LinkedIn Analytics: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • Google Analytics: Google Ireland Limited, Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
  • Google Tag Manager: Google Ireland Limited, Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

4.2.4 Duration of storage or criteria for determining this duration

Data that we use in the context of our analysis and tracking mechanisms will be stored for a maximum of 18 months, unless you have objected to the future use of the data for the purposes listed (see below). Data that we collect in the context of the analysis activities described here on the basis of legitimate interests is stored for a maximum of 7 days and then deleted. We store data that we process on the basis of Art. 6 para. 1 lit. c GDPR for a maximum of 2 years.

4.2.5 Possibility of objection and removal

You have the right to object to the data processing described here with effect for the future.

The objection can be made technically by opting out in our Cookie Consent Manager on this website or technically by clearing cookies using your browser.

4.3 Use of social media

We maintain a company presence (so-called channels or fan pages) on the social media portal LinkedIn (hereinafter “portals”).

By presenting our company on social media portals, we aim to actively communicate with you and offer you the opportunity to find out about the products and services of our company and/or our group of companies. In addition, we use social media portals to carry out marketing measures and campaigns.

If you want to contact us through these social media portals, we will process the data you provide in order to process your request and answer your questions. Your feedback and reactions on the portals also help us to further develop and improve our product portfolio.

The operators of some social media portals provide our company with statistical data (so-called "page insights") which contains information about user activities on our company profile. As part of our marketing strategy, we also use the options provided by the social media portals to address specific target groups ("targeting").

The social media portals are not operated by us, but by the respective service providers under their own responsibility. The product sovereignty and product design of the social media portals lies with the respective social media portal operator, depending on the platform. We have no influence on the data and data processing procedures collected by these operators, nor are we aware of the full extent of the data collection, the purposes of the processing activities or the storage periods of data which is collected by them.

We would like to point out that the processing of personal data in countries outside the European Union and the European Economic Area, in particular in the USA, cannot be ruled out. Under certain circumstances, this may be associated with the risk of more difficult legal enforcement, which represents a risk for the individual user. For further information on this, please look at section 6 of this privacy notice.

For the collection, processing and use of data by these social media website operators, please refer to their privacy notices:

4.3.1 Legal basis for data processing

As we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

We process your personal data on the basis of our legitimate interest, Art. 6 para. 1 lit. f GDPR, when communicating with you and when we try to engage with you via postings and campaigns. If processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, we process your personal data on the basis of Art. 6 para. 1 lit. b GDPR.

4.3.2 Categories of personal data

As part of the processing activities described here, we process the following categories of data:

  • IP address
  • Referral URL
  • Social media account data
  • Transaction data (previous website visits)
  • Cookies and tracking pixels

4.3.3 Recipients of personal data

We use the services of the following data recipients to process your data as part of the processing activities described here. These have been commissioned (if applicable) through corresponding joint controller agreements (Art. 26 GDPR) or data processing agreements (Art. 28 GDPR), which guarantee that the data processing is carried out in accordance with applicable data protection law. Further information on the data recipients we use can be found in section 5 of this data protection notice.

  • LinkedIn: LinkedIn Ireland Unlimited Company, Ireland

4.3.4 Duration of storage or criteria for determining this duration

We store your personal data for as long as it’s necessary to process your respective request or for as long as we are entitled or obliged to store it due to statutory retention obligations.

4.3.5 Objection and removal options

You have the right to object to the processing of your data for the data processing described here in accordance with Art. 21 GDPR, insofar as there are reasons for this arising from your particular situation. If you would like to exercise your right to object, please contact the contact address provided in section 1.

4.4 Use of newsletters

You can subscribe to our newsletter on the website. To send you a newsletter, we process the e-mail address you provide on the basis of the consent you gave when registering for the newsletter. To the extent required by law, we use the so-called double opt-in procedure to register for the newsletter. After you have registered and given your consent, we will send you a message to the e-mail address you have provided asking you to confirm your registration. In order to prevent misuse of your data and to prove your consent, we store the confirmation of your e-mail address. After confirmation, you will be registered for the newsletter and your data will be stored in our customer database.

4.4.1 Legal basis for data processing

The aim of our newsletter is to address business customers in order to inform them about products, solutions and services of our business areas (including energy consumption optimization) and upcoming events.

The personalized newsletter aims to address (potential) business customers in order to inform them about products, solutions and services of our business divisions as well as events. The legal basis for the processing of your data when registering and participating in the newsletter is consent in accordance with Art. 6 para. 1 lit. a GDPR.

4.4.2 Categories of personal data

As part of the processing activities described here, we process the following categories of data:

  • E-mail address
  • Personal master data (surname, first name)

4.4.3 Duration of storage or criteria for determining this duration

Your data will be stored while you subscribe to the newsletter. After inactivity of the newsletter, your data will be stored for a period of 1 year in order to be able to prove that your consent was obtained for the newsletter and that we acted in accordance with the law. The same applies if you have withdrawn your consent. However, data processing for advertising purposes will no longer take place after you have withdrawn your consent.

4.4.4 Objection and removal options

You can revoke your consent to processing in the context of sending personalized newsletters at any time by informing the company of your revocation via the e-mail address listed in section 1 with the subject "Newsletter revocation". You can also revoke your consent by clicking on the unsubscribe link in the newsletter email.

4.5 Digital events and functions

The company regularly offers digital events for its employees, customers and/or service providers (hereinafter referred to as "participants"). The events take place on separate areas of the company's own website or on externally hosted platforms of connected service providers. Depending on the respective event, participants are required to visit the website prepared for the event (so-called landing page) using a username and password or a password defined in advance for the event or other access data (hereinafter referred to as "participation data"). This may involve processing the IP address and the required participation data (e.g. name, surname, e-mail-address) of the participants.

4.5.1 Legal basis for data processing

The purpose of data processing is to enable participation in the company's digital events. The legal basis under data protection law is based on the purposes pursued with the events. For example, in the case of mandatory training for our employees, the legal basis is regularly Art. 6 para. 1 lit. b) GDPR / Section 26 para. 1 BDSG. Participation and the associated data processing is therefore necessary for the performance of the employment relationship. If the event offered is optional, i.e. voluntary training or an information event for the participants, the legal basis is regularly Art. 6 para. 1 lit. f) GDPR. The processing is therefore carried out on the basis of a legitimate interest, which lies in the creation of a corresponding offer for the participants and is also voluntary. It may also be the case that service providers do not provide the event offered as processors within the meaning of Art. 4 No. 8 GDPR, but act as controllers within the meaning of Art. 4 No. 7 GDPR. In these cases, these are always voluntary events whose participation depends on your consent to data processing by the respective service provider. If it is such an event, you will be asked on the landing page to give your consent to the data processing of the respective organizer. The legal basis for data processing is then Art. 6 para. 1 lit. a) GDPR. In this case, you must assert your rights as a data subject directly with the organizer. In all other cases, the company is responsible for the data processing. Further information on this can be found in section 7 of this privacy notice.

We may also contact participants for advertising purposes following the event and/or the event itself. However, we will only contact you for advertising purposes if you have given us your consent to provide for direct marketing purposes when registering for the event.

4.5.2 Categories of personal data

As part of the processing activities described here, we process the following categories of data:

  • Personal master data
  • IP address
  • E-mail address
  • Phone number
  • Company affiliation, if applicable

4.5.3 Recipients of personal data

We use the services of the following data recipients to process your data as part of the processing activities described here. These have been commissioned through corresponding data processing agreements, which guarantee that the data processing is subject to instructions issued by us and ensures its integrity and safety. Further information on the data recipients we use can be found in section 5 of this data protection notice.

Provider: ClickMeeting Sp. z o.o.: Grunwaldzka 413, 80-309 Gdansk, Polen
Provider: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA
Provider: awork GmbH, Großer Burstah 36/38, 20457 Hamburg, Deutschland

4.5.4 Duration of storage or criteria for determining this duration

The company processes your data as part of the offer of digital events until the end of the respective event. Your data (username, e-mail address, IP address) will therefore be completely deleted after the end of the event. This only does not apply if you have given us your consent to use your data for direct marketing purposes.  In such a case, we will use your data until you have objected to its use for advertising purposes in the future. In this case, your data will be included in our customer database.

If the organizer processes your data under its own responsibility, the duration of storage is determined by the respective data protection information of the organizer. In such a case, we refer you to the provider's data protection information via the relevant landing page.

4.5.5 Objection and removal options

If the data processing is based on a contractual relationship and/or employment relationship agreed between you and us, there is no right to object to the described processing operation in accordance with Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time for the future. You also have the right to request the erasure of your data in accordance with Art. 17 GDPR. In addition, you have the right to correct your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact the address stated in section 1.

If the data processing is based on Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your data if there are reasons for this arising from your particular situation. If you would like to exercise your right to object, please contact us at the address given in section 1.

4.6 E-mail and contact form

On the website, you have the option of contacting the company via an e-mail address or our contact form. If you use this option, the data you enter, your e-mail address and/or your details in the contact form and your request will be transmitted to the company. Depending on the request (e.g. questions about our service and other services of the company, assertion of your rights as a data subject such as information), your contact data will be processed further (if necessary, also with the help of service providers).

We may also contact you for advertising purposes after you have contacted us. However, we will only contact you for advertising purposes if you have given us your consent to do so for direct marketing purposes when contacting us.

4..1 Legal basis for data processing

The legal basis for the processing of your contact data is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in processing your request and carrying out further communication with you. If your contact is aimed at concluding a contract with the company, the legal basis for the processing of your contact data is Art. 6 para. 1 lit. b GDPR. The legal basis for the advertising approach is Art. 6 para. 1 lit. a GDPR, i.e. a consent that you have given us when contacting us via a double opt-in procedure.

4.8.2 Categories of personal data

As part of the processing activities described here, we process the following categories of data:

  • E-mail address
  • Personal master data (first name, surname)
  • Associated company
  • Message content

4.8.3 Duration of storage or criteria for determining this duration

After your request has been processed and further communication has ended, your contact details will be deleted. This does not apply if your contact is aimed at concluding a contract with the company or if you assert your rights as a data subject, such as information, or if you have given us your consent to contact you for advertising purposes. In this case, your data will be stored until the contractual and/or legal obligations have been fulfilled and statutory retention periods do not prevent deletion (this is usually the case after 6 months) or you have objected to future use for advertising purposes. 

4.8.4 Objection and removal options

You have the right to object to the processing of your contact data on grounds relating to your particular situation. If you wish to exercise your right to object, please contact us at the address given in section 1. If you object, the communication cannot be continued. This does not apply if the storage of your contact data is necessary for the initiation or fulfillment of a contract or the assertion of your rights as a data subject. In such a case, there is no right to object to the processing of your data.

If you have given us your consent for direct marketing purposes, you have the right to object to this at any time, which you can either send to the contact details given under section 1 with the subject "Objection to e-mail advertising" or exercise by clicking on the respective unsubscribe link in the advertising e-mail.

5. Who receives my data?

Within the company, those departments that need your data to fulfill the purposes described in section 4 will have access to it. Service providers used by the company may also receive access to your data (so-called "processors", e.g. data centers, hosting, IT infrastructure support or web design or relevant partners, for the purpose of providing tailored services and offers that may be of interest). Contracts for order processing ensure that these service providers are bound by instructions, data security and the confidential handling of your data.

We will only disclose your data to third parties if this is necessary for the fulfillment of a contract, if we or the third party have a legitimate interest in the disclosure or if we have your consent to do so. In addition, data may be transferred to third parties if we are obliged to do so by law or by an enforceable official or by court order.

Please note that we will not sell your personal data to third parties. Furthermore, we will not share your data with third parties for direct marketing or other forms of direct marketing, opinion polls or market research unless you have given us your consent to do so.

Further information on the specific data recipients can be found in the processing descriptions in section 4 of this data protection notice. 

6. Will my data be processed outside the EU or the EEA (third country transfer)?

Insofar as the service providers and/or third parties outside the EU or the EEA mentioned in section 4 process your data for the purposes set out in section 4, this may result in your data being transferred to a country where a level of data protection appropriate to the EU or the EEA cannot be guaranteed. However, such a level of data protection can be ensured with a suitable guarantee. Suitable guarantees include standard contractual clauses provided by the EU Commission. In accordance with the judgment of the European Court of Justice of 16 July 2020 (Case C-311/18), service providers commissioned by us in third countries are obliged to disclose to us which additional appropriate technical and organizational measures have been implemented to prevent state monitoring mechanisms. If there are doubts about the legality of such data processing, the service providers concerned will be obliged to adapt their technical and organizational measures.

You can request a copy of these guarantees using the contact details given in section 1.

Any guarantees may be waived in exceptional cases, for example if you give your consent or if the transfer to a third country is necessary for the performance of a contract with the company. The EU Commission has also recognized certain third countries as safe third countries, so that the company may also refrain from providing suitable guarantees in this regard.

A third country transfer takes place in the following cases, among others:

  • For the provision of the website, service providers are used whose data centers are located in a third country or who can access the data centers within the European Union or the EEA from a branch in a third country. The company has agreed compliance with the European level of data protection with these service providers via standard contractual clauses.
  • For the use of web tracking services, service providers are used whose data centers are located in a third country or who can access the data centers within the European Union or the EEA from a branch in a third country. The company has agreed compliance with the European level of data protection with these service providers via standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR. If no standard contractual clauses have been concluded with the service providers concerned, data will only be transferred if you have consented to the processing in accordance with Art. 49 para. 1 lit. a GDPR. 

7. What data protection rights do I have?

You have the right to information about the personal data we have stored about you at any time. If your personal data is incorrect or no longer up to date, you have the right to request a correction of your data. You also have the right to request the erasure or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to receive the data you have provided in a commonly used and machine-readable format (right to data portability). If you have given your consent to the processing of personal data for certain purposes, you can revoke your consent at any time with effect for the future. The revocation must be addressed to the company at the contact address stated in section 1. In accordance with Art. 21 GDPR, you also have the right to object at any time, on grounds relating to your particular situation, to the processing of your data which is carried out on the legal basis of Art. 6 para. 1 lit. f GDPR.

You also have the option of contacting a data protection authority and lodging a complaint there. The authority responsible for the company is the

State Commissioner for Data Protection and Freedom of Information NRW

P.O. Box 20 04 44

40102 Düsseldorf

However, you can also contact the data protection authority responsible for your place of residence.

8. How do we ensure the security of processing?

The Company takes all necessary technical and organizational measures to protect your data from unauthorized access, disclosure, destruction or other unauthorized processing. Security measures include firewalls, encryption, the use of secure IT environments, access controls, training for employees who work with your data and the careful selection of processors who process personal data for us in accordance with our instructions. In addition, access to your data is restricted to persons who need your data to perform their tasks.

9. To what extent is there automated decision-making?

We do not use automated decision-making within the meaning of Art. 22 GDPR for the purposes mentioned under point 4.

10. Does profiling take place?

We will not carry out profiling activities in the sense of Art. 22 GDPR.

11. Updating the data protection information

If this privacy policy is amended, the amendment will be indicated in this notice, on the website and in other appropriate places.

Status of the data protection notices: October 2024

© 2025 Amplify Tech Agency GmbH