Data protection declaration

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data with which we can identify you. In addition, you will occasionally also find information on data processing operations outside this website (e.g. video conferences or newsletters).

Responsible for data processing

Person responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Kunsthaus Lempertz KG
Neumarkt 3
50667 Köln
Telephone: +49 221 925729 0
Email: info@lempertz.com

Data Protection Officer

exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Telephone: +0049 2452 / 99 33 11
Email: data@lempertz.com

General information

In addition to the data that you actively communicate to us on this site (e.g. via our contact form), we collect some technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you enter our website (e.g. browser, operating system or time stamp). We use this data to ensure an error-free presentation of our website. We may also collect data via integrated third-party providers (e.g. for external media such as map services or analysis tools). We will inform you about the individual purposes and legal bases during this data protection declaration.

If no separate storage period is indicated in this data protection declaration, your personal data will be stored by us for as long as the purpose of the data processing is given. If you contact us with a justified request for deletion or revoke your consent, we will delete your data. Statutory retention obligations remain unaffected.

Legal bases for data processing

If you have consented to data processing, your personal data will be processed on the basis of Art. 6 sec. 1 (a) GDPR or Art. 9 sec. 2 (a) GDPR if special categories of data are processed in accordance with Art. 9 sec. 1 GDPR. If you expressly consent to the transfer of personal data to third countries, the data will also be processed in accordance with Art. 49 sec. 1 (a) GDPR. If you gave consent to the storage of cookies or access to information on your end device (e.g. through device fingerprinting), data processing will also take place on the basis of Para. 25 sec. 1 TDDDG [German Telecommunications Digital Services Data Protection Act]. Your consent can be revoked at any time. If your data is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures, we process your data in accordance with Art. 6 sec. 1 (b) GDPR. In addition, we process your data if necessary for the fulfilment of a legal obligation on the basis of Art. 6 sec. 1 (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 sec. 1 (f) GDPR. In the following sections of this data protection declaration, you will be informed about the respective legal basis in individual cases.

Note on data transfer to third countries and US companies without DPF certification

Please note that we use tools from companies that are based in third countries or the USA that are not secure under data protection law and are not covered by the EU-US Data Protection Framework Agreement (DPF). When using these tools, your personal data may be transferred to these countries and processed there. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in these insecure third countries.

We would like to clarify that the USA generally offers a level of data protection comparable to that of the EU. The transfer of data to the USA is permitted if the recipient disposes of a DPF certification or provides appropriate additional guarantees. Information on data transfers to third countries, including data recipients, can be found in our data protection declaration.

Automated decision making

Your personal data is not processed for the purpose of automated decision-making.

Your rights

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

Right to information: you have the right to request confirmation from us as to whether your personal data is being processed and, if this is the case, to receive further information about the processing and copies of the processed data (Art. 15 GDPR).

Right to rectification: you have the right to obtain without delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed (Art. 16 GDPR).

Right to erasure: you have the right to demand the erasure of personal data concerning you without delay if the legal requirements are met, in particular if the data is no longer necessary for the purposes pursued and the processing is unlawful (Art. 17 GDPR).

Right to restriction of processing: you have the right to demand that we restrict the processing of your personal data if the legal requirements are met, in particular if you contest the accuracy of the data, the processing is unlawful, and you oppose the erasure (Art. 18 GDPR).

Right to data portability: you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where technically feasible (Art. 20 GDPR).

Right to object: you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 sec. 1 (e) or (f) GDPR (Article 21 GDPR).

Right to revoke consent given: you have the right to revoke your consent to the processing of personal data at any time with effect for the future. The revocation of your consent does not affect the lawfulness of processing based on consent before its revocation (Art. 7, sec. 3 GDPR).

Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).

Further data processing procedures

General information obligations

This information is intended for customers, parties interested, suppliers and employees. We process your personal data for the following purposes:

To fulfil our contractual obligations towards you (Art. 6 sec. 1 (b) GDPR).

For the fulfilment of pre-contractual obligations (Art. 6 sec. 1 (b) GDPR).

To respond to enquiries (Art. 6 sec. 1 (b) GDPR).

If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), the data processing takes place on the basis of your consent (Art. 6 sec. 1 (a) GDPR).

To fulfil legal obligations to which our company is subject (Art. 6 sec. 1 (c) GDPR).

Where necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research unless you have objected to the use of your data for this purpose, for measures for business management and further development of services and products, for measures to optimise products and sales, for risk management measures, for the prevention or investigation of criminal offences (Art. 6 sec. 1 (f) GDPR).

Categories of recipients of the personal data

Within our company, only those employees have access to the data who absolutely need it to fulfil their tasks (need-to-know principle). Individual processes and services are executed by carefully selected service providers based within the EEA and commissioned in accordance with data protection regulations. If service providers commissioned by us are given access to personal data when executing your services, data processing agreements have been concluded with them in accordance with Art. 28 sec. 3 GDPR.

Duration of data storage

The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are in particular commercial and tax retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as required for the specific purpose.

Data processing in accordance with the Money Laundering Prevention Act

In accordance with Para. 2, sec. 1 of the German Money Laundering Prevention Act (GwG), we are obliged to comply with measures to prevent money laundering and terrorist financing. The measures prescribed by law include the identification of contractual partners (Para. 11 GwG) if a certain transaction amount is exceeded. Under certain circumstances, we are also obliged to report suspicious transactions or transaction intentions (Para. 27 et seq. GwG). As part of the prescribed identification and/or reporting, we collect personal data and, if necessary, pass it on to the central office of the Financial Intelligence Unit (FIU). The legal basis for the collection and forwarding of data is Art. 6 sec. 1 (c) GDPR in conjunction with the respective statutory provisions of the GwG. Unless other statutory provisions on recording and retention obligations provide for a longer period in individual cases, we are obliged to retain the data for five years. Once the retention period has expired, the data will be destroyed in accordance with data protection regulations without the need for a separate request to do so.

Cookies

Cookies are small text files that are stored by your browser on your end device in order to save certain information during your use of the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.

There are different kinds of cookies that serve different purposes. Temporary cookies, also known as session cookies, are only stored for the duration of your use of the website and are automatically deleted when closing your browser. Persistent cookies, on the other hand, remain stored on your end device for a longer period of time and enable us to recognise you and your preferences on repeated visits to the website.

Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is integrated on our website, such as plug-ins or analysis tools.

The use of cookies serves various purposes, for example to ensure the website’s functionality, to save user settings, to compile anonymous statistics on user behaviour or to display personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest in accordance with Art. 6 sec. 1 (f) GDPR to make our website functional and user-friendly. As the website operator, we have a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of our services. If we obtain your consent for the use of cookies, the processing is carried out on the basis of Art. 6 sec. 1 (a) GDPR in conjunction with Para. 25 sec. 1 TDDDG. Your consent can be revoked at any time.

Data processing in detail

Subsequently we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

Provision of the website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer

Date and time of access

Name and URL of the retrieved file

Website from which the access was made (referrer URL)

Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 sec. 1 (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 sec. 1 (f) GDPR).

We use the following hoster:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

Contact form

Type and scope of processing

If you send us enquiries (e.g. via contact form, e-mail or telephone), we store all the data resulting from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.

Purpose and legal basis

This data is processed on the basis of Art. 6 sec. 1 (b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 sec. 1 (f) GDPR) or on your consent (Art. 6 sec. 1 (a) GDPR) if you have previously given it.

Storage period

The data provided by you on the contact form will be retained by us until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Contact form for applicants

Type and scope of processing

We collect and process the personal data of applicants. Corresponding data processing may also be carried out electronically, for example when applicants send us application documents by e-mail or via a web form on our website. On our website, we offer you the opportunity to send us applications for advertised vacancies by email.

Purpose and legal basis

We process the personal data of applicants in accordance with the legal requirements for the purpose of initiating an employment relationship (Art. 6 sec. 1 (b) GDPR). You are not obliged to provide us with this data. However, we cannot carry out an application process with you without this data.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 sec. 1 (b) GDPR and, if you provide us with special categories of personal data such as health information, on the basis of Art. 9 sec 2 (b) for the purpose of implementing the employment relationship.

We also use the services of the professional networks LinkedIn and XING to contact potential applicants. In this respect, the operators of the networks act as processors for us in accordance with our instructions. The legal basis for data processing when approaching potential applicants on our behalf is Art. 6 sec. 1 (f) GDPR (our legitimate interests). If you send us your application as a result of such an approach, we process your data for the purpose of initiating an employment relationship as described above on the basis of Art. 6 sec. 1 (b) GDPR.

Storage period

Your data will be stored for a period of 6 months after the end of the application process. This is done to protect our legitimate interests to check whether we need the data for the defence of any claims in connection with the application process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).

If it is evident that further storage of the data after the 6-month period is necessary to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. The legal basis for this further data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6 sec. 1 (f) GDPR in conjunction with Art. 24 sec. 1 no. 2 BDSG [German Federal Data Protection Act] or, insofar as special categories of personal data are stored, Art. 9 sec. 2 (f) GDPR in conjunction with Art. 24 sec. 2 BDSG).

Inclusion in the applicant pool

As part of the application process, we offer applicants the opportunity to be included in our ‘talent pool’ for a period of 24 months on the basis of consent within the meaning of Art. 6 sec. 1 (a), Art. 9 sec. 2 (a) GDPR. If you have indicated special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, we will not be able to consider you for future vacancies without this data unless you submit a new application to us.

Consent to the inclusion of application data in the talent pool is voluntary and can be revoked at any time for the future. The revocation of consent does not affect the lawfulness of data processing based on consent before its revocation.

Your application documents will be deleted from the talent pool at the latest after expiry of the storage period or in the event of revocation or acceptance of a job offer by one of the companies responsible for the talent pool.

If you receive an offer of employment with us during the application process and accept it, we or this company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Art. 6 sec. 1 (b) GDPR or, if you provide us with special categories of personal data such as health information, Art. 9 sec. 2 (b) GDPR. 

Newsletter

We offer you our newsletter on this website. If you would like to subscribe to this, we need your email address and other data that prove that this is your email address and that you agree to receive the newsletter. Besides, no other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.). 

When processing the data you provide when registering for the newsletter, we rely exclusively on your consent in accordance with Art. 6 sec. 1 (a) GDPR as the legal basis. You can revoke your consent to the processing and storage of your personal data at any time (e.g. via the ‘unsubscribe’ link in the newsletter) for the future.

We store your personal data that you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the mailing service provider. This does not apply to data that we have stored about you for other purposes.

If you unsubscribe from the newsletter mailing list, your email address will be stored by us or the mailing service provider in a blacklist for an indefinite period of time. This is done to prevent future mailings to you. The data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest in accordance with Art. 6 sec. 1 (f) GDPR to fulfil our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

A CRM enables us to manage customer data and contacts and to organise our sales processes. With Hubspot CRM, we can collect and analyse customer interactions across various channels (e.g. email, social media, website or telephone). We can then use the data collected in this way to develop new marketing measures.

The use of Hubspot CRM is based on Art. 6 sec. 1 (f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If you have previously given your consent to data processing, the processing is carried out on the basis of Art. 6 sec. 1 (a) GDPR and Art. 25 sec. 1 TTDSG [German Telecommunications-Telemedia Data Protection Act], insofar as the consent includes the storage of information or access to information in your end device within the meaning of the TTDSG. Consent can be revoked at any time.

Details can be found in the data protection declaration of Hubspot: https://legal.hubspot.com/de/privacy-policy.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.hubspot.de/data-privacy/privacy-shield.

The company is certified according to the ‘EU-US Data Privacy Framework’ (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active

Data processing

To ensure that personal data is processed in accordance with our provisions and in compliance with the GDPR, we have concluded a data processing agreement (DPA) with the provider.

Registration of a user account

You have the possibility to register an account on our website. We process the user data entered by you exclusively to provide the service for which you have registered. In the event of important changes such as the scope of the service or technically necessary changes, we will use the email address provided during registration to inform you in this way. The data entered during the registration process is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 sec. 1 (b) GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Presence on social media platforms

We operate public profiles on various social networks on our website. More detailed information on the social networks we use can be found in the relevant sections of our data protection declaration.

Social networks such as Facebook, Twitter etc. can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social media presence. In case you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For further details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis for data processing

The purpose of our social media presence is to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of Art. 6 sec. 1 (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be indicated by the operators of the social networks (e.g. consent within the meaning of Art. 6 sec. 1 (a) GDPR).

Controller and assertion of rights

When visiting our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Duration of data storage

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. via their data protection declaration, see below).

Facebook page

Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement stipulates which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.

For further information, please refer to Facebook's data protection declaration: https://www.facebook.com/about/privacy/.

Instagram page

Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information on the handling of your personal data can be found in Instagram's data protection declaration: https://help.instagram.com/519522125107875.

Twitter page

Our company uses the short message service X (formerly Twitter). The provider is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customise your X privacy settings yourself in your user account by logging in at the following link: https://x.com/settings/account/personalization.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.

For further information, please refer to X's data protection declaration: https://x.com/de/privacy.

LinkedIn page

Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Further information on the handling of your personal data can be found in LinkedIn's data protection declaration: https://www.linkedin.com/legal/privacy-policy.

XING page

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung.

Pinterest

Our company has a profile on Pinterest. The operator is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Further information on the handling of your personal data can be found in Pinterest's data protection declaration: https://policy.pinterest.com/de/privacy-policy.

Video conferencing

Data processing

We use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool.

The tools collect the data provided by you, including your email address and telephone number. They also process the duration of the conference, when you attended the conference, number of participants and other metadata.

In addition, the provider of the tool processes all technical data required to organise the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If you share content on this service, it will be stored on the provider's servers. This includes cloud recordings, chat messages, voice messages, photos and videos that you have shared while using this service.

Please note that we do not have full influence on the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the data protection declarations of the tools used.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 sec. 1 (b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 sec. 1 (f) GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 sec. 1 (a) GDPR; consent can be revoked at any time.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For further details, please contact the operators of the conference tools directly.

Matterport

Type and scope of processing

We use Matterport to display 3D models of properties on our website and to enable virtual tours for our users. Matterport is a service provided by Matterport, Inc. which acts as a content delivery network (CDN) on our website.

A CDN contributes to providing the content of the 3D models. When you access this content, you establish a connection to the servers of Matterport, Inc, Matterport, Inc. 352 E. Java Dr. Sunnyvale, CA 94089, United States, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Matterport.

Purpose and legal basis

The use of Matterport is based on your consent in accordance with Art. 6 sec. 1 (a.) GDPR and Para. 25 sec. 1 TDDDG.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Matterport, Inc. Further information can be found in Matterport's data protection declaration: matterport.com/de/node/44. 

YouTube with extended data protection

This website integrates videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that no information about visitors to the website is stored before they watch the video. Nevertheless, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

When you start a YouTube video on this website, a connection to its servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you also enable YouTube to associate your surfing behaviour with your personal profile. You can prevent this by logging out of your account. After starting a video, YouTube can store various cookies on your end device or use comparable recognition technologies, such as device fingerprinting. This allows YouTube to receive information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud. It cannot be ruled out that further data processing operations may take place after the start of a video, over which we have no influence.

Legal bases

The use of YouTube is based on our legitimate interest in an appealing presentation of our online offers (Art. 6 sec. 1 (f) GDPR). If a corresponding consent has been requested, the data will be processed exclusively on the basis of your consent in accordance with Art. 6 sec. 1 (a) GDPR and Para. 25 sec. 1 TDDDG. This can be revoked at any time.

Further information about data protection at YouTube can be found in the data protection declaration: https://policies.google.com/privacy?hl=de.

Name	Purpose	Lifetime	Type	Provider
DSID	Google: Security, Functionality, Advertising for AdSense, Campaign Manager, Google Ad Manager, Google Analytics, Display + Video 360, Search Ads 360	2 weeks	HTML	Google
test_cookie	Google: Functionality for AdSense, Campaign Manager, Google Ad Manager, Google Analytics, Display + Video 360, Search Ads 360	15 minutes	HTML	Google
IDE	Google: Advertising for Campaign Manager, Display + Video 360, Google Ad Manager, Google Analytics, Search Ads 360	24 months	HTML	Google
FPLC	Google: Analytics for Google Analytics	20 hours	HTML	Google
FPID	Google: Analytics for Google Analytics	2 years	HTML	Google
GA_OPT_OUT	Google: Functionality for Google Analytics	7 years	HTML	Google
__utma	Google: Analytics for Google Analytics	2 years	HTML	Google
__utmb	Google: Analytics for Google Analytics	30 minutes	HTML	Google
__utmc	Google: Analytics for Google Analytics	session	HTML	Google
__utmt	Google: Analytics for Google Analytics	10 minutes	HTML	Google
__utmz	Google: Analytics for Google Analytics	6 months	HTML	Google
__utmv	Google: Analytics for Google Analytics	2 years	HTML	Google
_ga	Used to distinguish users.	2 years	HTML	Google
_gat	Used to throttle request rate.	1 minute	HTML	Google
_gat_--custom-name--	Google: Analytics for Google Analytics	1 minute	HTML	Google
_gid	Used to distinguish users.	24 hours	HTML	Google
_ga_--container-id--	Persists session state.	2 years	HTML	Google
_dc_gtm_--property-id--	Used by DoubleClick (Google Tag Manager) to help identify the visitors by either age, gender or interests.	1 minute	HTML	Google
_gaexp	Google: Analytics for Google Analytics, Optimize	93 days	HTML	Google
_gaexp_rc	Google: Analytics for Google Analytics, Optimize	10 seconds	HTML	Google
_opt_awcid	Google: Analytics for Google Analytics, Optimize	24 hours	HTML	Google
_opt_awmid	Google: Analytics for Google Analytics, Optimize	24 hours	HTML	Google
_opt_awgid	Google: Analytics for Google Analytics, Optimize	24 hours	HTML	Google
_opt_awkid	Google: Analytics for Google Analytics, Optimize	24 hours	HTML	Google
_opt_utmc	Google: Analytics for Google Analytics, Optimize	24 hours	HTML	Google
_gac_--property-id--	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.	90 days	HTML	Google
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, request in progress or an error retrieving a Client ID from AMP Client ID service.	1 year	HTML	Google

Name	Purpose	Lifetime	Type	Provider
GoogleMaps	Is used to connect to Google Maps and to display those maps.	none	Connection	Google
_gali	This cookie is used by Google Analytics. It is used to anonymously record the clicked elements within a page.	0,5 minutes	HTML	Google

Name	Purpose	Lifetime	Type	Provider
YouTube	Is used to connect to YouTube and to display videos.	none	Connection	YouTube
1P_JAR	This Google cookie is used to optimize advertising to deliver ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times.	1 months	HTML	Google
CONSENT	This cookie stores the preferences and other information of the user. This includes in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate the SafeSearch filter of Google.	18 years	HTML	Google
NID	These cookies store user settings and user information for Google Maps.	6 months	HTML	Google
DV	These cookies store the preferences and other information of the user. This includes in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate the SafeSearch filter of Google.	5 minutes	HTML	Google