Declaration of Privacy Policy

This Privacy Policy informs you as to the nature, scope and purpose of the processing of personal data (hereinafter referred to as 'Data') within our online offering and related websites, features and content (collectively referred to as 'Online Offering').

Controller:
Prof. Dr. Gudrun Frank
Am Moor 15, 28870 Ottersberg, Germany
Email: contact@exprobico.de | Web: www.exprobico.de
Imprint: exprobico.de/imprint

Types of processed data:
• Inventory data (e.g., names, addresses).
• Contact information (e.g., e-mail, phone numbers).
• Content data (e.g., text input, photographs, videos).
• Usage data (e.g., websites visited, interest in content, access times).
• Meta / communication data (e.g., device information, IP addresses).

Categories of affected persons: Visitors and users of the online offer (referred to as 'users').

With regard to terminology, we refer to the definitions in Art. 4 of the GDPR:
• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, whether or not by automated means.
• Pseudonymisation: Processing data so it can no longer be attributed to a specific subject without additional information.
• Profiling: Automated processing to evaluate personal aspects (job performance, interests, behavior, etc.).
• Controller: The entity that decides on the purposes and means of processing.

In accordance with Art. 13 GDPR, we inform you of our legal bases:
• Consent: Art. 6 (1) lit. a and Art. 7 GDPR.
• Contract/Pre-contract: Art. 6 (1) lit. b GDPR.
• Legal Obligation: Art. 6 (1) lit. c GDPR.
• Legitimate Interests: Art. 6 (1) lit. f GDPR (e.g., safety, marketing).

In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure confidentiality, integrity and availability. This includes controlling physical access, input, disclosure, and separation. We consider data protection at the development stage (Art. 25 GDPR) through technology design and privacy-friendly default settings.

Disclosure to third parties (contract processors) only occurs based on legal permission (Art. 6 (1) lit. b GDPR), your consent, a legal obligation, or our legitimate interests. Data processing in third countries (outside EU/EEA) occurs only under the special conditions of Art. 44 ff. GDPR (e.g., officially recognized level of protection or standard contractual clauses).

You have the right to:
• Information: Confirmation and a copy of relevant data (Art. 15 GDPR).
• Correction: Completion or correction of data (Art. 16 GDPR).
• Deletion: Immediate erasure (Art. 17 GDPR) or restriction (Art. 18 GDPR).
• Portability: Receive data and transmit to others (Art. 20 GDPR).
• Revocation & Objection: Revoke consent (Art. 7 (3)) and object to future processing (Art. 21).
• Complaint: File with a supervisory authority (Art. 77 GDPR).

We use temporary (session) and permanent cookies. If you do not want cookies stored, please disable them in your browser. General contradiction against marketing tracking can be declared via aboutads.info (US) or youronlinechoices.com (EU).

Data is deleted once no longer required for its purpose. Statutory storage requirements apply:
• Germany: 10 years for books/records (§ 147 AO, § 257 HGB); 6 years for commercial letters.
• Austria: 7 years for accounting documents (§ 132 BAO); up to 22 years for real estate documentation.

We process data from customers, prospects, and business partners for conceptual consulting, software/design development, and training services. As an agency, we process stock, contact, and contract data. When acting as a processor, we act strictly according to the client's instructions per Art. 28 GDPR. Storage necessity is reviewed every three years; otherwise, statutory archiving applies.