GDPR — Michael Gaschnig | Sales Excellence

Privacy Policy / GDPR

With this privacy policy, we would like to inform you about the type, scope, and purpose of the processing of personal data (hereinafter also referred to simply as "data") on our part. Personal data are all data that have a personal reference to you, e.g., name, address, email address, or your user behavior. This privacy policy applies to all data processing operations carried out by us, both in the context of our core activities and for the online media we hold.

Who is responsible for data processing at our company Responsible for data processing is:

MG
Michael Gaschnig
Prinz Karl Weg 5a
86159 Augsburg

Contact details of our data protection officer You can reach our data protection officer by email at gdpr@gaschnig.com or at our postal address with the addition "to the data protection officer."

Processing of your data within the scope of the educational and training services we provide If you participate in our educational and training services or are interested in our services, the type, scope, and purpose of the processing of your data depend on the contractual or pre-contractual relationships that exist between us. In this sense, the data we process includes all those data that are provided or have been provided by you for the purpose of using the contractual or pre-contractual services and are needed to process your request or the contract concluded between us. This also includes the performance evaluation and evaluation of our services and the teaching staff. Unless otherwise stated in the further information of this privacy policy, the processing of your data and their disclosure to third parties are limited to those data that are necessary and expedient for answering your inquiries and/or for fulfilling the contract concluded between you and us, for safeguarding our rights as well as for fulfilling legal obligations. We will inform you which data are required before or during data collection. Insofar as we use third-party providers to provide our services, the privacy notices of the respective third-party providers apply.

Special categories of data

If you participate in our training and educational services or make an inquiry with us because you are interested in the training and educational services we offer, special categories of data may also be affected by the processing. This includes in particular information about your health, as well as information from which your political opinions or religious or philosophical beliefs can be inferred (Art. 9 (1) GDPR). We process these data exclusively for educational services, to protect your health, social protection, or vital interests. If we need the aforementioned information for purposes other than those mentioned, we will inform you in detail before processing these data and subsequently obtain your explicit consent.

If it is necessary for the fulfillment of the contract concluded between us, for training services, to protect your health, social protection, or vital interests, we may also transmit your data to third parties, such as authorities or tax consultants.

Affected data:

Inventory data (e.g., names, addresses) Payment data (e.g., banking details, invoices) Contact data (e.g., email address, telephone number, postal address) Contract data (e.g., subject matter of the contract, duration of the contract) Special categories of personal data:

Health data Data from which religious or political convictions can be inferred Affected persons: Pupils, trainees, students, interested parties, business and contractual partners

Purpose of processing: Processing of contractual services, communication as well as answering contact inquiries, office and organizational procedures

Legal basis: Contract fulfillment and pre-contractual inquiries, Art. 6 (1) lit. b GDPR, legal obligation, Art. 6 (1) lit. c GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

Your rights under the GDPR Under the GDPR, you have the following rights, which you can assert at any time with the responsible person named in Section 1 of this privacy policy:

Right to information: You have the right to request information from us about whether and what data we process from you. Right to rectification: You have the right to request the correction of incorrect or completion of incomplete data. Right to deletion: You have the right to request the deletion of your data. Right to restriction: In certain cases, you have the right to request that we only process your data in a restricted manner. Right to data portability: You have the right to request that we transfer your data to you or another responsible party in a structured, common, and machine-readable format. Right to complain: You have the right to complain to a supervisory authority. The supervisory authority responsible for you is the one of your usual place of residence, your place of work, or our company headquarters. Right to revoke You have the right to revoke your consent to data processing at any time.

Right to object You have the right to object at any time to the processing of your data, which we base on our legitimate interest according to Art. 6 (1) lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms.

Regardless of the foregoing, you have the right to object at any time to the processing of your personal data for advertising and data analysis purposes.

Please address your objection to the contact address of the responsible person mentioned above.

When do we delete your data? We delete your data when we no longer need them or if you instruct us to do so. This means that - unless otherwise stated in the individual data protection notices of this privacy policy - we delete your data,

when the purpose of data processing has ceased to exist and thus the respective legal basis mentioned in the individual data protection notices no longer applies, e.g., after termination of the contractual or membership relationships existing between us (Art. 6 (1) lit. a GDPR) or after our legitimate interest in further processing or storage of your data ceases to exist (Art. 6 (1) lit. f GDPR), if you make use of your right to revoke and no other legal basis for processing within the meaning of Art. 6 (1) lit. b-f GDPR applies, if you make use of your right to object and there are no overriding legitimate grounds for deletion. However, if we (certain parts of) your data must still be retained for other purposes, because this is required, for example, by tax retention periods (usually 6 years for business correspondence or 10 years for booking documents) or the assertion, exercise, or defense of legal claims from contractual relationships (up to four years) or the data are needed to protect the rights of another natural or legal person, we will delete (the part of) your data only after these periods have expired. Until the expiry of these periods, we restrict the processing of these data to these purposes (fulfillment of retention obligations).

Cloud services

We use cloud services in particular for storing and processing documents, for sending documents by email or for exchanging files of any kind, for our calendar management, for preparing and executing presentations and spreadsheets, for publishing files of any kind, for internal and external communication by means of chats, audio, and video conferences. The software applications that we use for these purposes are provided to us by the provider(s) below on their servers. We access these servers via the Internet. Insofar as you transmit your data to us in the context of communication with us or in other processes explained by us within this privacy policy, we process these data in the cloud service used by us. This means that your data are stored on the servers of the cloud service third-party provider. The third-party providers process usage and metadata for securing their servers and for optimizing their services. We process and store in particular your contact, customer, and contract data.

If we make files of any kind publicly available via our internet presence using the cloud service used by us, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way to analyze your usage behavior or your browser settings.

We point out that depending on the country of residence of the provider mentioned below, the data specified in more detail below may be transferred and processed on servers outside the territory of the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be complied with and the enforcement of your rights may not be possible or may be more difficult. If the service provider used by us offers data processing exclusively within the EU, we intend - if not already implemented - to process your data exclusively there.

Affected data:

Inventory data (e.g., names, addresses), Contact data (e.g., email addresses, telephone and mobile phone numbers) Content data (e.g., photos, videos, texts), Usage data (e.g., times of access, visited websites, interest in content), Metadata (e.g., IP address, computer system information) Affected persons: Interested parties, communication partners, customers, employees (e.g., applicants, current and former employees)

Purpose of processing: Organization of office and administrative tasks

Legal basis: Consent, Art. 6 (1) lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 (1) lit. b GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

Used cloud service providers:

Google Cloud Services

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Website: https://cloud.google.com/ Privacy policy: https://www.google.com/policies/privacy

Cookies Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are stored and saved on the device you are using. Cookies primarily serve to exchange information between the device you are using and our website. This includes, among other things, the language settings on a website, the login status, or the point at which a video was watched.

Two types of cookies are used when visiting our websites:

Temporary cookies (session cookies): These store a so-called session ID, which allows various requests from your browser to be assigned to the common session. Session cookies are deleted when you log out or close your browser. Permanent cookies: Permanent cookies remain saved even after the browser is closed. This allows our website to recognize your computer when you return to our website. For example, information about language settings or login information is stored in these cookies. In addition, these cookies can document and store your surfing behavior. These data can be used for statistics, marketing, and personalization purposes. In addition to the above classification, cookies can also be differentiated in terms of their purpose:

Necessary cookies: These are cookies that are absolutely necessary for the operation of our website, to store logins or shopping carts for the duration of your session, or cookies that are set for security reasons. Statistics, marketing, and personalization cookies: These are cookies used for analysis purposes or reach measurement. In particular, information about entered search terms or the frequency of page views can be stored in such "tracking" cookies. In addition, the surfing behavior of an individual user (e.g., viewing certain content, using functions, etc.) can be stored in a user profile. Such profiles are used to show users content that corresponds to their potential interests. If we use services that store cookies on your device for statistics, marketing, and personalization purposes, we will inform you separately in the following sections of our privacy policy or in the context of obtaining your consent. Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address). Affected persons: Users of our online offers

Purpose of processing: Displaying our web pages, ensuring the operation of our web pages, improving our web offer, communication, and marketing

Legal basis: Legitimate interest, Art. 6 (1) lit. f GDPR If we do not obtain your consent to the setting of cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our internet presence, especially the contents and functions. You have the option to object to the use of cookies set by us within the scope of our legitimate interest via your browser's security settings. There, you have the option to specify whether you do not accept cookies from the outset or only on request, or whether you want cookies to be deleted every time you close your browser. If cookies for our website are disabled, it may no longer be possible to fully use all functions of the website.

Web hosting We use a provider to host our internet pages, on whose server our internet pages are stored and made available for retrieval on the internet (hosting). The provider can process all those data transmitted by your browser that arise when you use our internet pages. This includes, in particular, your IP address, which the provider needs to be able to deliver our online offer to the browser you are using, as well as all entries you have made via our internet page. In addition, the provider used by us can

the date and time of access to our internet page time zone difference to Greenwich Mean Time (GMT) access status (HTTP status) the transferred data volume the internet service provider of the accessing system the type and version of browser you use the operating system you use the internet page from which you may have accessed our internet page the pages or subpages which you visit on our internet page. collect. The aforementioned data are stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our internet page.

Affected data:

Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address) Affected persons: Users of our internet presence

Purpose of processing: Displaying our internet pages, ensuring the operation of our internet pages

Legal basis: Legitimate interest, Art. 6 (1) lit. f GDPR

Commissioned web hoster:

Squarespace

Service provider: Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland Website: https://de.squarespace.com/ Privacy policy: https://de.squarespace.com/data-privacy

Contacting us If you contact us via email, social media, telephone, fax, post, our contact form, or otherwise and provide us with personal data such as your name, telephone number, or email address, or make further personal details about yourself or your concern, we process these data to respond to your request within the existing pre-contractual or contractual relationships between us.

Affected data:

Inventory data (e.g., names, addresses) Contact data (e.g., email address, telephone number, postal address) Content data (texts, photos, videos) Contract data (e.g., subject matter of the contract, duration of the contract) Affected persons: Interested parties, customers, business, and contractual partners

Purpose of processing: Communication and answering contact inquiries, office and organizational procedures

Legal basis: Contract fulfillment and pre-contractual inquiries, Art. 6 (1) lit. b GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

Newsletter We regularly send out a newsletter to inform our customers and business partners and interested parties about our offers and related news. You have the option to subscribe to our newsletter on our website and consent to receiving the newsletter as part of the registration process. If you subscribe to our newsletter, providing your email address is mandatory. We store your email address in order to send you the newsletter. The provision of further data, such as title or name, is voluntary and is used to address you personally. As soon as you subscribe to our newsletter, you will receive a confirmation email at the email address provided during registration in the so-called double-opt-in procedure. This email contains a link. When you click on this link, you confirm that you wish to receive the newsletter. This ensures that your email address was not misused by a third party during registration. For the same reason, we store the date and time of registration and the IP address assigned to you at the time of registration. We do not pass on the aforementioned data to third parties.

Evaluation of user behavior

If you have consented to this, we evaluate your user behavior when sending the newsletter. For this purpose, our newsletters contain tracking pixels and tracking links. This allows us to recognize if and when you have opened the newsletter and if and which links you have clicked in the newsletter.

Purpose: We evaluate the newsletter as described above to be able to statistically evaluate the success or failure of our newsletter.

Legal basis: The legal basis for processing your data is Art. 6 (1) lit. a GDPR.

Prevention: You can revoke your consent to receive the newsletter at any time using the options mentioned above.

Deletion: We delete your data after revocation.

Affected data:

Purpose of processing: Displaying our internet pages, ensuring the operation of our internet pages

Legal basis: Consent, Art. 6 (1) lit. a GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

Deletion: The deletion of the email address takes place either if you have not clicked the confirmation link in the double-opt-in procedure within 1 month after sending the confirmation email or immediately after you unsubscribe from our newsletter.

Revocation: You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter subscription. We offer the following options through which you can declare the revocation:

Click on the link provided for this purpose in the newsletter Advertising by email, post, or telephone We process personal data for our promotional communication by email, post, or telephone. You can object to receiving our promotional measures at any time or revoke the consent previously given to receive our promotional communication at any time. To be able to prove that you gave your consent in case of doubt after your objection/revocation, we can store your data for up to 4 years after your objection/revocation. We will not use your data for other purposes after your objection/revocation. If you want us to delete your data earlier, we will do so after you have confirmed that you originally gave us consent.

Affected data:

Contact data (e.g., email, telephone number, postal address) Inventory data (e.g., names, addresses) Affected persons: Communication partners

Purpose of processing: Direct promotional measures (marketing) by email, post, or telephone

Legal basis: Consent, Art. 6 (1) lit. a GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

The plugins of third-party providers we use We have embedded plugins in the form of "social media buttons" of the providers we use on our website. You can recognize which plugin belongs to which provider by the respective logo with which the plugin is marked. When you access a page of our online presence on which such a plugin is implemented, a connection between your browser and the servers of the provider is automatically established, and a cookie is set on the device you are using by the provider. Data transmission can also take place if you do not have an account with the respective operator of the social network or if you have an account there but are not logged in at the moment of visiting our website. In addition, data is transferred to the provider as a result of further interactions with the respective social plugin (e.g., clicking the "Like" button on Facebook, retweet button on Twitter).

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address) Affected persons: Users of our internet presence

Purpose of processing: Displaying our internet pages, offering content, ensuring the operation of our internet pages

Legal basis: Consent via cookie consent banner, Art. 6 (1) lit. a GDPR, legitimate interests, Art. 6 (1) lit. f GDPR

We use the following plugins:

Service provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA Location in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich Website: https://www.linkedin.com/?trk=nav_logo Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

Our online presences on social networks We operate online presences within the social networks listed below. When you visit one of these presences, the provider of the platform collects and processes the data specified in more detail below. In general, these data are collected for advertising and market research purposes and usage profiles are created. Usage profiles can be stored regardless of the device you use. This is especially the case if you are a member of the respective platform and logged in to it. The usage profiles can be used by the providers to show you interest-based advertising. You have a right to object to the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in to our website while logged in, the respective provider can collect data about your usage behavior on our website. To prevent such linking of your data, you can log out of the service of the provider before visiting our page.

For what purpose and to what extent data is collected by the provider, you can find out from the respective, below-listed privacy policies of the providers.

We would like to point out that depending on the country of residence of the provider mentioned below, the data collected via its platform may be transferred and processed outside the territory of the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be complied with and the enforcement of your rights may not be possible or may be more difficult.

Affected data:

Inventory and contact data (e.g., name, address, telephone number, email address) Content data (e.g., posts, photos, videos) Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address). Purpose of processing: Communication and marketing, tracking and analysis of user behavior

Legal basis: Consent, Art. 6 (1) lit. a GDPR, legitimate interests Art. 6 (1) lit. f GDPR

Options to object: For the respective options to object (opt-out), we refer to the information provided by the providers linked below.

We maintain online presences on the following social networks:

Online meetings, video conferences, and screen sharing We use offers from third-party providers to enable online meetings, conference calls via video and/or audio, and online seminars among employees as well as with interested parties or customers. If you communicate with us using such a service, the data collected in this communication process are processed by both us and the third-party provider. The data that can arise in such a communication process include, in particular, your registration and contact data, contributions in the chat window, your video and audio contributions as well as shared screen contents. The data processed by the third-party provider we use primarily include user data and metadata (e.g., IP address, computer system information). In general, third-party providers process this data to check and ensure the security of the service. In addition, findings from data processing should be used to optimize the offer of the third-party provider and to carry out corresponding marketing measures. Please note the privacy notices of the third-party provider in this regard.

We would like to point out that depending on the country of residence of the service provider mentioned below, the data collected via the service may be transferred and processed outside the territory of the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be complied with and the enforcement of your rights may not be possible or may be more difficult.

Affected data:

Inventory data (e.g., names, addresses) Contact details (e.g., email address, telephone number) Shared content (e.g., photos, videos, texts, audio recordings) User data (e.g., times of access, visited websites, interest in content) Meta and communication data (e.g., IP address, computer system information) Affected persons: Interested parties, customers, communication partners

Purpose of processing: Processing of contact inquiries, internal and external communication with employees as well as interested parties and customers, fulfillment of our contractual services, service offer

Legal basis: Consent, Art. 6 (1) lit. a GDPR, contract fulfillment and pre-contractual inquiries, Art. 6 (1) lit. b GDPR, legitimate interest, Art. 6 (1) lit. f GDPR

Services we use: Discord

Offered services: Video conferences, instant messaging, chat, voice conferences Service provider: Discord Inc., 444 De Haro St, Suite 200, San Francisco, California 94107, USA Website: https://discord.com/new Privacy policy: https://discord.com/new/privacy

Google Meet (formerly Google Hangouts)

Offered services: Video conferences, chats, instant messaging Service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland Parent company: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Website: https://gsuite.google.com/intl/de/ Privacy policy: https://policies.google.com/privacy?hl=de

Microsoft Teams

Offered services: Video conferences, chats, voice conferences Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA Website: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/group-chat-software Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

Zoom

Offered services: Video conferences, voice conferences, chats Service provider: Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA Website: https://zoom.us/de-de/meetings.html Privacy policy: https://zoom.us/de-de/privacy.html

Content services We use certain services to display specific content or graphics (videos, images, music, fonts, map material) on our internet presence. The services we use process the IP address assigned to you at the time of your visit to our internet pages, as this is the only way the respective content can be displayed in the browser you are using. In addition, the providers of these services can set further cookies on your end device, which collect information about your usage behavior, your interests, the device and browser you are using as well as the time and duration of your session. The providers regularly use this data for analysis, statistics, and marketing purposes. In addition, this information can also be combined with information from other sources. This applies in particular if you yourself maintain an account with the service provider and are logged in to it at the time of the session.
We point out that depending on the country of residence of the service provider mentioned below, the data specified in more detail below may be transferred and processed on servers outside the territory of the European Union. In this case, there is a risk that the level of data protection required by the GDPR may not be complied with and the enforcement of your rights may not be possible or may be more difficult.

Affected data:

Usage data (e.g., access times, clicked websites) Communication data (e.g., information about the device used, IP address) Affected persons: Users of our internet presence

Purpose of processing: Displaying our internet pages, offering content, ensuring the operation of our internet pages

Legal basis: Consent via cookie consent banner, Art. 6 (1) lit. a GDPR, legitimate interests, Art. 6 (1) lit. f GDPR

We use the following content services:

YouTube

We use components from YouTube on this website to embed videos on our internet pages so that they can be played via your internet browser when you visit our internet pages. During your visit to our internet pages, both YouTube and Google are informed about which page or subpage you have visited by transmitting your IP address to Google's external servers in the USA. This information transfer takes place regardless of whether the displayed videos are actually viewed or clicked on or whether you are logged in to your YouTube or Google account. This information is collected and assigned to your Google account if you are logged in there while visiting our internet pages.

Service provider: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA Website: https://www.youtube.com/ Privacy policy: https://policies.google.com/privacy Opt-out option: https://tools.google.com/dlpage/gaoptout?hl=de

Security measures Furthermore, we take technical and organizational security measures according to the state of the art to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulations, partial or complete loss, destruction, or against unauthorized access by third parties.

Currency and amendment of this privacy policy This privacy policy is currently valid and has the status of February 2024. Due to changed legal or official requirements, it may be necessary to adapt this privacy policy.

This privacy policy was created with the help of the privacy policy generator from SOS Recht. SOS Recht is an offer of Mueller.legal Rechtsanwälte Partnerschaft based in Berlin.

Privacy Policy / GDPR

Connect with me on LinkedIn