Privacy policy

Table of contents

• Introduction and overview
• Area of application
• Legal basis
• Contact details of the person responsible
• Storage duration
• Rights under the General Data Protection Regulation
• Data transfer to third countries
• Security of data processing
• Communication
• Order processing contract (AVV)
• Cookies
• Application data
• Customer data
• Registration
• Webhosting introduction
• Web Analytics Introduction
• Email marketing introduction
• Social media introduction
• Blogs and publication media Introduction
• Online Marketing Introduction
• Partner programmes Introduction
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Cloud services
• Payment provider introduction
• Credit rating agencies Introduction
• Audio & Video Introduction
• Video conferencing & streaming Introduction
• Survey and interview systems Introduction
• Other Introduction
• Explanation of terms used
• Closing words

Introduction and overview

We have prepared this privacy policy (version 01.12.2023-322542178) in order to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors commissioned by us (e.g. providers) - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical Terms explained in a reader-friendly waylinks to further information and Graphics for use. We use it to inform you in clear and simple language that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible if we provide explanations that are as concise, unclear and legal-technical as possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible body named below or in the legal notice, follow the links provided and view further information on third-party websites. Our contact details can of course also be found in the legal notice.

Area of application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes

• all online presences (websites, online shops) that we operate
• Social media presence and e-mail communication
• Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 read more.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions such as the fulfilment of recording in the public interest and the exercise of official authority as well as the protection of vital interests do not generally arise for us. If such a legal basis is relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), in short DSG.
• In Germany this applies Federal Data Protection Act, short BDSG.

If other regional or national laws apply, we will inform you of this in the following sections.

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or organisation responsible below:
Sanjay Sauldie

e-mail: datenschutz@hls.global

Telephone: +49 15140530884

Storage duration

It is a general criterion for us that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing if we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:

• According to Article 15 GDPR, you have a right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
  • the purpose for which we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e. whether data is automatically analysed in order to create a personal profile of you.
• According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
• According to Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the erasure of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which will result in a change in the processing after enforcement.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally honour this objection.
  • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling purposes, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
• According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of your personal data is in breach of the GDPR.

In short: You have rights - do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the data protection authority, whose website you can find at https://www.dsb.gv.at/ find. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) contact. The following local data protection authority is responsible for our company:

Baden-Württemberg Data Protection Authority

State Commissioner for Data Protection: Prof Dr Tobias Keber
Address: Lautenschlagerstraße 20, 70173 Stuttgart
Telephone no: 07 11/61 55 41-0
E-mail address: poststelle@lfdi.bwl.de

Website: https://www.baden-wuerttemberg.datenschutz.de/

Data transfer to third countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or other legal authorisation exists. This applies in particular if the processing is required by law or necessary for the fulfilment of a contractual relationship and in any case only insofar as this is generally permitted. In most cases, your consent is the most important reason why we process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored in anonymised form. Furthermore, US government authorities may be able to access individual data. In addition, data collected may be linked to data from other services of the same provider if you have a corresponding user account. Where possible, we endeavour to use server locations within the EU if this is offered.
We will inform you in more detail about data transfer to third countries, if applicable, in the appropriate sections of this privacy policy.

Security of data processing

We have implemented both technical and organisational measures to protect personal data. Where possible, we encrypt or pseudonymise personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR speaks here of "data protection by design and by default" and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and appropriate measures should be taken. If necessary, we will go into more detail on specific measures below.

TLS encryption with https

TLS, encryption and https sound very technical - and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof on the Internet.
This means that the complete transmission of all data from your browser to our web server is secured - nobody can "listen in".

We have thus introduced an additional layer of security and fulfil data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

Communication Summary 👥 Data subjects: Anyone who communicates with us by phone, email or online form 📓 Processed data: e.g. telephone number, name, email address, form data entered. You can find more details on this in the respective contact type used 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage period: Duration of the business case and the statutory provisions ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate with us by telephone, e-mail or online form, personal data may be processed.

The data is processed for the handling and processing of your enquiry and the associated business transaction. The data will be stored for as long as required by law.

Persons concerned

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Telephone

When you call us, the call data is stored pseudonymised on the respective end device and with the telecommunications provider used. In addition, data such as your name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to your enquiry. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

e-mail

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on our web server and may be forwarded to one of our e-mail addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal bases:

• Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to use it for purposes relating to the business transaction;
• Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the fulfilment of a contract with you or a processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;
• Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer enquiries and business communication in a professional manner. This requires certain technical facilities such as email programmes, exchange servers and mobile network operators in order to operate communication efficiently.

Order processing contract (AVV)

In this section, we would like to explain what a data processing agreement is and why it is needed. Because the word "data processing agreement" is a bit of a mouthful, we will often only use the acronym DPA in this text. Like most companies, we do not work alone, but also utilise the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data takes place exclusively in accordance with our instructions and must be regulated by the DPA.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, public authority, agency or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Affected party (You as a customer or interested party) → Person responsible (we as a company and client) → Processor (Service providers such as web hosters or cloud providers)

Content of an order processing contract

As mentioned above, we have concluded a DPA with our partners who act as processors. This states above all that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although the electronic conclusion of the contract is also considered "written" in this context. The processing of personal data only takes place on the basis of the contract. The contract must contain the following:

• Commitment to us as the responsible party
• Obligations and rights of the controller
• Categories of affected persons
• Type of personal data
• Nature and purpose of data processing
• Purpose and duration of data processing
• Place of data processing

The contract also contains all the obligations of the processor. The most important obligations are

• Ensure data security measures
• take possible technical and organisational measures to protect the rights of the data subject
• to maintain a data processing directory
• cooperate with the data protection supervisory authority at its request
• carry out a risk analysis in relation to the personal data received
• Sub-processors may only be commissioned with the written authorisation of the controller

You can find out what such an AVV looks like in concrete terms at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html view. A sample contract is presented here.

Cookies

Cookies summary 👥 Data subject: Visitors to the website 🤝 Purpose: depending on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie. 📓 Processed data: Depending on the cookie used. You can find more details on this below or from the manufacturer of the software that sets the cookie. 📅 Storage duration: depends on the respective cookie, can vary from hours to years ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

Cookie data can look like this, for example:

Name: _ga
Value: GA1.2.1326744211.152322542178-9
Intended use: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

A distinction can be made between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and only goes to the checkout later. These cookies ensure that the shopping basket is not deleted even if the user closes their browser window.

Purposeful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and the behaviour of the website with different browsers.

Target-orientated cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver customised advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details on this below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage duration of cookies

The storage period depends on the cookie in question and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can delete all cookies manually at any time via your browser (see also "Right to object" below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of the storage until then remains unaffected.

Right to object - how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can then decide for each individual cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "deactivate cookies Chrome" in the case of a Chrome browser.

Legal basis

The so-called "cookie guidelines" have been in place since 2009. This stipulates that the storage of cookies is a Consent (Article 6(1)(a) GDPR) from you. However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive has been implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this will only take place with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies if the software used utilises cookies.

Application data

Application data summary 👥 Affected parties: Users who apply for a job with us 🤝 Purpose: Handling of an application procedure 📓 Processed data: Name, address, contact details, e-mail address, telephone number, proof of qualifications (certificates), any special category data. 📅 Storage period: if your application is successful, until the end of the employment relationship. Otherwise, the data will be deleted after the application process or stored for a certain period with your consent. ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), legitimate interest (Art. 6 para. 1 lit. f GDPR), Art. 6 para. 1 lit. b GDPR (contract), Art. 9 para. 2 lit. a. GDPR (processing of special categories)

What is application data?

You can apply for a job in our company by e-mail, online form or via a recruiting tool. All data that we receive and process from you as part of an application is considered application data. You always disclose personal data such as your name, date of birth, address and telephone number.

Why do we process application data?

We process your data so that we can carry out a proper selection procedure in relation to the advertised position. We are also happy to keep your application documents in our application archive. This is because it often happens that, for a variety of reasons, we are not able to work with you for the advertised position, but we are impressed by you and your application and can very well imagine working with you in the future. If you give us your consent, we will archive your documents so that we can easily contact you for future jobs in our company.

We guarantee that we handle your data with particular care and only ever process your data within the legal framework. Even within our company, your data will only be passed on to people who are directly involved with your application. In short: Your data is safe with us!

What data is processed?

If you apply to us by e-mail, for example, we will of course also receive personal data, as mentioned above. Even the e-mail address is considered personal data. However, only the data that is relevant to our decision as to whether or not we want to welcome you to our team is processed in the course of an application process.

Exactly which data is processed depends primarily on the job advertisement. In most cases, however, it will be your name, date of birth, contact details and proof of qualifications. If you submit your application via an online form, the data will be encrypted and forwarded to us. If you send us the application by e-mail, this encryption does not take place. We can therefore accept no responsibility for the transmission route. However, once the data is on our servers, we are responsible for the lawful handling of your data.

During an application process, in addition to the above-mentioned data, information about your health or ethnic origin may also be requested so that we and you can exercise the rights relating to labour law, social security and social protection and at the same time comply with the corresponding obligations. This data is special category data.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• E-mail address
• Telephone number
• Date of birth
• Information from the cover letter and CV
• Proof of qualifications (e.g. certificates)
• Special categories of data (e.g. ethnic origin, health data, religious beliefs)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long will the data be stored?

If we accept you as a team member in our company, your data will be processed further for the purpose of the employment relationship and stored by us at least until the end of the employment relationship. All application documents will then be placed in your employee file.

If we do not offer you the job, you reject our offer or withdraw your application, we may retain your data for up to 6 months after completion of the application process on the basis of legitimate interest (Art. 6 para. 1 lit. f GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data so that we can answer any follow-up questions or so that we can provide evidence of the application in the event of a legal dispute. If a legal dispute arises and we may still need the data after the 6 months have expired, we will only delete the data when there is no longer any reason to retain it. If there are statutory retention obligations to be fulfilled, we must generally store the data for longer than 6 months.

We can also store your data for longer if you have given your special consent. We do this, for example, if we can imagine working with you in the future. It is then helpful to have your data archived so that we can contact you easily. In this case, the data will be added to our applicant pool. Of course, you can revoke your consent to the longer storage of your data at any time. If you do not revoke your consent and do not provide new consent, your data will be deleted after 2 years at the latest.

Legal basis

The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (legitimate interests) and Art. 9 para. 2 lit. a. GDPR (processing of special categories).

If we include you in our applicant tool, this is done on the basis of your consent (Art. 6 para. 1 lit. a GDPR). We would like to point out that your consent to our application pool is voluntary, has no influence on the application process and you have the option of withdrawing your consent at any time. This does not affect the lawfulness of the processing up to the time of revocation.

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c. GDPR. For the purposes of health care, occupational medicine, medical diagnosis, health or social care or treatment or for the management of health or social care systems and services, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h. GDPR. GDPR. If you voluntarily provide data of special categories, the processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

Customer data

Customer data summary 👥 Affected parties: Customers or business and contractual partners 🤝 Purpose: Provision of the contractually or pre-contractually agreed services including associated communication 📓 Processed data: Name, address, contact details, e-mail address, telephone number, payment information (such as invoices and bank details), contract data (such as duration and subject of the contract), IP address, order data 📅 Storage period: the data is deleted as soon as it is no longer required to fulfil our business purposes and there is no legal obligation to retain it. ⚖️ Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR), contract (Art. 6 para. 1 lit. b GDPR)

What is customer data?

We also process data from our customers and business partners so that we can offer our services and contractual services. This data always includes personal data. Customer data refers to all information that is processed on the basis of a contractual or pre-contractual collaboration in order to be able to provide the services offered. Customer data is therefore all the information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes your e-mail address is enough, but when you purchase a product or service, for example, we also need data such as your name, address, bank details or contract data. We also use the data for marketing and sales optimisation so that we can improve our overall service for our customers. Another important point is our customer service, which is always very important to us. We want you to be able to contact us at any time with questions about our offers, and for this we need at least your e-mail address.

What data is processed?

The exact data that is stored can only be described here on the basis of categories. This always depends on which services you receive from us. In some cases, you only give us your e-mail address so that we can contact you or answer your questions, for example. In other cases, you purchase a product or service from us and we require significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• E-mail address
• Telephone number
• Date of birth
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (term, content)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfil our contractual obligations and our purposes and the data is also no longer required for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After this, the limitation period is generally 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have given your explicit consent.

Legal basis

The legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (legitimate interests) and in special cases (e.g. medical services) Art. 9 para. 2 lit. a. GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c. GDPR. For the purposes of health care, occupational medicine, medical diagnosis, health or social care or treatment or for the management of health or social care systems and services, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h. GDPR. GDPR. If you voluntarily provide data of special categories, the processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR.

Registration

Registration summary 👥 Affected persons: All persons who register, create an account, log in and use the account. 📓 Processed data: Email address, name, password and other data collected in the course of registration, login and account use. 🤝 Purpose: Provision of our services. Communication with customers in connection with the services. 📅 Storage duration: Sas long as the company account linked to the texts exists and generally for 3 years thereafter. ⚖️ Legal bases: Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

When you register with us, personal data may be processed if you enter personal data or data such as the IP address is collected in the course of processing. You can read below what we mean by the rather unwieldy term "personal data".

Please only enter data that we require for registration and for which you have the authorisation of a third party if you are registering on behalf of a third party. If possible, use a secure password that you do not use anywhere else and an e-mail address that you check regularly.

In the following we inform you about the exact type of data processing, because we want you to feel comfortable with us!

What is a registration?

When you register, we collect certain data from you and enable you to simply log in to us online later and use your account with us. The advantage of having an account with us is that you don't have to re-enter everything every time. Saves time, effort and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us.

If we didn't do this, you would have to enter all the data every time, wait for us to approve it and enter everything again. We and many, many customers wouldn't like that. What would you think?

What data is processed?

All data that you provided during registration, entered during login or entered as part of managing your data in your account.

We process the following types of data during registration: 

• First name
• Last name
• E-mail address
• Company name
• Street + house number
• Place of residence
• Postcode
• Country

When you log in, we process the data you enter when you log in, such as your user name and password, and data collected in the background, such as device information and IP addresses.

When you use your account, we process data that you enter while using your account and that is generated in the course of using our services.

Storage duration

We store the data entered for at least as long as the account linked to the data exists with us and is used, as long as contractual obligations exist between us and, if the contract ends, until the respective claims arising from it have expired. In addition, we store your data for as long as and to the extent that we are subject to statutory storage obligations. Thereafter, we retain accounting documents relating to the contract (invoices, contract documents, account statements, etc.) and other relevant business documents for the legally prescribed period (usually several years).

Right of objection

You have registered, entered data and would like to revoke the processing? No problem. As you can read above, the rights under the General Data Protection Regulation also apply during and after registration, login or account with us. Contact the person responsible for data protection above to exercise your rights. If you already have an account with us, you can easily view and manage your data and texts in your account.

Legal basis

By completing the registration process, you enter into a pre-contractual relationship with us in order to conclude a contract of use via our platform (even if there is no automatic obligation to pay). Sou invest time to enter data and register and we provide you with our services after logging into our system and viewing your customer account. We also fulfil our contractual obligations. Finally, we need to keep registered users informed of important changes by email. Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures, fulfilment of a contract) therefore applies.

If necessary, we may also obtain your consent, e.g. if you voluntarily provide more data than is absolutely necessary or if we are allowed to send you advertising. Art. 6 para. 1 lit. a GDPR (consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in certain cases. We also need to know who is using our services and whether they are being used in accordance with our terms of use, so Art. 6 para. 1 lit. f GDPR (legitimate interests) applies.

Note: the following sections are to be ticked by users (as required):

Registration with real name

As we need to know who we are dealing with in our business operations, registration is only possible with your real name (clear name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms can be used for registration, i.e. you do not have to register with us using your real name. This ensures that your name cannot be processed by us. 

Storage of the IP address

In the course of registration, login and account use, we store the IP address in the background for security reasons in order to be able to determine lawful use.

Public profile

The user profiles are publicly visible, i.e. parts of the profile can also be viewed on the Internet without entering a user name and password.

2-factor authentication (2FA)

Two-factor authentication (2FA) offers additional security when logging in, as it prevents you from logging in without a smartphone, for example. This technical measure to secure your account therefore protects you against the loss of data or unauthorised access even if the user name and password were known.
You can find out which 2FA is used during registration, login and in the account itself.

Webhosting introduction

Web hosting summary 👥 Data subject: Visitors to the website 🤝 Purpose: professional hosting of the website and securing its operation 📓 Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or from the web hosting provider used. 📅 Storage period: depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one). By domain we mean, for example, example.de or example.com.

If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why this is usually done by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it will get even better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or prosecution of claims

What data is processed?

Even while you are currently visiting our website, our web server, i.e. the computer on which this website is stored, usually automatically saves data such as

• the complete Internet address (URL) of the website accessed
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for a fortnight and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility of this data being viewed by the authorities in the event of unlawful behaviour.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims from this if necessary.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

ALL-INKL privacy policy

We use ALL-INKL for our website, among other things a web hosting provider. The service provider is the German company ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

You can find out more about the data processed through the use of ALL-INKL in the privacy policy on https://all-inkl.com/datenschutzinformationen/
.

Order processing contract (AVV) ALL-INKL

We have concluded a data processing agreement (DPA) with ALL-INKL in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, above all, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because ALL-INKL processes personal data on our behalf. It clarifies that ALL-INKL may only process data that it receives from us in accordance with our instructions and must comply with the GDPR.

Web Analytics Introduction

Web Analytics privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimise the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. You can find more details on this in the web analytics tool used. 📅 Storage duration: depending on the web analytics tool used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to evaluate the behaviour of website visitors, known as web analytics or web analysis for short. This involves collecting data that is stored, managed and processed by the respective analytics tool provider (also known as a tracking tool). The data is used to create analyses of user behaviour on our website and made available to us as the website operator. In addition, most tools offer various test options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. In order to achieve this goal, we want to offer the best and most interesting services on the one hand and make sure that you feel completely at ease on our website on the other. With the help of web analysis tools, we can take a closer look at the behaviour of our website visitors and then improve our website accordingly for you and for us. For example, we can recognise the average age of our visitors, where they come from, when our website is visited the most or which content or products are particularly popular. All this information helps us to optimise the website and thus adapt it to your needs, interests and wishes.

What data is processed?

Exactly which data is stored depends, of course, on the analysis tools used. However, the content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use are generally stored, for example. If you have agreed that location data may also be collected, this may also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymised (i.e. in an unrecognisable and shortened form). For the purposes of testing, web analysis and web optimisation, no direct data such as your name, age, address or email address is stored. All this data, if collected, is stored in pseudonymised form. This means that you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with Java Script code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may also be exceeded.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent) represents the legal basis for the processing of personal data as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our website technically and economically. With the help of web analytics, we recognise errors on the website, can identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

As web analytics tools use cookies, we recommend that you also read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on special web analytics tools, if available, can be found in the following sections.

Facebook Conversions API privacy policy

We use Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook Conversions API in the privacy policy on https://www.facebook.com/about/privacy.

Facebook pixel privacy policy

We use the Facebook pixel from Facebook on our website. We have implemented a code on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and saves your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of adverts. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better customised to your wishes and interests. This means that Facebook users (provided they have allowed personalised advertising) see suitable advertising. Facebook also uses the data collected for analysis purposes and its own adverts.

Below we show you the cookies that were set by integrating Facebook pixels on a test page. Please note that these are only sample cookies. Different cookies are set depending on the interaction on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6322542178-7
Intended use: Facebook uses this cookie to display advertising products.
Expiry date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf...1.0.Bdeiuf.
Intended use: This cookie is used to ensure that Facebook Pixel works properly.
Expiry date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062322542178-3
Value: Name of the author
Intended use: This cookie stores the text and name of a user who leaves a comment, for example.
Expiry date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: httpswww.testseite... (URL of the author)
Intended use: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiry date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: E-mail address of the author
Intended use: This cookie stores the user's e-mail address, provided they have entered it on the website.
Expiry date: after 12 months

Remark: The cookies mentioned above relate to individual user behaviour. Especially when using cookies, changes in Facebook can never be ruled out.

If you are logged in to Facebook, you can change your settings for adverts under https://www.facebook.com/adpreferences/advertisers/  yourself. If you are not a Facebook user, you can click on https://www.youronlinechoices.com/de/praferenzmanagement/ manage your usage-based online advertising. There you have the option of deactivating or activating providers.

Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

If you want to find out more about Facebook's data protection, we recommend that you read the company's own data policy on https://www.facebook.com/privacy/policy.

Facebook automatic extended synchronisation privacy policy

We have also activated Automatic Advanced Matching as part of the Facebook pixel function. This function of the pixel enables us to send hashed emails, names, gender, city, state, postcode and date of birth or telephone number as additional information to Facebook, provided you have provided us with this data. This activation enables us to customise advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

Matomo Cloud privacy policy

Matomo Cloud privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimise the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. 📅 Storage period: until the data is no longer required for the service. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Matomo Cloud?

We use the web analysis software Matomo Cloud on our website. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo is a web analysis platform that takes data protection very seriously and yet provides us, as the website operator, with precise statistics about your behaviour on our website. We have access to a Matomo dashboard and can use various functions for web analyses. Matomo also offers various options for anonymising the IP addresses of our website visitors and deactivating cookies.

Why do we use Matomo Cloud?

Many of the usual analysis tools collect vast amounts of personal data and can also pass this on to third-party providers. This means that it is very difficult to maintain control over your data. Data protection is very important to us, which is why we have decided in favour of Matomo, a much more data protection-friendly alternative. However, we do not want to do without web analytics entirely. After all, we can use statistics on website behaviour to optimise our service and adapt it to your individual needs.

What data is stored by Matomo Cloud?

In addition to personal data such as your IP address or personal details (e.g. name, address, date of birth), which you actively transmit to us, information about your visitor behaviour is also stored. This is usually not personal data, but information such as the number of visitors to the website, page views, length of visit or search terms used. Furthermore, technical data such as browser type, your operating system and your screen resolution may also be stored. Matomo can also collect information about which website you came to us from. The data collected is never passed on or sold to third parties.

How long and where is the data stored?

Matomo offers a hosted version, "Matomo Cloud", in which the data is stored on Matomo's own servers. All data is stored in Europe, although the main company headquarters are in New Zealand.

In principle, Matomo Cloud stores the data for as long as required for business purposes. Unfortunately, we cannot specify exact retention periods at this point because these depend very much on the individual configurations.

How can I delete my data or prevent data storage?

You have the right and opportunity to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a state supervisory authority at any time.

In your browser, you also have the option of individually managing, deleting or deactivating cookies. However, please note that deactivating or deleting cookies may have a negative impact on the functions of our website. Depending on which browser you use, the management of cookies works slightly differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers. If you would like to request a data deletion, you can also contact us.

Legal basis

The use of Matomo Cloud requires your consent, which we have obtained using our consent management tool (pop-up). According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. With the help of Matomo Cloud, we can identify optimisation potential for our website and improve its efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Matomo Cloud if you have given your consent.

You can find out more about the data processed through the use of Matomo Cloud in the privacy policy on https://matomo.org/matomo-cloud-privacy-policy/. Questions about data protection can be sent by e-mail to privacy@matomo.org direct.

Matomo On-Premise Privacy Policy

Matomo On-Premise Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimise the website. 📓 Processed data: Data such as the number of visitors to the website, page views, time spent on the website or search terms used. More details can be found below and in the Matomo On-Premise privacy policy. 📅 Storage period: In principle, we store the data for as long as required for business purposes. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Matomo On-Premise?

We use the data protection-friendly analysis programme Matomo On-Premise on our website. With the on-premise version, Matomo is installed on our own server. This means that we act as the operator of the software and any data that we might collect from you is stored directly by us. The data processing therefore remains entirely in our hands. The tool is produced by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo On-Premise is a web analysis platform that takes data protection very seriously and yet provides us, as the website operator, with precise statistics about your behaviour on our website. A major difference to other analysis programmes is the possibility of data storage on our own server. Matomo On-Premise also offers various options for anonymising the IP addresses of our website visitors and deactivating cookies.

Why do we use Matomo On-Premise?

Many of the usual analysis tools collect vast amounts of personal data and can also pass this on to third-party providers. This means that it is very difficult to maintain control over your data. Data protection is a major concern for us, which is why we have opted for Matomo On-Premise and thus for a much more data protection-friendly alternative. However, we do not want to do without web analytics entirely. After all, we can use statistics on website behaviour to optimise our service and adapt it to your individual needs.

What data is stored by Matomo On-Premise?

In addition to personal data such as your IP address or personal details (e.g. name, address, date of birth), which you actively transmit to us, information about your visitor behaviour is primarily stored. This is not usually personal data, but information such as the number of visitors to the website, page views, length of visit or search terms used. Technical data such as browser type, the operating system you are using and your screen resolution may also be stored. Matomo On-Premise can also collect information about which website you came to us from. The data collected is stored by us and is not passed on or sold to third parties.

How long and where is the data stored?

Matomo On-Premise is a self-hosted analytics platform, which means that we store all collected data directly on our own servers. Our server is located in Europe, which means that data is not processed in any third countries, i.e. in countries outside the scope of the GDPR.

In principle, we store data for as long as required for business purposes. Unfortunately, we cannot specify exact retention periods at this point, as these depend very much on our individual configurations. If you would like to find out more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and opportunity to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a state supervisory authority or simply with us at any time.

In your browser, you also have the option of individually managing, deleting or deactivating cookies. However, please note that deactivating or deleting cookies may have a negative impact on the functions of our website. Depending on which browser you use, the management of cookies works slightly differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers. If you would like to request a data deletion, you can also contact us.

Legal basis

The use of Matomo On-Premise requires your consent, which we have obtained using our consent management tool (pop-up). According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. With the help of Matomo On-Premise, we can identify optimisation potential for our website and improve its efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Matomo On-Premise if you have given your consent.

If you would like to know more about data processing by Matomo On-Premise, you are also welcome to contact us. We also recommend the Matomo privacy policy on https://matomo.org/privacy-policy/.

Matomo On-Premise (without cookies)

What is Matomo On-Premise (without cookies)?

We use the data protection-friendly analysis programme Matomo On-Premise on our website without the use of cookies. With the on-premise version, Matomo is installed on our own server. This means that we act as the operator of the software and any data that we might collect from you is stored directly by us. The data processing therefore remains entirely in our hands. The tool is produced by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

Matomo On-Premise is a web analysis platform that takes data protection very seriously and yet provides us, as the website operator, with precise statistics about your behaviour on our website. A major difference to other analysis programmes is the possibility of data storage on our own server. Matomo On-Premise also offers various options for anonymising the IP addresses of our website visitors and deactivating cookies. We have also made use of the deactivation of cookies. This means that we use Matomo On-Premise for our website without the use of cookies.

Why do we use Matomo On-Premise?

Many of the usual analysis tools collect vast amounts of personal data and can also pass this on to third-party providers. This means that it is very difficult to maintain control over your data. Data protection is very important to us, which is why we have opted for Matomo On-Premise without the use of cookies. However, we do not want to do without web analytics entirely. After all, we can use statistics on website behaviour to optimise our service and adapt it to your individual needs.

What data is stored by Matomo On-Premise?

Above all, information about your visitor behaviour is stored. This is not personal data, but information such as the number of visitors to the website, page views, length of visit or search terms used. Technical data such as browser type, the operating system you are using and your screen resolution may also be stored. Matomo On-Premise can also collect information about which website you came to us from. The data collected is stored by us and is not passed on or sold to third parties.

How long and where is the data stored?

Matomo On-Premise is a self-hosted analytics platform, which means that we store all collected data directly on our own servers. Our server is located in Europe, which means that data is not processed in any third countries, i.e. in countries outside the scope of the GDPR.

In principle, we store data for as long as required for business purposes. Unfortunately, we cannot specify exact retention periods at this point, as these depend very much on our individual configurations. If you would like to find out more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and opportunity to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a state supervisory authority or simply with us at any time.

Legal basis

We have a legitimate interest in analysing the behaviour of website visitors in order to improve our website technically and economically. With the help of Matomo On-Premise, we can identify optimisation potential for our website and improve its efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests).

If you would like to know more about data processing by Matomo On-Premise without cookies, you are also welcome to contact us. We also recommend the Matomo privacy policy on https://matomo.org/privacy-policy/.

Yoast SEO WordPress plugin privacy policy

We use the Yoast SEO WordPress plugin analysis tool for our website. The service provider is the Dutch company Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands.

You can find out more about the data that is processed through the use of the Yoast SEO WordPress plugin in the privacy policy on https://yoast.com/privacy-policy/.

YouTube Analytics and Reporting API Privacy Policy

We use the web analytics tool YouTube Analytics and Reporting API on our website. The service provider is the American company YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

YouTube also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. These clauses oblige YouTube to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at Google at https://business.safety.google/intl/de/adsprocessorterms/.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.

Email marketing introduction

Email marketing summary 👥 Affected parties: Newsletter subscribers 🤝 Purpose: Direct advertising by e-mail, notification of system-relevant events 📓 Processed data: Data entered during registration, but at least the email address. You can find more details on this in the email marketing tool used. 📅 Storage period: Duration of the existence of the subscription ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is email marketing?

In order to keep you up to date, we also use the option of e-mail marketing. If you have consented to receiving our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. It involves sending news or general information about a company, products or services by e-mail to a specific group of people who are interested in them.

If you want to take part in our e-mail marketing (usually by newsletter), you normally just need to register with your e-mail address. To do this, you fill in an online form and send it off. However, we may also ask you to provide your title and name so that we can write to you personally.

Basically, the registration for newsletters works with the help of the so-called "double opt-in procedure". After you have registered for our newsletter on our website, you will receive an e-mail confirming your newsletter registration. This ensures that the e-mail address belongs to you and that no-one has registered with a third-party e-mail address. We or a notification tool used by us logs each individual registration. This is necessary so that we can prove that the registration process is legally correct. As a rule, the time of registration, the time of registration confirmation and your IP address are saved. In addition, it is also logged when you make changes to your stored data.

Why do we use email marketing?

We naturally want to stay in contact with you and always provide you with the most important news about our company. To do this, we use email marketing - often simply referred to as "newsletters" - as an essential part of our online marketing. If you agree to this or if it is permitted by law, we will send you newsletters, system emails or other notifications by email. When we use the term "newsletter" in the following text, we mainly mean e-mails sent regularly. Of course, we do not want to bother you in any way with our newsletters. That is why we always endeavour to offer only relevant and interesting content. For example, you can find out more about our company, our services or products. As we are constantly improving our offers, you will always find out via our newsletter when there is news or when we are offering special, lucrative promotions. If we commission a service provider who offers a professional dispatch tool for our email marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our e-mail marketing is basically to inform you about new offers and also to achieve our corporate goals.

What data is processed?

If you become a subscriber to our newsletter via our website, you confirm your membership of an e-mail list by e-mail. In addition to your IP address and e-mail address, your title, name, address and telephone number may also be stored. However, only if you consent to this data storage. The data marked as such is necessary so that you can participate in the service offered. Providing this information is voluntary, but if you do not provide it, you will not be able to use the service. In addition, information about your device or your favourite content on our website may also be stored. You can find out more about the storage of data when you visit a website in the "Automatic data storage" section. We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe your e-mail address from our e-mail/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests so that we can still prove that you gave your consent at the time. We may only process this data if we have to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual cancellation request at any time. If you permanently revoke your consent, we reserve the right to store your e-mail address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course retain your e-mail address.

Right of objection

You have the option of cancelling your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This normally only takes a few seconds or one or two clicks. You will usually find a link to cancel your newsletter subscription at the end of every email. If you really cannot find the link in the newsletter, please contact us by e-mail and we will cancel your newsletter subscription immediately.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct advertising.

Information on specific email marketing services and how they process personal data, if available, can be found in the following sections.

MailPoet privacy policy

We use MailPoet on our website, a WordPress plugin for our email marketing. The service provider is the Irish company Aut O'Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland.

You can find out more about the data processed through the use of MailPoet in the privacy policy on https://automattic.com/privacy/.

Social media introduction

Social media privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Presentation and optimisation of our services, contact with visitors, interested parties, etc., advertising 📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behaviour data, information about your device and your IP address. You can find more details on this in the respective social media tool used. 📅 Storage duration: depending on the social media platforms used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, if you click on a social button on our website and are forwarded directly to our social media presence. Social media or social media refers to websites and apps through which registered members can produce content, share content openly or in specific groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and socialise online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily used to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the analysed data can be used to draw conclusions about your interests and create user profiles. This also enables the platforms to present you with customised advertisements. Cookies are usually set in your browser for this purpose, which store data on your user behaviour.

As a rule, we assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to claim or enforce your rights in relation to your personal data as easily.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. However, it usually involves data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Data can be linked to your profile, especially if you have a profile on the social media channel you are visiting and are logged in.

All data that is collected via a social media platform is also stored on the provider's servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective company's privacy policy. We also recommend that you contact the provider directly if you have any questions about data storage and data processing or wish to assert corresponding rights.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, the social media platform Facebook stores data until it is no longer required for its own purposes. However, customer data that is compared with our own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest if consent has been given. (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use these tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms - if available - can be found in the following sections.

Facebook privacy policy

Facebook privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as customer data, user behaviour data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until the data is no longer useful for Facebook's purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people who are interested in our products and services the best possible offer.

If data is collected and forwarded from you via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations have also been set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum anchored. It states, for example, that we must clearly inform you about the use of Facebook tools on our website. Furthermore, we are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools". This is the official term used by Facebook. However, as the term is hardly known, we have decided to simply call them Facebook tools. These include, among others:

• Facebook pixel
• social plug-ins (such as the "Like" or "Share" button)
• Facebook Login
• Account Kit
• APIs (programming interface)
• SDKs (collection of programming tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentations
• Technologies and services

Through these tools, Facebook is expanding its services and has the opportunity to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. We can reach precisely these people with the help of adverts (Facebook ads). However, Facebook needs information about people's wishes and needs in order to show users suitable adverts. The company is therefore provided with information about user behaviour (and contact details) on our website. As a result, Facebook collects better user data and can show interested people suitable adverts about our products and services. The tools thus enable customised advertising campaigns on Facebook.

Facebook calls data about your behaviour on our website "event data". This is also used for measurement and analysis services. Facebook can thus create "campaign reports" on our behalf about the impact of our advertising campaigns. Furthermore, analyses give us a better insight into how you use our services, website or products. This allows us to optimise your user experience on our website with some of these tools. For example, you can use the social plug-ins to share content on our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be sent.

Facebook uses this information to match the data with the data it has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it is hashed. This means that a data set of any size is transformed into a character string. This also serves to encrypt data.

In addition to the contact data, "event data" is also transmitted. "Event data" refers to the information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit authorisation or is legally obliged to do so. "Event data" can also be linked to contact details. This allows Facebook to offer better personalised advertising. After the aforementioned matching process, Facebook deletes the contact data again.

In order to optimise the delivery of advertisements, Facebook only uses the event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are stored in your browser. We go into more detail about individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with the company's own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to information, correction, transferability and deletion of your data.

The data will only be completely deleted if you delete your Facebook account completely. And this is how deleting your Facebook account works:

1) Click on Settings on the right-hand side of Facebook.

2) Then click on "Your Facebook information" in the left-hand column.

3) Now click "Deactivation and deletion".

4) Now select "Delete account" and then click on "Continue and delete account"

5) Now enter your password, click on "Next" and then on "Delete account"

The data that Facebook receives via our site is stored using cookies (e.g. for social plugins), among other things. You can deactivate, delete or manage individual or all cookies in your browser. Depending on which browser you use, this works in different ways. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use these tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and take a look at Facebook's privacy policy or cookie guidelines.

Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you would like to find out more about how Facebook uses your data, we recommend that you read the data guidelines on https://www.facebook.com/privacy/policy/.

Facebook Login Privacy Policy

We have integrated the practical Facebook login on our website. This allows you to easily log in with your Facebook account without having to create another user account. If you decide to register via the Facebook login, you will be redirected to the Facebook social media network. There you can log in using your Facebook user data. Through this login procedure, data about you and your user behaviour is stored and transmitted to Facebook.

Facebook uses various cookies to store the data. Below we show you the most important cookies that are set in your browser or already exist when you log in to our site via the Facebook login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j...1.0.Bde09j
Intended use: This cookie is used to ensure that the social plugin on our website works as well as possible.
Expiry date: after 3 months

Name: datr
Value: 4Jh7XUA2322542178SEmPsSfzCOO4JFFl
Intended use: Facebook sets the "datr" cookie when a web browser accesses facebook.com, and the cookie helps identify login activity and protect users.
Expiry date: after 2 years

Name: _js_datr
Value: deleted
Intended use: Facebook sets this session cookie for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiry date: after the end of the meeting

Remark: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include _ fbp, sb or wd. A complete list is not possible, as Facebook has a large number of cookies and uses them variably.

The Facebook login offers you a quick and easy registration process on the one hand, and on the other hand it gives us the opportunity to share data with Facebook. This allows us to better customise our offer and advertising campaigns to your interests and needs. Data that we receive from Facebook in this way is public data such as

• Your Facebook name
• Your profile picture
• a stored e-mail address
• Friends lists
• Button details (e.g. "Like" button)
• Birthday date
• Language
• Place of residence

In return, we provide Facebook with information about your activities on our website. This includes information about the device you are using, which subpages you visit on our website or which products you have purchased from us.

By using Facebook Login, you consent to data processing. You can revoke this agreement at any time. If you would like more information about data processing by Facebook, we recommend that you read the Facebook privacy policy at https://www.facebook.com/privacy/policy/.

If you are logged in to Facebook, you can change your settings for adverts under https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen to change themselves.

Facebook social plug-ins privacy policy

Social plug-ins from Meta Platforms Inc. are integrated into our website. You can recognise these buttons by the classic Facebook logo, such as the "Like" button (the hand with a raised thumb) or by a clear "Facebook plug-in" label. A social plug-in is a small part of Facebook that is integrated into our site. Each plug-in has its own function. The most commonly used functions are the familiar "Like" and "Share" buttons.

The following social plug-ins are offered by Facebook:

• "Save" button
• "Like" button, share, send and quote
• Page plug-in
• Comments
• Messenger plug-in
• Embedded contributions and video player
• Group plug-in

On https://developers.facebook.com/docs/plugins for more information on how the individual plug-ins are used. We use the social plug-ins on the one hand to offer you a better user experience on our site, and on the other hand because Facebook can use them to optimise our advertisements.

If you have a Facebook account or https://www.facebook.com/ Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our site or interact with social plug-ins (e.g. the "Like" button).

The information received is deleted or anonymised within 90 days. According to Facebook, this data includes your IP address, which website you have visited, the date, time and other information relating to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and linking it to Facebook data, you must log out of Facebook during your visit to the website.

If you are not logged in to Facebook or do not have a Facebook account, your browser will send less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you visit may be transmitted to Facebook. We would like to expressly point out that we do not know the exact content of the data. However, to the best of our current knowledge, we endeavour to provide you with as much information as possible about data processing. You can also find out how Facebook uses the data in the company's data policy at https://www.facebook.com/about/privacy/update read more.

The following cookies are set in your browser as a minimum when you visit a website with social plug-ins from Facebook:

Name: dpr
Value: not specified
Intended use: This cookie is used to make the social plug-ins on our website work.
Expiry date: after the end of the meeting

Name: fr
Value: 0jieyh4322542178c2GnlufEJ9..Bde09j…1.0.Bde09j
Intended use: The cookie is also necessary for the plug-ins to function properly.
Expiry date:: after 3 months

Remark: These cookies were set after a test, even if you are not a Facebook member.

If you are logged in to Facebook, you can change your settings for adverts under https://www.facebook.com/adpreferences/advertisers/ yourself. If you are not a Facebook user, you can click on https://www.youronlinechoices.com/de/praferenzmanagement/?tid=322542178 manage your usage-based online advertising. There you have the option of deactivating or activating providers.

If you want to find out more about Facebook's data protection, we recommend that you read the company's own data policy on https://www.facebook.com/privacy/policy/.

Facebook Fanpage Privacy Policy

We also have a Facebook fan page for our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook in the privacy policy on https://www.facebook.com/about/privacy.

Gravatar privacy policy

Gravatar Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: including your encrypted e-mail address, IP address and URL of our server You can find more details below in the privacy policy. 📅 Storage period: in principle, the data is deleted when it is no longer useful for the provider's services. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Gravatar?

We have integrated the Gravatar plug-in from Automattic Inc (60 29th Street #343, San Francisco, CA 94110, USA) on our website. Gravatar is automatically activated on all WordPress websites. The function enables user images (avatars) to be displayed with published posts or comments, provided that the corresponding email address is registered with www.gravatar.com is registered.

Through this function, data is sent to Gravatar or Automattic Inc., stored and processed there. In this privacy policy, we want to inform you about what data is involved, how the network uses this data and how you can manage or prevent data storage.

Gravatar basically stands for "Globally Recognised Avatar" and refers to a globally available avatar (a user image) that is linked to the email address. The company Gravatar is the world's leading service provider for this service. As soon as a user enters the email address on a website that is also registered with Gravatar at www.gravatar.com is registered, a previously stored image is automatically displayed together with a published post or comment.

Why do we use Gravatar on our website?

People often talk about anonymity on the Internet. An avatar gives users a face to the people commenting. In addition, it is generally easier to be recognised on the Internet and can therefore build up a certain level of recognition. Many users enjoy the advantages of such a user image and also want to appear personal and authentic on the Internet. We naturally want to offer you the opportunity to display your Gravatar on our website. We also like to see the faces of our commenting users. By activating the Gravatar function, we are also expanding our service on our website. After all, we want you to feel comfortable on our website and receive a comprehensive and interesting offer.

What data is stored by Gravatar?

For example, as soon as you publish a comment on a blog post that requires an email address, WordPress checks whether the email address is linked to an avatar at Gravatar. For this request, your email address is sent to the Gravatar or Automattic servers in encrypted or hashed form together with your IP address and our URL. This checks whether this email address is registered with Gravatar.

If this is the case, the image stored there (Gravatar) will be displayed together with the published comment. If you have registered an email address with Gravatar and comment on our website, further data will be transferred to Gravatar, stored and processed. In addition to IP address and data on user behaviour, this includes, for example, browser type, unique device identifier, preferred language, data and time of page access, operating system and information on the mobile network. Gravatar uses this information to improve its own services and offers and to gain better insights into the use of its own service.

The following cookies are set by Automattic if a user uses an email address that is registered with Gravatar for a comment:

Name: gravatar
Value: 16b3191024acc05a238209d51ffcb92bdd710bd19322542178-7
Intended use: We were unable to find out any precise information about the cookie.
Expiry date: after 50 years

Name: is-logged-in
Value: 1322542178-1
Intended use: This cookie stores the information that the user is logged in via the registered e-mail address.
Expiry date: after 50 years

How long and where is the data stored?

Automattic deletes the collected data when it is no longer used for its own services and the company is not legally obliged to retain the data. Web server logs such as IP address, browser type and operating system are deleted after around 30 days. Until then, Automattic uses the data to analyse the traffic on its own websites (for example, all WordPress pages) and to rectify any problems. The data is also stored on Automattic's American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have registered with Gravatar with an e-mail address, you can delete your account or e-mail address at any time.

Since a picture is only displayed and data is therefore only transferred to Gravatar if you use an email address registered with Gravatar, you can also prevent your data from being transferred to Gravatar by commenting on our website or posting articles using an email address that is not registered with Gravatar.

You can manage, deactivate or delete any cookies that are set during the commenting process in your browser. Please note that any comment functions will then no longer be fully available. Depending on which browser you use, the management of cookies works slightly differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Gravatar also processes your data in the USA, among other places. Gravatar or Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find out more about the standard contractual clauses and data processed through the use of Gravatar in the privacy policy on https://automattic.com/privacy/, general information about Gravatar on http://de.gravatar.com/.

Hootsuite privacy policy

We use the social media management platform Hootsuite for our website. The service provider is the American company HootSuite Media Inc, 5 East 8th Avenue. Vancouver, V5T 1R6, Canada.

Your data may also be processed in Canada and therefore outside the scope of the GDPR. The European Commission has decided that an adequate level of protection exists for commercial offers from Canada in accordance with Art. 45 (1) GDPR. This means that data transfer to this country is permitted. You can view the decision here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002

You can find out more about the data processed through the use of HootSuite in the privacy policy on https://www.hootsuite.com/legal/privacy.

Order processing contract (AVV) Hootsuite

We have concluded a data processing agreement (DPA) with Hootsuite in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because Hootsuite processes personal data on our behalf. It clarifies that Hootsuite may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://www.hootsuite.com/en-hk/legal/data-processing-addendum.

Instagram privacy policy

Instagram privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as user behaviour data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until Instagram no longer needs the data for its purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is a Facebook product. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit web pages on our website that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data is involved and how you can largely control data processing. As Instagram belongs to Meta Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Meta privacy policy itself on the other.

Instagram is one of the most popular social media networks in the world. Instagram combines the advantages of a blog with the benefits of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and also share them on other social networks. And if you don't want to be active yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really gone through the roof in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why a varied presentation of our content is a matter of course for us. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. As Instagram is a subsidiary of Facebook, the data collected can also be useful to us for personalised advertising on Facebook. This means that only people who are genuinely interested in our products or services receive our adverts.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarised statistics and thus gain more insight into your wishes and interests. It is important to note that these reports do not identify you personally.

What data is stored by Instagram?

When you visit one of our pages that has Instagram functions (such as Instagram images or plug-ins), your browser automatically connects to Instagram's servers. In the process, data is sent to Instagram, stored and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, adverts you see and how you use our website. The date and time of your interaction with Instagram is also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram. Customer data includes, for example, name, address, telephone number and IP address. This customer data is only transmitted to Instagram once it has been hashed. Hashing means that a data record is converted into a character string. This allows the contact data to be encrypted. The "event data" mentioned above is also transmitted. By "event data", Facebook - and consequently Instagram - means data about your user behaviour. Contact data may also be combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that Instagram processes data in the same way as Facebook. This means that if you have an Instagram account or www.instagram.com Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymised after 90 days at the latest (after reconciliation). Although we have intensively analysed Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

Below we will show you the minimum cookies that are set in your browser when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: ""
Intended use: This cookie is most likely set for security reasons to prevent falsified requests. However, we were unable to find out more about this.
Expiry date: after one year

Name: mid
Value: ""
Intended use: Instagram sets this cookie to optimise its own services and offers within and outside Instagram. The cookie defines a unique user ID.
Expiry date: after the end of the session

Name: fbsr_322542178124024
Value: not specified
Intended use: This cookie stores the log-in request for users of the Instagram app.

Expiry date: after the end of the session

Name: rur
Value: ATN
Intended use: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe322542178”
Intended use: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session

Remark: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received between the Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with our own data policy. For security reasons, among others, your data is distributed on Facebook servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification and erasure of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how deleting your Instagram account works:

First open the Instagram app. On your profile page, go to the bottom and click on "Help section". You will now be taken to the company's website. On the website, click on "Manage your account" and then on "Delete your account".

If you delete your account completely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram stores your data primarily via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Instagram also processes your data in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Instagram also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Instagram undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. On https://privacycenter.instagram.com/policy/ you can take a closer look at Instagram's data policy.

LinkedIn privacy policy

LinkedIn privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as user behaviour data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: the data is generally deleted within 30 days ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is LinkedIn?

We use social plug-ins from the social media network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. The social plug-ins may be feeds, content sharing or links to our LinkedIn page. The social plug-ins are clearly labelled with the familiar LinkedIn logo and allow, for example, interesting content to be shared directly via our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.

By embedding such plug-ins, data can be sent to LinkedIn, stored and processed there. In this privacy policy, we want to inform you about what data is involved, how the network uses this data and how you can manage or prevent data storage.

LinkedIn is the largest social network for business contacts. Unlike Facebook, for example, the company focuses exclusively on establishing business contacts. Companies can present services and products on the platform and establish business relationships. Many people also use LinkedIn to look for jobs or to find suitable employees for their own company. In Germany alone, the network has over 11 million members. In Austria, there are around 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. You can't follow all your social media channels individually. Even if, as in our case, it would be worthwhile. Because we are always posting interesting news or reports that are worth sharing. That's why we have created the option on our website to share interesting content directly on LinkedIn or to link directly to our LinkedIn page. We regard integrated social plug-ins as an extended service on our website. The data that LinkedIn collects also helps us to show possible advertising measures only to people who are interested in our offer.

What data is stored by LinkedIn?

LinkedIn does not store any personal data simply by integrating the social plug-ins. LinkedIn calls this data generated by plug-ins passive impressions. However, if you click on a social plug-in, for example to share our content, the platform stores personal data as so-called "active impressions". This happens regardless of whether you have a LinkedIn account or not. If you are logged in, the data collected will be assigned to your account.

Your browser establishes a direct connection to LinkedIn's servers when you interact with our plug-ins. In this way, the company logs various usage data. In addition to your IP address, this may include login data, device information or information about your internet or mobile phone provider. If you access LinkedIn services via your smartphone, your location can also be determined (after you have authorised this). LinkedIn can also pass this data on to third-party advertisers in hashed form. Hashing means that a data record is converted into a character string. This allows the data to be encrypted in such a way that individuals can no longer be identified.

Most of the data on your user behaviour is stored in cookies. These are small text files that are usually set in your browser. LinkedIn can also use web beacons, pixel tags, display tags and other device recognisers.

Various tests also show which cookies are set when a user interacts with a social plug-in. The data found cannot claim to be complete and serves only as an example. The following cookies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16322542178-
Intended use: The cookie is a so-called "browser ID cookie" and therefore stores your identification number (ID).
Expiry date: After 2 years

Name: long
Value: v=2&lang=en-de
Intended use: This cookie saves your preset or preferred language.
Expiry date: after the end of the meeting

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G322542178…
Intended use: This cookie is used for routing. Routing records the ways in which you came to LinkedIn and how you navigate through the website.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Intended use: No further information could be obtained about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:3225421782900777718326218137
Intended use: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through the server.
Expiry date: after the end of the meeting

Name: bscookie
Value: "v=1&201910230812...
Intended use: This cookie is a security cookie. LinkedIn describes it as a secure browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA...
Intended use: No further information could be found for this cookie.
Expiry date: after 7 days

Remark: LinkedIn also works with third-party providers. This is why we also recognised the two Google Analytics cookies _ga and _gat during our test.

How long and where is the data stored?

In principle, LinkedIn retains your personal data for as long as the company considers it necessary to provide its own services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymised form even after you delete your account. As soon as you delete your account, other people will no longer be able to see your data within one day. LinkedIn generally deletes the data within 30 days. However, LinkedIn retains data if it is required by law. Data that can no longer be assigned to a person remains stored even after the account has been closed. The data is stored on various servers in America and presumably also in Europe.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. You can manage, change and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn.

How to access the account data in your LinkedIn profile:

In LinkedIn, click on your profile icon and select the "Settings and privacy" section. Now click on "Privacy" and then click on "Change" in the "How LinkedIn uses your data" section. In just a short time, you can download selected data about your web activity and account history.

You also have the option in your browser to prevent data processing by LinkedIn. As mentioned above, LinkedIn stores most of the data via cookies that are set in your browser. You can manage, deactivate or delete these cookies. Depending on which browser you have, the management works slightly differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

LinkedIn also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

LinkedIn uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at LinkedIn at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

We have tried to provide you with the most important information about data processing by LinkedIn. On https://www.linkedin.com/legal/privacy-policy to find out more about the data processing of the social media network LinkedIn.

Data processing agreement (DPA) LinkedIn

We have concluded a data processing agreement (DPA) with LinkedIn in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because LinkedIn processes personal data on our behalf. It clarifies that LinkedIn may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://de.linkedin.com/legal/l/dpa.

Pinterest privacy policy

Pinterest privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as user behaviour data, information about your device, your IP address and search terms. You can find more details below in the privacy policy. 📅 Storage period: until Pinterest no longer needs the data for its purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Pinterest?

We use buttons and widgets from the social media network Pinterest, Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA, on our website. For the European region, the Irish company Pinterest Europe Ltd (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all aspects of data protection.

Pinterest is a social network that specialises in graphic representations and photographs. The name is made up of the two words "pin" and "interest". Users can use Pinterest to discuss various hobbies and interests and view the respective profiles with images either openly or in defined groups.

Why do we use Pinterest?

Pinterest has been around for several years now and this social media platform is still one of the most visited and valued platforms. Pinterest is particularly suitable for our industry because the platform is primarily known for its beautiful and interesting images. That's why we are of course also represented on Pinterest and also want to showcase our content away from our website. The data collected can also be used for advertising purposes so that we can show advertising messages to precisely those people who are interested in our services or products.

What data is processed by Pinterest?

So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities carried out on it (for example, when you click the bookmark or pin button), search histories, date and time of the request and cookie and device data. If you interact with an embedded Pinterest function, cookies that store various data may also be set in your browser. In most cases, the above-mentioned log data, preset language settings and clickstream data are stored in cookies. By clickstream data, Pinterest means information about your website behaviour.

If you have a Pinterest account and are logged in, the data collected via our site can be added to your account and used for advertising purposes. If you interact with our integrated Pinterest functions, you will usually be redirected to the Pinterest page. Here you can see an example selection of cookies that are then set in your browser.

Name: _auth
Value: 0
Intended use: The cookie is used for authentication. For example, a value such as your "user name" can be stored in it.

Expiry date: after one year

Name: _pinterest_referrer
Value: 1
Intended use: The cookie stores the fact that you reached Pinterest via our website. The URL of our website is therefore saved.
Expiry date: after the end of the meeting

Name: _pinterest_sess
Value: ...9HRHZvVE0rQlUxdG89
Intended use: The cookie is used to log in to Pinterest and contains user IDs, authentication tokens and timestamps.

Expiry date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065322542178-8”
Intended use: The cookie contains an assigned value that is used to identify a specific routing destination.

Expiry date: after one day

Name: cm_sub
Value: denied
Intended use: This cookie stores a user ID and the timestamp.

Expiry date: after one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165322542178-1
Intended use: This cookie is most likely set for security reasons to prevent falsified requests. However, we were unable to find out more about this.

Expiry date: after one year

Name: sessionFunnelEventLogged
Value: 1
Intended use: We have not yet been able to find out any more information about this cookie.

Expiry date: after one day

How long and where is the data stored?

Pinterest generally stores the collected data until it is no longer needed for the purposes of the company. As soon as data storage is no longer necessary, for example to comply with legal regulations, the data is either deleted or anonymised so that you can no longer be identified as a person. The data may also be stored on American servers.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as Pinterest at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As cookies may be used for embedded Pinterest elements, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the tool if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Pinterest also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Pinterest uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information on the standard contractual clauses at Pinterest at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest. On https://policy.pinterest.com/de/privacy-policy you can take a closer look at Pinterest's data policy.

Shariff privacy policy

We use the Shariff social media buttons on our website. The service provider is the German company Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hanover, Germany. No personal data is used by the service itself. Instead, Shariff is only the connection between the user and another service behind it. You can find out more about the data that is processed through the use of Shariff in the corresponding social media channels, as these channels are responsible for the data processing.

Here are the privacy policies of the most popular social media channels:
Facebook: https://www.facebook.com/about/privacy

Instagram: https://help.instagram.com

Twitter: https://twitter.com/de/privacy

Snapchat: https://snap.com/de-DE/privacy/privacy-policy

Tiktok: https://www.tiktok.com/legal/privacy-policy-eea?lang=de

SlideShare privacy policy

We also use SlideShare, a service for sharing and archiving files. The service provider is the American company Scribd, Inc, 460 Bryant St # 100, San Francisco, CA, USA.

SlideShare also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

SlideShare uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. These clauses oblige SlideShare to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of SlideShare in the privacy policy on https://support.scribd.com/hc/de/articles/210129366-Privacy-policy.

Spotify Music Player Widget Privacy Policy

We use the Spotify Music Player widget from the Spotify music platform on our website. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. You can find out more about the data processed through the use of Spotify in the privacy policy at https://www.spotify.com/at/legal/privacy-policy/. 

TikTok privacy policy

TikTok privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance Processed data: for example, your IP address, browser data, date and time of your page view may be stored You can find more details below in the privacy policy. 📅 Storage duration: varies depending on the settings ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is TikTok?

We use the TikTok integration on our website. The service provider is the Chinese company Beijing Bytedance Technology Ltd. The Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible for the European region. TikTok is a popular social media platform, especially among young people, on which users can create, share and view short video clips.

In this privacy policy, we inform you about which data is processed by TikTok, how long the data is stored and how you can manage your privacy settings.

Why do we use TikTok on our website?

We have integrated TikTok into our website so that you can watch TikTok videos if you feel like it and interact with the videos if you wish. TikTok is particularly known for funny and creative content and of course we don't want to deprive you of such content. After all, we also enjoy watching the odd creative TikTok video ourselves.

What data is processed by TikTok?

When you watch or interact with TikTok videos on our website, TikTok may collect information about your usage behaviour and your device. This may include data such as your IP address, browser type, operating system, location and other technical information. TikTok may also use cookies and similar technologies to collect information and personalise your user experience.

If you have a TikTok account yourself, further information may also be collected and processed. This includes, for example, user information (such as name, date of birth or your e-mail address) and data about your communication with other TikTok users.

How long and where is the data stored?

The storage period and storage locations of the data collected by TikTok can vary greatly and are subject to TikTok's data protection guidelines. TikTok may also store data on servers in the USA and other countries. The storage period generally depends on the respective legal requirements and internal guidelines. However, we have not yet been able to find out exactly how long data is stored. As soon as we have more detailed information, we will of course let you know.

How can I delete my data or prevent data storage?

If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in the settings of your TikTok account, you can specify which information may and may not be shared. You can also manage and disable cookies in your web browser to limit data collection. This is of course also possible without a TikTok account. Please note, however, that this may affect the functionality of our website and your TikTok experience.

Legal basis

If you have consented to your data being processed and stored by TikTok, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. TikTok may also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

TikTok also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

TikTok uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, TikTok undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Further information on TikTok's privacy policy and the collection of data by TikTok can be found on the TikTok website at https://www.tiktok.com/legal/page/eea/privacy-policy/en and in the general information on TikTok at https://www.tiktok.com/en/.

Tumblr privacy policy

We have also integrated functions of the blogging service Tumblr on our website. The service provider is the American company Tumblr, Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Tumblr, Inc. is a subsidiary of Automattic, Inc.

Tumblr also processes your data in the USA, among other places. Tumblr and Automattic are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the standard contractual clauses and data processed through the use of Tumblr in the privacy policy on https://www.tumblr.com/privacy/de or on https://automattic.com/privacy/.

X (formerly: Twitter) Privacy Policy

X (formerly: Twitter) Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as user behaviour data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: X deletes data collected from other websites after 30 days at the latest ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is X?

We have integrated functions from X on our website. These are, for example, embedded tweets, timelines, buttons or hashtags. X is a short message service and a social media platform of the American company X Corp, 1355 Market Street, Suite 900 San Francisco, CA 94103, USA. For the European region, Twitter International Unlimited Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland) is responsible for the processing of personal data.

To our knowledge, in the European Economic Area and Switzerland, no personal data or data on your web activities are transferred to X simply by integrating X functions. Only when you interact with the X functions, for example by clicking on a button, can data be sent to X, stored there and processed. We have no influence on this data processing and bear no responsibility for it. In this privacy policy, we want to give you an overview of what data X stores, what X does with this data and how you can largely protect yourself from data transmission.

For some, X is a news service, for others a social media platform and still others refer to it as a microblogging service. All of these terms are justified and mean more or less the same thing.

Both private individuals and companies use X to communicate with interested parties via short messages. X only allows 280 characters per message. These messages are called "tweets". Unlike Facebook, for example, the service is not focussed on developing a network for "friends", but wants to be seen as a global and open messaging platform. You can also have an anonymous account on X and tweets can be deleted by the company or by the users themselves.

Why do we use X on our website?

Like many other websites and companies, we try to offer our services and communicate with our customers via various channels. X, in particular (better known to many as Twitter), has grown on us as a useful "little" news service. We are always tweeting or retweeting exciting, funny or interesting content. We realise that you can't follow every channel separately. After all, you have other things to do as well. That's why we have also integrated X functions on our website. You can experience our X activity "on site" or go to our X page via a direct link. By integrating them, we want to improve our service and the user-friendliness of our website.

What data is stored by X?

You will find built-in X functions on some of our subpages. When you interact with X content, for example by clicking on a button, X can collect and save data. This happens even if you do not have an X account. X calls this data "log data". This includes demographic data, browser cookie IDs, the ID of your smartphone, hashed email addresses, and information about which pages you have visited on X and what actions you have performed. X naturally stores more data if you have an X account and are logged in. Previously, this storage was done via cookies. Cookies are small text files that are usually set in your browser and transmit different information to X.

We will now show you which cookies are set if you are not logged in to X but visit a website with built-in X functions. Please consider this list as an example. We cannot guarantee that this list is complete, as the choice of cookies changes constantly and depends on your individual actions with the X content.

These cookies were used in our test:

Name: personalisation_id
Value: “v1_cSJIsogU51SeE322542178”
Intended use: This cookie stores information about how you use the website and which adverts you may have come to X from.
Expiry date: after 2 years

Name: long
Value: de
Intended use: This cookie saves your preset or preferred language.
Expiry date: after the end of the meeting

Name: guest_id
Value: 322542178v1157132626
Intended use: This cookie is set to identify you as a guest. 

Expiry date: after 2 years

Name: fm
Value: 0
Intended use: Unfortunately, we were unable to find out the purpose of this cookie.
Expiry date: after the end of the meeting

Name: external_referer
Value: 3225421782beTA0sf5lkMrlGt
Intended use: This cookie collects anonymous data, such as how often you visit X and how long you visit X for.
Expiry date: After 6 days

Name: eu_cn
Value: 1
Intended use: This cookie stores user activity and is used for various advertising purposes by X.

Expiry date: After one year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Intended use: Unfortunately, we have not found any information on this cookie.
Expiry date: after 6 hours

Name: _twitter_sess
Value: 53D3D–dd0248322542178-
Intended use: This cookie allows you to use functions within the X website.
Expiry date: after the end of the meeting

Remark: X also works with third-party providers. This is why we also recognised the three Google Analytics cookies _ga, _gat, _gid during our test.

X uses the data collected on the one hand to better understand user behaviour and thus improve its own services and advertising offers, and on the other hand the data is also used for internal security measures.

How long and where is the data stored?

If X collects data from other websites, this data is deleted, summarised or otherwise concealed after a maximum of 30 days. The X servers are located on various server centres in the United States. It can therefore be assumed that the data collected is collected and stored in America. Based on our research, we were unable to clearly determine whether X also has its own servers in Europe. In principle, X can store the collected data until it is no longer useful to the company, you delete the data or there is a statutory deletion period.

How can I delete my data or prevent data storage?

In its privacy policy, X repeatedly emphasises that it does not store any data from external website visits if you or your browser are located in the European Economic Area or in Switzerland. However, if you interact with X directly, X will of course also store data about you.

If you have an X account, you can manage your data by clicking on "More" under the "Profile" button. Then click on "Settings and data protection". Here you can manage the data processing individually.

If you do not have an X account, you can click on twitter.com and then click on "Individualisation". You can manage your collected data under "Individualisation and data".

As mentioned above, most of the data is stored via cookies, which you can manage, deactivate or delete in your browser. Please note that you can only "edit" the cookies in the browser you have selected. This means that if you use a different browser in the future, you will have to manage your cookies again according to your wishes. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

You can also manage your browser so that you are informed for each individual cookie. You can then always decide individually whether to allow a cookie or not.

X also uses the data for personalised advertising within and outside X. You can switch off personalised advertising in the settings under "Individualisation and data". If you use X on a browser, you can switch off personalised advertising under https://optout.aboutads.info/?c=2&lang=EN deactivate.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

X also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

X uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, X undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at X at https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope we have given you a basic overview of data processing by X. We do not receive any data from X and are not responsible for what X does with your data. If you have any further questions on this topic, we recommend that you read the X data protection declaration at https://twitter.com/de/privacy.

XING privacy policy

Xing privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance Processed data: for example, your IP address, browser data, date and time of your page view may be stored You can find more details below in the privacy policy. 📅 Storage period: Xing user data is stored until a deletion request is made ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Xing?

We use social plugins from the social media network Xing, Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. These functions allow you, for example, to share content on Xing directly via our website, log in via Xing or follow interesting content. You can recognise the plug-ins by the company name or the Xing logo. When you visit a website that uses a Xing plug-in, data may be transmitted to the "Xing servers", stored and analysed. In this privacy policy, we want to inform you about what data is involved and how you can manage or prevent this data storage.

Xing is a social network with its headquarters in Hamburg. The company specialises in the management of professional contacts. This means that, unlike other networks, Xing is primarily about professional networking. The platform is often used for job searches or to find employees for one's own company. Xing also offers interesting content on various professional topics. Its global counterpart is the American company LinkedIn.

Why do we use Xing on our website?

There is now a flood of social media channels and we are well aware that your time is very valuable. Not every company's social media channel can be scrutinised closely. That's why we want to make your life as easy as possible so that you can share or follow interesting content directly via our website on Xing. With such "social plug-ins" we extend our service on our website. In addition, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means that our service is only shown to people who are really interested in it.

What data is stored by Xing?

Xing offers the share button, the follow button and the log-in button as plug-ins for websites. As soon as you open a page where a Xing social plug-in is integrated, your browser connects to servers in a data centre used by Xing. In the case of the share button, according to Xing, no data is stored that could be directly related to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the share button. This means that no evaluation of your user behaviour takes place. You can find more information on this at https://dev.xing.com/plugins/share_button/privacy_policy

With the other Xing plug-ins, cookies are only set in your browser when you interact with the plug-in or click on it. Personal data such as your IP address, browser data, date and time of your visit to the Xing site may be stored here. If you have a XING account and are logged in, the data collected will be assigned to your personal account and the data stored in it.

The following cookies are set in your browser when you click on the follow or log-in button and are not yet logged in to Xing. Please bear in mind that this is an exemplary list and that we cannot claim to be exhaustive:

Name: AMCVS_0894FF2554F733210A4C98C6AdobeOrg
Value: 1
Intended use: This cookie is used to create and store identifications of website visitors.
Expiry date: after the end of the meeting

Name: c_
Value: 157c609dc9fe7d7ff56064c6de87b019322542178-8
Intended use: We were unable to find out any further information about this cookie.
Expiry date: after one day

Name: prevPage
Value: wbmWelcomelogin
Intended use: This cookie stores the URL of the previous website you visited.
Expiry date: after 30 minutes

Name: s_cc
Value: true
Intended use: This Adobe Site Catalyst cookie determines whether cookies are generally activated in the browser.
Expiry date: after the end of the meeting

Name: s_fid
Value: 6897CDCD1013221C-39DDACC982217CD1322542178-2
Intended use: This cookie is used to identify a unique visitor.
Expiry date: after 5 years

Name: visitor_id
Value: fe59fbe5-e9c6-4fca-8776-30d0c1a89c32
Intended use: The visitor cookie contains a unique visitor ID and the unique identifier for your account.
Expiry date: after 2 years

Name:_session_id
Value: 533a0a6641df82b46383da06ea0e84e7322542178-2
Intended use: This cookie creates a temporary session ID that is used as an in-session user ID. The cookie is absolutely necessary to provide the functions of Xing.
Expiry date: after the end of the meeting

As soon as you are logged in or become a member of Xing, further personal data will definitely be collected, processed and stored. Xing also passes on personal data to third parties if this is necessary for the fulfilment of its own business purposes, if you have given your consent or if there is a legal obligation to do so.

How long and where is the data stored?

Xing stores the data on various servers in various data centres. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent any data processing or manage it according to your wishes. Most data is stored via cookies. Depending on which browser you have, the administration works slightly differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

We have tried to provide you with the most important information about data processing by Xing. On https://privacy.xing.com/de/datenschutzerklaerung to find out more about the data processing of the Xing social media network.

Blogs and publication media Introduction

Blogs and publication media Privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Presentation and optimisation of our services as well as communication between website visitors, security measures and administration 📓 Processed data: Data such as contact details, IP address and published content. You can find more details on this in the tools used. 📅 Storage duration: depending on the tools used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 sentence 1 lit. b. GDPR (contract)

What are blogs and publication media?

We use blogs or other means of communication on our website with which we can communicate with you on the one hand and you with us on the other. We may also store and process your data in the process. This may be necessary so that we can display content appropriately, communication works and security is increased. In our data protection text, we generally explain which of your data may be processed. Exact details on data processing always depend on the tools and functions used. You can find detailed information on data processing in the data protection notices of the individual providers.

Why do we use blogs and publication media?

Our greatest concern with our website is to offer you interesting and exciting content and at the same time your opinions and content are also important to us. That's why we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. For example, you can write comments on our content, comment on other comments or, in some cases, write articles yourself.

What data is processed?

Exactly which data is processed always depends on the communication functions we use. Very often, the IP address, user name and published content are stored. This is primarily done to ensure security protection, to prevent spam and to be able to take action against illegal content. Cookies can also be used for data storage. These are small text files that are stored with information in your browser. You can find more information on the data collected and stored in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, contribution and comment functions store data until you revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party communication tools at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As publication media may also use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

We use the means of communication mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers, business partners and visitors. Insofar as the use serves the processing of contractual relationships or their initiation, the legal basis is also Art. 6 para. 1 sentence 1 lit. b. GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or message functions, require your consent. If and insofar as you have consented to your data being processed and stored by integrated publication media, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication functions we use set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on special tools - if available - can be found in the following sections.

Blog posts and comment functions Privacy policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or write articles. If you use this function, your IP address may be stored for security reasons. In this way, we protect ourselves against illegal content such as insults, unauthorised advertising or prohibited political propaganda. In order to recognise whether comments are spam, we may also store and process user information on the basis of our legitimate interest. If we start a survey, we also store your IP address for the duration of the survey so that we can ensure that all participants only vote once. Cookies may also be used for the purpose of storage. All data that we store about you (such as content or personal information) will remain stored until you object.

Comment subscriptions Privacy policy

You can also subscribe to comments that follow your post. In this case, you will always receive a message when a follow-up comment is published. You will first receive a confirmation e-mail to check whether the e-mail address you have entered belongs to you. By submitting the confirmation, you also consent to the data processing. You can cancel this subscription at any time (as with a newsletter, for example) and revoke your consent. The legality of the processing up to this point remains unaffected. As long as you are subscribed to the comments, we will save your registration time and your IP address so that we can prove your consent if necessary. After you cancel your subscription, we may retain your email address for up to three years on the legal basis of our legitimate interest in providing proof of consent. However, if you confirm your former consent to the subscription and request the deletion of your data, the data will be deleted from our system immediately.

Medium Privacy Policy

We also use the Medium hosting platform on our website. The service provider is the American company Medium Corporation, P.O. Box 602, San Francisco, CA 94104-0602, USA.

Medium also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Medium uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. These clauses oblige Medium to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of Medium in the privacy policy on https://policy.medium.com/medium-privacy-policy-f03bf92035c9.

WordPress emojis privacy policy

We also use so-called emojis and smilies in our blog. We probably don't need to explain exactly what emojis are here. You know those smiling, angry or sad faces. They are graphic elements or files that we make available and are loaded from another server. The service provider for retrieving WordPress emojis and smilies is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address in order to be able to transmit the emoji files to your browser.

Automattic also processes your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The data processing conditions (Data Processing Agreements), which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can find out more about the data that is processed through the use of WordPress emojis in the privacy policy on https://automattic.com/privacy/.

Online Marketing Introduction

Online marketing privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimise the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. Personal data such as name or email address may also be processed. You can find more details on this in the online marketing tool used. 📅 Storage period: depending on the online marketing tools used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is online marketing?

Online marketing refers to all measures that are carried out online in order to achieve marketing goals such as increasing brand awareness or closing a deal. Our online marketing measures are also aimed at drawing people's attention to our website. We therefore use online marketing to show our offer to many interested people. This usually involves online advertising, content marketing or search engine optimisation. Personal data is also stored and processed so that we can use online marketing efficiently and in a targeted manner. On the one hand, the data helps us to show our content only to those people who are actually interested in it and, on the other hand, we can measure the advertising success of our online marketing measures.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in what we have to offer. We are aware that this is not possible without deliberate measures. That's why we do online marketing. There are various tools that make it easier for us to work on our online marketing measures and also constantly provide suggestions for improvement via data. This allows us to target our campaigns more precisely to our target group. The purpose of these online marketing tools is ultimately to optimise our offering.

What data is processed?

To ensure that our online marketing works and the success of the measures can be measured, user profiles are created and data is stored in cookies (small text files), for example. With the help of this data, we can not only advertise in the traditional way, but also display our content directly on our website in the way you prefer. There are various third-party tools that offer these functions and collect and store your data accordingly. For example, the named cookies store which web pages you have visited on our website, how long you have viewed these pages, which links or buttons you click or which website you came to us from. Technical information may also be stored. For example, your IP address, which browser you are using, from which end device you are visiting our website or the time when you accessed our website and when you left it again. If you have consented to us determining your location, we can also store and process this.

Your IP address is stored in pseudonymised form (i.e. shortened). Unique data that directly identifies you as a person, such as your name, address or email address, is also only stored in pseudonymised form as part of the advertising and online marketing process. We are therefore unable to identify you as a person; we have only stored the pseudonymised, saved information in the user profiles.

The cookies may also be used, analysed and used for advertising purposes on other websites that work with the same advertising tools. The data can then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (name, e-mail address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data to the user profile.

With all the advertising tools we use that store your data on their servers, we only ever receive summarised information and never data that makes you identifiable as an individual. The data only shows how well advertising measures worked. For example, we can see which measures prompted you or other users to visit our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. You can usually find detailed information about the individual cookies used by the provider in the respective data protection declarations of the individual providers.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. The legality of the processing remains unaffected until cancellation.

As cookies can generally be used with online marketing tools, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) represents the legal basis for the processing of personal data as it may occur when collected by online marketing tools.

We also have a legitimate interest in measuring online marketing measures in anonymised form in order to optimise our offer and our measures with the help of the data obtained. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

Information on special online marketing tools - if available - can be found in the following sections.

ZoomInfo privacy policy

We use the advertising services of ZoomInfo for our website. The service provider is the Canadian company ZoomInfo Technologies LLC, 805 Broadway, Suite 900, Vancouver, WA 98660, Canada.

Your data may also be processed in Canada and therefore outside the scope of the GDPR. The European Commission has decided that an adequate level of protection exists for commercial offers from Canada in accordance with Art. 45 (1) GDPR. This means that data transfer to this country is permitted. You can view the decision here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002.

You can find out more about the data that is processed through the use of ZoomInfo in the privacy policy on https://www.zoominfo.com/about-zoominfo/privacy-policy.

Partner programmes Introduction

Partner programmes Privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: economic success and the optimisation of our service performance. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage period: personal data is usually stored by partner programmes until it is no longer needed ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are partner programmes?

We use partner programmes from various providers on our website. By using an affiliate programme, your data may be transferred to the respective affiliate programme provider, stored and processed. In this data protection text, we provide you with a general overview of data processing by partner programmes and show you how you can also prevent or revoke data transmission. Every partner programme (also known as an affiliate programme) is based on the principle of commission. A link or an advert including a link is placed on our website and if you are interested in it and click on it and purchase a product or service in this way, we receive a commission (reimbursement of advertising costs) for this

Why do we use partner programmes on our website?

Our aim is to provide you with an enjoyable time with lots of helpful content. We put a lot of work and time into the development of our website. With the help of partner programmes, we have the opportunity to be rewarded a little for our work. Each partner link is of course always related to our topic and shows offers that might interest you.

What data is processed?

In order to be able to track whether you have clicked on a link we have used, the partner programme provider must know that it was you who followed the link via our website. This means that the affiliate programme links used must be correctly assigned to the subsequent actions (business transaction, purchase, conversion, impression, etc.). Only then can the billing of commissions work.

For this assignment to work, a value can be attached to a link (in the URL) or information can be stored in cookies. This stores information such as which page you came from (referrer), when you clicked on the link, an identifier for our website, which offer it is and a user ID.

This means that as soon as you interact with the products and services of a partner programme, this provider also collects data from you. Exactly which data is stored depends on the individual provider. For example, the Amazon partner programme distinguishes between active and automatic information. Active information includes your name, email address, telephone number, age, payment information or location information. The automatically stored information in this case includes user behaviour, IP address, device information and the URL.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, personal data is only processed for as long as is necessary to provide the services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years if they are not actively deleted. The exact duration of data processing depends on the provider used; in most cases, you should be prepared for a storage period of several years. You can usually find precise information about the duration of data processing in the respective data protection declarations of the individual providers.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the partner programme provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways.

Legal basis

If you have consented to the use of partner programmes, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) represents the legal basis for the processing of personal data as it may occur when collected by a partner programme.

We also have a legitimate interest in using a partner programme in order to optimise our online service and our marketing measures. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the partner programme if you have given your consent.

Information on special partner programmes, if available, can be found in the following sections.

Amazon affiliate programme privacy policy

Amazon Affiliate Programme Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: economic success and the optimisation of our service performance. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage period: personal data is stored by Amazon until it is no longer needed ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is the Amazon Partner Programme?

We use the Amazon affiliate programme of Amazon.com, Inc. on our website. The responsible bodies within the meaning of the data protection declaration are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 5, Rue Plaetis, L-2338 Luxembourg and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, Germany, acts as data processor. By using this Amazon partner programme, your data may be transferred to Amazon, stored and processed.

In this privacy policy, we inform you what data is involved, why we use the programme and how you can manage or prevent the transfer of data.

The Amazon partner programme is an affiliate marketing programme of the online mail order company Amazon.com. Like any affiliate programme, the Amazon affiliate programme is based on the principle of commission. Amazon or we place adverts or partner links on our website and if you click on them and buy a product via Amazon, we receive a refund of advertising costs (commission).

Why do we use the Amazon affiliate programme on our website?

Our aim is to provide you with an enjoyable time with lots of helpful content. To achieve this, we put a lot of work and energy into the development of our website. With the help of the Amazon affiliate programme, we have the opportunity to be rewarded a little for our work. Every affiliate link to Amazon is of course always related to our topic and shows offers that might interest you.

What data is stored by the Amazon partner programme?

As soon as you interact with Amazon's products and services, Amazon collects data from you. Amazon distinguishes between information that you actively provide to the company and information that is automatically collected and stored. The "active information" includes, for example, your name, email address, telephone number, age, payment information or location information. So-called "automatic information" is primarily stored via cookies. This includes information on user behaviour, IP address, device information (browser type, location, operating systems) or the URL. Amazon also stores the clickstream. This refers to the path (sequence of pages) that you as a user take to reach a product. Amazon also stores cookies in your browser in order to be able to trace the origin of an order. In this way, the company recognises that you have clicked on an Amazon advertisement or a partner link via our website.

If you have an Amazon account and are logged in while browsing our website, the data collected may be assigned to your account. You can prevent this by logging out of Amazon before you browse our website.

Here we show you examples of cookies that are set in your browser when you click on an Amazon link on our website.

Nameuid
Value: 3230928052675285215322542178-9
Intended use: This cookie stores a unique user ID and collects information about your website activity.
Expiry date: after 2 months

Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Intended use: This cookie is provided by amazon-adsystem.com and is used by the company for various advertising purposes.
Expiry date: after 8 months

Nameuuid2
Value: 8965834524520213028322542178-2
Intended use: This cookie enables targeted and interest-based advertising via the AppNexus platform. The cookie collects and stores anonymous data via the IP address, for example, about which adverts you have clicked on and which pages you have accessed.
Expiry date: after 3 months

Namesession-id
Value: 262-0272718-2582202322542178-1
Intended use: This cookie stores a unique user ID that the server assigns to you for the duration of a website visit (session). If you visit the same page again, the information stored in it will be retrieved.
Expiry date: after 15 years

NameAPID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Intended use: This cookie stores information about how you use a website and which adverts you viewed before visiting the website.
Expiry date: after one year

Namesession-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Intended use: This cookie records the time you spend on a website with a unique cookie ID.
Expiry date: after 2 years

Name: csm-hit
Value: 2082754801l
Intended use: We would not be able to find out any precise information about this cookie.
Expiry date: after 15 years

Remark: Please note that this list only shows examples of cookies and cannot claim to be exhaustive.

Amazon uses the information it receives to tailor adverts more precisely to users' interests.

How long and where is the data stored?

Personal data is stored by Amazon for as long as is necessary for Amazon's business services or for legal reasons. As Amazon is headquartered in the USA, the data collected is also stored on American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have an Amazon account, you can manage or delete much of the data collected in your account.

Another option to manage data processing and storage by Amazon according to your preferences is offered by your browser. There you can manage, deactivate or delete cookies. This works a little differently for each browser. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

If you have consented to the Amazon partner programme being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) represents the legal basis for the processing of personal data as it may occur when collected by the Amazon partner programme.

We also have a legitimate interest in using the Amazon partner programme to optimise our online service and our marketing measures. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the Amazon partner programme if you have given your consent.

Amazon also processes your data in the USA, among other places. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Amazon also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Amazon undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Terms (AWS GDPR DATA PROCESSING), which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have provided you with the most important information about data transfer through the use of the Amazon partner programme. You can find more information at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Digistore24 partner programme privacy policy

We use the Digistore24 partner programme for our website. The service provider is the German company Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany.
 You can find out more about the data processed through the use of Digistore24 in the privacy policy on https://www.digistore24.com/page/privacy.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected parties: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Processed data: Data for managing the cookie settings such as IP address, time of consent, type of consent, individual consents. You can find more details on this in the respective tool used. 📅 Storage duration: Depends on the tool used, you have to be prepared for periods of several years ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website to make it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with the cookie consent required under data protection law and helps us and you to keep track of all cookies. Most cookie consent management tools identify and categorise all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic illustrates the relationship between browser, web server and CMP.

Why do we use a cookie management tool?

Our aim is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to provide you with as much information as possible about all tools and all cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period of your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (e.g. pseudonymised user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should be prepared for a storage period of several years. You can usually find detailed information about the duration of data processing in the respective data protection declarations of the individual providers.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are informed by your Consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and to enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which is a Legitimate interest (Article 6(1)(f) GDPR).

BorlabsCookie privacy policy

We use BorlabsCookie on our website, which is, among other things, a tool for storing your cookie consent. The service provider is the German company Borlabs - Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of BorlabsCookie in the privacy policy at
https://de.borlabs.io/datenschutz/.

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: cyber security 📓 Processed data: Data such as your IP address, name or technical data such as browser version You can find more details on this below and in the individual data protection texts. 📅 Storage period: Most of the data is stored until it is no longer required for the fulfilment of the service ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is security & anti-spam software?

With so-called security and anti-spam software, you and we can protect ourselves from various spam or phishing emails and possible other cyberattacks. Spam refers to advertising emails from a mass mailing that you did not request yourself. Such emails are also known as data junk and can also cause costs. Phishing emails, on the other hand, are messages that aim to build trust via fake messages or websites in order to obtain personal data. Anti-spam software generally protects against unwanted spam messages or malicious emails that could introduce viruses into our system. We also use general firewall and security systems to protect our computers from unwanted network attacks.

Why do we use security & anti-spam software?

We attach great importance to security on our website. After all, it's not just about our security, but above all about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT and the Internet. Hackers often try to steal personal data from an IT system with the help of a cyber attack. And that is why a good defence system is absolutely essential. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyber attacks, we also use other external security services in addition to the standardised security systems on our computer. This prevents unauthorised data traffic and protects us from cybercrime.

What data is processed by security & anti-spam software?

Exactly which data is collected and stored depends of course on the respective service. However, we always endeavour to only use programmes that collect data very sparingly or only store data that is necessary for the fulfilment of the service offered. In principle, the service may store data such as name, address, IP address, e-mail address and technical data such as browser type or browser version. Any performance and log data may also be collected in order to recognise possible incoming threats in good time. This data is processed as part of the services and in compliance with the applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). In some cases, these security services also work with third-party providers who may store and/or process data under instruction and in accordance with the data protection guidelines and other security measures. Data is usually stored via cookies.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. For example, security programmes store data until you or we revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. Unfortunately, in many cases we do not receive precise information from the providers about the length of storage.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party security software at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As such security services may also use cookies, we recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

We use the security services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security system against various cyber attacks.

Certain processing operations, in particular the use of cookies and the use of security functions, require your consent. If you have consented to your data being processed and stored by integrated security services, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on special tools - if available - can be found in the following sections.

Akismet privacy policy

We use Akismet, an anti-spam solution for WordPress, for our website. The service provider is the American company Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.

Automattic also processes your data in the USA, among other places. Akismet or Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Data Processing Agreements, which refer to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can find out more about the data that is processed through the use of Akismet or WordPress in the privacy policy on https://automattic.com/de/privacy/.

Cloud services

Cloud services Privacy policy summary Data subjects: We as the website operator and you as the website visitor 🤝 Purpose: Security and data storage 📓 Processed data: Data such as your IP address, name or technical data such as browser version You can find more details on this below and in the individual data protection texts or in the data protection declarations of the providers 📅 Storage period: Most of the data is stored until it is no longer required for the fulfilment of the service ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cloud services?

Cloud services provide us as website operators with storage space and computing power via the internet. Data can be transferred to an external system, processed and stored via the internet. This data is managed by the corresponding cloud provider. Depending on requirements, an individual person or even a company can choose the amount of storage space or computing power. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software and hardware components.

Why do we use cloud services?

We use cloud services for several reasons. A cloud service offers us the opportunity to store our data securely. We also have access to the data from different locations and devices, giving us more flexibility and making our work processes easier. Cloud storage also saves us costs because we don't have to set up and manage our own infrastructure for data storage and data security. By centralising our data in the cloud, we can also expand our fields of application and manage our information much better.

As website operators and companies, we primarily use cloud services for our own purposes. For example, we use the services to manage our calendar, store documents or other important information in the cloud. However, your personal data may also be stored in the process. This is the case, for example, if you provide us with your contact details (such as your name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analyses and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment the next time you visit our website.

What data is processed by cloud services?

Much of the data we store in the cloud has no personal reference, but some data is considered personal data as defined by the GDPR. This often involves customer data such as name, address, IP address or telephone number or technical device information. Videos, images and audio files can also be stored in the cloud. Exactly how the data is collected and stored depends on the respective service. We only try to use services that handle the data in a very trustworthy and professional manner. In principle, the services, such as Amazon Drive, have access to the stored files in order to be able to offer their own service accordingly. However, the services require authorisations for this, such as the right to copy files for security reasons. This data is processed and managed as part of the services and in compliance with the applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). In some cases, these cloud services also work with third-party providers who may process data under instruction and in accordance with the data protection guidelines and other security measures. At this point, we would like to emphasise once again that all known cloud services (such as Amazon Drive, Google Drive or Microsoft Onedrive) obtain the right to access stored content in order to offer and optimise their own services accordingly.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, cloud services store data until you or we revoke the data storage or delete the data. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. However, it may take several months to permanently delete data from the cloud. This is the case because the data is usually not stored on just one server, but is distributed across various servers.

Right of objection

You also have the right and the option to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of cancellation here. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. We also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective cloud providers.

Legal basis

We use cloud services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security and storage system.

Certain processing operations, in particular the use of cookies and the use of storage functions, require your consent. If you have consented to your data being processed and stored by cloud services, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on special tools - if available - can be found in the following sections.

Amazon Drive privacy policy

We use Amazon Drive, an online storage service for files, photos and videos, for our website. The service provider is the American company Amazon.com, Inc, 2021 Seventh Ave, Seattle, Washington 98121, USA. The European branch of the company is located in Luxembourg (38, Avenue John F. Kennedy, L-1855).

Amazon also processes your data in the USA, among other places. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Amazon also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Amazon undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Terms (AWS GDPR DATA PROCESSING), which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

You can find out more about the data processed through the use of Amazon in the privacy policy on https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Payment provider introduction

Payment provider privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Enabling and optimising the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details on this in the respective payment provider tool used. 📅 Storage duration: depending on the payment provider used ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (fulfilment of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make secure and smooth payments. Among other things, personal data may be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. Payment processing is carried out by the payment provider you have selected. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and make use of our offers. We know that your time is precious and that payment transactions in particular need to work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your favourite payment provider and pay in the usual way.

What data is processed?

Exactly which data is processed depends of course on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the payment provider's servers. We as the website operator do not receive this data. We are only informed whether the payment has worked or not. For identity and credit checks, payment providers may forward data to the relevant body. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the payment provider's general terms and conditions and privacy policy. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of cancellation, right to information and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may also be exceeded. For example, we store accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR)
 In addition to traditional banking/credit institutions, we also offer other payment service providers. In the data protection declarations of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provides you with a detailed overview of data processing and data storage. In addition, you can always contact the persons responsible if you have any questions about data protection issues.

Information on the special payment providers - if available - can be found in the following sections.

Amazon Payments privacy policy

We use Amazon Payments on our website, a service for online payment methods. The service provider is the American company Amazon.com Inc. The company Amazon Payments Europe S.C.A. (38 Avenue J.F. Kennedy, L-1855 Luxembourg) is responsible for the European region.

Amazon also processes your data in the USA, among other places. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Amazon also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Amazon undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Terms (AWS GDPR DATA PROCESSING), which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

You can find out more about the data processed through the use of Amazon Payments in the Privacy Policy on
https://pay.amazon.de/help/201212490.

Apple Pay privacy policy

We use Apple Pay, a service for online payment methods, on our website. The service provider is the American company Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.

Apple also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Apple uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige Apple to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of Apple Pay in the privacy policy on
https://www.apple.com/legal/privacy/de-ww/.

Google Pay privacy policy

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at https://business.safety.google/adscontrollerterms/.

You can find out more about the data processed through the use of Google Pay in the privacy policy on
https://policies.google.com/privacy.

Klarna Checkout privacy policy

Klarna Checkout privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details below in this privacy policy. 📅 Storage period: Data is stored for as long as Klarna needs it for the processing purpose. ⚖️ Legal basis: Art. 6 para. 1 lit. c GDPR (Legal obligation), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Klarna Checkout?

We use the online payment system Klarna Checkout from the Swedish company Klarna Bank AB on our website. Klarna Bank has its head office at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose to use this service, personal data will be sent to Klarna, stored and processed. In this privacy policy we would like to give you an overview of the data processing by Klarna.

Klarna Checkout is a payment system for orders in an online shop. The user selects the payment method and Klarna Checkout takes care of the entire payment process. Once a user has made a payment via the checkout system and entered the relevant data, future online purchases can be made even more quickly and easily. The Klarna system recognises the existing customer as soon as they enter their email address and postcode.

Why do we use Klarna Checkout for our website?

Our aim with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes smooth, fast and secure payment processing of your orders. To ensure this, we use the Klarna Checkout payment system.

What data is stored by Klarna Checkout?

As soon as you decide in favour of the Klarna payment service and pay via the Klarna Checkout payment method, you also transmit personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our Internet address, date and time, language settings, time zone settings and IP address are collected from you and transmitted to Klarna's servers and stored there. This data is stored even if you have not yet completed an order.

When you order a product or service via our shop, you must enter your personal data in the fields provided. This data is processed by Klarna for payment processing. The following personal data in particular (as well as general product information) may be stored and processed by Klarna for credit and identity checks:

• Contact information: Name, date of birth, national ID number, title, billing and delivery address, e-mail address, telephone number, nationality or salary.
• Payment information such as credit card details or your bank account number
• Product information such as consignment number, type of item and price of the product

There is also data that can be collected optionally if you make a conscious decision to do so. These include political, religious or ideological beliefs or various health data.

Klarna may also collect data about the goods or services you purchase or order itself or via third parties (such as us or via public databases) in addition to the above-mentioned data. This may include, for example, the consignment number or the type of item ordered, but also information about your creditworthiness, your income or the granting of credit. Klarna may also pass on your personal data to service providers such as software providers, data storage providers or us as a merchant.

If data is automatically entered into a form, cookies are always involved. If you do not wish to use this function, you can deactivate these cookies at any time. Further down in the text you will find instructions on how to delete, deactivate or manage cookies in your browser. Our tests have shown that Klarna does not set any cookies directly. If you select the payment method "Klarna Sofort" and click on "Order", you will be redirected to the Sofort website. After successful payment, you will be taken to our thank you page. The following cookie is set there by sofort.com:

NameSOFUEB
Value: e8cipp378mdscn9e17kajlfhv7322542178-4
Intended use: This cookie stores your session ID.
Expiry date: after ending the browser session

How long and where is the data stored?

Klarna endeavours to store your data only within the EU or the European Economic Area (EEA). However, data may also be transferred outside the EU/EEA. If this happens, Klarna ensures that the data protection is in accordance with the GDPR and that the third country is covered by an adequacy decision of the European Union. The data is always stored as long as Klarna needs it for the processing purpose.

How can I delete my data or prevent data storage?

You can revoke your consent to Klarna processing your personal data at any time. You also always have the right to information, correction and deletion of your personal data. All you need to do is contact the company or the company's data protection team by email at datenschutz@klarna.de contact us. About the Klarna website "My data protection enquiry" you can also contact Klarna directly.

You can delete, deactivate or manage cookies that Klarna may use for its functions in your browser. Depending on which browser you use, this works in different ways. Under the section "Cookies" you will find the corresponding links to the respective instructions for the most popular browsers.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR)
 In addition to conventional bank/credit institutions, we also offer the payment service provider Klarna Checkout.

We hope that we have provided you with a good overview of data processing by Klarna. If you would like to find out more about how your data is handled, we recommend that you read Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

 

PayPal Check-Out Privacy Policy

We also use the payment services of PayPal Check-Out for our transactions. The service provider is the American company PayPal Inc. The Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, is responsible for the European region.

You can find out more about the data processed through the use of PayPal Check-Out in the privacy policy on https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

PayPal privacy policy

PayPal Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data may be processed. You can find more details on this further below in this privacy policy. 📅 Storage period: Data is generally stored until the cooperation with PayPal is terminated ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract processing), Art. 6 para. 1 lit. a GDPR (consent)

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European area.

PayPal allows all users to send and receive money electronically. The company was founded in 1998 and is now one of the best-known and largest online payment service providers in the world with over 325 million active customers.

Why do we use PayPal for our website?

There are various reasons why we use PayPal and offer it on our website. As PayPal is one of the best-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data in the best possible way. We also appreciate the ease of use of PayPal and the possibility of international payments in different currencies. As a rule, transactions are processed very quickly, which is a further advantage for both us and you as a customer.

What data is processed by PayPal?

In its privacy policy, PayPal distinguishes between different categories of personal data that can be processed through the use of the service. These include login and contact data, identification and signature data, payment information, information on imported contacts, data from your account profile, device data such as your IP address, location data and so-called derived data. This is information that can be derived from transactions or other data. This may include purchasing habits, behavioural patterns, creditworthiness or personal preferences.

Then there is also personal data that is collected by third parties (such as identity checkers, fraud detection providers or your bank). This data includes information from credit agencies, transaction data, information on legal requirements, technical usage data, location data and also derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons and widgets to recognise you as a user, to customise content and to carry out analyses for interest-based advertising.

How long and where is the data stored?

In principle, PayPal stores the data for as long as it is necessary to fulfil its obligations and within the scope of the purpose. Personal data that is necessary for the customer relationship will be stored for 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period of the personal data is in accordance with the applicable law (e.g. insolvency law). PayPal also stores personal data for as long as necessary if retention is advisable with regard to legal disputes.

As PayPal is a global company, the service also has data centres worldwide where your data can be stored. This means that your data can also be stored on PayPal servers outside your country and also outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of data at any time.

If you want to deactivate, delete or manage cookies, you will find the relevant links to the instructions for the most popular browsers in the "Cookies" section.

Legal basis

We have a legitimate interest in integrating an external payment service with PayPal in order to make our offer more attractive and to improve it technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). We would like to point out that you can only use PayPal if you enter into a contractual relationship with PayPal. In this case, it may be necessary to provide further data protection and contractual declarations (e.g. consent).

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on the standard contractual clauses and the data processed through the use of PayPal, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

PayPal Express Privacy Policy

We also use the payment services of PayPal Express for our business. The service provider is the American company PayPal, Inc. The Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, is responsible for the European region.

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of PayPal Express in the privacy policy on https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

PayPal Plus Privacy Policy

We also use the payment services of PayPal Plus for our business. The service provider is the American company PayPal, Inc. The Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, is responsible for the European region.

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of PayPal Plus in the privacy policy on https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Sofortüberweisung privacy policy

Sofortüberweisung privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details below in the privacy policy 📅 Storage period: Data is stored within the legal retention period ⚖️ Legal basis: Art. 6 para. 1 lit. c GDPR (Legal obligation), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is an "instant bank transfer"?

On our website, we offer the payment method "Sofortüberweisung" from the company Sofort GmbH for cashless payment. Sofort GmbH has been part of the Swedish company Klarna since 2014, but is based in Germany, Theresienhöhe 12, 80339 Munich.

If you decide in favour of this payment method, personal data will also be transmitted to Sofort GmbH or Klarna, stored and processed there. This data protection text provides you with an overview of data processing by Sofort GmbH.

Sofortüberweisung is an online payment system that allows you to place an order via online banking. The payment is processed by Sofort GmbH and we immediately receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. Only a few banks do not yet support this payment method.

Why do we use "Sofortüberweisung" on our website?

Our aim with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes smooth, fast and secure payment processing of your orders. To ensure this, we use "Sofortüberweisung" as our payment system.

What data is stored by "Sofortüberweisung"?

If you make an instant bank transfer via the Sofort/Klarna service, data such as name, account number, sort code, subject, amount and date are stored on the company's servers. We also receive this information via the payment confirmation.

As part of the account coverage check, Sofort GmbH checks whether your account balance and overdraft facility cover the payment amount. In some cases, the system also checks whether Sofort transfers have been successfully carried out in the last 30 days. Furthermore, your user identification (such as user number or contract number) is collected and stored in abbreviated ("hashed") form and your IP address. For SEPA transfers, the BIC and IBAN are also stored.

According to the company, no other personal data (such as account balances, turnover data, credit limits, account lists, mobile phone numbers, authentication certificates, security codes or PIN/TAN) is collected, stored or passed on to third parties.

Sofortüberweisung also uses cookies to make its own service more user-friendly. When you order a product, you will be redirected to the Sofort or Klarna website. After successful payment, you will be redirected to our thank you page. The following three cookies are set here:

NameSOFUEB
Value: e8cipp378mdscn9e17kajlfhv7322542178-5
Intended use: This cookie stores your session ID.
Expiry date: after ending the browser session

NameUser[user_cookie_rules]
Value: 1
Intended use: This cookie stores your consent to the use of cookies.
Expiry date: after 10 years

Name: _ga
Value: GA1.2.69759879.1589470706
Intended use: By default, analytics.js uses the _ga cookie to store the user ID. It is basically used to differentiate between website visitors. This is a cookie from Google Analytics.
Expiry date: after 2 years

Remark: The cookies listed here do not claim to be exhaustive. It is always possible that Sofortüberweisung also uses other cookies.

How long and where is the data stored?

All data collected is stored within the legal retention period. This obligation can last between three and ten years.

Klarna/Sofort GmbH endeavours to store data only within the EU or the European Economic Area (EEA). If data is transferred outside the EU/EEA, the data protection must comply with the GDPR and the country must be covered by an adequacy decision of the EU.

How can I delete my data or prevent data storage?

You can revoke your consent to Klarna processing your personal data at any time. You also always have the right to information, correction and deletion of your personal data. To do this, you can simply contact the company's data protection team by sending an email to datenschutz@sofort.com.

You can manage, delete or deactivate any cookies used by Sofortüberweisung in your browser. Depending on your favourite browser, this works in different ways. Under the section "Cookies" you will find the corresponding links to the respective instructions for the most popular browsers.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR)
 In addition to conventional bank/credit institutions, we also offer the payment service provider Sofortüberweisung. The successful use of the service also requires your consent (Art. 6 para. 1 lit. a GDPR)
 insofar as the authorisation of cookies is necessary for use.

If you would like to find out more about data processing by "Sofortüberweisung" from Sofort GmbH, we recommend that you read the privacy policy at https://www.sofort.com/datenschutz.html.

Stripe privacy policy

Stripe Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data More details can be found further below in this privacy policy 📅 Storage duration: Data is stored until the collaboration with Stripe is cancelled ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract processing), Art. 6 para. 1 lit. a GDPR (consent)

What is Stripe?

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process will be forwarded to Stripe and stored. In this privacy policy, we provide you with an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

The technology company Stripe offers payment solutions for online payments. With Stripe it is possible to accept credit and debit card payments in our webshop. Stripe takes care of the entire payment process. A major advantage of Stripe is that you never have to leave our website or the shop during the payment process and the payment is processed very quickly.

Why do we use Stripe for our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and make use of our offers. We know that your time is precious and that payment processes in particular must therefore function quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that guarantees secure and fast payment processing.

What data is stored by Stripe?

If you choose Stripe as your payment method, your personal data will also be transmitted to Stripe and stored there. This is transaction data. This data includes the payment method (i.e. credit card, debit card or account number), bank sort code, currency, amount and date of payment. During a transaction, your name, e-mail address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is required for authentication. Furthermore, Stripe may also collect your name, address, telephone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and in order to be able to offer its own services in full.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be passed on to internal departments, a limited number of external Stripe partners or to comply with legal regulations. Stripe also uses cookies to collect data. Here you will find a selection of cookies that Stripe may set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456322542178-5
Intended use: This cookie appears when you select the payment method. It saves and recognises whether you are accessing our website via a PC, tablet or smartphone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9322542178-1
Intended use: This cookie is required to carry out a credit card transaction. The cookie stores your session ID for this purpose.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Intended use: This cookie also stores your ID and is used by Stripe for the payment process on our website.
Expiry dateafter the end of the session

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate the cooperation with Stripe. However, in order to fulfil legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. As Stripe is a global company, data may also be stored in any country where Stripe provides services. This means that data may also be stored outside your country, for example in the USA.

How can I delete my data or prevent data storage?

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data may therefore not simply be transferred to insecure third countries, stored and processed there, unless there are suitable guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email contact.

You can delete, deactivate or manage cookies that Stripe uses for its functions in your browser. Depending on which browser you use, this works in different ways. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR) in addition to conventional banking/credit institutions, we also offer the payment service provider Stripe. The successful use of the service also requires your consent (Art. 6 para. 1 lit. a GDPR)insofar as the authorisation of cookies is necessary for use.

Stripe also processes your data in the USA, among other places. Stripe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Stripe uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Stripe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information on the standard contractual clauses and the data processed through the use of Stripe, please refer to the Privacy Policy at https://stripe.com/at/privacy.

Credit rating agencies Introduction

Credit rating agencies Privacy policy summary 👥 Affected parties: Customers 🤝 Purpose: Creditworthiness and credit rating 📓 Processed data: Inventory data, payment data, contact data, contract data 📅 Storage duration: depending on the checkpoints used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are credit rating agencies?

In some cases, we use credit rating agencies for our online transactions so that we can obtain information about your creditworthiness if we make advance payments. The credit agencies calculate a statistical probability of non-payment. This means that we receive information about how likely it is that you will be able to pay your invoice, for example. Based on this information, we can better decide whether or not to make advance payments. We can also refuse advance payments (such as payment on account) if the result of a credit check is negative.

Why do we use credit rating agencies?

In our business, it often happens that we provide a service before the contractually agreed consideration or accept similar economic risks. This is always the case, for example, when ordering on account. In order to protect our legitimate interests, we can obtain so-called identity and creditworthiness information. This involves assessing the credit risk using a mathematical-statistical procedure from credit rating agencies (credit reference agencies).

What data is processed?

The decision to make advance payment or not is made by software that works with the information from the credit assessment agency on the basis of an automated decision in individual cases (= Art. 22 GDPR). The data that is usually processed includes name, address, bank details, invoices, payment history, contact details such as e-mail address and telephone number as well as contract data such as term, customer information and the subject matter of the contract. You can find more detailed information about data processing in the data protection declarations of the respective credit rating agencies.

Duration of data processing

How long the data is processed and stored depends mainly on the credit rating agencies we use. You can find out more about the data processing of the individual providers below. The providers' data protection declarations usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary for the provision of our services. If data is stored in cookies, the storage period varies greatly. In most cases, you will also find detailed information about the individual cookies in the privacy policies of the individual providers.

Legal basis

If we obtain consent from our contractual partners, this is also the legal basis (Article 6(1)(a) GDPR) for the credit report and also for the transfer of the customer's data to a verification centre. If this consent does not exist, the legal basis is our legitimate interest (Article 6(1)(f) GDPR) in default protection. If we obtain your consent, this is also the legal basis for creditworthiness information and data transmission.

We have no influence on the specific checking process or the profiling of the credit rating agencies we use and therefore have no influence on the accuracy or appropriateness of the result. In this respect, we are not responsible under data protection law. In this respect, responsibility remains solely with the credit assessment agency, to whose data protection information we refer below. We are only responsible for obtaining and using a credit rating provided by a third party in individual cases.

Creditreform Boniversum privacy policy

We use Creditreform Boniversum for our business, including a credit assessment agency. The service provider is the German company Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany. You can find out more about the data processed through the use of Creditreform Boniversum in the privacy policy at https://www.boniversum.de/datenschutzerklaerung/
.

Creditreform privacy policy

We use Creditreform, a credit agency, for our business. The service provider is the Austrian company Creditreform Wirtschaftsauskunftei Kubicki KG, Muthgasse 36-40, 1190 Vienna, Austria. You can find out more about the data processed through the use of Creditreform in the privacy policy at https://www.creditreform.at/wien/eu-dsgvo.

Audio & Video Introduction

Audio & Video Privacy Policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as contact details, user behaviour data, information about your device and your IP address may be stored. You can find more details on this below in the corresponding data protection texts. 📅 Storage period: Data is generally stored for as long as it is required for the purpose of the service ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are audio and video elements?

We have integrated audio and video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are integrated functional elements from platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free of charge, but paid content can also be published. With the help of these integrated elements, you can listen to or watch the respective content via our website.

If you use audio or video elements on our website, your personal data may also be transmitted to the service providers, processed and stored.

Why do we use audio & video elements on our website?

Of course we want to provide you with the best offer on our website. And we realise that content is no longer just conveyed in text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and ideally even both. This expands our service and makes it easier for you to access interesting content. We therefore offer video and/or audio content in addition to our texts and images.

What data is stored by audio & video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the server of the service provider. Your data is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system and other general information about your end device. In addition, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked on or which website you used to access the service. All this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymised data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of the third-party providers either below in the data protection text of the respective tool or in the provider's privacy policy. In principle, personal data is only ever processed for as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. In most cases, you can assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. The legality of the processing remains unaffected until cancellation.

Since the integrated audio and video functions on our website usually also use cookies, you should also read our general privacy policy on cookies. You can find out more about the handling and storage of your data in the privacy policies of the respective third-party providers.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements if you have given your consent.

Netflix privacy policy

We use the streaming service Netflix for our website. The Dutch company Netflix International B.V. (Karperstraat 8-10, 1075 KZ Amsterdam, Netherlands) is responsible for the European region.

You can find out more about the data that is processed through the use of Netflix in the privacy policy on https://help.netflix.com/legal/privacy.

Vimeo privacy policy

Vimeo privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as contact details, user behaviour data, information about your device and your IP address may be stored. You can find more details below in this privacy policy. 📅 Storage period: Data is generally stored for as long as it is required for the purpose of the service ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Vimeo?

We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our website. Certain data may be transferred from you to Vimeo. In this privacy policy, we show you what data is involved, why we use Vimeo and how you can manage or prevent your data or data transfer.

Vimeo is a video platform that was founded in 2004 and has enabled the streaming of videos in HD quality since 2007. Since 2015, it has also been possible to stream in 4k Ultra HD. The portal is free to use, but paid content can also be published. Compared to the market leader YouTube, Vimeo prioritises high-quality content in good quality. For example, the portal offers a lot of artistic content such as music videos and short films, but also informative documentaries on a wide range of topics.

Why do we use Vimeo on our website?

The aim of our website is to provide you with the best possible content. And as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The video service Vimeo helps us to achieve this goal. Vimeo gives us the opportunity to present you with high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video directly on our site. This expands our service and makes it easier for you to access interesting content. In addition to our texts and images, we also offer video content.

What data is stored on Vimeo?

When you access a page on our website that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or very basic device information. Vimeo also stores information about which website you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with built-in Vimeo function. Vimeo can track and store these actions with the help of cookies and similar technologies.

If you are logged in to Vimeo as a registered member, more data can usually be collected, as more cookies may already have been set in your browser. In addition, your actions on our website will be directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while "surfing" on our website.

Below we show you the cookies that are set by Vimeo when you are on a website with an integrated Vimeo function. This list is not exhaustive and assumes that you do not have a Vimeo account.

Name: player
Value: ""
Intended use: This cookie saves your settings before you play an embedded Vimeo video. This means that the next time you watch a Vimeo video, you will get your favourite settings again.
Expiry date: after one year

Name: vuid
Value: pl1046149876.614422590322542178-4

Intended use: 
This cookie collects information about your actions on websites that have embedded a Vimeo video.

Expiry date: 
after 2 years

Remark: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. If you watch the video and click on the button, for example to "share" or "like" the video, further cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Exactly which cookies are set here depends on your interaction with the video.

The following list shows a selection of possible cookies that are set when you interact with the Vimeo video:

Name: _abexps
Value:
Intended use: This Vimeo cookie helps Vimeo to remember the settings you have made. This can be, for example, a preset language, a region or a user name. In general, the cookie stores data about how you use Vimeo.
Expiry date: after one year

Name: continuous_play_v3
Value: 1
Intended use: This cookie is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or play a video.
Expiry date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280322542178-7
Intended use: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. It is basically used to differentiate between website visitors.
Expiry date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279322542178-3
Intended use: This third-party cookie from Google AdSense is used to improve the efficiency of adverts on websites.
Expiry date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Intended use: This is a Facebook cookie. This cookie is used to display adverts or advertising products from Facebook or other advertisers.
Expiry date: after 3 months

Vimeo uses this data, among other things, to improve its own service, to communicate with you and to implement its own targeted advertising measures. Vimeo emphasises on its website that only first-party cookies (i.e. cookies from Vimeo itself) are used for embedded videos as long as you do not interact with the video.

How long and where is the data stored?

Vimeo is headquartered in White Plains in the state of New York (USA). However, the services are offered worldwide. The company uses computer systems, databases and servers in the USA and other countries. Your data can therefore also be stored and processed on servers in America. The data remains stored by Vimeo until the company no longer has a commercial reason for storing it. The data is then deleted or anonymised.

How can I delete my data or prevent data storage?

You always have the option of managing cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. This works a little differently depending on your browser. Please note that various functions may no longer be fully available after deactivating/deleting cookies. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.

Legal basis

If you have consented to your data being processed and stored by integrated Vimeo elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated Vimeo elements if you have given your consent. Vimeo also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Vimeo also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Vimeo uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Vimeo undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at Vimeo at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policyInformation on data protection at Vimeo can be found at https://vimeo.com/privacy read more.

YouTube Data API Privacy Policy

We also use the YouTube Data API feature. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube Data API in the Privacy Policy on https://policies.google.com/privacy?hl=de.

YouTube privacy policy

YouTube privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Optimisation of our service performance 📓 Processed data: Data such as contact details, user behaviour data, information about your device and your IP address may be stored. You can find more details below in this privacy policy. 📅 Storage period: Data is generally stored for as long as it is required for the purpose of the service ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is YouTube?

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data will be transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain to you in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We endeavour to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. The embedded videos also make our website easier to find on the Google search engine. Even if we place adverts via Google Ads, Google can - thanks to the data collected - only show these adverts to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, the sharing of content via social media or adding to your favourites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

In the following list, we show cookies that were set in the browser in a test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be exhaustive because the user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y322542178-1
Intended use: This cookie registers a unique ID to store statistics of the video viewed.
Expiry date: after the end of the meeting

Name: PREF
Value: f1=50000000
Intended use: This cookie also registers your unique ID. Google receives statistics on how you use YouTube videos on our website via PREF.
Expiry date: after 8 months

Name: GPS
Value: 1
Intended use: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Intended use: This cookie attempts to estimate the user's bandwidth on our websites (with integrated YouTube video).
Expiry date: after 8 months

Other cookies that are set when you are logged in to your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7322542178-
Intended use: This cookie is used to create a profile of your interests. The data is used for personalised advertisements.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Intended use: The cookie stores the status of a user's consent to the use of various Google services. CONSENT is also used for security purposes to check users and protect user data from unauthorised attacks.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Intended use: This cookie is used to create a profile of your interests. This data helps to display personalised advertising.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL...
Intended use: Information about your login data is stored in this cookie.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Intended use: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiry date: after 2 years

Name: SID
Value: oQfNKjAsI322542178-
Intended use: This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Intended use: This cookie stores information about how you use the website and what adverts you may have seen before visiting our site.
Expiry date: after 3 months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the Google data centres are located. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.

Google stores the data collected for different lengths of time. You can delete some data at any time, others are automatically deleted after a limited time and others are stored by Google for a longer period of time. Some data (such as elements from "My activity", photos or documents, products) that are stored in your Google account remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data that is linked to your device, browser or app.

How can I delete my data or prevent data storage?

In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that cookies are deleted or deactivated by Google. Depending on which browser you use, this works in different ways. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your data for the purpose of fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

YouTube also processes your data in the USA, among other places. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to find out more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube subscribe button on our website. You can usually recognise the button by the classic YouTube logo. The logo shows the words "Subscribe" or "YouTube" in white lettering against a red background and the white "Play" symbol to the left. However, the button can also be displayed in a different design.

Our YouTube channel always offers you funny, interesting or exciting videos. With the built-in "Subscribe" button, you can subscribe to our channel directly from our website without having to go to the YouTube website. We want to make it as easy as possible for you to access our extensive content. Please note that YouTube may store and process your data as a result.

If you see a built-in subscription button on our site, YouTube - according to Google - sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also find out information about your browser, your approximate location and your default language. In our test, the following four cookies were set without being logged in to YouTube:

Name: YSC
Value: b9-CV6ojI5322542178Y
Intended use: This cookie registers a unique ID to store statistics of the video viewed.
Expiry date: after the end of the meeting

Name: PREF
Value: f1=50000000
Intended use: This cookie also registers your unique ID. Google receives statistics on how you use YouTube videos on our website via PREF.
Expiry date: after 8 months

Name: GPS
Value: 1
Intended use: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 32254217895Chz8bagyU
Intended use: This cookie attempts to estimate the user's bandwidth on our websites (with integrated YouTube video).
Expiry date: after 8 months

Remark: These cookies were set after a test and cannot claim to be complete.

If you are logged into your YouTube account, YouTube can save many of your actions/interactions on our website with the help of cookies and assign them to your YouTube account. For example, YouTube receives information about how long you surf on our site, which browser type you use, which screen resolution you prefer or which actions you perform.

YouTube uses this data on the one hand to improve its own services and offers, and on the other hand to provide analyses and statistics for advertisers (who use Google Ads).

YouTube IFrame Player Privacy Policy

We also use the YouTube IFrame Player to embed videos on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube IFrame Player in the privacy policy on https://policies.google.com/privacy?hl=de.

YouTube video widget privacy policy

We also use the YouTube video widget on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube video widget in the privacy policy on https://policies.google.com/privacy?hl=de.

Video conferencing & streaming Introduction

Video conferencing & streaming privacy policy summary 👥 Data subjects: Users who use our video conferencing or streaming tool 🤝 Purpose: Communication and presentation of content 📓 Processed data: Access statistics that contain data such as name, address, contact details, email address, telephone number or your IP address. You can find more details on this in the respective video conferencing or streaming tool used. 📅 Storage duration: depending on the video conferencing or streaming tool used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 lit. b GDPR (contract)

What are video conferencing & streaming?

We use software programmes that enable us to hold video conferences, online meetings, webinars, display sharing and/or streaming. During a video conference or streaming, information is transmitted simultaneously via sound and moving images. With the help of such video conferencing or streaming tools, we can communicate with customers, business partners, clients and even employees quickly and easily via the Internet. When selecting a service provider, we naturally pay attention to the specified legal framework conditions.

In principle, third-party providers can process data as soon as you interact with the software programme. Third-party providers of video conferencing and streaming solutions use your data and metadata for various purposes. For example, the data helps to make the tool more secure and to improve the service. In most cases, the data may also be used for the third-party provider's own marketing purposes.

Why do we use video conferencing & streaming on our website?

We want to communicate quickly, easily and securely with you, our customers and business partners digitally. This works best with video conferencing solutions that are very easy to use. Most tools also work directly via your browser and after just a few clicks you are right in the middle of a video meeting. The tools also offer helpful additional features such as a chat and screen sharing function or the option to share content between meeting participants.

What data is processed?

If you take part in our video conference or streaming, your data will also be processed and stored on the servers of the respective service provider.

Exactly which data is stored depends on the solutions used. Each provider stores and processes a different amount of data. As a rule, however, most providers store your name, address, contact details such as your email address or telephone number and your IP address. Information about the device you are using, usage data such as which websites you visit, when you visit a website or which buttons you click on may also be stored. Data that is shared within the video conference (photos, videos, texts) may also be stored.

Duration of data processing

We will inform you about the duration of data processing below in connection with the service used, if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. The provider may store your data according to its own specifications, over which we have no influence.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the video conferencing or streaming tool used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal basis

If you have consented to your data being processed and stored by the video or streaming solution, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). We can also offer video conferencing as part of our services if this has been contractually agreed with you in advance (Art. 6 para. 1 lit. b GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) The data is stored and processed for the purpose of fast and good communication with you or other customers and business partners, but only if you have at least given your consent. Most video and streaming solutions also set cookies in your browser to store data. We therefore recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on special video conferencing and streaming solutions, if available, can be found in the following sections.

Discord Privacy Policy

We use Discord on our website, a service for instant messaging, chats, voice conferences and video conferences. The service provider is the American company Discord, Inc, 444 De Haro St, Suite 200, San Francisco, CA 94107, USA.

Discord also processes your data in the USA, among other places. Discord is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Discord uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Discord undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find out more about the standard contractual clauses and data processed through the use of Discord in the privacy policy on https://discord.com/privacy.

Google Meet Privacy Policy

We use Google Meet from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/

You can find out more about the data processed through the use of Google Meet in the privacy policy on https://policies.google.com/privacy?hl=de.

Data processing agreement (DPA) Google Meet

We have concluded a data processing agreement (DPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because Google processes personal data on our behalf. It clarifies that Google may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://workspace.google.com/terms/dpa_terms.html.

Microsoft Teams Privacy Policy

We use Microsoft Teams on our website, a service for online meetings and video conferencing. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft also processes your data in the USA, among other places. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Microsoft also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at Microsoft at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

You can find out more about the data that is processed through the use of Microsoft in the privacy policy on https://privacy.microsoft.com/de-de/privacystatement.

Slack privacy policy

We use Slack, a streaming and communication platform, on our website. The service provider is the American company Slack Technologies Limited with its Irish registered office at One Park Place, Upper Hatch Street, Dublin 2, Ireland.

Slack also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Slack uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. These clauses oblige Slack to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of Slack in the privacy policy on https://slack.com/intl/de-at/legal.

Data processing agreement (DPA) Slack

We have concluded a data processing agreement (DPA) with Slack in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, above all, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because Slack processes personal data on our behalf. It clarifies that Slack may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://slack.com/intl/de-de/terms-of-service/data-processing.

Zoom privacy policy

Zoom privacy policy summary 👥 Affected parties: Users who use Zoom 🤝 Purpose: an additional service for our website visitors 📓 Processed data: Access statistics containing data such as name, address, contact details, email address, telephone number or your IP address. You can find more details below in this privacy policy 📅 Storage period: Data is stored for as long as Zoom needs it for the purpose of the service ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 lit. b GDPR (contract)

What is Zoom?

We use the Zoom video conferencing tool from the American software company Zoom Video Communications for our website. The company is headquartered in San Jose, California, 55 Almaden Boulevard, 6th Floor, CA 95113. Thanks to Zoom, we can easily hold video conferences with customers, business partners, clients and employees without installing any software. In this privacy policy, we go into more detail about the service and inform you about the most important aspects relevant to data protection.

Zoom is one of the world's best-known video conferencing solutions. With the "Zoom Meetings" service, we can hold an online video conference with you, for example, but also with employees or other users via a digital conference room. This makes it very easy for us to get in touch digitally, discuss various topics, send text messages or even make phone calls. Zoom can also be used to share the screen, exchange files and use a whiteboard.

Why do we use Zoom on our website?

It is important to us that we can communicate with you quickly and easily. And this is exactly what Zoom offers us. The software programme also works directly via a browser. This means we can simply send you a link and start the video conference. Of course, additional functions such as screen sharing or file exchange are also very practical.

What data is stored by Zoom?

When you use Zoom, data is also collected from you so that Zoom can provide its services. On the one hand, this is data that you consciously provide to the company. This includes, for example, your name, telephone number or e-mail address. However, data is also automatically transmitted to Zoom and stored. This includes, for example, technical data from your browser or your IP address. In the following, we will go into more detail about the data that Zoom can collect and store from you:

If you enter data such as your name, your user name, your e-mail address or your telephone number, this data will be stored by Zoom. Content that you upload while using Zoom is also stored. This includes, for example, files or chat logs.

The technical data that Zoom automatically saves includes the IP address mentioned above as well as the MAC address, other device IDs, device type, which operating system you are using, which client you are using, camera type, microphone and speaker type. Your approximate location is also determined and saved. Zoom also stores information about how you use the service. For example, whether you "zoom" via desktop or smartphone, whether you use a phone call or VoIP, whether you participate with or without video or whether you request a password. Zoom also records so-called metadata such as the duration of the meeting/call, start and end of the meeting participation, meeting name and chat status.

Zoom mentions in its own privacy policy that the company does not use advertising cookies or tracking technologies for its services. Only on its own marketing websites, such as https://explore.zoom.us/docs/de-de/home.html these tracking methods are used. Zoom does not resell personal data and does not use it for advertising purposes.

How long and where is the data stored?

Zoom does not provide a specific time frame in this regard, but emphasises that the data collected will be stored for as long as is necessary to provide the services or for its own purposes. The data will only be stored for longer if this is required for legal reasons.

In principle, Zoom stores the data it collects on American servers, but data can arrive at different data centres around the world.

How can I delete my data or prevent data storage?

If you do not want data to be saved during the Zoom meeting, you will have to cancel the meeting. However, you always have the right and the option to have all your personal data deleted. If you have a Zoom account, you can find it at https://support.zoom.us/hc/en-us/articles/201363243-How-Do-I-Delete-Terminate-My-Account instructions on how to delete your account.

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data may therefore not simply be transferred to insecure third countries, stored and processed there, unless there are suitable guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

If you have consented to your data being processed and stored by the video or streaming solution, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). We can also offer video conferencing as part of our services if this has been contractually agreed with you in advance (Art. 6 para. 1 lit. b GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) We store and process your personal data for the purpose of fast and good communication with you or other customers and business partners, but only if you have at least given your consent.

Zoom also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Zoom uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Zoom undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We hope that we have provided you with an overview of data processing by Zoom. Of course, it is always possible that the company's data protection guidelines may change. Therefore, for more information on the data processed and the standard contractual clauses, we also recommend that you read Zoom's privacy policy at https://explore.zoom.us/de/privacy/.

Order processing contract (AVV) Zoom

We have concluded a data processing agreement (DPA) with Zoom in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because Zoom processes personal data on our behalf. It clarifies that Zoom may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the order processing contract (AVV) at https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.

Survey and interview systems Introduction

Survey and interview systems Privacy policy Summary 👥 Data subject: Visitors to the website 🤝 Purpose: Evaluation of surveys on the website 📓 Processed data: Contact data, device data, access duration and time, IP addresses. You can find more details on this in the respective survey and questionnaire system used. 📅 Storage duration: depending on the tool used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are survey and interview systems?

We are also happy to conduct various surveys and questionnaires via our website. These are always analysed anonymously. A survey or survey system is a tool integrated into our website that asks you questions (e.g. about our products or services) which you can answer if you participate. Your answers are always analysed anonymously. However, personal data may also be stored and processed after you have given your consent to data processing.

Why do we use survey and interview systems?

We want to offer you the best products and services in our industry. Surveys provide us with perfect feedback and tell us what you expect from us and our services. On the basis of these anonymous analyses, we can adapt our products and services optimally to your wishes and expectations. Furthermore, the information also helps us to target our advertising and marketing measures to those people who are really interested in what we have to offer.

What data is processed?

Personal data is only processed if it is necessary for the technical implementation or if you have consented to the processing of personal data. For example, your IP address is stored so that the survey can be displayed in your browser. Cookies may also be used so that you can continue your survey at a later date without any problems.

If you have consented to data processing, contact data such as your e-mail address or telephone number may be processed in addition to your IP address. Data that you enter in an online form, for example, will also be stored and processed. Some providers also store information about the web pages you have visited (on our website), when you started and ended the survey and various technical information about your computer.

How long is data stored?

How long the data is processed and stored depends primarily on the tools we use. You can find out more about the data processing of the individual tools below. The privacy policies of the providers usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary for the provision of our services. If data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after leaving a website, but it can also remain stored for several years. You should therefore look at each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the data protection declarations of the individual providers.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or embedded survey systems at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As survey systems may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

The use of survey systems requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent) represents the legal basis for the processing of personal data as it may occur when collected by survey and interview systems.

In addition to consent, we have a legitimate interest in conducting a survey on our topic. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

As survey systems use cookies, we recommend that you also read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on the individual survey systems, if available, can be found in the following sections.

Other Introduction

Miscellaneous Privacy policy summary 👥 Data subject: Visitors to the website 🤝 Purpose: Improvement of the user experience 📓 Processed data: Which data is processed depends heavily on the services used. In most cases, this is IP address and/or technical data. You can find more details on this in the respective tools used. 📅 Storage duration: depending on the tools used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What falls under "Other"?

The "Other" category includes services that do not fit into one of the above categories. These are usually various plugins and integrated elements that improve our website. As a rule, these functions are obtained from third-party providers and integrated into our website. For example, these are web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.

Why do we use other third-party providers?

With our website, we want to offer you the best web offering in our industry. A website has long been more than just a business card for companies. Rather, it is a place to help you find what you are looking for. To make our website even more interesting and helpful for you, we use various third-party services.

What data is processed?

Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored and processed there. This is necessary because otherwise the content will not be sent to your browser and will therefore not be displayed accordingly. Service providers may also use pixel tags or web beacons. These are small graphics on websites that record a log file and can also create analyses of this file. Providers can use the information obtained to improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analysis data on your web behaviour, technical information such as your browser type or operating system can also be stored in cookies. Some providers can also link the data obtained with other internal services or with third-party providers. Each provider handles your data differently. We therefore recommend that you carefully read the data protection declarations of the respective services. We always endeavour to only use services that handle the issue of data protection very carefully.

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Legal basis

If we ask for your consent and you also agree that we may use the service, this is the legal basis for processing your data (Art. 6 para. 1 lit. a GDPR). In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our website technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

Information on the special tools, if available, can be found in the following sections.

Trello privacy policy

We use the project management tool Trello for our website. The service provider is the American company Trello Inc, 55 Broadway New York, NY 10006, USA. The parent company is Atlassian Inc, 1098 Harrison Street, San Francisco, California 94103, USA.

Trello also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Trello uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Trello undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses in Trello at https://community.atlassian.com/t5/Trust-Security-articles/New-Atlassian-Standard-Contractual-Clauses-SCC/ba-p/1846231.

You can find out more about the data that is processed through the use of Trello in the privacy policy on https://trello.com/privacy.

Order processing contract (AVV) Trello

We have concluded a data processing agreement (DPA) with Trello in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, above all, what must be included in a DPA in our general section "Data processing agreement (DPA)".

This contract is required by law because Trello processes personal data on our behalf. It clarifies that Trello may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the order processing contract (AVV) at https://www.atlassian.com/legal/data-transfer-impact-assessment.

Explanation of terms used

We always endeavour to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms have been taken from the GDPR and are definitions, we will also quote the GDPR texts here and add our own explanations if necessary.

Supervisory authority

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Supervisory authority" an independent public body set up by a Member State in accordance with Article 51;

Explanation: "Supervisory authorities" are always independent state institutions that are also authorised to issue instructions in certain cases. They serve to carry out so-called state supervision and are located in ministries, special departments or other authorities. For data protection in Austria, there is an Austrian Data protection authorityGermany has its own data protection authority for each federal state.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Processor" a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. In addition to service providers such as tax consultants, processors can therefore also be hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Supervisory authority concerned

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"supervisory authority concerned" a supervisory authority concerned by the processing of personal data because

a)

the controller or processor is established in the territory of the Member State of that supervisory authority,

b)

this processing has or may have a significant impact on data subjects residing in the Member State of that supervisory authority, or

c)

a complaint has been submitted to this supervisory authority;

Explanation: In Germany, each federal state has its own supervisory authority for data protection. So if your company headquarters (main office) is in Germany, the relevant supervisory authority of the federal state is generally your point of contact. In Austria, there is only one for the entire country Supervisory authority for data protection.

 

Biometric data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"biometric data" personal data relating to the physical, physiological or behavioural characteristics of a natural person, obtained using specific technical procedures, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

Explanation: These are biological characteristics that are described by biometric data and from which personal data can be obtained with the help of technical processes. This includes DNA, fingerprints, the geometry of various body parts, body size, but also handwriting or the sound of a voice.

File system

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"File system" any structured collection of personal data accessible according to specific criteria, regardless of whether this collection is centralised, decentralised or organised according to functional or geographical aspects;

Explanation: Any organised storage of data on a data carrier of a computer is referred to as a "file system". For example, if we store your name and email address on a server for our newsletter, then this data is stored in a so-called "file system". The most important tasks of a "file system" include quickly searching for and finding specific data and, of course, the secure storage of data.

Service of the information society

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Service of the information society" a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);

Explanation: Basically, the term "information society" refers to a society that is based on information and communication technologies. As a website visitor in particular, you are familiar with various types of online services and most online services are categorised as "information society services". A classic example of this is an online transaction, such as the purchase of goods over the Internet.

Third

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Third" a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Explanation: The GDPR basically only explains what a "third party" is not. In practice, a "third party" is anyone who also has an interest in the personal data but is not one of the above-mentioned persons, authorities or organisations. For example, a parent company can act as a "third party". In this case, the subsidiary group is the controller and the parent group is the "third party". However, this does not mean that the parent company is automatically authorised to view, collect or store the personal data of the subsidiary company.

Restriction of processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Restriction of processing"

the marking of stored personal data with the aim of restricting its future processing;

Explanation: It is one of your rights that you can request processors to restrict your personal data for further processing operations at any time. For this purpose, specific personal data such as your name, your date of birth or your address will be marked in such a way that further processing is no longer possible. For example, you could restrict processing to the effect that your data may no longer be used for personalised advertising.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Consent" any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: As a rule, websites obtain this consent via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not give your consent, your personal data may not be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.

Receiver

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Receiver" a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Explanation: Every person and every company that receives personal data is considered a recipient. This means that we and our processors are also so-called recipients. Only authorities that have an investigation mandate are not considered recipients.

Genetic data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"genetic data" personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of that natural person and which have been obtained in particular from the analysis of a biological sample from the natural person concerned;

Explanation: With a certain amount of effort, people can be identified using genetic data. This is why genetic data is also categorised as personal data. Genetic data is obtained from blood or saliva samples, for example.

Health data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Health data" personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and from which information about their health status is derived;

Explanation: Health data therefore includes all stored information relating to your own health. This is often data that is also recorded in a patient file. This includes, for example, which medication you use, X-ray images, your entire medical history or, as a rule, your immunisation status.

Cross-border processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"cross-border processing" either

a)

processing of personal data carried out in the context of the activities of establishments of a controller or processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or

b)

processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which produces or is likely to produce significant effects on data subjects in more than one Member State;

Explanation: For example, if a company or other organisation has branches in Spain and in Croatia and personal data is processed in connection with the activities of the branches, this constitutes "cross-border processing" of personal data. Even if the data is only processed in one country (as in this example in Spain), but the effects for the data subject are also recognisable in another country, this is also referred to as "cross-border processing".

Head office

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Head office"

a)

in the case of a controller with establishments in more than one Member State, the place of its head office in the Union, unless the decisions as to the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and that establishment is authorised to have those decisions implemented, in which case the establishment taking such decisions shall be considered to be the main establishment;

b)

in the case of a processor with establishments in more than one Member State, the place of its head office in the Union or, where the processor does not have a head office in the Union, the place of establishment of the processor in the Union where the processing activities in the context of the activities of an establishment of a processor are principally carried out, insofar as the processor is subject to specific obligations under this Regulation;

Explanation: Google, for example, is an American company that also processes data in the USA, but its European headquarters are located in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland). Google Ireland Limited is therefore legally an independent company and is responsible for all Google products offered in the European Economic Area. In contrast to a main office, there are also branch offices, but these do not function as legally independent branches and are therefore to be distinguished from subsidiaries. A principal place of business is therefore always the place where a company (trading company) has its centre of operations.

International organisation

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"international organisation" an organisation under international law and its subordinate bodies or any other body established by or on the basis of an agreement concluded between two or more countries.

Explanation: The best-known examples of international organisations are probably the European Union or the United Nations. The GDPR distinguishes between third countries and international organisations in connection with data transfer. Within the EU, the transfer of personal data is not a problem because all EU countries are bound by the provisions of the GDPR. On the other hand, data transfers with third countries or international organisations are subject to certain conditions.

Relevant and well-founded objection

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Authoritative and well-founded objection" an objection to a draft decision as to whether there is an infringement of this Regulation or whether intended measures against the controller or processor are in compliance with this Regulation, clearly indicating the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data in the Union;

Explanation: If certain measures that we take as the controller or our processors do not comply with the GDPR, you can raise a so-called "relevant and reasoned objection". In doing so, you must explain the scope of the risks in relation to your fundamental rights and freedoms and possibly the free movement of your personal data in the EU.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"personal data"

any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as

• Name
• Address
• E-mail address
• Postal address
• Telephone number
• Date of birth
• Identification numbers such as national insurance number, tax identification number, identity card number or matriculation number
• Bank data such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address for the personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently you as the owner of the connection. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called "special categories" of personal data that is also particularly worthy of protection. These include

• racial and ethnic origin
• political opinions
• Religious or ideological convictions
• trade union membership
• genetic data such as data taken from blood or saliva samples
• biometric data (i.e. information on psychological, physical or behavioural characteristics that can identify a person).
  Health data
• Data on sexual orientation or sexual life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Profiling" any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling involves collecting various pieces of information about a person in order to find out more about them. In the web sector, profiling is often used for advertising purposes or for credit checks. Web and advertising analysis programs collect data about your behaviour and interests on a website, for example. This results in a special user profile that can be used to target advertising to a specific target group.

 

Pseudonymisation

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Pseudonymisation" the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Explanation: Our privacy policy often refers to pseudonymised data. Pseudonymised data means that you can no longer be identified as a person, unless other information is added. However, you should not confuse pseudonymisation with anonymisation. Anonymisation removes any personal reference, meaning that this can only be reconstructed with a disproportionate amount of technical effort.

 

The company

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Company" a natural and legal person who carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly engage in an economic activity;

Explanation: For example, we are a company and also carry out an economic activity via our website by offering and selling services and/or products. The formal characteristic of every company is its legal entity, such as a GmbH or AG.

Group of companies

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Group of companies" A group consisting of a controlling company and the companies dependent on it;

Explanation: We speak of a "group of companies" when several companies unite and are legally and financially linked to each other, but there is still a central, overarching company. For example, Instagram, WhatsApp, Oculus VR and Facebook are largely independent companies, but are all subject to the parent company Meta Platforms, Inc.

Person responsible

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Responsible person" the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the "controller". If we pass on collected data to other service providers for processing, they are "processors". An "order processing contract (AVV)" must be signed for this.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Processing"

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Remark: When we talk about processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR declaration, this includes not only the collection but also the storage and processing of data.

Binding internal data protection regulations

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"binding internal data protection regulations" measures to protect personal data which a controller or processor established in the territory of a Member State undertakes to comply with in respect of transfers or a set of transfers of personal data to a controller or processor within the same group of undertakings or the same group of undertakings engaged in a joint economic activity in one or more third countries;

Explanation: You may have heard or read the term "Binding Corporate Rules" before. After all, this is the term that is usually used when it comes to binding internal data protection regulations. Especially for companies (such as Google) that process data in third countries, it is advisable to have such an internal regulation, through which a company commits itself, so to speak, to comply with data protection regulations. This regulation governs the handling of personal data that is transferred to and processed in third countries.

Violation of the protection of personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Violation of the protection of personal data" a breach of security which, whether accidental or unlawful, results in the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Explanation: For example, a "personal data breach" can occur in the event of a data leak, i.e. a technical problem or a cyberattack. If the breach results in a risk to the rights and freedoms of natural persons, the controller must report the incident to the competent supervisory authority immediately. In addition, the data subjects must also be informed if the breach poses a high risk to the rights and freedoms of natural persons.

Representative

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Representative" a natural or legal person established in the Union who has been designated in writing by the controller or processor in accordance with Article 27 and who represents the controller or processor in relation to their respective obligations under this Regulation;

Explanation: A "representative" can therefore be any person who has been appointed in writing by us (controller) or one of our service providers (processor). Companies outside the EU that process data of EU citizens must specify a representative within the EU. For example, if a web analytics provider has its main office in the USA, it must appoint a "representative" within the European Union to fulfil its obligations in relation to data processing.

Closing words

Congratulations! If you are reading this, you have really "fought" your way through our entire privacy policy, or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to tell you which data is processed, but also explain the reasons for using various software programmes. As a rule, privacy policies sound very technical and legal. However, as most of you are not web developers or lawyers, we wanted to take a different approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible organisation. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.