top of page

Information on data protection

Information about the collection of personal data on our homepage


Dear visitors,

we would like to inform you that personal data is collected when you visit our website. Personal data is data that can be related to you personally (e.g. name, e-mail, IP address, user behaviour).

Responsible for the collection and storage of data on this website is:


TOC Agentur für Kommunikation GmbH & Co. KG

Münchner Straße 150
83703 Gmund am Tegernsee
Telephone: +49-8022-915970


You can reach our data protection officer at the following contact details:


Datenschutzdoktor Rechtsanwaltsgesellschaft mbH
Arndtstraße 4
90419 Nuremberg
Tel.: +49-911-13349912


When you visit our website, we display a "cookie banner" to inform you that we use cookies and other tracking technologies to improve the user experience on our website and for the purposes of web analytics and interest-based advertising. The related data processing is described below. As indicated in the cookie banner, you consent to this use when you click on "Allow all cookies" or "Allow selected cookies". You can revoke this consent in whole or in part at any time with effect for the future. The options available for this are described in detail below.


When you visit our homepage, only the data that your browser transmits to our server is collected. This data is necessary so that you can view our homepage, inform yourself about our offers and navigate safely on our homepage - if necessary also on its sub-pages.


The legal basis for the collection of the data is - unless otherwise described below - Art. 6 para. 1 f) EU Data Protection Regulation (DSGVO).


In detail, the following data is collected when you visit our homepage:

  • IP address

  • Browser type, as well as its language and version

  • Operating system and its interface

  • Access status / HTTP status code

  • Date and time of the request, as well as the respective time zone

  • Content of the request and the homepage from which it came

  • Amount of data transmitted


This data is deleted as soon as it is no longer required.


We expressly point out that you have the right to lodge a complaint with the competent data protection and information security officer of the respective federal state. A list of data protection officers and their contact details can be found under the following link:


The authority responsible for us is the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach.


If you have any questions or complaints regarding data protection against our company or our homepage, we recommend that you first contact our data protection officer.


You have the following rights towards us:

  • Right to correction and deletion

  • Right to data portability

  • Right to restriction of processing

  • Right to information

  • Right to object to processing


Whether and to what extent these rights are available / can be enforced in individual cases and which conditions apply in concrete terms can be seen from the law, i.e. from the DSGVO and the BDSG.


You can obtain information at any time about the personal data we have stored about you and about the origin, recipient and purpose of data collection and data processing. The information is generally free of charge. If several requests are made per calendar year, we would like to point out that the costs incurred for repeated requests may have to be compensated.


    1. Cookies

In addition to this data, we use cookies on our homepage.


Cookies are small text files that are stored on your computer (in your browser) after you visit our homepage. If you visit our homepage again afterwards, the browser you use sends the information stored in the cookie to our homepage and can thus, for example, make it easier for you to navigate again because default settings are adopted. Cookies are not viruses and cannot install malware or spyware on your computer. We reserve the right to use the following types of cookies on our homepage:


There are different types of cookies. On the one hand, there are cookies that are only stored on your computer during your respective visit to our website ("transient cookies") and, on the other hand, cookies that are stored for a longer period of time ("persistent cookies").


Most browsers are set to accept cookies automatically. You can deactivate the storage of cookies in your browser and have the option of deleting them from your hard drive at any time. We would like to point out that the use of our offers on the website without cookies is only possible to a limited extent.


However, you can also use your browser to prevent only certain cookies from being set (e.g. cookies from third-party providers), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser. For more information on third-party cookies that are set or processed when you visit our website, please refer to the privacy policy of the provider named.


Transient cookies

These cookies are only stored for the period of use of your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This means that your computer can be recognised when you return to the homepage. As soon as you close the browser, these cookies are automatically deleted.


Persistent cookies

These cookies differ from transient cookies only in that they are not automatically deleted when you close the browser, but only after a preset time. However, you can delete these cookies at any time via the security settings of your browser.


You can also use our homepage without the use of cookies. However, in such a case, you may only be able to use some of the displays and functions of our website to a limited extent. If you would like to deactivate cookies, you can do this via special settings in your browser. It is best to use the help function of your browser to make the appropriate changes.


Flash cookies and HTML5 storage objects

Any Flash cookies used are not recorded by your browser, but by your Flash plug-in. Furthermore, we may use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.


    2. Collection of access data / server log files

For technical reasons, the delivery and presentation of the contents of our homepage requires the collection of certain data. When you access our homepage, these so-called server log files are collected by us or the provider of the web space.


The corresponding information consists of the name of the homepage, the file, the current date, the amount of data, the web browser and its version, the operating system used, the domain name of your internet provider and the referrer URL as the page from which you accessed our site, as well as the respective IP address. We use this data for the presentation and delivery of our content as well as for statistical purposes.

As a rule, these log files do not allow any conclusions to be drawn about you and your person. Should your personal data nevertheless be processed, the legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 f) DSGVO, to be able to continuously improve our offer with the help of the data.


We reserve the right to subsequently check the data mentioned should there be any suspicion of illegal use of our homepage offers.


    3. SSL encryption

For your security, our website uses SSL encryption when transmitting confidential or personal content.


This encryption is activated, for example, when you send us an enquiry via our homepage. Please make sure that SSL encryption is activated for corresponding activities on your part. The use of encryption is easy to recognise: The display in your browser line changes from "http://" to "https://".


As far as is currently known, data encrypted via SSL cannot be decrypted by third parties. Only transmit your confidential information when SSL encryption is activated. Absolute security cannot be guaranteed, so in case of doubt it is better to contact us by telephone or by post.


    4. Objection to advertising e-mails

Within the framework of the legal imprint obligation, we have to publish our contact details.


These are sometimes used by third parties to send unsolicited advertising and information. We hereby object to any sending of advertising material of any kind not expressly authorised by us.


Furthermore, we expressly reserve the right to take legal action against the unwanted and unsolicited sending of advertising material. This applies in particular to so-called spam e-mails, spam letters and spam faxes. We would like to point out that the unauthorised transmission of advertising material may involve offences under competition law, civil law and criminal law. In this respect, it may lead to high claims for damages or fines if you disrupt our operations by overfilling mailboxes or fax machines.


    5. Objection or revocation against the processing of your data

If you have given your consent, Art. 6 para. 1 a) DSGVO is the legal basis for the processing of your data. You can revoke your consent at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

Insofar as we base the processing of your personal data on the balance of interests, Art. 6 para. 1 f) DSGVO is the legal basis for the processing. In this case, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.


Your objection or revocation can be made to the above-mentioned responsible body.


    6. Contents and services of third party providers

The offer on our homepage may also include content, services and benefits from other providers that complement our offer (so-called third-party providers).


This happens on the one hand with so-called "plug-ins". These are software extensions or additional modules that expand the functions of our homepage. Examples of such services are maps from Google Maps, YouTube videos or third-party graphic representations. Calling up these services from third parties regularly requires the transmission of your IP address. Through this, these providers receive your user IP address and may also store it.


We endeavour to include only those third-party providers that use IP addresses solely for the delivery of content. However, we have no influence on which third-party provider actually stores the IP address. This storage may serve statistical purposes, for example. If we become aware of storage processes by third-party providers, we will inform our users of this fact in this data protection declaration. In this context, please note the following data protection statements for individual third-party providers and service providers whose services we use on our homepage.


We do not assume any liability for the content or the success of the following services. The respective owners are responsible for the content of the linked pages.


    a) Cookiebot

We use the consent management service Cookiebot, of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This enables us to obtain and manage consent from website users for data processing. The processing is necessary to comply with a legal obligation (Art. 7 para. 1DSGVO) to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO). For this purpose, the following data are processed with the help of cookies:

Your IP address (the last three digits are set to '0'). Date and time of consent. Browser information URL from which the consent was sent. An anonymous, random and encrypted key Your end-user consent status, as proof of consent.

The key and consent status are stored in the browser for 12 months using the cookie "CookieConsent". This preserves your cookie preference for subsequent page requests. With the help of the key, your consent can be proven and traced.

If you activate the service function "Sammelzustimmung" to activate consent for multiple web pages through a single end-user consent, the service additionally stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in encrypted form in the third-party cookie "CookieConsentBulkTicket" in your browser: You enable the collective consent function in the service configuration. You allow third-party cookies via browser settings. You have disabled "Do not track" via browser settings. You accept all or at least certain types of cookies when you give consent.

The functionality of the website is not guaranteed without the processing.

Usercentrics is a recipient of your personal data and acts as a processor on our behalf.

The processing takes place in the European Union. For more information on how to object to and remove your data from Usercentrics, please visit:

Your personal data will be deleted continuously after 12 months or immediately after the termination of the contract between us and Usercentrics.

Please refer to our general comments on deleting and deactivating cookies above.

    b) Google Tag Manager

For our website we use the Google Tag Manager of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This tag manager is one of many helpful marketing products from Google. Via the Google Tag Manager, we can centrally integrate and manage code sections of various tracking tools that we use on our website.

In this privacy policy, we would like to explain to you in more detail what the Google Tag Manager does, why we use it and in what form data is processed.

The Tag Manager itself is a domain that does not set any cookies and does not store any data. It acts as a mere "administrator" of the implemented tags. The data is collected by the individual tags of the various web analysis tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

However, the situation is completely different with the integrated tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behaviour is usually collected, stored and processed with the help of cookies. For this, please read our privacy texts on the individual analysis and tracking tools we use on our website.

In the account settings of the Tag Manager, we have allowed Google to receive anonymised data from us. However, this is only about the use and usage of our Tag Manager and not your data stored via the code sections. We allow Google and others to receive selected data in anonymised form. We thus consent to the anonymous sharing of our website data. Which summarised and anonymous data is forwarded exactly, we could not find out - despite long research. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends within the framework of benchmarking measures. Benchmarking compares our own results with those of our competitors. Processes can be optimised on the basis of the information collected.

When Google stores data, this data is stored on its own Google servers. The servers are distributed all over the world. Most of them are located in America. You can find out exactly where Google servers are located at

You can find out how long the individual tracking tools store data from you in our individual data protection texts for the individual tools.


    7. Handling of comments and contributions

If you leave a post or comment on this website, your IP address will be stored. This is done on the basis of our legitimate interests within the meaning of Art. 6 para. 1 f) DSGVO and serves the security of us as website operator.

Should your comment violate applicable law, we may be prosecuted and held liable, which is why we have an interest in the identity of the comment or post author. Your address will be deleted in accordance with the general principles of this data protection declaration if the purpose for which it was stored is no longer given and insofar as there are no legal obligations to retain data to the contrary.



    8. Transmission to third parties

Your personal data may be transferred to third parties in the cases mentioned in the previous section.

In addition to the legal obligation to comply with all data protection regulations, our service providers are bound by further contractual data protection requirements. This also includes an obligation as an order processor pursuant to Art. 28 para. 3 DSGVO.


Apart from that, we only transfer personal data to third parties if we are legally permitted to do so or if you have given your prior consent. You can revoke any consent you may have given at any time with effect for the future. We will only pass on your data to state authorities within the framework of legal obligations or on the basis of an official order or court decision and only insofar as this is permissible under data protection law.


    9. Transfer to countries outside the EU

For the purposes mentioned for the use of our homepage, a transfer to countries outside the EU and the EEA (third countries) is generally not necessary and therefore does not take place. Furthermore, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the DSGVO and no other interests worthy of protection speak against the transfer of data. To ensure an adequate level of protection for the recipient of the data, we use in particular the EU Commission's model contracts for the transfer of personal data to third countries.


    10. Data security

Those responsible for this website have taken the necessary technical and organisational measures to protect the personal data you have provided against loss, destruction, manipulation and unauthorised access.


    11. Deletion

As a matter of principle, we delete your personal data as soon as they are no longer required for the purposes pursued with the collection and processing and insofar as there are no statutory retention obligations to the contrary. Legal retention periods result in particular from German tax and commercial law, as well as pharmaceutical law.

If pseudonymous user profiles are stored, these will be deleted 24 months after the last new entry.


    12. Changes to the data protection declaration

New legal requirements, business decisions or technical developments may require changes to our data protection declaration. The data protection declaration will then be adapted accordingly. You will always find the latest version on our website.

bottom of page