Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offerings”).

The terms used are not gender-specific.

As of: September 19, 2023

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transfer of Personal Data
  • International Data Transfers
  • Data Deletion
  • Rights of Data Subjects
  • Use of Cookies
  • Business Services
  • Provision of Online Offerings and Web Hosting
  • Community Functions
  • Blogs and Publication Media
  • Contact and Inquiry Management
  • Communication via Messengers
  • Newsletters and Electronic Notifications
  • Advertising Communication via Email, Mail, Fax, or Telephone
  • Contests and Competitions
  • Surveys and Questionnaires
  • Web Analysis, Monitoring, and Optimization
  • Online Marketing
  • Affiliate Programs and Affiliate Links
  • Customer Reviews and Rating Processes
  • Presence on Social Networks (Social Media)
  • Plugins and Embedded Features and Content
  • Changes and Updates to the Privacy Policy
  • Definition of Terms

Controller

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and process data.
  • Event data (Facebook).

Categories of Data Subjects Customers

  • Prospective customers.
  • Communication partners.
  • Users.
  • Contest and competition participants.
  • Business and contractual partners.
  • Participants.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures. Direct marketing.
  • Reach measurement.
  • Tracking. Office and organizational procedures. Conversion tracking.
  • Affiliate tracking.
  • Management and response to inquiries.
  • Conducting contests and competitions.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offerings and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases under the GDPR:

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or domicile. Furthermore, specific legal bases may apply in individual cases, which we will inform you about in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated individual decision-making, including profiling. In addition, data protection laws of individual German states may apply.

Reference to the applicability of the GDPR and the Swiss Data Protection Act: These data protection notices serve both the information requirements of the Swiss Federal Data Protection Act (Schweizer DSG) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that, due to the broader geographical scope and comprehensibility, the terms of the GDPR are used. In particular, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data,” used in the GDPR, are used instead of the terms “processing” of “personal data,” “overriding legitimate interest,” and “particularly sensitive personal data” used in the Swiss DSG. However, the legal significance of the terms is still determined in accordance with the Swiss DSG within the scope of the applicability of the Swiss DSG.

Security measures

We implement suitable technical and organizational measures, taking into account legal requirements, the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the access, input, transmission, availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, by design, and by default privacy settings.

IP Address Anonymization: If IP addresses are processed by us or by the service providers and technologies we use, and processing the full IP address is not required, the IP address is anonymized (also known as “IP masking”). This involves removing the last two digits or the last part of the IP address after a dot, or replacing them with placeholders. The anonymization of the IP address is intended to prevent or significantly hinder the identification of a person based on their IP address.

TLS Encryption (https): To protect data transmitted via our online services, we use TLS encryption. You can recognize such encrypted connections by the “https://” prefix in your browser’s address bar.

Transmission of Personal Data

In the course of our processing of personal data, it may be necessary to transmit or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with data recipients to protect your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if data processing occurs as part of the use of third-party services or the disclosure or transmission of data to other individuals, entities, or companies, this is only done in accordance with legal requirements. If the data protection level in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers are only made when the data protection level is otherwise guaranteed, especially through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required data transfer (Art. 49(1) GDPR). We will inform you about the basis for third-country data transfers with specific providers from the third country, with adequacy decisions being the primary basis. Information on third-country transfers and existing adequacy decisions can be found in the European Commission’s information portal: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level for certain companies in the USA in the context of the adequacy decision of July 10, 2023, as safe. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you in our data protection notices about which service providers certified under the Data Privacy Framework we use.

Data Deletion

The data processed by us will be deleted in accordance with legal requirements as soon as the consents for processing that are required for processing are revoked or other permissions are no longer applicable (e.g., if the purpose of processing this data no longer applies or they are not necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person. Our data protection notices may also provide further information on the storage and deletion of data that is primarily applicable to the respective processing.

Rights of Data Subjects

Rights of data subjects under the GDPR: You have various rights as data subjects under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and additional information as required by law.
  • Right to Rectification: You have the right to obtain the rectification of inaccurate personal data concerning you. Right to Erasure and Restriction of Processing: You have the right to request the erasure of personal data concerning you under the conditions laid down by law or to request the restriction of processing of your personal data.
  • Right to Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with the law.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Use of Cookies

Cookies are small text files or other storage methods that store information on end devices and retrieve information from end devices. For example, they can be used to store login status in a user account, shopping cart contents in an online shop, accessed content, or functions used in an online service. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as for analyzing visitor traffic.

Information on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is not typically required when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service they explicitly requested (i.e., our online offering). Typically, strictly necessary cookies include cookies with functions related to displaying and ensuring the functionality of the online offering, load balancing, security, storing user preferences, and choices or similar purposes related to providing the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and contains information about the respective cookie usage.

Information on Legal Basis for Data Processing: The legal basis for processing users’ personal data using cookies depends on whether we ask for user consent. If users consent, the legal basis for processing their data is the consent provided. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and improving its usability) or, if cookies are necessary to fulfill our contractual obligations, on the necessity of using cookies to fulfill our contractual obligations. We clarify the purposes for which cookies are processed during this privacy policy or as part of our consent and processing procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also known as session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after closing the end device. For example, login status can be saved, or preferred content can be displayed directly when a user revisits a website. Data collected from users through cookies can also be used for reach measurement. If we do not provide explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can have a storage duration of up to two years.

General Information on Revocation and Objection (Opt-Out): Users can revoke their given consent at any time and object to data processing in accordance with legal requirements. To do so, users can restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offering). Users can also object to the use of cookies for online marketing purposes through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • BorlabsCookie: Cookie consent management; Service provider: Hosted locally on our server, no data sharing with third parties; Website: https://de.borlabs.io/borlabs-cookie/. Additional Information: An individual user ID, language, types of consents, and the time of their submission are stored server-side and in the cookie on users’ devices.

Please note that this translation is provided for informational purposes, and for legal or compliance purposes, it’s advisable to consult with a legal expert or attorney familiar with data protection laws in your jurisdiction to ensure that your cookie policy complies with applicable regulations.

Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), as part of contractual and similar legal relationships, as well as related measures and in the context of communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed-upon services, any obligations for updates, and remedies for warranty and other performance disruptions. Furthermore, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Additionally, we process the data based on our legitimate interests in proper and efficient business management, as well as security measures to protect our contractual partners and our business operations from misuse, data exposure, secrets, information, and rights (e.g., for the involvement of telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Under applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about other forms of processing, such as for marketing purposes, as part of this privacy policy.

We share with contractual partners which data is necessary for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or in person.

We delete the data after the expiration of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account or must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law and for commercial books, inventories, opening balances, annual financial statements, the documents required for understanding these documents, and organizational documents, as well as booking vouchers. The retention period for received commercial and business letters and copies of outgoing commercial and business letters is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement, or the management report was prepared, the commercial or business letter was received, or the commercial or business letter was sent, or the booking voucher was created, and the recording was made, or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, telephone numbers); Contract data (e.g., contract object, term, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Prospects; Business and contractual partners; Customers.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Contact inquiries and communication; Office and organizational procedures; Management and response to inquiries; Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (creation of user profiles).
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Economic analyses and market research: For business reasons and to identify market trends, the wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., which may include contractual partners, prospects, customers, visitors, and users of our online offering in the group of data subjects. The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). We may consider the profiles of registered users, including their information, e.g., on services used. The analyses are solely for our benefit and are not disclosed externally, unless they are anonymous analyses with aggregated, thus anonymized values. Furthermore, we respect the privacy of users and process the data for analytical purposes as pseudonymous and, if possible, anonymously (e.g., as aggregated data); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Agency services: We process the data of our customers as part of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, campaign implementation, process handling, server administration, data analysis/consulting services, and training services; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
  • Project and development services: We process the data of our customers and clients (collectively referred to as “customers”) to enable them to select, purchase or commission the chosen services or works, as well as related activities, and to provide them for payment and provision or execution; Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Provision of Online Services and Web Hosting

We process user data in order to provide them with our online services. To achieve this, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., entries in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); Security measures; Provision of contractual services and fulfillment of contractual obligations.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Provision of online services on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from an appropriate server provider (also referred to as “web hoster”); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transmitted, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization and stability of the servers; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidence purposes is exempt from deletion until the respective incident is finally clarified.
  • Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as other information concerning email transmission (e.g., the participating providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not encrypted when sent over the internet. While emails are usually encrypted during transport, they are not encrypted on the servers from which they are sent and received unless end-to-end encryption is used. Therefore, we cannot assume responsibility for the transmission of emails between the sender and our server; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
  • 1&1 IONOS: Services in the field of information technology infrastructure provision and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy. Data Processing Agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Community Functions

The community functions provided by us allow users to engage in conversations or exchange information with each other. Please note that the use of community functions is only permitted in compliance with applicable laws, our terms and policies, and the rights of other users and third parties.

  • Processed Data Types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Security measures.
  • Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Blogs and Publishing Media

We use blogs or similar means of online communication and publication (hereinafter referred to as “publishing media”). Reader data is processed for the purposes of the publishing medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For further information on the processing of visitors to our publishing medium, please refer to the information in these privacy notices.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures; Management and response to inquiries.
  • Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. This is done for our protection in case someone leaves unlawful content in comments and contributions (e.g., insults, prohibited political propaganda). In this case, we may be held responsible for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process user information for spam detection based on our legitimate interests.

On the same legal basis, we reserve the right to store users’ IP addresses for the duration of surveys and to use cookies to prevent multiple votes. The information provided by users in comments and contributions, such as personal information, contact information, website information, as well as content information, is permanently stored by us until users object.

Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) as well as within the scope of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested actions.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication methods, we process the data provided in this context to handle the stated request. Legal bases: Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Communication via Messengers

We use messengers for communication purposes, and therefore, we kindly ask you to consider the following information regarding the functionality of messengers, encryption, the use of metadata in communication, and your options for objection.

You can also contact us through alternative means, such as by phone or email. Please use the contact information provided to you or the contact options specified within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that communication contents (i.e., the content of the message and attached images) are encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of message contents.

However, we also inform our communication partners that messenger providers may not be able to view the content but can determine whether and when communication partners communicate with us and process technical information about the communication partner’s device and, depending on the settings of their device, location information (metadata).

Legal Bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and communication partners contact us, we use messengers in relation to our contractual partners and within the framework of contract initiation as a contractual measure, and in the case of other interested parties and communication partners, based on our legitimate interests in fast and efficient communication and meeting the communication needs of our communication partners. Furthermore, we would like to point out that we do not transmit contact data to messengers without your consent.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; Direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “Newsletters”) only with the consent of the recipients or a legal permit. If the contents of the Newsletter are specifically described during registration, they are decisive for the user’s consent. In all other respects, our Newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personalization purposes within the newsletter or to provide additional information if it is necessary for the purposes of the newsletter.

Double Opt-In Procedure: Subscription to our newsletter is generally based on a double opt-in procedure. This means that you will receive an email after registration asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with an external email address. Newsletter subscriptions are logged to verify the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to demonstrate previously given consent. Processing of these data is limited to the purpose of potentially defending against claims. Individual requests for deletion are possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration procedure is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services, promotions, and offers.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited web pages, interest in content, access times).
  • Data Subjects: Communication partners; Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail); Provision of contractual services and fulfillment of contractual obligations.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter at the end of each newsletter or you can use one of the contact options provided above, preferably email, to do so.

Additional Information on Processing Procedures, Methods, and Services:

  • Measurement of Opening and Click Rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from its server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or

to send different content according to the interests of our users.

Measurement of opening rates and click rates as well as storage of the measurement results in user profiles – Legal bases: Consent (Art. 6(1)(a) GDPR).

  • Requirement for the Use of Free Services: Consent to receive mailings may be made a requirement for the use of free services (e.g., access to certain content or participation in certain promotions). If users wish to use the free service without subscribing to the newsletter, we ask them to contact us.

Promotional Communication via Email, Post, Fax, or Telephone

We process personal data for the purpose of promotional communication, which can be carried out through various channels such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to promotional communication at any time.

After revocation or objection, we store the data required to prove the previous authorization for contact or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest of permanently observing the revocation or objection of users, we also store the data required to prevent further contact (e.g., email address, phone number, name, depending on the communication channel).

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Competitions and Contests

We process personal data of participants in competitions and contests only in compliance with relevant data protection regulations, as far as the processing is contractually necessary for the provision, execution, and handling of the competition, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in the security of the competition or protecting our interests from misuse by possible recording of IP addresses when submitting competition entries).

If contributions from participants are published as part of the competitions (e.g., in the context of a vote or presentation of competition entries or winners or in reports on the competition), we would like to point out that the names of the participants may also be published in this context. Participants can object to this at any time.

If the competition takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as the “Online Platform”), the terms of use and data protection regulations of the respective platforms also apply. In these cases, we would like to point out that we are responsible for the information provided by the participants in the context of the competition, and inquiries regarding the competition should be directed to us.

The data of participants will be deleted as soon as the competition or contest is over and the data is no longer required to inform the winners or because no further inquiries about the competition are expected. In principle, the data of participants will be deleted no later than 6 months after the end of the competition. Data of winners may be retained longer in order to, for example, answer inquiries about the prizes or fulfill the prize performances; in this case, the retention period depends on the type of prize and can be up to three years, for example, for items or services to be able to process warranty cases. Furthermore, the data of participants can be stored for a longer period, e.g., in the form of reporting on the competition in online and offline media.

If data was collected as part of the competition for other purposes, their processing and retention period are subject to the data protection information for that use (e.g., in the case of subscribing to a newsletter as part of a competition).

  • Processed Data Types: Inventory data (e.g., names, addresses); Content data (e.g., entries in online forms); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Competition and contest participants.
  • Purposes of Processing: Conducting competitions and contests.
  • Legal Bases: Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Surveys and Questionnaires

We conduct surveys and questionnaires to collect information for the communicated survey or questionnaire purposes. The surveys and questionnaires (hereinafter referred to as “surveys”) conducted by us are evaluated anonymously. Personal data is processed only to the extent necessary for the provision and technical implementation of the surveys (e.g., processing of the IP address to display the survey in the user’s browser or to enable the resumption of the survey using a cookie).

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Communication partners. Participants.
  • Purposes of Processing: Feedback (e.g., collecting feedback via online forms).
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also known as “reach measurement”) serves to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content is most frequently used or invite for reuse. Likewise, we can determine which areas require optimization.

In addition to web analysis, we can also use test procedures to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored and read from a browser or end device. The information collected may include, in particular, visited websites and elements used there, as well as technical details such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data vis-à-vis us or vis-à-vis the providers of the services we use, location data can also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored within the scope of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).

  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles). Provision of our online offering and user-friendliness.
  • Security Measures: IP masking (pseudonymization of the IP address).
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to an end device to recognize which content users have accessed within one or more usage processes, which search terms they have used, which they have accessed again, or with which they have interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users that refer to our online offering and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, when Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing. The IP address data is used exclusively for this geolocation data derivation for EU data traffic, then deleted immediately. They are not logged, accessible, or used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Google Analytics; Privacy Policy: Google Analytics Privacy Policy; Data Processing Agreement: Google Data Processing Addendum; Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Google Model Contract Clauses); Opt-out possibility (Opt-Out Plugin), Ad display settings; Further information: Google Ads Services (Types of processing and processed data).

Online Marketing

We process personal data for the purpose of online marketing, which includes, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on potential user interests, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”), or similar methods are used to store information relevant to the user for the display of the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical details such as the used browser, the used computer system, usage times, and used features. If users have consented to the collection of their location data, this data can also be processed.

The IP addresses of users are also stored. However, we use available IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored within the scope of online marketing procedures, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or similar methods. These cookies can also be read on other websites that use the same online marketing procedures, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing procedure provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case, for example, if users are members of a social network whose online marketing procedure we use, and the network connects the profiles of users with the aforementioned information. Please note that users may make additional agreements with the providers, for example, by giving consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, as part of so-called conversion tracking, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract with us. Conversion tracking is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).

  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Marketing; Profiles with user-related information (creating user profiles). Conversion tracking (measurement of the effectiveness of marketing measures).
  • Security Measures: IP masking (pseudonymization of the IP address).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).
  • Opt-Out Options: We refer to the privacy policies of the respective providers and the opt-out options indicated for the providers (so-called “opt-out”). If no explicit opt-out option has been provided, you have the option to disable cookies in your browser settings. However, this may limit the functionality of our online offering. We also recommend the following summarized opt-out options, which are targeted at specific areas:

    a) Europe: Your Online Choices.

    b) Canada: Your Ad Choices.

    c) USA: About Ads Choices.

    d) Cross-Region: Opt-Out.

Further Information on Processing Procedures, Methods, and Services:

  • Google Ads and Conversion Tracking: Online marketing procedure for the placement of content and advertisements within the service provider’s advertising network (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users who are presumed to have an interest in the advertisements. In addition, we measure the conversion of the ads, i.e., whether users have interacted with the ads and used the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policy; Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further Information: Types of processing and data processed: Google Ads Services. Data processing conditions between controllers and standard contractual clauses for data transfers to third countries: Google Ads Data Processing Terms.
  • Google Adsense with Personalized Ads: We use the Google Adsense service with personalized ads to display ads within our online offering, and we receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policy; Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further Information: Types of processing and data processed: Google Ads Services. Data processing conditions for Google advertising products: Information on the services, data processing conditions between controllers, and standard contractual clauses for data transfers to third countries: Google Ads Data Processing Terms.
  • Google Adsense with Non-Personalized Ads: We use the Google Adsense service with non-personalized ads to display ads within our online offering, and we receive compensation for their display or other use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: Google Marketing Platform; Privacy Policy: Google Privacy Policy; Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF); Further Information: Types of processing and data processed: Google Ads Services. Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: Google Ads Data Processing Terms.

Affiliate Programs and Affiliate Links

In our online offering, we incorporate so-called affiliate links or other references (which may include search forms, widgets, or discount codes) to the offerings and services of third-party providers (collectively referred to as “affiliate links”). When users follow the affiliate links or subsequently avail themselves of the offerings, we may receive a commission or other benefits from these third-party providers (collectively referred to as “commission”).

In order to track whether users have availed themselves of the offerings through an affiliate link used within our online offering, it is necessary for the respective third-party providers to know that users have followed an affiliate link within our online offering. The allocation of affiliate links to the respective transactions or other actions (e.g., purchases) is solely for the purpose of commission settlement and will be canceled as soon as it is no longer necessary for that purpose.

For the purpose of the aforementioned allocation of affiliate links, the affiliate links may be supplemented with specific values that are part of the link or may be stored elsewhere, such as in a cookie. These values may include, in particular, the originating website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offering, the type of link used, the type of offering, and an online identifier of the user.

Notes on Legal Bases: If we request users’ consent for the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., an interest in efficient, cost-effective, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Processed Data Types: Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Affiliate tracking.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Amazon Partner Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Amazon; Privacy Policy: Amazon Privacy Policy. Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF).
  • Digistore24 Partner Program: Affiliate marketing partner program; Service provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Digistore24; Privacy Policy: Digistore24 Privacy Policy.

Customer Reviews and Review Processes

We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us or provide feedback through the involved review platforms or processes, the terms and conditions and privacy policies of the providers additionally apply. Typically, rating requires registration with the respective providers.

To ensure that the reviewing individuals have actually used our services, we transmit the necessary data related to the customer and the service used to the respective review platform with the customer’s consent (including name, email address, and order number or item number). This data is used solely for the purpose of verifying the authenticity of the user.

  • Processed Data Types: Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Feedback (e.g., collecting feedback via online form); Marketing.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Review Widgets: We integrate so-called “review widgets” into our online offering. A widget is a function and content element integrated into our online offering that displays variable information. It can be presented in the form of a seal or similar element, sometimes also called a “badge.” The corresponding content of the widget is displayed within our online offering, but it is retrieved from the servers of the respective widget provider at that moment. This is necessary to always show the current content, especially the current rating. For this purpose, a data connection must be established from the web page called up within our online offering to the server of the widget provider, and the widget provider receives certain technical data (access data, including IP address) necessary to deliver the content of the widget to the user’s browser. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offerings participating in the review process have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • kununu: Review platform; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: kununu; Privacy Policy: kununu Privacy Policy.
  • Trusted Shops (Trustedbadge): Review platform – In the context of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops with regard to data protection questions and to assert your rights, preferably using the contact information provided in the data protection information. Regardless, you can always contact the responsible party of your choice. If necessary, your request will be forwarded to the other responsible party for response.

    The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. Adequate data protection is ensured through standard data protection clauses and other contractual measures. When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also includes your IP address, date and time of access, amount of data transferred, and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection, so the stored data cannot be assigned to your person. The anonymized data is used, in particular, for statistical purposes and for error analysis.

    If you have given your consent, the Trustbadge accesses order information stored in your end device (order amount, order number, if applicable, purchased product) and your email address and hashes your email address using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information in accordance with Art. 6(1)(1) lit. a GDPR. This is done to check whether you are already registered for Trusted Shops’ services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not grant your consent for automatic recognition via the Trustbadge, you will subsequently have the opportunity to register manually for the use of the services or to secure the order within the framework of your existing usage agreement, if applicable.

    Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6(1) lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). Adequate data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures, and in the case of Israel through an adequacy decision.

    Service Provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany; Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR); Website: Trusted Shops; Privacy Policy: Trusted Shops Privacy Policy.

  • Trustpilot: Review platform; Service provider: Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Trustpilot; Privacy Policy: Trustpilot Privacy Policy.

Presences in Social Networks (Social Media)

We maintain online presences within social networks and, in this context, process user data to communicate with active users there or to provide information about us.

We would like to point out that user data may be processed outside the European Union as a result of this. This may entail risks for users because, for example, the enforcement of user rights could be more difficult.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can then be used to display advertisements within and outside the networks that presumably correspond to the users’ interests. For these purposes, cookies are usually stored on users’ computers, in which user behavior and interests are stored. In addition, data may be stored in user profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in).

For a detailed description of the respective processing methods and options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of inquiries and the exercise of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact requests and communication; Feedback (e.g., collecting feedback via online forms); Marketing.
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Instagram; Privacy Policy: Instagram Privacy Policy.
  • Facebook Pages: Profiles within the social network Facebook – We, together with Meta Platforms Ireland Limited, are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: Facebook Data Policy). As explained in the Facebook Data Policy under “How We Use This Information,” Facebook also collects and uses information to provide analytics services, known as “Page Insights,” to page operators, so they can gain insights into how people interact with their pages and associated content. We have entered into a special agreement with Facebook (“Page Insights Information,” Page Insights Information), which regulates, among other things, what security measures Facebook must observe and in which Facebook has agreed to fulfill data subject rights (i.e., users can direct inquiries or deletion requests directly to Facebook). The rights of users (especially with regard to information, deletion, objection, and complaints to the competent supervisory authority) are not limited by the agreements with Facebook. Further information can be found in the “Page Insights Information” (Page Insights Information); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Facebook; Privacy Policy: Facebook Privacy Policy; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Facebook Standard Contractual Clauses).
  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: LinkedIn; Privacy Policy: LinkedIn Privacy Policy; Data Processing Agreement: LinkedIn Data Processing Agreement; Basis for Third Country Transfer: Standard Contractual Clauses (LinkedIn Standard Contractual Clauses). Opt-out: LinkedIn Opt-Out.
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Privacy Policy: YouTube Privacy Policy; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). Opt-out: YouTube Opt-Out.

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offerings that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos, or maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic to the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit times, as well as other information about the use of our online offerings, as well as being linked to such information from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Location data (information about the geographic location of a device or person); Event data (Facebook) (“Event data” are data that can be transmitted to Facebook, for example, via Facebook pixels (via apps or other means) and relate to individuals or their actions; this data includes information about visits to websites, interactions with content, features, app installations, product purchases, etc.; event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not include the actual content (e.g., written comments), login information, or contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and target groups formed from them are deleted when our Facebook account is deleted).
  • Data Subjects: Users (e.g., website visitors, users of online services).

  • Purposes of Processing: Provision of our online offering and user-friendliness; Marketing; Profiling with user-related information (creation of user profiles).

  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Facebook Plugins and Content: Facebook Social Plugins and Content – This may include content such as images, videos, or text, and buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: Facebook Social Plugins. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt (but not further processing) of “event data” collected by Facebook through the Facebook Social Plugins (and content embedding functions) that are executed on our online offering or received for the following purposes: a) Display of content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improving the recognition of which content or advertising information presumably corresponds to users’ interests). We have concluded a special agreement with Facebook (“Addendum for Controllers,” Facebook Controller Addendum), which regulates, among other things, the security measures Facebook must observe (Data Security Terms) and in which Facebook has agreed to fulfill data subject rights (i.e., users can direct inquiries or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analytics, and reports (which are aggregated, meaning they do not contain information about individual users and are anonymous to us), this processing does not fall under joint responsibility but is based on a data processing agreement (“Data Processing Terms,” Data Processing Terms), the “Data Security Terms” (Data Security Terms), and, with regard to processing in the USA, on standard contractual clauses (“Facebook EU Data Transfer Addendum,” Facebook EU Data Transfer Addendum). The rights of users (especially with regard to information, deletion, objection, and complaints to the competent supervisory authority) are not limited by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: Facebook; Privacy Policy: Facebook Privacy Policy. Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF).
  • Google Fonts (Served from Google Server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to currency and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) that is necessary for the provision of fonts depending on the devices used and the technical environment is transmitted. This data may be processed on a server of the font provider in the USA. When users visit our online offering, their browser sends HTTP requests to the Google Fonts Web API (i.e., a software interface for accessing fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of website visitors, as well as the referrer URL (i.e., the webpage where the Google font is to be displayed). IP addresses are not logged or stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must customize the font generated for the respective browser type. The user agent is primarily logged for debugging purposes and is used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts “Analytics” page. Finally, the referrer URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. According to Google’s own information, none of the information collected by Google Fonts is used to create profiles of end users or to display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Google Fonts; Privacy Policy: Google Privacy Policy; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). Further Information: Google Fonts FAQ – Privacy.
  • Google Maps: We integrate maps from the “Google Maps” service provided by Google. The processed data may include, in particular, IP addresses and location data of the users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Google Maps; Privacy Policy: Google Privacy Policy. Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF).
  • Instagram Plugins and Content: Instagram Plugins and Content – This may include content such as images, videos, or text, and buttons that allow users to share content from this online offering within Instagram; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: Instagram; Privacy Policy: Instagram Privacy Policy.

  • LinkedIn Plugins and Content: LinkedIn Plugins and Content – This may include content such as images, videos, or text, and buttons that allow users to share content from this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: LinkedIn; Privacy Policy: LinkedIn Privacy Policy; Data Processing Agreement: LinkedIn Data Processing Agreement; Basis for Third Country Transfer: Standard Contractual Clauses (LinkedIn Standard Contractual Clauses). Opt-out: LinkedIn Opt-Out.
  • YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: YouTube; Privacy Policy: Google Privacy Policy; Basis for Third Country Transfer: EU-US Data Privacy Framework (DPF). Opt-out: Opt-Out Plugin: Google Analytics Opt-Out, Settings for Displaying Advertisements: Google Ads Settings.

Translation: Change and Update of the Privacy Policy

We kindly request that you regularly check the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we conduct make it necessary. We will inform you as soon as changes require any action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the information before contacting them.

Definitions

In this section, you will find an overview of the terms used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations primarily aim to enhance understanding.

  • Affiliate Tracking: In the context of affiliate tracking, links that refer users from linking websites to websites offering products or other offers are logged. The operators of the linking websites may receive a commission if users follow these so-called affiliate links and subsequently avail themselves of the offers (e.g., purchase goods or use services). For this purpose, it is necessary for providers to track whether users who are interested in specific offers subsequently take advantage of them at the initiative of affiliate links. Therefore, the proper functioning of affiliate links requires that they are supplemented with certain values, which become part of the link or are stored elsewhere, e.g., in a cookie. These values include, in particular, the referring website (referrer), the time, an online identifier of the website operator on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorizations.
  • Conversion Tracking: Conversion tracking (also referred to as “visit action analysis”) is a method used to determine the effectiveness of marketing measures. Typically, a cookie is stored on users’ devices within the websites where marketing measures are carried out and is then retrieved on the target website. For example, this allows us to track whether advertisements placed by us on other websites were successful.
  • Personal Data: “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  • Profiles with User-related Information: The processing of “profiles with user-related information,” or simply “profiles,” encompasses any form of automated processing of personal data that involves the use of such data to analyze, evaluate, or predict specific personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). For profiling purposes, cookies and web beacons are often used.
  • Reach Measurement: Reach measurement (also referred to as web analytics) serves to analyze visitor flows of an online offering and may include the behavior or interests of visitors in specific information, such as website content. With the help of reach analysis, operators of online offerings can determine, for example, when users visit their websites and which content interests them. This allows them to better tailor website content to the needs of their visitors. For reach analysis purposes, pseudonymous cookies and web beacons are often used to recognize returning visitors and obtain more accurate usage analyses of an online offering.
  • Location Data: Location data is generated when a mobile device (or another device with the technical prerequisites for determining location) connects to a cell, Wi-Fi, or similar technical means and functions of location determination. Location data indicates the geographically determinable position on Earth where the respective device is located. Location data can be used, for example, to display map features or other location-dependent information.
  • Tracking: “Tracking” refers to the ability to trace the behavior of users across multiple online offerings. Typically, behavior and interest information regarding the used online offerings are stored in cookies or on servers of providers of tracking technologies (profiling). This information can subsequently be used to display users advertisements that are likely to match their interests.
  • Controller: The term “Controller” refers to the natural or legal person, authority, institution, or other body that, alone or jointly with others, decides on the purposes and means of processing personal data.
  • Processing: “Processing” includes any operation or set of operations performed with or without the help of automated processes in relation to personal data. The term encompasses practically any handling of data, whether it involves collecting, analyzing, storing, transmitting, or deleting it.

Created with the free privacy policy generator by Dr. Thomas Schwenke at Datenschutz-Generator.de.