Privacy Policy Website

table of contents

1. Introduction
2. Controller
3. Data protection officer
4. Legal basis for processing
5. Transfer of data to third parties
6. Technology
7. Cookies
8. Newsletter dispatch
9. Web analytics
10. Plugins and other services
11. Your rights as a data subject
12. Duration of storage of personal data
13. Up-to-date status and changes to the privacy policy

 

1. Introduction

The following information is intended to provide you, as a “data subject”, with an overview of how we process your personal data and your rights under data protection laws. You can generally use our website without providing any personal data. However, if you wish to use specific services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “moving GmbH”. With this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

 

2. Controller

The controller within the meaning of the GDPR is:

moving GmbH

Anton-Höfter-Straße 8, 83646 Bad Tölz, Germany

Email: info@moving.de

Representative of the controller: Giuliano Capo

 

3. Data protection officer

You can contact the data protection officer as follows:

Steffen Lotze

Phone: +49 (170) 6632070

Email: info@datenschutz-5-seen-land.de

You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

 

4. Legal basis for processing

Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TDDDG (formerly TTDSG)) serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6(1)(d) GDPR.

Finally, processing operations could be based on Art. 6 (1) lit. f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases, if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 GDPR).

 

5. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  1. you have given us your express consent in accordance with Art. 6 para. 1 lit. a) GDPR,
  2. the transfer is permitted under Art. 6 para. 1 lit. f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest in the non-transfer of your data,
  3. in the event that there is a legal obligation to disclose the data in accordance with Art. 6 para. 1 lit. c) GDPR, and
  4. this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

 

6. Technology

6.1 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that instead of “http://” in the address line of your browser, there is “https://” and by the lock symbol in your browser line.

We use this technology to protect the data you transmit.

6.2 Data collection when visiting the website

When you use our website for informational purposes only, without registering or otherwise providing us with information or consenting to processing that requires consent, we only collect data that is technically necessary to provide the service. This is usually data that your browser transmits to our server (“server log files”). Our website collects a series of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following may be recorded:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrers),
  4. the sub-pages accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. an Internet Protocol address (IP address) and
  7. the Internet service provider of the accessing system.

We do not draw any conclusions about your person when using this general data and information. Rather, this information is required in order to

  1. deliver the content of our website correctly,
  2. optimise the content of our website and the advertising for it,
  3. ensure the long-term functionality of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This collected data and information is therefore evaluated by us on the one hand statistically and on the other hand with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

6.3 Hosting by Raidboxes

We host our website with Raidboxes GmbH, Hafenstr. 22, 48153 Münster (hereinafter referred to as Raidboxes).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Raidboxes’ servers.

The use of Raidboxes is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website.

We have concluded a contract for order processing (AVV) in accordance with Art. 28 GDPR with Raidboxes. This is a contract required by data protection law, which ensures that Raidboxes processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information on Raidboxes’ privacy policy can be found at: https://raidboxes.io/legal/privacy/

 

7. Cookies

7.1 Legal basis for the use of cookies

The data processed by the cookies that are necessary for the proper functioning of the website are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent in accordance with Art. 6 para. 1 lit. a) GDPR via our opt-in cookie banner.

7.2 Borlabs Cookie (consent management tool)

We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. If an end user gives their consent, the following data, among other things, is automatically logged:

  • Cookie duration,
  • Cookie version,
  • domain and path of the WordPress page,
  • Selection in the cookie banner,
  • UID (a randomly generated ID),

The consent status is also stored in the end user’s browser so that the website can automatically read and comply with the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The storage period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data is then deleted immediately.

The functionality of the website cannot be guaranteed without the processing described. The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR.

The data collected will not be passed on to Borlabs GmbH, nor will it have access to it.

Further information can be found at: https://de.borlabs.io/borlabs-cookie/.

 

8. Newsletter dispatch

8.1 Advertising newsletter

On our website, you have the option of subscribing to our company newsletter. The personal data transmitted to us when you order the newsletter is determined by the input mask used for this purpose.

We inform our customers and business partners about our offers at regular intervals by means of a newsletter. You can only receive our company newsletter if

  1. you have a valid email address and
  2. you have registered to receive the newsletter.

For legal reasons, a confirmation email will be sent to the email address you provided when you first subscribed to the newsletter using a double opt-in procedure. This confirmation email is used to verify that you, as the owner of the email address, have authorised the receipt of the newsletter.

When you register for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to the IT system you used at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any (possible) misuse of your email address at a later date and therefore serves our legal protection.

The personal data collected when you register for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter service or for registration in this regard, as may be the case in the event of changes to the newsletter offer or changes to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. You can unsubscribe from our newsletter at any time. The consent you have given us to store your personal data for the purpose of sending you the newsletter can be revoked at any time. For the purpose of revoking your consent, a corresponding link is provided in every newsletter. Furthermore, you can unsubscribe from the newsletter at any time directly on our website or inform us in any other way.

The legal basis for data processing for the purpose of sending the newsletter is Art. 6 para. 1 lit. a) GDPR.

8.2 CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can be used to organise and analyse newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. your email address) will be stored on CleverReach’s servers in Germany or Ireland.

The newsletters we send with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. the purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not wish to be analysed by CleverReach, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

You can revoke your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by adjusting your web browser settings accordingly. You can also prevent the storage and transmission of personal data by deactivating JavaScript in your web browser or by installing a JavaScript blocker (e.g. https://noscript.net or https://www.ghostery.com). We would like to point out that these measures may mean that not all functions of our website will be available to you.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of CleverReach after you unsubscribe. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this.

You can view CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/.

 

9. Web analytics

9.1 Google Analytics 4 (GA4) – Additional information on consent mode, simple implementation

Google is required by the Digital Markets Act to obtain user consent before user data can be processed by Google for personalised advertising. Google complies with this requirement through “Consent Mode”. Users are required to implement this and thus demonstrate that they have obtained the consent of website visitors.

Google offers two implementation modes: simple and advanced.

We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed and the processing described above carried out. If you refuse to give your consent, Google will only receive information that consent has not been given. The Google code will not be executed and no Google Analytics cookies will be set.

9.2 Plausible.io analysis tool

Description of data processing

moving GmbH uses Plausible Analytics as an analysis tool. Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, operates the analysis tool on German servers provided by Hetzner.

Although the purpose of Plausible Analytics is to track the use of a website, this can still be done without collecting personal data, without cookies and while respecting the privacy of website visitors.

By using Plausible Analytics, all measurements on the website are carried out completely anonymously. No cookies are set and no personal data is collected. All data is collected in aggregated form only. moving GmbH receives usable data that helps it to learn and improve, while visitors continue to enjoy a pleasant experience while maintaining their privacy.

Since the analysis data is anonymised and therefore cannot be traced back to natural persons, moving GmbH has decided to list the tool here in the privacy policy for reasons of transparency. You can find out more about the methodology of Plausible Analytics at plausible.io/data-policy.

 

10. Plugins and other services

10.1 Google Tag Manager

by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows “website tags” (i.e. keywords that are integrated into HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which may collect data. Google Tag Manager does not access this data. If you have disabled tracking at the domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been made, so that personal data may be transferred without further guarantees or additional measures.

Further information on Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

10.2 Microsoft Teams

We use the tool “Microsoft Teams” (“MS Teams”) to communicate both in writing (chat) and in the form of telephone conferences, online meetings and video conferences. The operator of the service is Microsoft Ireland Operations (“Microsoft”), Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies based at One Microsoft Way, Redmond, Washington, USA.

When using MS Teams, the following personal data is processed:

  • Meetings, chats, voicemails, shared files, recordings and transcripts.
  • Data that is shared about you. Examples include your email address, profile picture and phone number.
  • A detailed history of the phone calls you make.
  • Call quality data.
  • Support/feedback data Information related to troubleshooting tickets or feedback sent to Microsoft.
  • Diagnostic and service data Diagnostic data related to your use of the service.

To enable video display and audio playback, data from your device’s microphone and video camera will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Microsoft Teams application.

If consent has been requested, processing will only take place on the basis of Art. 6 (1) lit. a) GDPR. Within the framework of an employment relationship, data processing will take place on the basis of § 26 BDSG. The legal basis for the use of “MS Teams” within the framework of contractual relationships is Art. 6 para. 1 lit. b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. Here, our interest lies in the effective execution of online meetings.

If we record online meetings, we will inform you of this before the start and, if necessary, ask for your consent to the recording. If you do not wish this, you can leave the online meeting.

As a cloud-based service, “MS Teams” processes the aforementioned data within the scope of providing the service. To the extent that “MS Teams” processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for this use and, as such, is responsible for compliance with applicable laws and obligations of a data controller. When you visit the MS Teams website, Microsoft is responsible for data processing. You must visit the website to download the MS Teams software.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been issued, meaning that personal data may be transferred without further guarantees or additional measures.

Detailed information on data protection at Microsoft in connection with “MS Teams” can be found at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

10.3 Tally

Description and purposes of processing

We use the Tally form plugin on some pages of our website. The plugin is operated by Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium. The plugin is used to collect and process form data (e.g. name, email address, message, other information you may have entered). The purpose is to process your enquiries. The legal basis is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest in processing your data lies in the customer-friendly design and user-friendliness of our website and the smooth transmission of the form entries you have made to us.

Recipients / categories of recipients

The recipients of the data are in particular:

  • Tally BV as a processor for form responses.
  • Functional Software Inc., as a subcontractor, provides the Sentry.io service for error/crash logging for the Tally plugin. The purpose of this service is to ensure the uninterrupted operation, security and troubleshooting of the Tally application. Depending on the configuration, Sentry collects technical data such as IP address, browser/operating system information, stack traces and page views that are relevant for error diagnosis. The operating company of this service is Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. Functional Software Inc. has self-certified under the EU-U.S. Data Privacy Framework.

Transfer to third countries / guarantees

Tally stores form data in Europe. As soon as a transfer to the USA takes place via the crash reporting service Sentry, this transfer is based on the adequacy decision underlying the EU-U.S. DPF. Sentry is listed in the EU-U.S. Data Privacy Framework.

Storage period

The form data you submit will be stored for 90 days.

 

11. Your rights as a data subject

11.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

11.2 Right to information Art. 15 GDPR

You have the right to obtain from us, free of charge, information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

11.3 Right to rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

11.4 Deletion Art. 17 GDPR

You have the right to request that we delete personal data concerning you without delay if one of the reasons provided for by law applies and if the processing or storage is not necessary.

11.5 Objection Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e) (data processing in the public interest) or f (data processing based on a balancing of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data for direct marketing purposes. You can object to the processing of personal data for such marketing purposes at any time. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

11.6 Revocation of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

11.7 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

 

12. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer required for the fulfilment of the contract or for the initiation of a contract.

 

13. Up-to-date status and changes to the privacy policy

This privacy policy is currently valid and was last updated in August 2025.

Due to the further development of our website and offers or due to changes in legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on the website at “https://moving.de/datenschutz/”.

Version 2.03

 

You can adjust your privacy settings here:

moving ist TOP BRAND CORPORATE HEALTH 2025!
Damit zählt die moving GmbH zu den besten Dienstleistern 2025 für corporate health in Deutschland.
Mehr erfahren
moving ist TOP BRAND CORPORATE HEALTH 2025!