Pri­va­cy Policy


With the fol­lowing pri­va­cy poli­cy we would like to inform you which types of your per­so­nal data (her­ein­af­ter also abbre­via­ted as ” data”) we pro­cess for which pur­po­ses and in which scope. The pri­va­cy state­ment app­lies to all pro­ces­sing of per­so­nal data car­ri­ed out by us, both in the con­text of pro­vi­ding our ser­vices and in par­ti­cu­lar on our web­sites, in mobi­le app­li­ca­ti­ons and wit­hin exter­nal online pre­sen­ces, such as our social media pro­files (her­ein­af­ter collec­tively refer­red to as “online services”).

The terms used are not gender-specific.

Last Update: 19. Decem­ber 2019

Table of contents

Over­view of pro­ces­sing operations
Legal Bases for the Processing
Secu­ri­ty Precautions
Trans­mis­si­on and Dis­clo­sure of Per­so­nal Data
Data Pro­ces­sing in Third Countries
Use of Cookies
Com­mer­cial Services
Con­ta­c­ting us
Pro­vi­si­on of online ser­vices and web hosting
Era­su­re of data
Chan­ges and Updates to the Pri­va­cy Policy
Rights of Data Subjects
Ter­mi­no­lo­gy and Definitions


Ste­fan Friedrich
Bucher Str. 100
90408 Nürn­berg, Germany

E‑mail address:

Pho­ne: +49 911 25300083

Over­view of pro­ces­sing operations

The fol­lowing table sum­ma­ri­ses the types of data pro­ces­sed, the pur­po­ses for which they are pro­ces­sed and the con­cer­ned data subjects.

Cate­go­ries of Pro­ces­sed Data

  • Inven­to­ry data (e.g. names, addresses).
  • Con­tent data (e.g. text input, pho­to­graphs, videos).
  • Con­ta­ct data (e.g. e‑mail, tele­pho­ne numbers).
  • Meta/communication data (e.g. device infor­ma­ti­on, IP addresses).
  • Usa­ge data (e.g. web­sites visi­ted, inte­rest in con­tent, access times).
  • Con­tract data (e.g. con­tract object, dura­ti­on, cus­to­mer category).
  • Pay­ment Data (e.g. bank details, invoices, pay­ment history).

Cate­go­ries of Data Subjects

  • Busi­ness and con­trac­tu­al partners.
  • Pro­spec­ti­ve customers.
  • Com­mu­ni­ca­ti­on part­ner (Reci­pi­ents of e‑mails, let­ters, etc.).
  • Users (e.g. web­site visi­tors, users of online services).

Pur­po­ses of Processing

  • Office and orga­ni­sa­tio­nal procedures.
  • con­ta­ct requests and communication.
  • Con­trac­tu­al ser­vices and support.
  • Mana­ging and respon­ding to inquiries.

Legal Bases for the Processing

In the fol­lowing we inform you about the legal basis of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR), on the basis of which we pro­cess per­so­nal data. Plea­se note that, in addi­ti­on to the regu­la­ti­ons of the GDPR, the natio­nal data pro­tec­tion regu­la­ti­ons may app­ly in your coun­try or in our coun­try of resi­dence or domicile.

Con­sent (Arti­cle 6 (1) (a) GDPR) — The data sub­ject has given con­sent to the pro­ces­sing of his or her per­so­nal data for one or more spe­ci­fic purposes.

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR) — Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to ent­e­ring into a contract.

Com­pli­an­ce with a legal obli­ga­ti­on (Arti­cle 6 (1) © GDPR) — Pro­ces­sing is necessa­ry for com­pli­an­ce with a legal obli­ga­ti­on to which the con­trol­ler is subject.

Legi­ti­ma­te Inte­rests (Arti­cle 6 (1) (f) GDPR) — Pro­ces­sing is necessa­ry for the pur­po­ses of the legi­ti­ma­te inte­rests pur­sued by the con­trol­ler or by a third par­ty, except whe­re such inte­rests are over­rid­den by the inte­rests or fun­da­men­tal rights and free­doms of the data sub­ject which requi­re pro­tec­tion of per­so­nal data.

Secu­ri­ty Precautions

We take appro­pria­te tech­ni­cal and orga­ni­sa­tio­nal mea­su­res in accordance with the legal requi­re­ments, taking into account the sta­te of the art, the cos­ts of imple­men­ta­ti­on and the natu­re, scope, con­text and pur­po­ses of pro­ces­sing as well as the risk of vary­ing likeli­hood and seve­ri­ty for the rights and free­doms of natu­ral per­sons, in order to ensu­re a level of secu­ri­ty appro­pria­te to the risk.

The mea­su­res inclu­de, in par­ti­cu­lar, safe­guar­ding the con­fi­den­tia­li­ty, inte­gri­ty and avai­la­bi­li­ty of data by con­trol­ling phy­si­cal and elec­tro­nic access to the data as well as access to, input, trans­mis­si­on, secu­ring and sepa­ra­ti­on of the data. In addi­ti­on, we have estab­lis­hed pro­ce­du­res to ensu­re that data sub­jects’ rights are respec­ted, that data is era­sed, and that we are pre­pa­red to respond to data thre­ats rapidly. Fur­ther­mo­re, we take the pro­tec­tion of per­so­nal data into account as ear­ly as the deve­lo­p­ment or selec­tion of hard­ware, soft­ware and ser­vice pro­vi­ders, in accordance with the princip­le of pri­va­cy by design and pri­va­cy by default.

SSL encryp­ti­on (htt­ps): In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­si­ble way, we use SSL encryp­ti­on. You can reco­gni­ze such encryp­ted con­nec­tions by the pre­fix https:// in the address bar of your browser.

Trans­mis­si­on and Dis­clo­sure of Per­so­nal Data

In the con­text of our pro­ces­sing of per­so­nal data, it may hap­pen that the data is trans­fer­red to other pla­ces, com­pa­nies or per­sons or that it is dis­c­lo­sed to them. Reci­pi­ents of this data may inclu­de, for examp­le, pay­ment insti­tu­ti­ons wit­hin the con­text of pay­ment tran­sac­tions, ser­vice pro­vi­ders com­mis­sio­ned with IT tasks or pro­vi­ders of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal requi­re­ments will be respec­ted and in par­ti­cu­lar cor­re­spon­ding con­tracts or agree­ments, which ser­ve the pro­tec­tion of your data, will be con­clu­ded with the reci­pi­ents of your data.

Data Pro­ces­sing in Third Countries

If we pro­cess data in a third coun­try (i.e. out­side the Euro­pean Uni­on (EU), the Euro­pean Eco­no­mic Area (EEA)) or the pro­ces­sing takes place in the con­text of the use of third par­ty ser­vices or dis­clo­sure or trans­fer of data to other per­sons, bodies or com­pa­nies, this will only take place in accordance with the legal requirements.

Sub­ject to express con­sent or trans­fer requi­red by con­tract or law, we pro­cess or have pro­ces­sed the data only in third coun­tries with a reco­gnis­ed level of data pro­tec­tion, which inclu­des US pro­ces­sors cer­ti­fied under the “Pri­va­cy Shield” or on the basis of spe­cial gua­ran­tees, such as a con­trac­tu­al obli­ga­ti­on through so-cal­led stan­dard pro­tec­tion clau­ses of the EU Com­mis­si­on, the exis­tence of cer­ti­fi­ca­ti­ons or bin­ding inter­nal data pro­tec­tion regu­la­ti­ons (Arti­cle 44 to 49 GDPR, infor­ma­ti­on page of the EU Com­mis­si­on:

Use of Cookies

Coo­kies are text files that con­tain data from visi­ted web­sites or domains and are stored by a brow­ser on the user’s com­pu­ter. A coo­kie is pri­ma­ri­ly used to store infor­ma­ti­on about a user during or after his visit wit­hin an online ser­vice. The infor­ma­ti­on stored can inclu­de, for examp­le, the lan­guage set­tings on a web­site, the log­in sta­tus, a shop­ping bas­ket or the loca­ti­on whe­re a video was view­ed. The term “coo­kies” also inclu­des other tech­no­lo­gies that ful­fil the same func­tions as coo­kies (e.g. if user infor­ma­ti­on is stored using pseud­ony­mous online iden­ti­fiers, also refer­red to as “user IDs”).

The fol­lowing types and func­tions of coo­kies are distinguished:

  • Tem­pora­ry coo­kies (also: ses­si­on coo­kies): Tem­pora­ry coo­kies are dele­ted at the latest after a user has left an online ser­vice and clo­sed his browser.
  • Per­ma­nent coo­kies: Per­ma­nent coo­kies remain stored even after clo­sing the brow­ser. For examp­le, the log­in sta­tus can be saved or pre­fer­red con­tent can be dis­play­ed direct­ly when the user visits a web­site again. The inte­rests of users who are used for ran­ge mea­su­re­ment or mar­ke­ting pur­po­ses can also be stored in such a cookie.
  • First-Par­ty-Coo­kies: First-Par­ty-Coo­kies are set by ourselves.
  • Third par­ty coo­kies: Third par­ty coo­kies are main­ly used by adver­ti­sers (so-cal­led third par­ties) to pro­cess user information.
  • Necessa­ry (also: essen­ti­al) coo­kies: Coo­kies can be necessa­ry for the ope­ra­ti­on of a web­site (e.g. to save log­ins or other user inputs or for secu­ri­ty reasons).
  • Sta­tis­tics, mar­ke­ting and per­so­na­li­sa­ti­on coo­kies: Coo­kies are also gene­ral­ly used to mea­su­re a website’s reach and when a user’s inte­rests or beha­viour (e.g. viewing cer­tain con­tent, using func­tions, etc.) are stored on indi­vi­du­al web­sites in a user pro­fi­le. Such pro­files are used, for examp­le, to dis­play con­tent to users that cor­re­sponds to their poten­ti­al inte­rests. This pro­ce­du­re is also refer­red to as “tracking”, i.e. tracking the poten­ti­al inte­rests of users. . If we use coo­kies or “tracking” tech­no­lo­gies, we will inform you sepa­r­ate­ly in our pri­va­cy poli­cy or in the con­text of obtai­ning consent.

Infor­ma­ti­on on legal basis: The legal basis on which we pro­cess your per­so­nal data with the help of coo­kies depends on whe­ther we ask you for your con­sent. If this app­lies and you con­sent to the use of coo­kies, the legal basis for pro­ces­sing your data is your decla­red con­sent. Other­wi­se, the data pro­ces­sed with the help of coo­kies will be pro­ces­sed on the basis of our legi­ti­ma­te inte­rests (e.g. in a busi­ness ope­ra­ti­on of our online ser­vice and its impro­ve­ment) or, if the use of coo­kies is necessa­ry to ful­fill our con­trac­tu­al obligations.

Gene­ral infor­ma­ti­on on With­dra­wal of con­sent and objec­tion (Opt-Out): Respec­ti­ve of whe­ther pro­ces­sing is based on con­sent or legal per­mis­si­on, you have the opti­on at any time to object to the pro­ces­sing of your data using coo­kie tech­no­lo­gies or to revo­ke con­sent (collec­tively refer­red to as “opt-out”). You can initi­al­ly exp­lain your objec­tion using the set­tings of your brow­ser, e.g. by deac­ti­vat­ing the use of coo­kies (which may also restrict the func­tio­n­a­li­ty of our online ser­vices). An objec­tion to the use of coo­kies for online mar­ke­ting pur­po­ses can be rai­sed for a lar­ge num­ber of ser­vices, espe­cial­ly in the case of tracking, via the web­sites and In addi­ti­on, you can recei­ve fur­ther infor­ma­ti­on on objec­tions in the con­text of the infor­ma­ti­on on the used ser­vice pro­vi­ders and cookies.

Pro­ces­sed data types: Usa­ge data (e.g. web­sites visi­ted, inte­rest in con­tent, access times), Meta/communication data (e.g. device infor­ma­ti­on, IP addresses).

Data sub­jects: Users (e.g. web­site visi­tors, users of online services).

Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legi­ti­ma­te Inte­rests (Arti­cle 6 (1) (f) GDPR).

Com­mer­cial Services

We pro­cess data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­to­mers and inte­res­ted par­ties (collec­tively refer­red to as “con­trac­tu­al part­ners”) wit­hin the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­ti­ons­hips as well as asso­cia­ted actions and com­mu­ni­ca­ti­on with the con­trac­tu­al part­ners or pre-con­trac­tual­ly, e.g. to ans­wer inquiries.

We pro­cess this data in order to ful­fil our con­trac­tu­al obli­ga­ti­ons, safe­guard our rights and for the pur­po­ses of the admi­nis­tra­ti­ve tasks asso­cia­ted with this data and the busi­ness-rela­ted orga­ni­sa­ti­on. We will only pass on the data of the con­trac­tu­al part­ners wit­hin the scope of the app­li­ca­ble law to third par­ties inso­far as this is necessa­ry for the afo­re­men­tio­ned pur­po­ses or for the ful­film­ent of legal obli­ga­ti­ons or with the con­sent of the con­trac­tu­al part­ners (e.g. telecom­mu­ni­ca­ti­ons, trans­port and other auxi­li­a­ry ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice pro­vi­ders or tax aut­ho­ri­ties). The con­trac­tu­al part­ners will be infor­med about fur­ther pro­ces­sing, e.g. for mar­ke­ting pur­po­ses, as part of this pri­va­cy policy.

Which data are necessa­ry for the afo­re­men­tio­ned pur­po­ses, we inform the con­trac­ting part­ners befo­re or in the con­text of the data collec­tion, e.g. in on-line forms by spe­cial mar­king (e.g. colors), and/or sym­bols (e.g. aste­risks or the like), or personally.

We dele­te the data after expi­ry of sta­tu­to­ry war­ran­ty and com­pa­ra­ble obli­ga­ti­ons, i.e. in princip­le after expi­ry of 4 years, unless the data is stored in a cus­to­mer account or must be kept for legal rea­sons of archi­ving (e.g., as a rule 10 years for tax pur­po­ses). In the case of data dis­c­lo­sed to us by the con­trac­tu­al part­ner wit­hin the con­text of an assign­ment, we dele­te the data in accordance with the spe­ci­fi­ca­ti­ons of the assign­ment, in gene­ral after the end of the assignment.

If we use third-par­ty pro­vi­ders or plat­forms to pro­vi­de our ser­vices, the terms and con­di­ti­ons and pri­va­cy poli­ci­es of the respec­ti­ve third-par­ty pro­vi­ders or plat­forms shall app­ly in the rela­ti­ons­hip bet­ween the users and the providers.

Fur­ther infor­ma­ti­on on com­mer­cial ser­vices: We pro­cess the data of our cus­to­mers and cli­ents (her­ein­af­ter uni­form­ly refer­red to as “cus­to­mers”) in order to enab­le them to select, acqui­re or com­mis­si­on the selec­ted ser­vices or works and rela­ted tasks, as well as their pay­ment and deli­very, or exe­cu­ti­on or provision.

The requi­red details are iden­ti­fied as such wit­hin the frame­work of the con­clu­si­on of the order, order or com­pa­ra­ble con­tract and inclu­de the details requi­red for ser­vice pro­vi­si­on and invoi­cing as well as con­ta­ct infor­ma­ti­on in order to be able to hold any consultations.

Pro­ces­sed data types: Inven­to­ry data (e.g. names, addres­ses), Pay­ment Data (e.g. bank details, invoices, pay­ment histo­ry), Con­ta­ct data (e.g. e‑mail, tele­pho­ne num­bers), Con­tract data (e.g. con­tract object, dura­ti­on, cus­to­mer category).

Data sub­jects: Pro­spec­ti­ve cus­to­mers, Busi­ness and con­trac­tu­al partners.

Pur­po­ses of Pro­ces­sing: Con­trac­tu­al ser­vices and sup­port, con­ta­ct requests and com­mu­ni­ca­ti­on, Office and orga­ni­sa­tio­nal pro­ce­du­res, Mana­ging and respon­ding to inquiries.

Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Com­pli­an­ce with a legal obli­ga­ti­on (Arti­cle 6 (1) © GDPR), Legi­ti­ma­te Inte­rests (Arti­cle 6 (1) (f) GDPR).

Con­ta­c­ting us

When con­ta­c­ting us (e.g. by con­ta­ct form, e‑mail, tele­pho­ne or via social media), the data of the inqui­ring per­sons are pro­ces­sed inso­far as this is necessa­ry to ans­wer the con­ta­ct enqui­ries and any reques­ted activities.

The respon­se to con­ta­ct enqui­ries wit­hin the frame­work of con­trac­tu­al or pre-con­trac­tu­al rela­ti­ons­hips is made in order to ful­fil our con­trac­tu­al obli­ga­ti­ons or to respond to (pre)contractual enqui­ries and other­wi­se on the basis of the legi­ti­ma­te inte­rests in respon­ding to the enquiries.

Pro­ces­sed data types: Inven­to­ry data (e.g. names, addres­ses), Con­ta­ct data (e.g. e‑mail, tele­pho­ne num­bers), Con­tent data (e.g. text input, pho­to­graphs, videos).

Data sub­jects: Com­mu­ni­ca­ti­on part­ner (Reci­pi­ents of e‑mails, let­ters, etc.).

Pur­po­ses of Pro­ces­sing: con­ta­ct requests and communication.

Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legi­ti­ma­te Inte­rests (Arti­cle 6 (1) (f) GDPR).

Pro­vi­si­on of online ser­vices and web hosting

In order to pro­vi­de our online ser­vices secu­re­ly and effi­ci­ent­ly, we use the ser­vices of one or more web hos­ting pro­vi­ders from who­se ser­vers (or ser­vers they mana­ge) the online ser­vices can be acces­sed. For the­se pur­po­ses, we may use infra­st­ruc­tu­re and plat­form ser­vices, com­pu­ting capa­ci­ty, sto­rage space and data­ba­se ser­vices, as well as secu­ri­ty and tech­ni­cal main­ten­an­ce services.

The data pro­ces­sed wit­hin the frame­work of the pro­vi­si­on of the hos­ting ser­vices may inclu­de all infor­ma­ti­on rela­ting to the users of our online ser­vices that is collec­ted in the cour­se of use and com­mu­ni­ca­ti­on. This regu­lar­ly inclu­des the IP address, which is necessa­ry to be able to deli­ver the con­tents of online ser­vices to brow­sers, and all ent­ries made wit­hin our online ser­vices or from websites.

Collec­tion of Access Data and Log Files: We, our­sel­ves or our web hos­ting pro­vi­der, collect data on the basis of each access to the ser­ver (so-cal­led ser­ver log files). Ser­ver log files may inclu­de the address and name of the web pages and files acces­sed, the date and time of access, data volu­mes trans­fer­red, noti­fi­ca­ti­on of suc­cess­ful access, brow­ser type and ver­si­on, the user’s ope­ra­ting sys­tem, refer­rer URL (the pre­vious­ly visi­ted page) and, as a gene­ral rule, IP addres­ses and the reques­ting provider.

The ser­ver log files can be used for secu­ri­ty pur­po­ses, e.g. to avoid over­loading the ser­vers (espe­cial­ly in the case of abu­si­ve attacks, so-cal­led DDoS attacks) and to ensu­re the sta­bi­li­ty and opti­mal load balan­cing of the servers .

Pro­ces­sed data types: Con­tent data (e.g. text input, pho­to­graphs, vide­os), Usa­ge data (e.g. web­sites visi­ted, inte­rest in con­tent, access times), Meta/communication data (e.g. device infor­ma­ti­on, IP addresses).

Data sub­jects: Users (e.g. web­site visi­tors, users of online services).

Legal Basis: Legi­ti­ma­te Inte­rests (Arti­cle 6 (1) (f) GDPR).

Era­su­re of data

The data pro­ces­sed by us will be era­sed in accordance with the sta­tu­to­ry pro­vi­si­ons as soon as their pro­ces­sing is revo­ked or other per­mis­si­ons no lon­ger app­ly (e.g. if the pur­po­se of pro­ces­sing this data no lon­ger app­lies or they are not requi­red for the purpose).

If the data is not dele­ted becau­se they are requi­red for other and legal­ly per­mis­si­ble pur­po­ses, their pro­ces­sing is limi­ted to the­se pur­po­ses. This means that the data will be restric­ted and not pro­ces­sed for other pur­po­ses. This app­lies, for examp­le, to data that must be stored for com­mer­cial or tax rea­sons or for which sto­rage is necessa­ry to assert, exer­cise or defend legal claims or to pro­tect the rights of ano­t­her natu­ral or legal person.

Fur­ther infor­ma­ti­on on the era­su­re of per­so­nal data can also be found in the indi­vi­du­al data pro­tec­tion noti­ces of this pri­va­cy policy.

Chan­ges and Updates to the Pri­va­cy Policy

We kind­ly ask you to inform yourself regu­lar­ly about the con­tents of our data pro­tec­tion decla­ra­ti­on. We will adjust the pri­va­cy poli­cy as chan­ges in our data pro­ces­sing prac­ti­ces make this necessa­ry. We will inform you as soon as the chan­ges requi­re your coope­ra­ti­on (e.g. con­sent) or other indi­vi­du­al notification.

If we pro­vi­de addres­ses and con­ta­ct infor­ma­ti­on of com­pa­nies and orga­niz­a­ti­ons in this pri­va­cy poli­cy, we ask you to note that addres­ses may chan­ge over time and to veri­fy the infor­ma­ti­on befo­re con­ta­c­ting us.

Rights of Data Subjects

As data sub­ject, you are enti­t­led to various rights under the GDPR, which ari­se in par­ti­cu­lar from Arti­cles 15 to 18 and 21 of the GDPR:
Right to Object: You have the right, on grounds ari­sing from your par­ti­cu­lar situa­ti­on, to object at any time to the pro­ces­sing of your per­so­nal data which is based on let­ter (e) or (f) of Arti­cle 6(1) GDPR , inclu­ding pro­filing based on tho­se provisions.Where per­so­nal data are pro­ces­sed for direct mar­ke­ting pur­po­ses, you have the right to object at any time to the pro­ces­sing of the per­so­nal data con­cer­ning you for the pur­po­se of such mar­ke­ting, which inclu­des pro­filing to the extent that it is rela­ted to such direct marketing.

Right of with­dra­wal for cons­ents: You have the right to revo­ke cons­ents at any time.
Right of access: You have the right to request con­fir­ma­ti­on as to whe­ther the data in ques­ti­on will be pro­ces­sed and to be infor­med of this data and to recei­ve fur­ther infor­ma­ti­on and a copy of the data in accordance with the pro­vi­si­ons of the law.
Right to rec­ti­fi­ca­ti­on: You have the right, in accordance with the law, to request the com­ple­ti­on of the data con­cer­ning you or the rec­ti­fi­ca­ti­on of the incor­rect data con­cer­ning you.
Right to Era­su­re and Right to Restric­tion of Pro­ces­sing: In accordance with the sta­tu­to­ry pro­vi­si­ons, you have the right to demand that the rele­vant data be era­sed immedia­te­ly or, alter­na­tively, to demand that the pro­ces­sing of the data be restric­ted in accordance with the sta­tu­to­ry provisions.
Right to data por­ta­bi­li­ty: You have the right to recei­ve data con­cer­ning you which you have pro­vi­ded to us in a struc­tu­red, com­mon and machi­ne-read­a­ble for­mat in accordance with the legal requi­re­ments, or to request its trans­mis­si­on to ano­t­her controller.
Com­p­laint to the super­vi­so­ry aut­ho­ri­ty: You also have the right, under the con­di­ti­ons laid down by law, to lodge a com­p­laint with a super­vi­so­ry aut­ho­ri­ty, in par­ti­cu­lar in the Mem­ber Sta­te of your habi­tu­al resi­dence, place of work or place of the alle­ged infrin­ge­ment if you con­si­der that the pro­ces­sing of per­so­nal data rela­ting to you infrin­ges the GDPR.

Ter­mi­no­lo­gy and Definitions

This sec­tion pro­vi­des an over­view of the terms used in this pri­va­cy poli­cy. Many of the terms are drawn from the law and defi­ned main­ly in Arti­cle 4 GDPR. The legal defi­ni­ti­ons are bin­ding. The fol­lowing explana­ti­ons, on the other hand, are inten­ded abo­ve all for the pur­po­se of com­pre­hen­si­on. The terms are sor­ted alphabetically.

Con­trol­ler: “Con­trol­ler” means the natu­ral or legal per­son, public aut­ho­ri­ty, agen­cy or other body which, alo­ne or joint­ly with others, deter­mi­nes the pur­po­ses and means of the pro­ces­sing of per­so­nal data.
Per­so­nal Data: “per­so­nal data” means any infor­ma­ti­on rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son (“data sub­ject”); an iden­ti­fia­ble natu­ral per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­ti­cu­lar by refe­rence to an iden­ti­fier such as a name, an iden­ti­fi­ca­ti­on num­ber, loca­ti­on data, an online iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­ti­ty of that natu­ral person.
Pro­ces­sing: The term “pro­ces­sing” covers a wide ran­ge and prac­ti­cal­ly every hand­ling of data, be it collec­tion, eva­lua­ti­on, sto­rage, trans­mis­si­on or erasure.