Data Protection

1. Responsible body and company data protection officer

Thank you for your interest in our information offer.

Your privacy as a data subject and your right to “informational self-determination” are very important to us. We process your personal data in accordance with the EU General Data Protection Regulation (EU-DS-GVO) and the Federal Data Protection Act (BDSG).

The responsible body within the meaning of the GDPR is:
PrioDesign
Noidach 1
83735 Bayrischzell
Phone 0176 609 333 90
Email: info@priodesign.de

Company data protection officer:
Please send all information requests, inquiries or objections to data processing to this address:

PrioDesign
Noidach 1
83735 Bayrischzell
Phone 0176 609 333 90
Email: info@priodesign.de
www.priodesign.de
We take the protection of your personal data very seriously. Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Legal bases for the processing of your personal data

We process your personal data in accordance with specific purpose specifications in connection with your expressions of interest in our offers, to initiate contractual or contract-like business relationships, to offer products and services, to consolidate business contacts and to comply with processing regulations in accordance with tax law and commercial law and other relevant laws and regulations.

In this sense, we also pursue changes to the intended purpose, if necessary – e.g. as part of advertising activities (direct marketing) – as long as these do not contradict your right to informational self-determination or you do not revoke your consent to this processing of your personal data.

The legal bases for the data processing of your personal data result in particular from Art. 6 EU-DSGVO.

Personal data is largely collected and processed directly from the data subjects via our website – in particular when you actively use the online forms yourself. This happens, for example, when using the contact form or subscribing to the online newsletter.

The processing of special categories of personal data within the meaning of Art. 9 Paragraph 1 EU-DSGVO, for example when registering for events, applications or attending training events, only takes place if this is necessary due to your consent or due to legal regulations and there is no reason to assume that your legitimate interest in excluding the processing outweighs it, Art. 88 Para. 1 EU-DSGVO.

3. Your rights as a data subject

The EU-DSGVO grants you as a data subject relevant rights when processing your personal data by the responsible body, especially the:

Right to information (Art. 15 EU-DSGVO)
You have the right, in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;

Right to rectification (Art. 16 EU-DSGVO)
You have the right, in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or the completion of your personal data stored by us;

Right to erasure (Art. 17 EU-DSGVO)
You have the right, in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

Right to restriction of data processing (Art. 18 EU-DS-GVO)
You have the right, in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

Right to data portability (Art. 20 EU-DSGVO)
You have the right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transfer to another controller;

Right to revoke your consent once given
You have the right, in accordance with Art. 7 Para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent for the future

Right to lodge a complaint with a data protection supervisory authority
You have the right, in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters, the Bavarian State Commissioner for Data Protection

Right to object to data processing (Art. 21 EU-DS-GVO)
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation.
If you would like to exercise your right of revocation or objection, simply send an email to the company data protection officer: info@priodesign.de.

4. On data protection in individual areas

Data Security of the Web Platform

Within the website visit, we use the widespread SSL (Secure Socket Layer) method in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Our websites under https://priodesign.de are intended to make it easier for you to access our information and services.

We reserve the right to make changes or additions to the information provided at any time. When creating our pages, we pay careful attention to the accuracy, timeliness, completeness, comprehensibility and availability of the information provided at all times. Service provider in accordance with § 13 Telemedia Act (TMG) and responsible body in accordance with Art. 4 No. 7 GDPR is PrioDesign, Noidach 1, 83735 Bayrischzell, Germany.

Collection and Storage of Personal Data as Well as the Nature and Purpose of Their Use:

a) When visiting the website
When using our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

The data mentioned are processed by us for the following purposes:

Ensuring a smooth connection setup of the website,
Ensuring comfortable use of our website,
Evaluation of system security and stability as well as
for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the data collected for the purpose of drawing conclusions about your person.
In addition, we use cookies when you visit our website. You can find more information about this in the separate paragraph Cookies below.

b) Contact form
If you have any questions, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide your name and a valid email address so that we know who the request came from and to be able to answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent.

c) Registration for events
If you would like to register for one of our events, we offer you the opportunity to register via a form provided on the website. It is necessary to provide your name and a valid email address as well as your address so that we know who the registration came from and to be able to process it. Further information can be provided voluntarily.
Data processing for the purpose of event registration with us takes place in accordance with Art. 6 Para. 1 lit. b GDPR. We delete your personal data after processing the contract and after the expiry of the tax and commercial law retention obligations.

Disclosure of Data:

The transfer of personal data usually takes place exclusively for the purpose of order processing by external service companies, in particular for the purpose of sending the Lebenshilfe-Zeitung, the specialist magazine Teilhabe and the legal service to the respective orderers or subscribers.
Any other transfer of your personal data to third parties for purposes other than those listed will not take place.
We only pass on your personal data to third parties if:

You have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR,
the disclosure is necessary in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
in the event that there is a legal obligation to pass it on in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR, as well as
this is legally permissible and necessary in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.

5. Technical background to the processing of personal data

A) Use of Cookies:

Furthermore, when using the website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall. We use cookies to be able to identify you for follow-up visits if you have an account with us. Otherwise you would have to log in again for each visit.
This website uses cookies to the following extent:

Transient cookies (temporary use)
Persistent cookies (limited-time use)
Third-party cookies (from third-party providers)
Flash cookies (permanent use; cannot be excluded by third-party providers).

Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all functions of this website.

The flash cookies used are not recorded by your browser, but by your flash plug-in. These store the necessary data regardless of the browser you are using and have no automatic expiration date. If you do not want flash cookies to be processed, you must install a corresponding add-on, e.g. “Better Privacy” for Mozilla Firefox or Adobe-Flash-Killer-Cookie for Google Chrome.
This stored information is stored separately from any other data you may have provided to us. In particular, the data from the cookies is not linked to your other data.

B) Use of Google Products:

The legal basis for processing the personal data of users is generally the user’s consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR.
With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google Fonts
Google reCAPTCHA
Integration of Google Maps

1. Google Fonts:

Our website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The IP address of the browser of the visitor’s device to these websites is also stored by Google. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Fonts can be found at developers.google.com/fonts/faq and in Google’s privacy policy: policies.google.com/privacy.

2. Google reCAPTCHA:

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is intended to verify whether the data input on this website (e.g. in a contact form) is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in the Google privacy policy and the Google terms of use under the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de.

3. Integration of Google Maps:

We have integrated content from Google Maps on this website. By visiting the website, Google Maps receives the information that you are visiting the corresponding subpage of our website as well as the data mentioned under para. 1. Google Maps works with an autofill function, which automatically completes your address data to make it easier for you to enter. Otherwise, the notice on Google Analytics also applies to the transmission of data to Google Maps. The additional terms of use of Google Maps under https://www.google.com/intl/de_de/help/terms_maps.html also apply. You have the possibility to deactivate the service of Google Maps at any time and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

Framework for data transfers: https://policies.google.com/privacy/frameworks
EU standard contractual clauses: https://privacy.google.com/businesses/controllerterms/mccs/

C) Disclosure to Third Countries

When using cookies, data may be transferred to third countries – in particular the USA – for which there is no adequacy decision according to Art 45 para 3 GDPR and no suitable guarantees according to Art. 46 GDPR exist. We would like to point out that a data transfer without an adequacy decision and without suitable guarantees involves certain risks, which we may point out to you below:

Intelligence services of the USA take certain online identifiers (such as the IP address or unique identification numbers) as a starting point for the surveillance of individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transferred here can be traced back to you.

Providers of electronic communication services with headquarters in the USA are subject to surveillance by US intelligence services pursuant to 50 U.S. Code § 1881a (“FISA 702”). Accordingly, providers of electronic communication services with headquarters in the USA have the obligation to provide personal data to the US authorities pursuant to 50 U.S. Code § 1881a, without you possibly having legal remedies. Even encryption of the data in the data centers of the provider of electronic communication services cannot provide adequate protection, since a provider of electronic communication services has a direct obligation, with regard to the imported data that is in its possession or custody or under its control, to grant access to it or to release it. This obligation may expressly extend to the cryptographic keys without which the data is unreadable.

The fact that this is not merely a “theoretical danger” is demonstrated by the judgment of the ECJ of July 16, 2020, C‑311/18.

The legal basis for the transfer of users’ personal data to a third country is the user’s consent pursuant to Art. 49 para. 1 lit. a GDPR.

6. Social Media

We use different networks for our company presences. When using some networks, personal data may be transferred to servers in the USA. To ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, the data transfer to and data processing by the following listed companies is based on appropriate safeguards pursuant to Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Facebook

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal data is, if a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, is called up, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognizes with each call to our website by the data subject and during the entire duration of the respective stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example the “Like” button, or submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of this information to Facebook is not wanted by the data subject, he/she can prevent the transmission by logging out of his/her Facebook account before calling up our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

YouTube

YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the Youtube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

On our YouTube company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube company page (e.g. comments, posts, likes, etc.), you may be making personal data (e.g. your real name or a photo of your user profile) publicly available. However, since we generally or largely have no influence on the processing of your personal data by the jointly responsible company YouTube, we cannot make any binding statements about the purpose and scope of the processing of your data.

Our company presence in social networks is used for communication and information exchange with (potential) customers. The publications via the company presence may contain the following content:

Information about products
Information about services
Sweepstakes
Advertising
Customer contact

Each user is free to publish personal data through activities.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

The data generated by the company presence is not stored in our own systems.

You can object to the processing of your personal data, which we collect in the context of your use of our YouTube company presence, at any time and assert your rights as a data subject. Send us an informal e-mail. For further information on the processing of your personal data by YouTube and the corresponding objection options, please see here:

YouTube: https://policies.google.com/privacy?gl=DE&hl=de

7. Validity and amendment of this privacy policy

This privacy policy is currently valid and is as of August 2025.

Due to the further development of our website and offers above or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website via this link.