Privacy Policy

1. General information

The Tourismus-Agentur Schleswig-Holstein GmbH, Wall 55, 24103 Kiel, is the controller responsible for data processing on this website as defined in the European General Data Protection Regulation (GDPR). We respect your personal rights. We understand the importance of the personal information we receive from you as a user of this website. We respect the privacy of your personal data and will collect, store or process all data obtained exclusively in accordance with the relevant data protection regulations within the scope of our business purpose. 

2. Definitions

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. 

3. Legal basis for the processing

If and to the extent that we obtain your consent for the processing of personal data, Article 6 (1) sentence 1 (a) of the European Data Protection Ordinance (GDPR) serves as the legal basis.

The processing of personal data required for the fulfilment of a contract with you is based on Article 6 .(1) clause 1 (b) GDPR. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Where the processing of personal data is required for the compliance with a legal obligation to which our company is subject, Article 6 (1) clause 1 (c) GDPR serves as the legal basis for the data processing.

If the processing is necessary, in order to safeguard a legitimate interest of us (or a third party) and if your interests, fundamental rights and freedoms do not outweigh said legitimate interest, Art. 6 (1) Sentence 1 lit. f GDPR shall serve as the legal basis for the processing. If information is stored on your end device, e.g. by means of cookies (see also Clauses 5.2 and 5.6, in particular), the permissibility of data usage shall also be governed by Section 25 (1) – consent – or, in the case of mandatory storage processes, by Section 25 (2) No. 1 – communication process – or No. 2 – provision of a telemedia service – Telecommunications-Telemedia Data Protection Act (TTDSG). The legitimate interest of our company is generally rooted in the provision of our owed services and/or ongoing optimisation of our services and presentations.

4. Data erasure and storage time

The personal data is erased or blocked as soon as the purpose of the storage ceases to apply. The data can also be stored where this has been provided for by the European or national legislature in EU regulations, laws or other provisions. The data can also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a requirement for the continued storage of the data to conclude or perform a contract.

5. Collection of personal data

In principle, we do not collect or use any personal data when you visit our website. This only happens if it is necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users takes place routinely only after their consent. This does not apply in cases where prior consent cannot be obtained for factual reasons and where processing of the data is permitted by law. 

In the following we would like to inform you about the type, scope and purpose of our data handling within the scope of this website:

5.1 Server log files

Every time you visit our website, the user's access data required for use and billing purposes are stored on our server in a log file which your browser automatically transmits to us.     

These include: 

  • Browser type/ browser version
  • Operating system used
  • Referrer URL
  • Date and time of the server request
  • IP address of the computer requesting the website (anonymisation of the last three digits)
  • Website from which the access was made (referrer URL)
  • Files accessed; status code; logs
  • Amount of data transferred.

The log file is stored for the following purposes:

•    Analysis of file retrieval for statistical purposes;
•    To deliver the contents of the website correctly;
•    Checking for non-contractual or otherwise illegal use, provided that there are actual indications for this. 

The legal basis for this data processing is Art. 6 (1) Sentence 1 lit. f GDPR. Our legitimate interest stems from the above-mentioned purposes for data collection. Under no circumstances shall we use the data collected for the purpose of drawing conclusions about you as a person. We shall not merge this data with other data sources.

5.2 Cookies

After the user logs on to our website, so-called "cookies" are stored on the user's computer. 

A cookie is a small text file in a designated directory on your computer. This file is used to identify the user's computer for the duration of the session. Cookies cannot generate any manipulations at the respective end device of the user and can be deleted manually at any time, most easily in the browser.

You can individually adjust the settings of your Internet browser in such a way that cookies are rejected or only accepted after confirmation.  The cookies, here the so-called "session cookies", are used for expanding the functions of our Internet service and to make your use as comfortable as possible. Please note that if you refuse cookies, may be unable to use all the features of our application properly.

The processing of the data by way of cookies is necessary for the purposes mentioned to protect our legitimate interests and, if applicable, those of third parties in accordance with Art. 6 (1) Sentence 1 lit. f GDPR, Section 25 (2) Telecommunications-Telemedia Data Protection Act (TTDSG).

5.3 User data

We shall collect and use personal data from you on the basis of Art. 6 para. 1 Sentence 1 b) GDPR, potentially in conjunction with Section 25 (2) No. 2 Telecommunications-Telemedia Data Protection Act (TTDSG), insofar as this is necessary to enable the use of our website (usage data).

5.4 Data in connection with your contact

If you send us your enquiries by filling out the contact form, your details from the form or e-mail address provided will be stored solely for processing the respective enquiry and to enable us to address any follow-up questions. We will not pass on this data to third parties without your consent. The corresponding data shall be used on the basis of Art. 6 (1) Sentence 1 lit. b GDPR in the context of processing your request.

5.5 Webshop

If you wish to place an order in our webshop, it shall be necessary for the conclusion of the contract that you provide personal data that we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately; the disclosure of any further information shall be voluntary. We shall process the data you provide to process your order. The legal basis for this is Art. 6 (1) Sentence 1 lit. b GDPR.

You may voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under “My account”, the data you provide shall be stored on a revocable basis. You may delete all other data – including your user account – at any time in the customer area.

We may also process the data you provide in order to inform you about other interesting products from our portfolio, or to send you e-mails that contain technical information.

Due to commercial and tax law requirements, we are obligated to store your address, payment and order data for a period of ten years. However, we will restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

In order to prevent unauthorised access by third parties to your personal data – in particular, financial data – the order process is encrypted using TLS technology.

We shall also transmit your address data to the shipping service providers we use for the purpose of processing your order. The legal basis for this is Art. 6 (1) Sentence 1 lit. b GDPR, as shipping is not possible without the use of a shipping service provider. We may also transmit your e-mail address to the shipping service provider for the purpose of informing you about the shipping status. In this respect, the shipping service provider shall be obligated to use the e-mail address exclusively for the purpose of notifying you. The legal basis for this is our legitimate interest in ensuring that you receive your shipment as easily as possible and receive the best possible service from us, Art. 6 (1) Sentence 1 lit. f GDPR.

5.6 Services from third-party providers

The use of third-party services – in particular, tracking tools and the cookies set in this context – shall be based on Art. 6 (1) Sentence 1 lit. a GDPR / Section 25 (1) Telecommunications-Telemedia Data Protection Act (TTDSG) by your consent, which may be revoked at any time. In doing so, we aim to ensure a needs-based design and the ongoing optimisation of our website (through statistical evaluations).

5.6.1 Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street; Dublin 4, Ireland. 

Google Analytics uses so-called "cookies", text files that are stored on your computer and facilitate analysis of your use of the website. The information generated by the cookie regarding your use of this website is, as a rule, transmitted to and stored on a Google server in the USA. However, if the IP anonymisation is activated on this website, your IP address is first abbreviated by Google in the member states of the European Union or in other member states of the EEA (European Economic Area) Agreement. Your full IP address will be transmitted to a Google server in the USA and truncated there only in exceptional cases. Google will use this information on behalf of this website’s operator to evaluate your use of this website, to create reports about the website activities, and to provide additional services connected with the website and Internet use to the website operator. The IP address transmitted from your browser as part of Google Analytics is not associated with any other data held by Google. You can prevent cookie storage by selecting the appropriate settings in your browser; however, we would like to point out that in such cases you might not be able to use all of the functionality of this website.

We use Google Analytics exclusively to analyse data from double-click cookies (cookies set by Google), as well as ads for statistical purposes. Google Analytics supports an optional browser add-on for the standardised deactivation of these cookies. By clicking on the following link and selecting the browser plug-in, you will prevent Google from collecting the data generated by the cookie when you visit the website and relating to your use of the website (including your IP address). However, the add-on only deactivates data collection by Google.

Furthermore, as the provider of the website, we have no knowledge of the content of the transmitted data or its use by Google. Further information on this can be found in Google’s privacy policy and terms of use at

5.6.2 Use of YouTube-Plugins

Our website uses the plug-in function of the YouTubeDE platform of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland

Every time you visit our website, a connection to YouTube's servers is established. The YouTube server will be informed of your visit to our website. To our knowledge, personal data will not be stored. However, if you are logged into your YouTube account, you would allow YouTube to associate your browser history directly with your personal profile.     

You have the option of deactivating this assignment if you log out of your account beforehand.     

For more information on this, please see Twitter's Privacy Statement at

5.6.3 Use of Vimeo-Plugins

We use components from Vimeo on this website. Vimeo is a service from Vimeo LLC, 555 West 18th Street, New York, New York, 10011, USA. Every time a website is called up on which the Vimeo service is installed, the service used on that website causes your browser to download a certain specific file from Vimeo. If you visit our website and while doing so you are logged into Vimeo with your user account, Vimeo uses the information collected by the service installed on that website to recognise which specific site you are visiting and allocates this information to your personal account with Vimeo if you have one. The information that you have visited our website is also relayed to Vimeo. This happens irrespective of whether you use relevant Vimeo functions on our website.

If you wish to prevent data about you and your behaviour on our website being sent to and stored by Vimeo, you must log out of Vimeo before you visit our site. Here you can find Vimeo’s data protection policy, in particular regarding its collection and use of data:

5.6.4 Use of Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a service with which we integrate (and manage) tracking codes and associated code fragments (so-called “tags”) on our website. This allows us to configure website tags as tracking tools for analysis and marketing purposes via a user-friendly web-based interface, and to make these available immediately on our website. This allows us to optimise tag deployment, reduce tag configuration errors and instantly amend and deploy tags via a web-based user interface.

Google Tag Manager itself does not create any user profiles, it does not store any cookies and does not carry out any independent analyses. It is only used to integrate and manage website tags. However, Google Tag Manager records your IP address, which may be transmitted to Google’s parent company in the USA.

With the help of this tag management service, we can automatically track which button, link or personalised image you have clicked on based on the tags triggered. This enables us to optimise our website for you and anyone else who is interested in our products and services, and to remove irrelevant content.

The use of Google Tag Manager on our website shall only take place with your consent (Art. 6 [1] Sentence 1 lit. a GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents.

Further information can be found in the Google Tag Manager usage policies at

5.6.5 Use of Podigee

Our website uses Podigee, a podcast hosting service provided by Podigee GmbH (“Podigee”), Schlesische Straße 20, 10997 Berlin, Germany.

By using this podcast hosting service, podcasts on our website are loaded by Podigee or transmitted via Podigee. To this end, your IP address and browser or device information shall be temporarily stored, in order to enable delivery of the functions (accessing a podcast via Podigee and transmission to the podcast player, as well as subscribing to a podcast via Podigee) to your respective end device, as well as to facilitate analysis-related and statistical evaluation needs via Podigee.

Podigee shall not use the data collected for any other purpose, or pass it on to third parties. This data shall not be stored together with other personal data of the user.

The use of Podigee on our website shall only take place with your consent (Art. 6 [1] Sentence 1 lit. a GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents.

Further information (and your available options to register your objection) can be found in Podigee’s privacy policy at  and in the Podigee knowledge database and support at

5.6.6 Use of Maptoolkit

We use the map service Maptoolkit to create directions and to display maps on our website. Maptoolkit is provided by Toursprung GmbH, Mariahilfer Str. 93/20, 1060 Vienna, Austria. When you access our website’s content, you will be connected to the servers of Toursprung GmbH. Your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes, and to maintain the security and range of functions associated with Maptoolkit. The IP address is already anonymised from a technical standpoint before any further processing. Tracing back to individual persons is not possible.

The aforementioned data shall only be stored during the period of use. Further information can be found in the privacy policy at

5.6.7 Use of Matomo

We use the open source software Matomo to analyse and statistically evaluate the use of the website. Cookies are used for this purpose (see above). The information generated by the cookie regarding website usage is transmitted to our servers and summarised in pseudonymous usage profiles. The information is used to analyse the use of the website, and to facilitate a needs-based design of our website. The information will not be passed on to third parties. The IP address shall not be associated with other data relating to the user. IP addresses are anonymised, in order that an assignment is not possible (IP masking). Your visit to this website is currently recorded by Matomo web analytics. Click here ( that your visit is no longer recorded.

The use of Matomo open-source software on our website shall only take place with your consent (Art. 6 [1] Sentence 1 lit. a GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents.

5.6.8 Use of Google Pixel

Google Ads conversion tracking

We use Google Ads to display to you adverts on Google and other third-party websites. With the aid of conversion tracking, we can determine how successful the individual advertising measures are. The underlying purpose is to show you adverts that are of interest to you, and to make our website more appealing to you. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) lit. a GDPR.

The adverts are delivered by Google via so-called “ad servers”. To this end, we use cookies that can be used to measure certain parameters for measuring success, such as the display of adverts or clicks by users. If you access our website via a Google advert, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days, and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google (and the customer) are able to recognise that the user has clicked on the ad and has been redirected to this page. A different cookie is assigned to each Ads customer. Cookies can, therefore, not be tracked across the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical analyses from Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools in use, your browser automatically establishes a direct connection to Google’s servers. We have no influence pertaining to the scope (and further use) of the data collected by Google, and hereby inform you according to our state of knowledge: by integrating Ads Conversion Tracking, Google receives the information that you have accessed the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, the possibility exists that the provider will find out your IP address and store it.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that, if you do this, you may not be able to use the full functionality of this website. You may also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:

The provider, Google, has its headquarters in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Personal data may, therefore, also be processed in a third country (a country outside the European Union or the signatory states to the Agreement on the European Economic Area). Google undertakes to conclude so-called EU standard data protection clauses within the meaning of Art. 46 GDPR. Based on this contractual framework, recipients in third countries shall also be obligated to comply with a data protection standard that essentially corresponds to the European standard.

Further information on data protection at Google can be found here:

Google Ads Remarketing

We use Google Ads Remarketing. This application allows us to show you adverts on other websites after you have visited our website. This is realised by means of cookies stored in your browser, which are used by Google to record and analyse your user behaviour when you visit various websites. This also allows Google to recognise your previous visit to our website. According to its own statements, Google does not merge the data collected in the context of Remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used for the purposes of Remarketing.

5.6.9 Use of Meta Pixel

Our website uses the visitor action pixel from Facebook/Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”) to measure conversions. This allows the behaviour of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook/Instagram ad. This allows the efficacy of Facebook/Instagram ads to be evaluated for statistical and market research-related purposes, and for future advertising measures to be optimised. The data collected is anonymous to us as the operator of this website; we are unable to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook/Instagram, in order that a connection to the respective user profile is possible and Facebook/Instagram can use the data for its own advertising purposes in accordance with the Facebook/Instagram Data Usage Policy. This allows Facebook/Instagram to enable the placement of adverts on Facebook/Instagram pages and outside of Facebook/Instagram. This use of the data cannot be influenced by us as the website operator.

The legal basis for data processing is your consent in accordance with Art. 6 (1) lit. a GDPR.

You can find further information on protecting your privacy in the Facebook/Instagram privacy policy:   

You may also deactivate the remarketing function “Custom Audiences” in the section “Settings for adverts”. You must be logged in to Facebook/Instagram to do so.

If you do not have a Facebook/Instagram account, you can deactivate usage-based advertising from Facebook/Instagram on the website of the European Interactive Digital Advertising Alliance:

5.6.10 Use of Google Fonts

This website uses Google Fonts, a web service API of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. 

By using Google Fonts, we can provide website visitors with a standardised and user-friendly presentation of our website and online offers.  Upon accessing our website, your browser automatically loads the required web fonts from the Google servers into your browser cache, in order to display our texts in a visually improved way. For this purpose, your browser must connect to the Google servers, whereby your IP address is automatically transferred to the Google server in the USA. This provides Google with the information that our website has been accessed via your IP address. If your browser does not support this function (or you prevent access to the Google servers), a standard font will be used by your computer to display the website texts. 

IP addresses are neither logged nor stored on Google servers and are not analysed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referrer URL). Access to this data is restricted and subject to strict control measures. To our knowledge, Google does not use any of the information collected by Google Fonts to create profiles of end users or to place targeted adverts.

The use of Google Fonts on our website only takes place with your effective consent (Art. 6 [1] Sentence 1 lit. a GDPR). Please refer to our Consent Management Tool for details and setting options for your currently defined consents. 

Further information on Google Fonts can be found at,and in Google’s privacy policy at in the terms of use for Google API at

5.6.11 Use of our Consent Management Tool (CMT)

Our website uses the CMT “Usercentrics Consent Management”, a web service provided by Usercentrics GmbH, Sendlingerstrasse 7, 80331 Munich (hereinafter “Usercentrics”).

We use this data to ensure the full functionality of our website, to inform the user about the use of cookies on our website and to obtain and record the user’s consent in accordance with the law.

The following data is automatically transmitted to the provider / technical service provider of our CMT:

  • Anonymised IP address of the user;
  • Date, time of consent;
  • User agent of the end user’s browser;
  • Website from which the access was established (referrer URL);
  • Anonymous, random and encrypted key;
  • The cookies authorised by the user (cookie status), which serves as proof of consent.

A key automatically generated by the CMT for the management/proof of consents granted and the consent status are also stored in a cookie in the end user’s browser. This allows the website to automatically read (and adhere to) the end user’s consent on all subsequent page requests and future end user sessions for up to 12 months.

The legal basis for data processing is Art. 6 (1) Sentence 1 lit. c GDPR in conjunction with Section 25 (2) No. 2 Telecommunications-Telemedia Data Protection Act (TTDSG). Only with an appropriate mechanism for granting and managing consent are we able to comply with the legal requirements.

You can prevent the collection and processing of your data by our CMT by deactivating the execution of script codes in the settings of your browser or by installing a script blocker in your browser.

Further information on the scope of data processing by the CMT can be found in the privacy policy of our CMT provider at

5.6.12 Newsletter

In order to add you to our e-mail distribution list, we need your confirmation or consent that you are the owner of the e-mail address provided, and that you agree to receive the notifications.

We use the so-called double opt-in process to register you for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the process is to prove your registration and, if necessary, to detect any possible misuse of your personal data. 

This will not be passed on to third parties.

The granting of this consent is voluntary. The legal basis for your consent results from Art. 6 (1) Sentence 1 lit. a GDPR.

You may revoke your consent to the mailing at any time with effect for the future. Your data entered above will then be deleted immediately, and no further notification will be sent.

6. Your rights

As far as we process your personal data on our website, you are a "data subject" as defined in the GDPR. You have the following rights vis-à-vis our company:

6.1 Right of access

You can request us to confirm whether we are processing your personal data. If this is the case, you can request the following information from us:

  • the purposes for which the personal data is being processed;
  • the categories of personal data that is being processed;
  • the recipients or categories of recipient to whom your personal data has been or will be disclosed;
  • the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • any available information regarding the origin of the data, where the personal data is not collected from you;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Furthermore, you have the right to request information on whether your personal data is transferred to a third country or to an international organisation. In this context, you can request to be informed about the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.

6.2 Right to rectification

You have the right to correct and/or complete your personal data if your processed data is incorrect or incomplete. If this is the case we will make the correction immediately.

6.3 Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data if:

  • you are contesting the accuracy of your personal data for a period enabling us to verify the accuracy of the data;
  • the processing is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer require your personal data for the purposes of the processing, however, you require the personal data for the establishment, exercise or defence of legal claims, or
  • you have objected to the processing in accordance with Art. 21(1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

Have you requested that the processing of your personal data be restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. You will be informed by us before the restriction is lifted.

6.4 Right to erasure

You can ask us to erase your personal data without undue delay. We are obligated to erase the data without undue delay if one of the following reasons applies:

  • Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw any existing consent on which the processing was based according to Art. 6 (1) clause 1 (a) or Art. 9 (2) (a) GDPR, and there is no other legal ground for the processing. 
  • You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing. 
  • In accordance with Art. 21 (2) GDPR, you file an objection against the processing by means of direct marketing. 
  • Your personal data has been unlawfully processed. 
  • Your personal data must be erased for compliance with a legal obligation in accordance with EU law or the law of a Member State to which we are subject. 
  • Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

If we have published your personal data and are obligated to erase it in accordance with Art. 17 (1) GDPR, we shall take appropriate measures - considering the available technology and the implementation costs - to inform the controller(s) responsible for data processing that you have requested the erasure by such controllers of any links to, or copy or replication of such personal data. 

Your right to erasure does not apply where processing is required

  • for exercising the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by EU law or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right referred to in para 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • or the establishment, exercise or defence of legal claims.

6.5 Right to information

If you have exercised the right to rectification, erasure or restriction of processing against us, we are obligated to notify all recipients to whom your personal data has been disclosed, of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about the recipients.

6.6 Right to data portability

You have the right to receive your personal data which you may have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from us, if

  • The processing is based on a declaration of consent in accordance with Art. 6 (1) clause 1 (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) clause 1 (b) GDPR and
  • the processing is carried out using automated methods.

In addition, you have the right to request the transfer of your personal data directly from us to another controller, insofar as this is technically feasible. This should not impair other people's freedoms or rights.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We currently do not assume that the data which are subject to the right to data transferability will be processed within the scope of our website offer.

6.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) clause 1 (e) or (f) GDPR, including profiling based on these provisions. 

We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds worthy of protection for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for such purposes; this also applies to any related profiling.

If you object to the processing for direct marketing purposes, your personal data shall no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.

6.8 Right to revoke the declaration of consent under data protection law

You are entitled to revoke your declaration of consent under data protection law at any time. Revoking your consent will not affect the legality of any processing that took place before the revocation.

Renew or change your cookie consent in our Consent Management Tool.

6.9 Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not carry out such processing.

6.10 Right of lodge a complaint with a supervisory authority

You are entitled to appeal to a supervisory authority, without prejudice to any other rights of appeal, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

7. Responsibility for linked content

This website may also use links to the websites of other providers. This Privacy Policy does not apply in this respect. If personal data is collected, processed or used when using the websites of other providers, please note the information on data protection of the respective providers. We are not responsible for their privacy policy.

8. Disclosure of personal data to third parties

Your personal data will only be stored on our servers or on servers used on our behalf. Access to and use of the data is only possible for authorised employees or service providers and is also limited to the data required to perform the respective task. Your data will not be transmitted to third parties without your consent. A data transfer to third countries (countries outside the European Economic Area - EEA) does not take place, unless otherwise stated in this Privacy Policy, and is also not intended in the future.

9. Data security

To protect your personal data, we have taken technical and organisational measures to ensure that your data is protected against accidental or intentional loss, destruction or tampering as well as access by unauthorised persons. Our protective measures are reviewed at regular intervals and adapted to technical progress if necessary.

10. Data Protection Officer

Should you have any further queries regarding the processing of your personal data, please contact our company's Data Protection Officer: compolicy GmbH, Schwedenkai 1, 24103 Kiel, Tel.: Tel: +49 (0) 431 9089480, E-Mail:

11. Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time if necessary and in consideration of the data protection regulations applicable at the time of the change. 

Version as of: March 2024