Privacy Policy & Data Protection

We are delighted to welcome you to our website, and would like to thank you for your interest in the TAVEC Project. Our management attaches great importance to the protection of your personal data. In general, the Hochschule Fresenius websites can be used without providing any personal data; however, should you wish to make use of particular services via our website, processing of personal data could become necessary. In such cases, we will always obtain your consent.

We will always process your personal data confidentially and in line with the relevant legal provisions, in particular those of the EU General Data Protection Regulation (GDPR) in conjunction with the applicable country-specific data protection regulations and this Privacy Policy.
We want you to feel secure at all times when visiting our website. To this end, we have taken technical and organizational measures to ensure the most complete protection of your rights in this regard, and are committed to ensuring that both our employees and external service providers comply with the applicable legal requirements. Nevertheless, Internet-based services are always susceptible to security flaws, so absolute protection cannot be guaranteed. You are therefore welcome to transfer personal data to us by alternative means, e.g. by post, telephone or fax.

1. Definitions
Your personal data is protected in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act, and other sector-specific laws. Accordingly, our privacy policy uses the terms defined there, as outlined below.

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

d) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

e) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

f) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data.

h) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the data controller
The persons responsible for data processing pursuant to the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions relating to data protection are:

Hochschulen Fresenius gemeinnützige Gesellschaft mit beschränkter Haftung
Limburger Straße 2
65510 Idstein
Represented by: Prof. Dr. Tobias Engelsleben, Sascha Kappes, Kai Metzner
Tel.: +49 6126  93520
Fax: +49 6126 935210
Email: idstein@hs-fresenius.de

Hochschulen Fresenius Gesellschaft mit beschränkter Haftung
Limburger Straße 2
65510 Idstein
Represented by: Prof. Dr. Tobias Engelsleben, Matthias Martin

The university locations in Idstein, Köln, Hamburg, Munich, Frankfurt, Wiesbaden, Düsseldorf, and Berlin are all affiliated with the umbrella body Hochschulen Fresenius gGmbH Idstein.

3. Name and address of data protection officer
The data controller’s external data protection officer is:

Carl Remigius Fresenius Education AG
Im Media Park 4e
50670 Köln
Tel.: +49 221 921512-782
Fax: +49 221 921512-10
Email: datenschutz@crf-education.com

Your trust and the protection of your data are important concerns to us. This is why it is important for us to answer any and all questions relating to how your data is protected and used. If you require any information over and above that provided here or have any comments, please do not hesitate to contact us at any time.

4. Rights of data subjects 
a) Right to be informed
You have the right to be informed about whether or not personal data concerning you is being processed by a data controller. Where that is the case, you also have the right to be informed of the particulars of the data processing. The right to be informed encompasses the data in question, the purposes for which it is processed, the categories of personal data being processed, and the recipients or categories of recipient to which the personal data is or has been disclosed. It further encompasses the envisaged period for which the personal data will be stored, the origin of the data if it was not collected from you personally, and the existence of any automated decision-making, including profiling. The right to be informed also includes an entitlement to information about the right to rectification or deletion of personal data, and an entitlement to information about the right to lodge a complaint with a supervisory authority.

b) Right to erasure (right to be forgotten)
You have the right to demand from the controller the immediate erasure of personal data concerning you where the following grounds apply and processing is not necessary:

• The purpose for the collection or processing of the data has ceased to exist, or the data is no longer necessary to this end.
• You have exercised your right to object to the processing of your personal data.
• You have withdrawn your consent to data processing and there are no legal grounds to justify continued processing.
• The erasure arises from a legal obligation.
• There is no legal basis for processing the data.

c) Right to data portability 
You have the right to receive any personal data concerning you, which you have provided to us as a data controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data was furnished. This right applies where data was processed automatically in the performance of a contract or on the basis of consent. Furthermore, this right encompasses the entitlement to have the personal data transmitted directly from one controller to another, where technically feasible.

d) Right to object
The right to object includes, on one hand, the option of objecting to the processing of your personal data for marketing purposes. You also have the right to object to processing of personal data that was originally obtained lawfully for other purposes.

e) Right to restriction of processing
Under certain conditions, you have the right to demand that the controller place restrictions on your personal data so as to prevent further processing. For instance, such restrictions can be demanded for the duration of the verification process if the accuracy of the stored data is disputed.

f) Right to rectification
The right to rectification comprises your right as a data subject to demand from us, the controller, the immediate rectification of inaccurate personal data concerning you.

5. Legal basis for processing
For the majority of processing operations, we obtain consent from you. In these cases, Art. 6 (1) lit. a and Art. 7 GDPR constitute the legal basis for processing operations. Processing of personal data can also be necessary for the performance of a contract or for acts preparatory to such a contract, as is the case, in particular, with processing operations related to the supply of information material requested by you or applications for places on our courses. In such cases, processing is based on Art. 6 (1) lit. b GDPR. Insofar as we are subject to a legal obligation to process personal data, for instance to meet tax obligations, the processing is based on Art. 6 (1) lit. c GDPR. In certain cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. In this case, the processing would be based on Art. 6 (1) lit. d GDPR. If data processing operations are not covered by any of the above legal bases, Art. 6 (1) lit. f GDPR may apply. This may be the case if, for instance, processing is necessary to safeguard a legitimate interest on the part of Hochschule Fresenius or of a third party, except where such interests are overridden by the interests, fundamental rights, and freedoms of the data subject. A legitimate interest is, for example, conducting company business to protect the interests of employees and shareholders and includes analysis and optimization of our marketing activities. Accordingly, we regard the use of cookies to track user behavior as part of our marketing activities, provided it does not relate to sensitive data or identifiable individuals, and the delivery of personalized marketing to the corresponding user profiles, as necessary for the pursuit of our legitimate interests.

6. Transfer to third countries
If we process data in a third country (i.e. in a country outside of the European Union or outside of the European Economic Area) or if data is processed in third countries in connection with the use of services rendered by third parties or disclosed or transferred to third countries, this is done solely for the purpose of fulfilling contractual obligations or in preparation to enter into a contract; on the basis of your consent, a legal obligation, or our legitimate interest. We only process, transfer, or have data processed in a third country in compliance with the provisions of Articles 44 ff of the General Data Protection Regulation (GDPR). Processing is carried out, for example, on the basis of special guarantees, such as the verification of a level of data protection comparable to that guaranteed in the European Union (e.g. EU-US Privacy Shield Framework), compliance with officially recognized contractual obligations or evidence of some other, recognized level of data protection (which goes beyond the voluntary commitment of a “safe harbor” arrangement) (In this regard, see also the expanded requirements of the  „Düsseldorfer Kreis“ data protection committee) .

7. Cooperation with external data processors and third parties
If, during our processing operations, data is disclosed, transferred, or otherwise made available to other persons and enterprises (external data processors, affiliates of the Carl Remigius Fresenius Education Group, or other third parties), this is always done for a lawful purpose (e. g. when the transfer of payment data to the relevant company within the corporate group is required to fulfill contractual obligations or when address data is transferred to the delivery service for the purpose of sending course materials requested by you, pursuant to Article 6 (1) lit. b GDPR), on the basis of consent, a legal obligation, a legitimate interest, or as necessary for the performance of a data processing contract pursuant to Article 28 GDPR.

8. SSL encryption
We use state-of-the-art HTTPS encryption to ensure that your data is protected during online  transfer.

9. Cookies
The Hochschule Fresenius website uses cookies. Cookies are used to enable web-based applications to manage the status of your visit to a website, and facilitate navigation between the different website services and content. Cookies are installed on the hard drive of your computer and do not cause any damage. A cookie is a small data file which is transferred from the web server to your device when you browse our website. Cookies only contain information which we or a third party send to your computer; cookies cannot access private data. Accepting cookies does not give us access to your personal information.
Various data is saved in cookies. This is done primarily to store information on the user during or after a visit to a website. There are two main types of cookies: temporary and permanent. Temporary cookies are deleted when the user leaves the website. Permanent cookies remain after the browser has been closed and are used to measure audience reach and analyze user behavior. Some cookies do not originate from the entity responsible for the website, but from third parties. This website uses temporary and permanent cookies. We will explain how these work in this privacy notice.
Most browsers accept cookies by default. If you would like to stop the use of cookies to measure audience reach, analyze user behavior, and display personalized ads, the default cookie setting can be deactivated in your browser. Permanent cookies that are installed for the aforementioned purpose can also be deleted in this way. The placement of cookies for online marketing purposes can also be deactivated via http://www.youronlinechoices.com/ch-de/praferenzmanagement. Existing cookies can also be deleted via this link. Disabling cookies may mean that some features on our website will no longer be available, and some websites may not be displayed correctly.

10. Access data
When you visit our website, access data relating to this event is saved in a log file either by us or by our hosting provider. We collect usage data in connection with your visit, which is saved temporarily for statistical purposes and subsequently deleted. This data is collected for internal purposes only and is not transferred to third parties.

The data includes:

• IP address of the device from which the request is sent
• Date and time of the request
• Access method/function requested by the end device
• Input values transferred by the end device from which the request is sent (e.g. file name)
• Web server access status (file transferred, file not found, command not executed, etc.)
• Name of file requested and data volume transferred
• URL from which the file was requested/the desired function was initiated.

We collect this data on the basis of our legitimate interest in the proper functioning of our IT systems as well as in the interest of data security (investigating cyber-attacks). The stored data is anonymized at the earliest possible opportunity (by deleting the last octet in the IP address) or deleted entirely, and is used solely for the purpose of identifying or tracking unauthorized access or attempts to access the web server. This does not apply to data which must remain stored for evidence purposes . This data does not undergo further evaluation, except for statistical purposes where the data is anonymized. The data is not allocated to specific individuals. Individual user profiles are not created. The data collected in this way is used solely within the scope of the EU GDPR.

11. Collection of user data
In some areas of our website we request certain data that can be unambiguously assigned to you as an individual. This is the case, for example, when you register as TAVEC Presenter, Jury Member, General Audience or for our Workshop or other offers. We only collect the data required for the purpose at hand, e.g.:

• Name (First and Last name)
• Email address
• Organization
• Position

And optional e.g.

• Steet, No,
• Postal Code
• City
• State
• Country

The data input masks show exactly what information is required. Data is always encrypted prior to being transferred.

Where data is entered on our website, this is always done on a voluntary basis and solely for the purpose of offering services that require user registration. The relevant data log files can be changed or deleted entirely at any time, provided doing so does not conflict with statutory data retention requirements. Information on your data records will be provided on request. Our data protection officer is at your disposal to assist with this.

12. Contact form
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your agreement (Art. 6 Para. 1 lit. a GDPR) if this has been requested. The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

13. Request by email, telephone, fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 Sect. 1 lit. f GDPR) or on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

14. Hosting
We use web hosting for the following: platform services, computing capacity, data storage, database services, security settings, and technical maintenance and services necessary to the operation of our website. To this end, we or our web hosting service provider process, on the basis of a legitimate interest in providing an online service pursuant to Art. 6 (1) lit. f GDPR in conjunction with Art. 28 GDPR, user, contact, usage, and contract data as well as meta data and communication data relating to interested parties, applicants, students, and visitors to our website.

15. Analysis, market research, and opinion polling
We analyze our pool of data on business processes, contracts, and queries with a view to identifying market trends and customer and user requirements, and effectively running our business operations. To this end, we process user, contact, usage, and contract data as well as meta data and communication data relating to interested parties, applicants, students, and visitors to our website on the basis of our legitimate interest in maintaining and optimizing our business pursuant to Art. 6 (1) lit. f GDPR. Such analyses are performed for the purpose of business assessments, marketing and sales, and market research. They enable us to optimize our website content and services, making them more user-friendly, and help us optimize our business operations. Insofar as possible, data is anonymized for analysis and profiling. Analysis and profiling results are not disclosed to third parties.

16. Deletion and blocking of personal data
We process and save your personal data only insofar as necessary for data storage reasons or as required under the provisions of relevant European directives and/or regulations. Data is stored in compliance with any and all applicable retention periods. Under Section 257 (1) of the German Commercial Code (HGB) the statutory period of retention for records in Germany is 6 years, under Section 147 (1) of the German Fiscal Code (AO) 10 years; further, the retention periods applicable under the higher educational acts of the German Federal States and other relevant regulations are also binding. Your data will be routinely deleted on expiry of said periods, unless required for the performance of a contract or for acts preparatory to a contract.

17. Data protection in relation to Google Analytics and target group selection
This website uses certain functions of the web analytics service Google Analytics provided by the company Google Inc. of 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This involves the use of cookies that are installed on your computer for the purpose of analyzing website usage. The information on your usage of this website collected using this technology is generally transferred to Google servers in the US, where it is stored. Google uses this data to analyze website usage, to compile reports on website activities, and to perform other services in connection with usage analytics. We receive statistics from Google detailing the overall number of users and associated pseudonymous user profiles which contain dwell times for each profile. In pursuit of our legitimate interest, we use these statistics to form target groups on the basis of the assumption that a visit to our website relates to presumed interests.
The IP address transmitted by your browser for the purpose of Google analytics is not merged with other Google data because, prior to data collection, the use of cookies prevents data being linked with individual data subjects.
We use Google Analytics based on a legitimate interest in the analysis and optimization of our marketing activities and, thus, also our economic interests pursuant to Art. 6 (1) lit. f. GDPR. We have taken measures to protect your interests in deciding that the interests of the data controller prevail. We also believe that this can help enhance user-friendliness. Further, we have entered into a data processing contract with Google pursuant to Art. 28 GDPR. Under the agreement we have with Google, user data is deleted or anonymized after 14 months. We have activated the anonymize.ip function. This means that prior to data collection, Google removes the last octet of your IP address within EU Member States or in other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. Google’s certification under the EU-US Privacy Shield Framework guarantees that it provides a level of data protection comparable to that guaranteed in the European Union.

You can prevent cookies from being stored on your device via the corresponding browser settings. However, this may cause you to experience reduced functionality on our website. In addition, you can prevent Google from using cookies to collect data relating to your website usage, including your IP address, and subsequently processing said data by downloading and installing the following browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de.Please note that if you do not wish online metrics to be tracked, you must not delete cookies that prevent site analytics. If you delete all existing cookies via the relevant browser settings, the cookies needed to prevent site analytics will have to be reset. More information on how Google uses data as well as other settings and opt-out options can be found in Google’s privacy policy https://policies.google.com/technologies/ads and in the Google ads settings https://adssettings.google.com/authenticated.

18. Data protection in relation to Google Tag Manager
Our website uses the tool Google Tag Manager provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, US Google). This tool allows marketers to manage website tags via an interface. The Tool Tag Manager itself, which implements the tags, is a cookie-free domain. The tool triggers other tags that may in turn collect data. Google Tag Manager does not access this data. Disabling at domain or cookie level will not affect any tracking tags implemented by the Google Tag Manager, which will remain in place. Further information and the privacy policy for Google Tag Manager can be found at https://www.google.com/intl/de/policies/.

19. Social media presence
To be able to communicate with active customers, interested parties, and users, and keep them updated on the latest news and services in a way that is in keeping with the spirit of our age, we maintain a social media presence. To this end, user data can be processed in countries outside of Europe, where different data protection standards apply. We would therefore like to draw your attention to the fact that this can involve certain risks for the user: For instance, data processing is subject to different requirements in terms of transparency or legal enforcement. User data is also used for market research and advertising purposes. In addition, the data collected, e.g. on user behavior, may be used to deliver targeted content or services or to create user profiles based on the user’s interests. These are in turn used to run targeted, interest-based ads both on social media and through other channels. This information is often collected with the help of cookies installed on user devices and subsequently analyzed according to specific criteria. The individual profile data saved on social media sites can also be linked to the data saved with the help of cookies. Providers certified under the EU-US Privacy Shield Framework are obligated to comply with EU data protection regulations.
The maintenance of a presence on social media and the resulting processing of personal data take place pursuant to Art. 6 (1) lit. f. GDPR on the basis of our legitimate interest in effective, up-to-date information on and communication with users and interested parties. Where consent to data processing has been obtained, processing takes place pursuant to Art. 6 (1) lit. a and Art. 7 GDPR. For details of the individual policies on data processing and opt-out options, we ask that you refer to the individual providers’ specifications. Please note that the most effective way to enforce user rights and obtain information is through the individual providers themselves. Only they hold the relevant databases and have the technical and organizational means to this end. We are happy to assist you further with this where necessary.

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/,
• Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy and Opt-Out: http://instagram.com/about/legal/privacy/.
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/de/privacy,
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy,

20. Incorporation of third-party services and content
The services and content on our website, blogs run by us, and our presence on social media include third-party content and services; such third-party content and services are incorporated on the basis of our legitimate interest in optimization, economic interests, and our interest in performing analytics pursuant to Art. 6 (1) lit. f GDPR.  Including and displaying such services requires the IP address, which is used to transfer information to the browser. Insofar as the IP address is visible to us, we will endeavor to incorporate content only from those providers that use the IP address solely for the purpose of delivering content. However, third-party providers may use pixel tags or web beacons to collect data for statistical or marketing purposes. Furthermore, cookies may be installed on your device to collect information on your operating system, history of websites visited, dwell times, and meta data. In some cases, this pseudonymous user data may be linked with information from other sources.

• YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
  • Privacy Policy: https://www.google.com/policies/privacy/,

Opt-Out: https://adssettings.google.com/authenticated

21. Newsletter data
If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

22. MailChimp with deactivated success measurement
This website uses the services of MailChimp to send out its newsletters. The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Among other things, MailChimp is a service that can be deployed to organize the sending of newsletters. Whenever you enter data for the purpose of subscribing to a newsletter (e.g. your e-mail address), the information is stored on MailChimp servers in the United States. We have deactivated the success measurement of Mailchimp, so Mailchimp will not evaluate your behavior when opening our newsletter.

If you do not want MailChimp to receive your data, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message.

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para.1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Privacy Policies of MailChimp at: https://mailchimp.com/legal/terms/

Execution of a contract data processing agreement: We have executed a so-called “Data Processing Agreement” with MailChimp, in which we mandate that MailChimp undertakes to protect the data of our customers and to refrain from sharing it with third parties.