Privacy policy

Personal data (usually referred to just as „data“ below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there. Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the „GDPR“), „processing“ refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not. The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control. Our privacy policy is structured as follows:
I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
IV. Hosting

I. Information about us as controllers of your data

The party responsible for this website for purposes of data protection law is:insightformer UG (haftungsbeschränkt)
Liebigstraße 36
01187 Dresden
Germany
Email: info@insightformer.com
Mobil: +49 15678 363731
Phone: +49 (035934) 779935
Register Court: Amtsgericht Dresden
Registration Number: HRB 44237
Authorized Managing Director: Adrian Zimmermann

II. The rights of users and data subjects

With regard to the data processing to be described in more detail below, users and data subjects have the right:
  • to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
  • to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
  • to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients. Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller’s future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

III. Information about the data processing

1. General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data pursuant to Art. 9 (1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is additionally based on § 25 (1) TTDSG. Consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing can also be based on our legitimate interest under Art. 6 (1) lit. f GDPR. The respective legal basis applicable in individual cases is provided in the following sections of this privacy policy.

2. Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs in the context of using third-party services or disclosing or transmitting data to other persons, entities, or companies, this only happens in compliance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is ensured in another way, particularly through standard contractual clauses (Art. 46 (2) lit. c GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 (1) GDPR). Furthermore, we will inform you about the basis of the third country transfer for each individual third-country provider, with adequacy decisions being the primary basis. Information on third country transfers and existing adequacy decisions can be found on the EU Commission’s information site: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic data privacy framework: Under the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the scope of the adequacy decision dated 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in our data protection notices about which service providers we use are certified under the Data Privacy Framework.
Notice on data transfer to the USA and other third countries: We use tools from companies based in the USA or other data protection non-compliant third countries. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that these countries do not guarantee a data protection level comparable to the EU. For example, US companies are required to hand over personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot, therefore, be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

3. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Content delivery network
We use a Content Delivery Network (CDN) to optimize the loading times of our website. For this purpose, Webflow uses the CDNs from Fastly and Amazon CloudFront. A CDN helps deliver content faster to users by storing copies of the website on various servers worldwide and providing access from those servers.

5. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

6. Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection under Art. 21 (1) GDPR).If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection under Art. 21 (2) GDPR).

7. Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged breach. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

8. Right to data portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

9. Right to information, rectification, and erasure
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin, recipients, and the purpose of the data processing, and, if applicable, a right to rectification or erasure of this data at any time. For this purpose, as well as for further questions on the topic of personal data, you can contact us at any time.

10. Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:
  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection under Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

11. Cookie Manager
To obtain consent for the use of non-essential cookies on the website, the provider uses a cookie manager. When the website is accessed, a cookie containing the settings information is stored on the user's device, so that consent does not need to be requested again during a subsequent visit. This cookie is necessary to obtain the user's legally compliant consent. Users can prevent or terminate the installation of cookies by adjusting their browser settings.

12. Cookies
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your device by the internet browser you use. These cookies process certain information from you, such as your browser or location data or your IP address.This processing makes our website more user-friendly, effective, and secure, as it enables, for example, the display of our website in different languages or the provision of a shopping cart function.The legal basis for this processing is Art. 6 (1) lit. b GDPR, provided that these cookies process data for contract initiation or contract execution. If the processing is not for contract initiation or contract execution, our legitimate interest lies in improving the functionality of our website. The legal basis in this case is Art. 6 (1) lit. f GDPR. These session cookies are deleted when you close your internet browser.
b) Third-party cookies
Our website may also use cookies from partner companies with whom we collaborate for advertising, analysis, or functionality purposes of our website. For details, especially regarding the purposes and legal basis for processing such third-party cookies, please refer to the following information.
c) Removal options
You can prevent or restrict the installation of cookies by adjusting your internet browser settings. You can also delete cookies that have already been stored at any time. The necessary steps and measures for this depend on the specific internet browser you use. Please use the help function or documentation of your internet browser or contact its manufacturer or support if you have questions. For Flash cookies, the processing cannot be prevented through the browser settings. Instead, you must change the settings of your Flash Player. The steps and measures required for this also depend on your specific Flash Player. Please use the help function or documentation of your Flash Player or contact the manufacturer or user support if you have questions. If you prevent or restrict the installation of cookies, this may lead to the result that not all functions of our website are fully usable.If you have restricted the processing of your personal data, this data may only be processed – apart from being stored – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

13. Cookie banner from finsweet
We use a cookie consent management tool from Finsweet to manage consent for the use of cookies. This tool helps us ensure that we comply with legal requirements and protect the privacy of our users. You can change your cookie settings at any time and withdraw your consent by adjusting the corresponding settings in our cookie banner.

14. Server log files
The website server automatically stores information in so-called server log files, which your browser automatically transmits to us. These are:
  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

    15. Contact options
    a) Contact form
    If you contact us via the contact form or email, the data you provide will be used to process your request. Providing the data is necessary for processing and responding to your request—without providing it, we cannot or can only partially respond to your request. The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once your request has been fully processed, and no legal retention obligations oppose the deletion, such as in the case of a subsequent contract processing.
    b) Inquiry by email
    If you contact us via email, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. We do not pass on this data without your consent. We delete the data once your inquiry has been fully processed and no statutory retention periods apply.

    16. Server data
    For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website. These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site. The data thus collected will be temporarily stored, but not in association with any other of your data. The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website. The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

    17. Order processing
    The data you submit when ordering goods and/or services from us will have to be processed in order to fulfill your order. Please note that orders cannot be processed without providing this data.The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR.After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment. The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.

    18. Google analytics
    We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). The Google Analytics service is used to analyze how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site. Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general. Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at https://www.google.com/intl/de/policies/privacy/partners
    including options you can exercise to prevent such use of your data. In addition, Google offers an opt-out add-on at https://tools.google.com/dlpage/gaoptout?hl=en in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.

    IV. Hosting

    1. Hosting
    We host the content of our website with the following provider: Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter Webflow). When you visit our website, Webflow collects various log files, including your IP addresses. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the display of the page, to provide certain website functions, and to ensure security (necessary cookies). Details can be found in Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy. The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable possible presentation of our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.

    2. Order Processing
    We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a data protection legally required contract that ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

    3. Content delivery networks and security services
    Our hosting provider Webflow uses Content Delivery Networks (CDNs) and security services to optimize loading times and ensure the security of our website.
    Cloudflare
    Our hosting provider Webflow uses the services of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, to protect the website from attacks and to optimize loading times. Cloudflare temporarily stores access data, which allows the website to be delivered faster and security measures to be implemented. The data processed includes, among other things, the IP addresses of the users. For more information on data protection at Cloudflare, please refer to Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy.
    Amazon Cloud
    Front Our hosting provider Webflow uses the Content Delivery Network Amazon CloudFront, a service provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, to optimize the loading times of the website. Amazon CloudFront stores copies of the website on various servers worldwide to deliver content faster to users. The data processed includes, among other things, the IP addresses of the users. For more information on data protection at Amazon CloudFront, please refer to the Amazon Web Services privacy policy: https://aws.amazon.com/privacy.
    Fastly
    Our hosting provider uses Fastly as a CDN to deliver content faster to users by storing copies of the website on various servers worldwide. For more information on data protection at Fastly, please refer to Fastly's privacy policy: https://www.fastly.com/privacy.

    Model Data Protection Statement for Anwaltskanzlei Weiß & Partner