Privacy Policy

(Version: 23/04/2026)

Welcome to our website. In the following, we would like to explain which personal data we process, in what way we process this personal data, and which rights you have with regard to this processing. The protection of your personal data during collection and processing is an important concern for us. Insofar as personal data is processed within the framework of our website or connected services (e.g. webshop, newsletter, webinars), this is done in accordance with the provisions set out below.

1 Controller for data processing

The controller for data processing is

Helbling Verlagsgesellschaft m.b.H.
6063 Rum near Innsbruck
Kaplanstraße 9
Austria

We have appointed a data protection officer for our company. You can reach our data protection officer at the above address and at privacy [at] helbling.com (privacy[at]helbling[dot]com). If you have any questions regarding data processing, please contact our data protection officer. Please also note our country information (see section 6.1 below).

2 Your rights in relation to data processing carried out by us

We will be pleased to provide you with information as to whether and which of your personal data we process and for what purposes (Article 15 General Data Protection Regulation). In addition, under the respective legal requirements, you are entitled to the right to rectification (Article 16 General Data Protection Regulation), the right to restriction of processing (Article 18 General Data Protection Regulation), the right to erasure (Article 17 General Data Protection Regulation), and the right to data portability (Article 20 General Data Protection Regulation).

If our data processing is based on your consent within the meaning of Article 6(1)(a) General Data Protection Regulation, you may withdraw this consent at any time freely and without stating reasons (Article 7(3) General Data Protection Regulation).

Right to object: Likewise, you may object at any time to the processing of your data for direct marketing purposes (Article 21(2) General Data Protection Regulation). Furthermore, for reasons arising from your particular situation, you may also object to other processing of your data that is carried out in order to safeguard legitimate interests (Article 21(2) General Data Protection Regulation).

The exercise of your rights described above is free of charge for you. To exercise your above rights, please contact our data protection officer.

Without prejudice to these rights and the possibility of asserting another administrative or judicial remedy, you also have the possibility of lodging a complaint with a supervisory authority. The supervisory authority responsible for us is:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40-42
1030 Vienna
Austria
Telephone: +43 1 52 152-0
Email address: dsb [at] dsb.gv.at (dsb[at]dsb[dot]gv[dot]at)

3 Data security

We have taken extensive technical and organizational measures to protect your personal data against manipulation, loss, destruction, or access by unauthorized third parties.

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. The security measures and systems are continuously adapted in line with technological developments.

If, when concluding a paid contract, we ask you to transmit your payment data to us (e.g. account number in the case of direct debit authorization), this data is required for payment processing. Payment transactions are carried out exclusively via an encrypted SSL or TLS connection.

We point out that data transmission on the Internet (e.g. the sending of emails) may have security gaps. Complete protection of data transfer against third parties is not possible for us in this case, which is why we recommend postal mail for confidential information.

4 Automated decision-making (including profiling)

We do not process your personal data within the framework of a procedure for automated decision-making (including profiling) within the meaning of Art. 22 GDPR and do not intend to carry out such processing.

5 Recipients of data

We transfer your data to third parties in the following cases:

Where we specifically state this in this privacy policy.
Where we use processors to fulfill the purposes specified by us, we transfer personal data to these processors. In this case, the legal basis is Art. 28 GDPR.
Where this is necessary to fulfill our contractual obligations, e.g. in particular to the commissioned credit institution, for invoicing, or to the commissioned postal service provider in the event of postal dispatch. In this case, the legal basis is Art. 6(1)(b) GDPR.
Where this is necessary to fulfill a legal obligation incumbent upon us, such as in the case of required notifications to competent law enforcement and tax authorities. In this case, the legal basis is Art. 6(1)(c) GDPR.
Where this is necessary to safeguard legitimate interests. Our legitimate interests include, in particular, the proper conduct of our business operations (such as the disclosure of data to the postal service in connection with postal dispatch) and the defense and assertion of our legal claims (such as the disclosure of data to our legal advisers). In this case, the legal basis is Art. 6(1)(f) GDPR.

If, in the context of transferring data to third parties, a transfer to a third country should take place, we ensure in accordance with Art. 44 et seq. GDPR that there is a sufficient legal basis for such transfer. This may either consist of an adequacy decision by the Commission of the European Union, Art. 45(1) GDPR, or appropriate safeguards, Art. 46(2) GDPR. In rare exceptional cases, a transfer pursuant to Art. 49 GDPR is also conceivable.

6 Collection and processing of user data

6.1 Country information

The website uses country-of-origin recognition for both non-registered and registered users. This is necessary due to country-specific sales restrictions for certain products. Based on the country preference, it is also possible to display products relevant to a particular market (e.g. teaching and learning materials suitable for the national education system) and to reduce incorrect purchases. Users can change the country preference themselves at any time. Please refer to the product descriptions for information on any shipping restrictions.

The legal basis for processing is Art. 6(1)(f) GDPR. The legitimate interests pursued by us are the prevention of misuse, the provision of a user-friendly application, and the optimization of our offering.

6.2 HELBLING account and user profile

The HELBLING account serves to enable authorized access to applications (e.g. webshop functions of the website). The provision of personal data is required for the creation and use of the account so that we can correctly assign the account to you (first name, last name, email address, username, password). Additional information may be required for the use of an application, for which an application-specific profile is created (e.g. selection of the user role or indication of the country preference). The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

Additional functions offered by the website profile include the storage of your information (e.g. delivery address), so that you do not have to enter it again with each order, and an overview of your previous orders as a registered user.

The legal basis for the processing of this data is the initiation and performance of the contract concluded between you and us regarding the creation and use of the account, i.e. Article 6(1)(b) General Data Protection Regulation. We will retain the data until your registration is deleted. Statutory retention periods remain unaffected.

You can delete your HELBLING account and website profile at any time; by doing so, you also terminate the user agreement. Please remember to save yourself any data that you personally wish to keep from the user account and website profile before deletion.

6.3 Management of contact and customer data

We process personal data for the purpose of centrally managing contact and customer data, processing inquiries, maintaining customer relationships, documenting communication histories, and organizing sales and service processes. For this purpose, we use a CRM system with which we consolidate personal data collected via various channels, such as: contact data (e.g. name, email address), organizational data (e.g. school/institution, role, interests where provided), communication data (e.g. inquiries, support contacts), contract and order data (where applicable), as well as interaction data (e.g. newsletter subscription status, event/webinar participation).

The legal basis for this processing is either your express consent, Article 6(1)(a) GDPR, or the implementation of pre-contractual measures or a contract concluded between you and us, Article 6(1)(b) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR, namely our legitimate interest in the proper conduct of our business operations, efficient customer support, documentation, and optimization of our internal processes.

6.4 Purchases on our website

If you make purchases in our webshop on our website, we must ask you to provide certain information. This includes in particular your name, postal address, username, password, and email address. Without this information, we would not be able to process the purchase and send or provide you with the desired product.

For direct payment processing, we use the payment service providers Stripe and PayPal.

By default, direct payment processing for your order is carried out via Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Your payment data is transmitted directly to Stripe Payments and is not stored by us. Please note that after we transmit the data, the payment process is carried out by Stripe under its own responsibility, in particular also on the basis of the contractual relationship existing between you and Stripe. Information on which of your data Stripe processes under its own responsibility, for what purposes, to whom Stripe discloses your data in this context, and how Stripe ensures the protection of your personal data can be found in Stripe’s privacy policy, available at https://stripe.com/privacy.

If you choose to pay via PayPal, you will be redirected to the website of PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. There, your stored payment data is used for payment processing, and the payment confirmation together with your email address and invoice data is transmitted back to us. We do not have access to your payment data. Please note that after we transmit the data, the payment process is carried out by PayPal under its own responsibility, in particular also on the basis of the contractual relationship existing between you and PayPal. Information on which of your data PayPal processes under its own responsibility, for what purposes, to whom PayPal discloses your data in this context, and how PayPal ensures the protection of your personal data can be found in PayPal’s privacy policy, available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

If, in the case of your order, the contractual partner pursuant to section 2 of the General Terms and Conditions (for orders from Germany) is HELBLING Verlag GmbH or (for orders from Switzerland, Liechtenstein, Büsingen, and Livigno) HELBLING Verlag AG, we transfer your data to the respective sister company. This company processes your data for contract performance and is responsible for data protection in this regard.

Our sister companies in Germany and Switzerland are:

HELBLING Verlag GmbH
Martinstraße 42-44
73728 Esslingen am Neckar
Germany
Telephone: +49 (711) 758701-0
Email address: service [at] helbling.com (service[at]helbling[dot]com)
Data Protection Officer of HELBLING Deutschland GmbH: Mario Leidel, Martinstraße 42-44, 73728 Esslingen, Email: m.leidel [at] helbling.com (m[dot]leidel[at]helbling[dot]com)

HELBLING Verlag AG
Aemmenmattstrasse 43
3123 Belp
Switzerland
Telephone: +41 (31) 812 22 28
Email address: mail [at] helbling.com (mail[at]helbling[dot]com)

We would like to point out that, by decision of the EU Commission, it has been bindingly established that Switzerland has an adequate level of data protection within the meaning of Article 45 General Data Protection Regulation.

The following statements refer to the company that becomes the contractual partner:

The legal basis for data processing is Article 6(1)(b) General Data Protection Regulation. We process your data in order to fulfill the contract concluded with you.

If HELBLING Verlag GmbH (for orders from Germany) or HELBLING Verlag AG (for orders from Switzerland, Liechtenstein, Büsingen, and Livigno) becomes your contractual partner, the legal basis for the transfer of your data to the contractual partner is Article 6(1)(f) General Data Protection Regulation. In doing so, the companies involved safeguard the legitimate interest of bundling their e-commerce activities through a uniform website and making them more efficient. If you do not wish your data to be transferred, we ask you to order directly from the respective national company via another ordering channel.

In addition, we also process your data in order to safeguard legitimate interests, namely to maintain the customer relationship. The legal basis for the processing is Article 6(1)(f) General Data Protection Regulation.

Insofar as statutory retention obligations exist for business correspondence and tax-relevant documents, we store your data in order to fulfill our legal obligations, Article 6(1)(c) General Data Protection Regulation.

We process your data for as long as this is necessary for the respective purpose.

6.5 Contact forms

We provide contact forms on our website for various purposes through which you can reach us quickly and easily with your questions. In addition to general contact forms, we also provide forms for support inquiries as well as forms for requesting materials or services (e.g. inspection or demo copies).

In order to process your questions meaningfully and to be able to reply to you personally, we must ask you to provide a selection of personal data, in particular your name and email address. Depending on the form, we may also request additional information, especially your telephone number, for example in order to clarify any follow-up questions concerning the processing of your inquiry or to facilitate the handling of orders or service matters. Where this is necessary in the individual case and permissible under data protection law, contact may also be made by telephone by our school advisers.

Depending on the occasion, we act on the basis of different legal grounds: the legal basis for processing your information is Article 6(1)(b) General Data Protection Regulation insofar as it concerns the initiation of a contract or customer support within the framework of an existing contractual relationship. If you give us your express consent, this is the legal basis pursuant to Article 6(1)(a) General Data Protection Regulation. Otherwise, the legal basis is the safeguarding of our legitimate interests pursuant to Article 6(1)(f) General Data Protection Regulation, namely to be in contact with all people interested in our company, to answer their questions, and to know their needs.

As a matter of principle, we delete the data processed from you in the context of the inquiry when the stated processing purpose no longer applies. Different deletion periods apply depending on the occasion.

If you contact us with general questions that do not concern the conclusion of a contract or without you being our customer, we store the data processed from you in the context of the inquiry for a period of twelve months from receipt of the inquiry. The reason for this storage is that we want to ensure that your matter is still known to us in the event of any follow-up questions from you and that data does not have to be collected again. The data processed from you in the context of the inquiry is then deleted. Statutory retention periods remain unaffected.

If you contact us with questions relating to an existing contractual relationship, we store the data processed from you in the context of the inquiry for a period of three years from receipt of the inquiry. The reason for this storage is that we want to ensure that your matter is still known to us in the event of any follow-up questions from you and that data does not have to be collected again. The data processed from you in the context of the inquiry is then deleted. Statutory retention periods remain unaffected.

If you contact us in order to provide us with documents (such as evidence that you are in your traineeship), we store the data processed from you in the context of the inquiry for a period of six months after completion of our assessment of the documents. The reason for this storage is that we want to ensure that your matter is still known to us in the event of any follow-up questions from you and that data does not have to be collected again. The data processed from you in the context of the inquiry is then deleted. Statutory retention periods remain unaffected.

6.6 Newsletter distribution

In order to send you news and recommendations, we offer you the option of subscribing to newsletters. For this purpose, we process the personal data required for this, in particular your email address and – where provided – your name, interests/preferences, and content-related assignments (e.g. subject areas, school level, role, or institutional context), in order to be able to send you thematically suitable information.

We delete the data processed in the context of newsletter dispatch if you withdraw your consent or effectively object. For your withdrawal or objection, we provide a corresponding link in every newsletter message. Mandatory legal provisions – in particular retention periods – remain unaffected.

Depending on the newsletter, we use different service providers for sending newsletters.

6.6.1 For sending newsletters, we use the CleverReach service. CleverReach is a service of CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. We have concluded a data processing agreement with CleverReach as our service provider in accordance with Art. 28 GDPR. You can find CleverReach’s privacy policy here: https://www.cleverreach.com/de/datenschutz/

The legal basis for processing this data is your express consent pursuant to Art. 6(1)(a) GDPR. You always grant this voluntarily when ordering the newsletter. We will store this data until your consent is withdrawn. You may withdraw your consent at any time, free of charge and without stating reasons; a corresponding link is included in all newsletter messages.

The newsletters sent by us via CleverReach enable us to analyze the behavior of newsletter recipients. In doing so, we statistically evaluate how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) took place after clicking the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking If we evaluate interaction data (e.g. opens/clicks) from newsletter dispatch, this may also be processed in our customer and contact management system (section 6.3) for evaluation and documentation purposes.

The legal basis for this processing as well is your express consent pursuant to Art. 6(1)(a) GDPR. You always grant this voluntarily when ordering the newsletter. We will store this data until your consent is withdrawn. You may withdraw your consent at any time, free of charge and without stating reasons; a corresponding link is included in all newsletter messages.

6.6.2 For sending newsletters, we use the MailerLite service. Mailerlite is a service of MailerLite Limited, 88 Harcourt Street, Dublin 2, D02 DK18, Ireland. We have concluded a data processing agreement with MailerLite as our service provider in accordance with Art. 28 GDPR. You can find MailerLite’s privacy policy here: https://www.mailerlite.com/legal/privacy-policy

The newsletters sent by us via MailerLite enable us to analyze the behavior of newsletter recipients. In doing so, we statistically evaluate how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) took place after clicking the link in the newsletter. If we evaluate interaction data (e.g. opens/clicks) from newsletter dispatch, this may also be processed in our customer and contact management system (section 6.3) for evaluation and documentation purposes.

6.7 Direct advertising

We may use the personal data you provide in order to advertise our goods and services, unless an express consent is required by law. The legal basis for data processing is Article 6(1)(f) GDPR. The legitimate interest pursued by us is direct advertising. In the case of direct advertising by email, the legal basis is § 7(3) UWG (or Article 13(2) Directive EU 2002/58/EC)

Insofar as we carry out direct advertising, we may also use organizational and technical processes for this purpose that enable segmentation of contacts according to general criteria (e.g. interests, role, previous interactions) and automated dispatch or follow-up processes. You may object to the processing of your data for the purposes of direct advertising at any time.

If you give your consent (e.g. for advertising by email), your consent – which may be withdrawn at any time – is the legal basis pursuant to Article 6(1)(a) GDPR. We delete this data if you make an effective objection pursuant to Article 21 GDPR or withdraw your consent pursuant to Article 7(3) GDPR. Mandatory legal provisions – in particular retention periods – remain unaffected.

6.8 Safeguarding legitimate interests and fulfilling legal obligations

Where necessary, we also process your data within the framework of our legitimate interests. Our legitimate interests include, in particular, the proper conduct of our business operations (such as the disclosure of data to the postal service in connection with postal dispatch) and the defense and assertion of our legal claims (such as the disclosure of data to our legal advisers). In this case, the legal basis is Art. 6(1)(f) GDPR.

Where necessary, we also process your data within the framework of our legitimate interests in order to safeguard our legal interests, e.g. in asserting, enforcing, or defending legal claims. The legal basis is the safeguarding of our legitimate interests pursuant to Art. 6(1)(f) GDPR, namely the assertion, enforcement, or defense of legal claims.

Furthermore, we process your data in order to fulfill our retention obligations for business records under commercial law and tax law and disclose your data to third parties where we are legally obliged to do so, e.g. to the tax office. The legal basis is Art. 6(1)(c) GDPR (fulfillment of legal obligations).

7 Collection and processing of usage data

7.1 Log files

When you visit our website and view its content, connection and end-device information is transmitted. The storage and analysis of access serves application-related, statistical, and security-related purposes in order to improve the offerings and protect HELBLING systems against attacks (e.g. protection against attacks such as brute-force attacks or DDoS attacks).

The legal basis for data processing is our legitimate interest within the meaning of Article 6(1)(f) General Data Protection Regulation in offering you a website that functions as well as possible, in being able to set access authorizations, and in ensuring the stability and security of the services involved. The data is deleted as soon as it is no longer required for the described purpose. Mandatory legal provisions remain unaffected.

7.2 Cookies and “Identifiers”

On our website, we use technical tools for various services and functions that are stored on your end device. These are, in particular, cookies, but also similar so-called identifiers, such as counting pixels or web beacons (all such technical tools are referred to below in simplified form as “cookies,” since the statements regarding cookies apply equally to other identifiers). Third parties may also be given the option to set cookies. This is technically possible if content or functionalities of third parties are integrated. We explain in this privacy policy which services and functions use cookies. Most of the cookies we use are so-called “session cookies.” They are automatically deleted after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can also prevent the storage of cookies at any time by making the appropriate setting in your browser software or arrange for all cookies to be deleted when the browser is closed. The possibilities for cookie management are browser-specific, and we recommend adapting them to your interests. However, we point out that if you reject all cookies, you may not be able to use all functions of this website to their full extent.

List of instructions for deleting cookies (as of 5 March 2026):

7.3 Consent management and consent manager

On our website, we offer you the possibility to control our use of cookies at any time with the help of our consent manager. When you access our website, a cookie is stored in your browser in which the consents you have given, as well as the refusal or withdrawal of these consents, are stored. This data is not passed on to third parties.

7.4 Technically necessary cookies

Our website uses technically necessary cookies (“Functional Cookies”) in order to be able to provide essential basic functions of the service. Without these functions, our service cannot be displayed completely and correctly. You cannot deselect these cookies if you wish to use our website. The legal basis for this processing is Article 6(1)(f) General Data Protection Regulation. Our legitimate interest arises from the technical necessity that we could not operate the website without using these technologies.

7.5 Other cookies

In addition, we use optional cookies for which we require your consent (“Performance Cookies” and “Marketing Cookies”). We only use these cookies after receiving your consent via the consent manager. The functions are only activated in the event of your consent and may in particular serve the purpose of enabling us to analyze and improve visits to our website, to facilitate use across different browsers or end devices, to recognize you during a visit, or to place advertising (where applicable also to tailor advertising to interests, measure the effectiveness of advertisements, or display interest-based advertising).

The legal basis for this processing is your consent pursuant to Article 6(1)(a) General Data Protection Regulation, which you communicate to us via our “consent manager.” Withdrawal of your consent is possible at any time without affecting the lawfulness of processing carried out until the withdrawal.

8 Services for the analysis and processing of data

8.1 Google Analytics

We want to know how users use our website and how we can improve our website. To analyze user behavior, we use the Google Analytics service on our website. The service sets cookies and, as a rule, processes the IP address used by your device.

“Google” is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other affiliated companies of Google LLC. We have concluded a data processing agreement with Google Ireland Ltd. as our service provider in accordance with Article 28 General Data Protection Regulation. Further information about Google Analytics and Google’s privacy policy can be found here: https://policies.google.com/privacy

We use Google Analytics with the addition “IP address anonymization.” According to Google, this means that the IP address used by your device is shortened and anonymized by Google immediately and still within the European Union. According to Google, non-anonymized IP addresses are transferred to the USA only in exceptional cases. According to Google, the IP address transmitted by your browser in the context of Google Analytics is also not merged with other Google data.

The information generated by the cookies about your use of this website, which due to the anonymization of the IP address can generally not be assigned to a person, is usually transferred to a Google server in the USA and stored there. On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activities, and to provide the website operator with further services related to website use and Internet use. Google participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Google services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 GDPR.

The legal basis for the processing described is your consent pursuant to Article 6(1)(a) General Data Protection Regulation. You grant this consent to us via our consent manager, via which you can also withdraw your consent at any time. You can also generally prevent the described processing by settings in your browser program, for example by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). An opt-out cookie is set that prevents the future collection of your data when visiting this website.

8.2 Google Ads

We want to know what benefit advertisements on other websites and in search engines have. For this purpose, we use the Google Ads Conversion service on our website. The service sets and uses cookies from Google.

If we place advertising on other websites and search engines, this advertising is displayed there via a so-called “ad server.” If you reach our website by clicking on such advertising from the Google network or Google ad server, Google Ad Conversion sets a cookie on your device (“conversion cookie”). These cookies lose their validity after 30 days. As long as the cookie is active, we can recognize that a user has clicked on the Google Ads advertisement. By means of so-called “view-through conversions,” we can track how many users have seen our ad without clicking on it and later completed a purchase on our website. This enables us to understand user behavior and their reaction to our advertisements. Each Google Ads customer receives a different cookie. The information obtained with the cookies serves solely to create conversion statistics for us as Google Ads customers. Among other things, we learn the total number of users who clicked on one of our ads and were redirected to a page of ours tagged with a conversion tracking tag.

The legal basis for the processing described is your consent pursuant to Article 6(1)(a) General Data Protection Regulation. You grant this consent to us via our consent manager, through which you can withdraw your consent at any time. You can also generally prevent the described processing by settings in your browser program. Google participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Google services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 GDPR.

We can only use Google’s general analysis tools to track how many users, divided according to general criteria not linked to personal data, have seen our advertising. Please note, however, that Google may assign this data to other profiles created by Google under its own responsibility, over which we have no influence. If you do not agree or no longer agree with this, please do not give your consent or withdraw your consent in the consent manager.

8.3 Bing Ads

For positioning the platform in search engine results at Bing, the Microsoft service “Bing Ads” is used (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399). This service makes it possible to see activities of website visitors when a Bing Ad has been clicked. Information on identity is not collected. You can reject the Bing cookie and prevent Microsoft from processing this data: https://account.microsoft.com/privacy/ad-settings/signedout and regarding cross-device tracking https://choice.microsoft.com/de-de/opt-out Further information on data protection and the cookies used by Microsoft and Bing Ads can be found here: https://privacy.microsoft.com/de-de/privacystatement

Microsoft participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Microsoft services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 GDPR.

8.4 HubSpot

We use tracking technologies from the provider HubSpot on our website. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin. We have concluded a data processing agreement with HubSpot as our service provider in accordance with Article 28 General Data Protection Regulation. HubSpot’s privacy policy can be found here: https://legal.hubspot.com/de/privacy-policy

HubSpot uses cookies and similar technologies to collect information about the use of our website. This may include in particular the following data:

visited pages and content
time and duration of the visit
referrer URL
technical information (browser type, operating system, end device)
IP address (shortened or anonymized where technically provided)

If you submit personal data to us via a form (e.g. newsletter registration, event registration), this information may be linked to your user behavior on our website in order to tailor our content, communication, and offerings more closely to your needs. The legal basis is your consent pursuant to § 25(2) no. 2 TDDDG. For the data processing carried out by us in the context of using HubSpot, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You grant these consents to us via our consent manager. You may withdraw your consent at any time via the consent manager and can also generally prevent the described processing by settings in your browser program.

HubSpot is part of a group based in the USA. The group participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of HubSpot services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45(1) GDPR.

8.5 Cloudflare

The website is accessed worldwide at high frequency by numerous end devices and is sent requests. We use the security functions, analysis functions, and content delivery network of Cloudflare Inc., 101 Townsend St., San Francisco, California 94107, USA (“Cloudflare”).

Technically, the transfer of information between your browser and our application is routed via Cloudflare’s network. Cloudflare is therefore able to analyze the traffic between users and our websites, for example in order to detect and ward off attacks on our services (e.g. protection against attacks such as brute-force attacks or DDoS attacks). In addition, Cloudflare may store cookies on your computer for optimization and analysis.

Cloudflare collects statistical data about visits to our application. The access data includes: name of the retrieved page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type including version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security, and optimization of the offering.

The legal basis for processing is Art. 6(1)(f) GDPR, namely our legitimate interest in the protection and security of our systems. Cloudflare participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Cloudflare are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 GDPR.

8.6 DataDog

We use services of DataDog Inc., 620 8th Ave., 45th Fl., New York, NY 10018 USA (“DataDog”) in order to improve the security of applications and the availability of offerings. We have concluded a data processing agreement with DataDog as our service provider in accordance with Article 28 General Data Protection Regulation. The data processing agreement incorporates the standard contractual clauses pursuant to Art. 46(2)(c) GDPR. DataDog’s privacy policy can be found here: https://www.datadoghq.com/legal/privacy/.

The legal basis for processing is Art. 6(1)(f) GDPR, namely our legitimate interest in the protection and security of our systems. DataDog participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of DataDog services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45(1)(a) GDPR.

9 Use of video and conferencing software

We use the video conferencing software ZOOM for the provision and transmission of events (such as webinars).

ZOOM is a service operated by Zoom Video Communications, 55 Almaden Blvd, Suite 600 San Jose, CA 95113, USA. Please note that you conclude an independent user agreement with the provider of ZOOM for the use of this software. On the basis of this direct relationship existing between you and the provider of ZOOM, the provider of ZOOM will process your personal data under its own responsibility. This processing lies outside our responsibility and outside our sphere of influence; please inform yourself about it with the provider of ZOOM. ZOOM’s privacy policies can be viewed here: https://www.zoom.com/en/trust/privacy/privacy-statement/. We do not actively pass any of your personal data on to ZOOM.

In the context of the provision and transmission of our events through ZOOM, we process only those of your personal data that are visible to us as hosts of the virtual event. These are, for example, the information entered by you in ZOOM and publicly visible (i.e. your user details such as name, company, position, username, etc.), any event metadata that may arise, as well as image and spoken contributions (also in the chat area). We process this data for the purpose of providing and transmitting the event; the legal basis for this is the performance of the contract concluded with us regarding participation in the event (Art. 6(1)(b) GDPR). Unless expressly communicated otherwise, we do not store this data.

For the processing for which we are responsible in connection with the use of ZOOM, we have selected the most privacy-friendly configuration possible in the software and concluded a data processing agreement with the provider of ZOOM within the meaning of Art. 28 GDPR. Please note that in this context a transfer of data to the provider of ZOOM in the USA takes place. ZOOM participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of ZOOM services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45(1)(a) GDPR.

We only record our events if we inform you of this during registration and/or at the beginning of the events. Recordings may be made available to participants afterwards and – where offered – may be accessed as an on-demand webinar after registration; availability may vary over time. In individual cases, recordings may also be made publicly available via third-party platforms (e.g. YouTube or Wistia) and embedded on our website.

The legal basis for the processing associated with recording, archiving, and further availability is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in documenting our events, archiving them for internal purposes, and, where appropriate, making them available to third parties.

10 Processing of data upon activation of embedded content

On our website, we have embedded videos for your entertainment and information. These were published on external video platforms and are embedded or linked by these platforms.

10.1 Wistia

We use videos that are stored on the servers of the video hosting service “Wistia.” The operator is Wistia, Inc., 120 Brookline Street, Cambridge, MA 02139, USA. By integrating Wistia’s software player into the respective page, we embed such videos into our application in such a way that the video can be regarded as part of the respective page.

Wistia learns, when the player is active or as soon as it is activated, your IP address and the fact that at a certain point in time the page with the activated player was accessed from your IP address. Wistia cannot assign your IP address to a person as long as it cannot infer a specific Internet user from the IP address on the basis of further circumstances.

However, by embedding the player on our pages in inactive form by default, we ensure that no data flow to Wistia takes place without your knowledge and consent. Further information about Wistia and Wistia’s privacy policy can be found here: https://wistia.com/privacy

The legal basis for processing with the activated player is your consent pursuant to Article 6(1)(a) General Data Protection Regulation. You declare your consent by activating the player. Wistia participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Wistia services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 GDPR.

10.2 Youtube

We use videos that are stored on the servers of the video hosting service “Youtube.” The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please inquire with YouTube regarding the processing of personal data carried out by YouTube. You can find the privacy policy of YouTube or Google here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/ When using YouTube, cookies are set by YouTube on your browser.

For links to or embedding of YouTube videos, we use the option provided by Google called “Unlisted.” According to YouTube, in normal operation no data is transmitted to the YouTube server. This only happens when you start a video by clicking on it. If the user is simultaneously logged in to YouTube or another Google service, Google recognizes, by clicking on the YouTube video, which specific subpage of our website the user is visiting. This information is collected by Google and assigned to the respective Google account of the person concerned. You can opt out of this with Google.

The legal basis for the use of YouTube cookies is your consent pursuant to § 25(2) no. 2 TDDDG. For the data processing carried out by us in connection with the use of YouTube, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You grant this to us via our consent manager (cf. section 6 above), or when activating the video. You may withdraw your consent at any time via the consent manager and can also generally prevent the described processing by settings in your browser program. Google participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Google services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45(1) GDPR.

If you want to avoid YouTube setting a cookie in your browser or processing your personal data, we ask you not to activate the videos.

11 Data protection notices regarding our social media presences on FACEBOOK and INSTAGRAM

11.1 Controllers

For our social media presences on the social media platforms FACEBOOK and INSTAGRAM, Helbling (contact see section 1 above) is jointly responsible with the provider of the platforms. The provider is:

Meta Platforms Ireland Limited (“META”)
Merrion Road
Dublin 4
D 04 X2K5
Ireland

We have concluded a joint controllership agreement with META in accordance with Art. 26 GDPR.

11.2 Applicability of the above information

With regard to the responsibility to be assumed by us, the information set out above in sections 1 to 5 also applies to our social media presences on Facebook and Instagram.

11.3 Purpose, categories of personal data, and legal basis of data processing by Helbling

We use FACEBOOK and INSTAGRAM for public relations work as well as for marketing our services and products. For this purpose, we process the data entered by users of the social networks themselves (e.g. username, account content).

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest in the processing arises from the fact that we also wish to present our company and our products to interested persons on social networks in the context of our public relations and marketing. We ourselves do not pass any of this personal data on to third parties. The data is deleted within the scope of the possibilities made available to us by the social networks as soon as it is no longer required for the described purpose. You may always object to this legitimate interest.

11.4 Purpose, categories of personal data, and legal basis of data processing by Meta when using FACEBOOK

Please refer to META’s data use policy and data policy to find out which of your personal data is processed by META when you visit the FACEBOOK platform and our social media presence on FACEBOOK, on what legal basis this occurs, whether this data is also processed outside the European Union, and how long this data is stored by META. There you will also find information about contact options with META.

Please note that when visiting our Facebook page, META collects and processes a range of information, such as the IP address of the end device you use. This information is used to provide us with statistical information (“Meta Insights”) about the use of our social media presence. More detailed information on this can be found here: https://www.facebook.com/privacy/policy/ Since this data is provided to us in anonymized form, it is not possible for us to link this information back to individuals.

The manner in which META uses the data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Meta stores this data, and whether data from a visit to the Facebook page is disclosed to third parties is not conclusively and clearly stated by META and is therefore not known to us.

In the agreement on joint responsibility concluded with META pursuant to Art. 26 GDPR, META as the operator acknowledges joint data protection responsibility with regard to insights data and assumes essential data protection obligations relating to informing data subjects, data security, and the reporting of data breaches. According to the agreement, META is the primary contact point for the exercise of data subject rights. META has direct access to the necessary information and can provide information or take other measures.

11.5 Purpose, categories of personal data, and legal basis of data processing by META when using INSTAGRAM

Please refer to META’s terms of use and data policy for information on the processing of your personal data by META when you visit the Instagram platform and our social media presence on Instagram. There you will also find information about contact options with META.

Please note that when visiting our Instagram page, Instagram collects and processes a range of information, such as the IP address of the end device you use. This information is used to provide us with statistical information (“Insights”) about the use of our social media presence. More detailed information on this can be found here: https://privacycenter.instagram.com/policy. Since this data is provided to us in anonymized form, it is not possible for us to link this information back to individuals.

The manner in which META uses the data from visits to Instagram pages for its own purposes, the extent to which activities on the Instagram page are assigned to individual users, how long Meta stores this data, and whether data from a visit to the Instagram page is disclosed to third parties has not been conclusively and clearly stated to us by META and is therefore not known to us.

In the agreement on joint responsibility concluded with META pursuant to Art. 26 GDPR, Meta as the operator acknowledges joint data protection responsibility with regard to insights data and assumes essential data protection obligations relating to informing data subjects, data security, and the reporting of data breaches. According to the agreement, META is the primary contact point for the exercise of data subject rights. META has direct access to the necessary information and can provide information or take other measures.

12 Data protection notices regarding our presence on the LinkedIN platform

12.1 Joint responsibility

For our social media presences on the social media platform “LinkedIN,” Helbling (contact see section 1 above) is jointly responsible with the provider of the platforms. The provider is:

LinkedIn Ireland Unlimited Co. (“LinkedIn”)
Wilton Place
Dublin 2
Ireland

If you use the “LinkedIN” platform, LinkedIn will regularly process your personal data as an independent controller under data protection law. We have no insight into LinkedIn’s data processing and also no influence over it. You can find LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

If you visit our company’s presence on the “LinkedIN” platform, then under applicable law we are “jointly responsible” with LinkedIn within the meaning of Art. 26 GDPR for the processing of your personal data that occurs in the context of this visit to our presence. We have entered into an agreement on joint responsibility with LinkedIn pursuant to Art. 26(1) GDPR, which you can view here: https://legal.linkedin.com/pages-joint-controller-addendum

12.2 Applicability of the above information

With regard to the data protection responsibility to be assumed by us, the information set out above in sections 1 to 5 applies accordingly to our presence on the “LinkedIN” platform.

12.3 Purpose, categories of personal data, and legal basis of data processing by Helbling

We use the “LinkedIN” platform for public relations work, for marketing our services and products, and in order to stay in contact with our business partners and customers. For this purpose, we process the data entered by users of the social networks themselves on our presence (e.g. username, account content, comments).

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest in the processing arises from the fact that we wish to present our company and our products to interested persons on social networks. We do not pass any of this personal data on to third parties. The data is deleted within the scope of the possibilities made available to us by the social networks as soon as it is no longer required for the described purpose. You may always object to this legitimate interest.

12.4 Purpose, categories of personal data, and legal basis of data processing by LinkedIn

Please refer to LinkedIn’s privacy policy as well as the additional information provided by LinkedIn to find out which of your personal data is processed by LinkedIn when you visit the “LinkedIN” platform and our presence on the “LinkedIN” platform, on what legal basis this occurs, whether this data is also processed outside the European Union, and how long this data is stored by LinkedIn.

Please note that LinkedIn states that when visiting our presence on the “LinkedIN” platform, it analyzes visitor behavior and creates evaluations (so-called page insights). For this purpose, LinkedIn processes a selection of your personal data. The page insights made available to us by LinkedIn are aggregated and anonymized. They do not allow us to draw conclusions about individual users of the “LinkedIN” platform or individual visitors to our presence on the “LinkedIN” platform.

The manner in which LinkedIn uses the data from visits to our LinkedIN presence for its own purposes, the extent to which activities on our LinkedIN presence are assigned to individual users, how long LinkedIn stores this data, and whether data from a visit to our LinkedIN presence is disclosed to third parties is not conclusively and clearly stated by LinkedIn and is therefore not known to us. In the agreement on joint responsibility concluded with LinkedIn pursuant to Art. 26 GDPR, LinkedIn as the operator acknowledges joint data protection responsibility with regard to insights data and assumes essential data protection obligations relating to informing data subjects, data security, and the reporting of data breaches. According to the agreement, LinkedIn is the primary contact point for the exercise of data subject rights. LinkedIn has direct access to the necessary information and can provide information or take other measures.

13 Use of social media plugins and other third-party content

We do not use any social media plugins on our website. Insofar as our website contains symbols of social media providers (e.g. Facebook, Instagram), we use these solely for passive linking to our pages on the respective platform: if you click on the symbol, you will be redirected to the corresponding platform.