Privacy Policy

Introduction and Overview

We have written this Privacy Policy (version 07.01.2024-122693978) to explain to you, in accordance with the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we, as the data controllers – and the processors we appoint (e.g., providers) – process, will process in the future, and what legitimate rights you have. The terms used are to be understood in a gender-neutral way.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies are usually very technical and use legal jargon. However, this Privacy Policy aims to describe the most important things as simply and transparently as possible. As far as transparency is concerned, technical terms are explained in an easy-to-understand manner, links to further information are provided, and graphics are used. We aim to inform you in clear and simple language that we process personal data only when there is a legal basis for doing so. This is certainly not possible with brief, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information here that you didn’t know before.
If you still have questions, please contact the responsible party listed below or in the imprint, follow the existing links, and check further information on third-party websites. Our contact details are of course also available in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us in the company and all personal data processed by companies we hire (processors). By personal data, we mean information as defined in Article 4, No. 1 of the GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this Privacy Policy includes:

All online presences (websites, online stores) we operate
Social media presences and email communication
Mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas where personal data is processed within the company via the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately.

Legal Grounds

In the following Privacy Policy, we provide transparent information on the legal principles and regulations, i.e., the legal grounds of the General Data Protection Regulation that enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can read the full text of this GDPR online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

Consent (Article 6, paragraph 1, letter a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the information you enter in a contact form.
Contract (Article 6, paragraph 1, letter b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, we need personal information before entering into a purchase agreement.
Legal Obligation (Article 6, paragraph 1, letter c GDPR): If we are subject to a legal obligation, we process your data. For instance, we are legally required to keep invoices for accounting purposes, which usually contain personal data.
Legitimate Interests (Article 6, paragraph 1, letter f GDPR): In the case of legitimate interests that do not interfere with your basic rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of tasks in the public interest, the exercise of public authority, or the protection of vital interests usually do not apply to us. If such a legal basis does apply, it will be stated at the relevant point.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
In Germany, it is the Federal Data Protection Act (BDSG). If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Responsible Party

If you have questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or entity below:
Hemeada e.U.
Baumgasse 50 Top 6-7
1030 Wien

Email: info@loofahcrafts.shop

Retention Period

We store personal data only as long as it is necessary to provide our services and products. This means that we delete personal data as soon as the reason for its processing no longer exists. In some cases, we are legally required to store certain data even after the original purpose has been fulfilled, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you further below about the specific duration of each data processing, if we have more information about it.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights that you have in order to ensure fair and transparent processing of data:You have the right, according to Article 15 of the GDPR, to request information about whether we process data about you. If this is the case, you are entitled to receive a copy of the data and be informed of the following:

The purpose for which we process the data;
The categories (types) of data being processed;
Who receives the data and, if the data is transferred to third countries, how security can be guaranteed;
How long the data will be stored;
The existence of the right to rectification, deletion, or restriction of processing, and the right to object to processing;
The right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
The origin of the data if we did not collect it from you;
Whether profiling is conducted, meaning whether the data is automatically evaluated to create a personal profile of you.

According to Article 16 of the GDPR, you have the right to rectify any data, which means that we must correct the data if you find any errors.

According to Article 17 of the GDPR, you have the right to deletion ("right to be forgotten"), meaning that you can request the deletion of your data.

According to Article 18 of the GDPR, you have the right to restrict processing, which means that we can only store the data but not use it further.

According to Article 20 of the GDPR, you have the right to data portability, meaning that we must provide your data in a commonly used format upon request.

According to Article 21 of the GDPR, you have the right to object to processing, which, if enforced, results in a change in processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will check as soon as possible whether we can legally comply with this objection.
If the data is used for direct marketing purposes, you can object to this type of data processing at any time. We will no longer use your data for direct marketing purposes.
If the data is used for profiling, you can object to this type of data processing at any time. We will no longer use your data for profiling purposes.

According to Article 22 of the GDPR, under certain circumstances, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling).

According to Article 77 of the GDPR, you have the right to file a complaint. This means you can file a complaint with the data protection authority if you believe the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection laws or your data protection rights have been violated in any way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is another legal basis for it. This is particularly true if the processing is required by law or necessary to fulfill a contractual relationship and is permitted in each case. In most cases, your consent is the most important reason for us to process data in third countries. Processing of personal data in third countries such as the USA, where many software providers offer services and have server locations, can mean that personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the opinion of the European Court of Justice, there is only an adequate level of protection for data transfers to the USA if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being anonymized and processed or stored. Furthermore, US government agencies may have access to individual data. It is also possible that collected data may be linked with data from other services of the same provider if you have an associated user account. Whenever possible, we try to use server locations within the EU, provided that it is available.

We will inform you about data transfer to third countries at the relevant points in this privacy policy, if applicable.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that both software (e.g., forms) and hardware (e.g., access to server rooms) are designed with security in mind and appropriate measures are taken. Below, we will discuss specific measures as needed.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical – and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the internet. This means that the entire transfer of data from your browser to our web server is encrypted – no one can "eavesdrop."

We have implemented an additional layer of security, fulfilling data protection by design (Article 25(1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we ensure the protection of confidential data.
You can recognize this secure data transmission by the small lock symbol on the left side of the browser, next to the web address (e.g., examplepage.de), and the use of the HTTPS protocol (instead of HTTP) as part of our internet address.

If you want to learn more about encryption, we recommend searching on Google for "Hypertext Transfer Protocol Secure wiki" for useful links to further information.

Communication

Summary of Communication

Affected: Anyone who communicates with us via phone, email, or online forms
Processed Data: For example, phone number, name, email address, entered form data. More details are provided depending on the type of contact used
Purpose: Processing communication with customers, business partners, etc.
Retention Period: Duration of the business case and statutory requirements
Legal Basis: Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract), Article 6(1)(f) GDPR (legitimate interest)

If you contact us via phone, email, or online form, personal data may be processed.

The data will be processed for the purpose of handling your inquiry and the related business transaction. The data will be stored for as long as necessary, or as long as required by law.

Affected Individuals

All individuals who use the communication channels we provide to contact us are affected by the mentioned processes.

Phone

If you call us, the call data will be pseudonymized and stored on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent via email and stored for answering the inquiry. The data will be deleted once the business case is concluded and legal requirements permit.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted once the business case is concluded and legal requirements permit.

Online Forms

If you communicate with us via an online form, data will be stored on our web server and may be forwarded to our email address. The data will be deleted once the business case is concluded and legal requirements permit.

Legal Basis

The processing of data is based on the following legal grounds:

Art. 6 para. 1 lit. a GDPR (Consent): You give us consent to store your data and further use it for the purposes related to the business case.
Art. 6 para. 1 lit. b GDPR (Contract): There is a need for the fulfillment of a contract with you or a data processor, such as the telephone provider, or we need to process data for pre-contractual activities, such as preparing an offer.
Art. 6 para. 1 lit. f GDPR (Legitimate Interests): We wish to handle customer inquiries and business communication in a professional manner. Certain technical facilities, such as email programs, Exchange servers, and mobile network providers, are necessary to carry out the communication efficiently.

Data Processing Agreement (DPA)

In this section, we want to explain what a Data Processing Agreement (DPA) is and why it is necessary. Since the term "Data Processing Agreement" is quite a mouthful, we will also use the abbreviation DPA in this text. Like most companies, we do not work alone but also use services from other companies or individuals. Through involving various companies or service providers, we may need to transfer personal data for processing. These partners then act as data processors, with whom we conclude a contract called a Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data is only done according to our instructions and must be governed by the DPA.

Who are Data Processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called data processors. This includes any company or person who processes personal data on our behalf. More precisely, according to the GDPR definition: any natural or legal person, authority, institution, or another body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To better understand the terminology, here’s an overview of the three roles in the GDPR:

Data Subject (you as a customer or prospect) → Controller (us as a company and client) → Data Processor (service providers like web hosts or cloud providers)

Content of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners who act as data processors. The agreement primarily states that the data processor will process the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although an electronic conclusion of the contract is also considered "written." The processing of personal data will only take place based on the contract. The agreement must include the following:

Binding to us as the controller
Duties and rights of the controller
Categories of data subjects
Types of personal data
Nature and purpose of the data processing
Subject and duration of the data processing
Location of the data processing

Additionally, the contract includes all the obligations of the data processor. The most important obligations include:

Ensuring data security measures
Implementing technical and organizational measures to protect the rights of the data subject
Maintaining a data processing directory
Cooperating with the data protection supervisory authority upon request
Conducting a risk analysis regarding the received personal data

Sub-processors may only be commissioned with written consent from the controller An example of such a DPA can be found at: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, where a sample contract is provided.

Cookies Cookies Summary

Affected: Website visitors
Purpose: Dependent on the respective cookie. More details are provided below or by the manufacturer of the software setting the cookie.
Processed Data: Dependent on the respective cookie. More details are provided below or by the manufacturer of the software setting the cookie.
Retention Period: Dependent on the respective cookie, ranging from hours to years
Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are other types of cookies for different purposes. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language preferences or personal page settings. When you visit our site again, your browser sends the "user-specific" information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others like Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration date of a cookie also varies, ranging from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other "pests." Cookies cannot access information on your PC.

Here is an example of how cookie data might look:

Name: _ga
Value: GA1.2.1326744211.152122693978-9
Purpose: Differentiation of website visitors
Expiry: After 2 years

The minimum sizes that a browser should support are:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What Types of Cookies Are There?

The specific cookies we use depend on the services we use and are explained in the following sections of the privacy policy. Here, we want to briefly address the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies: These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user adds a product to the cart, navigates to other pages, and later proceeds to checkout. These cookies prevent the cart from being cleared, even if the user closes the browser window.
Functional Cookies: These cookies collect information about user behavior and whether the user encounters error messages. These cookies are also used to measure loading time and website performance across different browsers.
Targeting Cookies: These cookies ensure a better user experience by remembering entered locations, font sizes, or form data.
Advertising Cookies: Also known as targeting cookies, these cookies are used to deliver personalized advertisements to the user. This can be very useful but also very annoying.

Typically, when you visit a website for the first time, you will be asked which types of cookies you allow. Of course, this decision will also be stored in a cookie.

If you want to learn more about cookies and don't mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) titled “HTTP State Management Mechanism.”

Purpose of Processing Through Cookies

The purpose ultimately depends on the respective cookie. More details are provided below or by the manufacturer of the software setting the cookie.

What Data Is Processed?

Cookies are small helpers for a variety of tasks. What data is stored in cookies cannot be generalized, but we will inform you about the processed or stored data within the framework of this privacy policy.

Cookie Retention Period

The retention period depends on the respective cookie and will be clarified further below. Some cookies are deleted after less than an hour, while others can remain on a computer for several years.

You also have control over the retention period. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted once you withdraw your consent, although the lawfulness of the storage remains unaffected until then.

Right to Object – How Can I Delete Cookies?

You have the right to decide how and whether you want to use cookies. Regardless of the service or website that sets the cookies, you always have the option to delete, disable, or only partially allow cookies. For instance, you can block third-party cookies but allow all other cookies.

If you want to check which cookies are stored in your browser or if you want to change or delete cookie settings, you can do this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Delete cookies to remove data websites have stored on your computer
Internet Explorer: Delete and manage cookies in Internet Explorer
Microsoft Edge: Delete and manage cookies in Microsoft Edge

If you do not want any cookies at all, you can set your browser to notify you whenever a cookie is to be set. This way, you can decide whether to allow each individual cookie. The procedure varies by browser. The best way to find instructions is by searching Google with terms like “Delete cookies in Chrome” or “Disable cookies in Chrome” if you're using Chrome.

Legal Basis

Since 2009, there have been “Cookie Directives” in place. These regulations state that storing cookies requires your consent (Article 6 (1) (a) of the GDPR). However, the response to this directive varies across EU countries. In Austria, it has been implemented under Section 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie directive has not been implemented as national law but has instead been incorporated in Section 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent is given, legitimate interests (Article 6 (1) (f) GDPR) apply, which are often of an economic nature. We aim to provide visitors with a pleasant user experience, and certain cookies are often essential for this.

Where non-essential cookies are used, this only occurs with your consent. The legal basis for this is Article 6 (1) (a) of the GDPR.

In the following sections, you will be informed in more detail about the use of cookies if any software deployed uses cookies.

Web Hosting Introduction

Web Hosting Summary

Affected parties: Visitors of the website
Purpose: Professional hosting of the website and securing its operation
Processed data: IP address, time of website visit, used browser, and other data. More details can be found below or from the respective hosting provider.
Storage duration: Depending on the provider, but generally 2 weeks
Legal Basis: Article 6 (1) (f) GDPR (Legitimate interests)

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically generated and stored, including on this website. This data should be processed sparingly and only with a valid reason. By "website," we refer to the entirety of all pages on a domain, i.e., everything from the homepage to the last subpage (like this one). A domain could be something like example.de or example.com.

To view a website on a computer, tablet, or smartphone, you use a program called a web browser. Some well-known browsers include Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. In short, we call it a browser or web browser.

In order to display the website, the browser must connect to another computer where the website's code is stored: the webserver. Running a webserver is a complicated and resource-intensive task, which is why it's usually handled by professional providers who offer web hosting and ensure reliable and error-free data storage for websites.

When the browser on your device connects and exchanges data with the webserver, there may be a processing of personal data. On the one hand, your computer stores data, and on the other hand, the webserver may need to temporarily store data to ensure proper operation.

Why Do We Process Personal Data?

The purposes of data processing are:

Professional hosting of the website and securing its operation
Maintaining operational and IT security
Anonymous evaluation of access behavior to improve our offerings, and, if necessary, for law enforcement or tracking claims

What Data is Processed?

Even as you are visiting our website right now, our web server (the computer where this website is stored) automatically saves data such as:

The complete URL of the page you accessed
The browser and browser version (e.g., Chrome 87)
The operating system used (e.g., Windows 10)
The URL of the previously visited page (Referrer URL)
The hostname and IP address of the device from which the website is accessed
Date and time
In web server log files

How Long is the Data Stored?

Generally, the above data is stored for two weeks and then automatically deleted. We do not share this data, but cannot rule out that this data may be viewed by authorities if there is illegal activity.

In short: Your visit is logged by our provider (the company hosting our website on special computers called servers), but we do not share your data without your consent!

Legal Basis

The legitimacy of processing personal data within the framework of web hosting is based on Article 6 (1) (f) GDPR (legitimate interests) because using professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to track attacks or claims that may arise.

Between us and the hosting provider, there is usually a data processing agreement (DPA) in accordance with Article 28 GDPR, ensuring compliance with data protection and guaranteeing data security.

Shopify Web Hosting Privacy Policy

Our website is hosted using Shopify's web hosting services. Shopify Inc. is headquartered in Canada at 151 O'Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada. To ensure compliance with European privacy regulations, Shopify also uses servers and data centers located in Ireland and Germany.

What is Shopify Web Hosting?

Shopify provides a comprehensive platform for operating e-commerce websites, including hosting, domain management, payment processing, marketing tools, and analytics. Shopify ensures our website is optimized for performance and security while collecting technical and personal data such as IP addresses, browser details, and other technical information necessary to maintain functionality and security.

Why Do We Use Shopify?

Shopify allows us to offer a professional and user-friendly online store. The platform is known for its reliability, excellent loading speeds, and robust features that benefit both us as store operators and our customers. Most importantly, Shopify ensures GDPR compliance through certified servers located in the EU. With unlimited bandwidth and high storage capacity, our online store remains efficient, even with high traffic volumes.

You can find more information about Shopify’s privacy practices in their Privacy Policy: Shopify Privacy Policy.

Data Processing Agreement (DPA) with Shopify

In accordance with the GDPR, we have signed a Data Processing Agreement (DPA) with Shopify. This agreement ensures that personal data is processed only in accordance with our instructions and that all GDPR security standards are met. You can review Shopify’s DPA here: Shopify DPA.

Introduction to Website Builders Privacy Policy

Website Builders Privacy Policy Summary
Affected parties: Website visitors
Purpose: Optimizing our services
Processed data: Technical usage information such as browser activity, clickstream data, session heatmaps, contact details, IP address, or geographic location. Further details can be found below in this privacy policy and in the provider’s privacy policy.
Storage duration: Depends on the provider
Legal basis: Article 6(1)(f) GDPR (legitimate interests), Article 6(1)(a) GDPR (consent)

What are Website Builders?
We use a website builder for our site. These are specialized forms of content management systems (CMS) that allow website owners to create websites easily and without programming knowledge. Many web hosting providers offer website builders. Using a website builder may involve the collection, storage, and processing of personal data. This privacy policy provides general information about how data is processed by website builders. More specific information can be found in the provider’s privacy policies.

Why Do We Use Website Builders?
The primary advantage of website builders is their ease of use. We aim to provide a clear, simple, and user-friendly website that we can maintain independently without external support. Website builders now include many useful features that can be used without programming skills. This allows us to design our web presence as desired and offer you an informative and pleasant experience on our website.

What Data Is Stored by a Website Builder?
The specific data stored depends on the website builder used. Generally, technical usage information such as operating systems, browsers, screen resolutions, language and keyboard settings, hosting providers, and visit dates are collected. Tracking data (e.g., browser activity, clickstream activities, session heatmaps) may also be processed. Personal data such as email addresses, phone numbers (if provided), IP addresses, and geographic location data may be stored. More details are available in the provider’s privacy policy.

How Long and Where Are the Data Stored?
The data storage duration depends on the website builder provider. In general, personal data is processed only as long as necessary to provide our services and products. Providers may store data according to their guidelines, over which we have no control. More information can be found in the provider’s privacy policy.

Right to Object
You have the right to access, correct, or delete your personal data at any time. Contact details for the responsible parties of the website builder can be found in our privacy policy or on the provider’s website.
Cookies used for the website builder functions can be deleted, disabled, or managed in your browser. However, some functions may no longer work as expected if cookies are disabled.

Legal Basis
Using a website builder is based on our legitimate interest in optimizing our online service (Article 6(1)(f) GDPR). When data processing isn’t strictly necessary for website operation, it is processed only with your consent (Article 6(1)(a) GDPR).

This privacy policy provides key information on data processing. For more specific details, please refer to the subsequent sections or the provider’s privacy policy.

Web Analytics – Introduction and Privacy Policy

Web Analytics Privacy Policy Summary
Affected parties: Website visitors
Purpose: Evaluating visitor information to optimize the web offering.
Processed data: Access statistics, including location of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Details depend on the specific web analytics tool.
Storage duration: Varies by tool used.
Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests).

What is Web Analytics?
Web Analytics involves analyzing the behavior of website visitors. Data collected by analytics providers (or tracking tools) is stored, managed, and processed to create insights about user behavior. This helps website owners evaluate which content resonates best with their audience. Tools often offer features like A/B testing, enabling website operators to test variations of content or products to determine user preferences. Analytics can involve creating user profiles and storing data in cookies.

Why Do We Use Web Analytics?
Our goal is to provide the best web offering in our industry. Web analytics tools allow us to gain detailed insights into visitor behavior, such as their demographics, peak activity times, and popular content. These insights help improve the website to meet user needs more effectively, making the experience smoother and more personalized.

What Data is Processed?
The specific data collected depends on the analytics tool used but generally includes:

Pages viewed, buttons clicked, and navigation patterns.
Device and browser information.
IP addresses, often pseudonymized.
Potential location data, if allowed.

These data points are used to analyze trends without directly identifying users.

Data Retention
The duration of data retention varies by provider. While some cookies might only last until the browser session ends, others may persist for years. Generally, personal data is retained only as long as necessary for providing services unless legally mandated to retain them longer.

Right to Object
Users can withdraw their consent at any time via the cookie management tool or by disabling cookies in their browser. These actions may limit the functionality of certain features.

Legal Basis
We use web analytics based on user consent collected via our cookie popup, in compliance with Article 6(1)(a) GDPR. Additionally, legitimate interests (Article 6(1)(f) GDPR) justify using analytics to improve technical and economic aspects of the website, identify errors, and prevent attacks.

For details on specific tools, refer to the corresponding sections in the privacy policy or the respective provider's policies.

etracker Privacy Policy

etracker Privacy Policy Summary
Affected parties: Visitors to the website
Purpose: Analysis of visitor information to optimize the web offering.
Processed data: Including pseudonymized IP address, technical information about browser, operating system, and device, dwell time, interactions on the website.
Storage duration: Depends on the web analytics tool used.
Legal basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests).

What is etracker?

We use the analytics tracking tool etracker Analytics from the German company etracker GmbH, Erste Brunnenstraße 1, D-20459 Hamburg, on our website. etracker Analytics is software that collects and analyzes data about your actions on our website. We receive analysis reports on how you use our website and can better tailor our offering to your needs. In this privacy policy, we delve into the analysis tool, focusing on which data is stored, when, how, and where.

etracker Analytics is a tool designed to measure and analyze the performance of our website and online campaigns. For example, the software collects data about how long you stay on our website, how many users visit, and where they came from. We also receive detailed evaluations of visitor behavior on our website, such as which buttons are clicked, which subpages are popular, and which are avoided. All this information is anonymous, meaning we cannot identify you as an individual but only receive general user information and statistics.

Why do we use etracker on our website?
We utilize this software tool to enhance the quality of our website and offerings. Our goal is to provide you with the best possible service. We want you to feel comfortable on our site and receive exactly what you expect. To achieve this, we aim to tailor our offerings as closely as possible to your needs and preferences.

The data also helps us conduct our online marketing and advertising efforts more cost-effectively and individually. Naturally, we want to display our offerings only to people who are genuinely interested.

What data is stored by etracker?

To enable tracking, a JavaScript code is embedded in the website. etracker operates on pixel technology.

By default, etracker does not use cookies or tracking technologies on a website, as this is implemented in a cookie-less mode through Privacy-by-Design. In this case, only strictly necessary cookies are set. However, if you actively consent to the use of cookies, etracker will also use cookies.

The following data is stored and processed upon visiting the website:

Your pseudonymized IP address
Technical information about your browser, operating system, and device
Location information (up to city level)
The accessed URL, including page title and optional information about the page content
Referrer website (the site from which you accessed our site)
The following page (the site you click on afterward)
Time spent on our site (session duration)
Interactions on the site, such as clicks, search terms, downloads, videos, or purchased products

This data comes from web server information and the data transmitted by your browser during webpage access. Unlike other technologies, etracker does not read or store data on your device. The data is neither used for other purposes nor shared with third parties.

Cookies used by etracker do not contain information that can identify you as a person. Data like IP addresses, device data, and domain data are encrypted or truncated, ensuring that individual identification is impossible for both us and etracker.

If cookies are enabled, the following may be set:

Name: GS3_v
Value: 146480958122693978-9
Purpose: Set by the etracker Optimizer Webservice.
Expiration: 1 year
Name: _et_coid
Value: e9cc2b3efbf7807c6157e8b151baa2f3122693978-1
Purpose: Used for cookie recognition, set only upon cookie activation.
Expiration: 3 years
Name: pll_language
Value: de
Purpose: Stores the preset language.
Expiration: 1 year

Note: This list represents a selection of potential cookies and may not be exhaustive. For a full list of cookies, refer to etracker's documentation.

How long and where is the data stored?

The data is stored on servers located in Hamburg, Germany. The system administration also operates from Hamburg, ensuring that all data is exclusively stored on German servers. Data is retained until our contract with etracker expires, after which it is permanently deleted.

How can I delete or prevent data storage?

You have the right to access, correct, delete, or restrict the processing of your personal data at any time. You can also withdraw your consent to data processing at any time.

If you wish to disable, delete, or manage cookies generally, refer to the "Cookies" section on our website for links to guides for popular browsers.

Legal basis

The use of etracker requires your consent, obtained via our cookie popup. This consent serves as the legal basis for processing personal data per Article 6(1)(a) of the GDPR.

Additionally, we have a legitimate interest in analyzing visitor behavior to improve our offerings technically and economically. etracker helps us identify website errors, detect attacks, and enhance efficiency. This aligns with Article 6(1)(f) of the GDPR (legitimate interests). However, we use etracker only if you provide consent.

For further details about etracker, visit their privacy policy.

Data Processing Agreement (DPA) with etracker

In accordance with Article 28 of the GDPR, we have signed a Data Processing Agreement (DPA) with etracker. This agreement clarifies that etracker processes data on our behalf only as instructed and complies with the GDPR. The DPA can be found here.

Google Analytics Privacy Policy

Summary

Affected Parties: Website visitors
Purpose: Evaluation of visitor information to optimize the web offering.
Processed Data: Access statistics, including access locations, device data, access duration and time, navigation behavior, and click behavior. More details can be found further below in this privacy policy.
Retention Period: Adjustable; by default, Google Analytics 4 stores data for 14 months.
Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Google Analytics?

We use the analytics tracking tool Google Analytics, specifically Google Analytics 4 (GA4), from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies like cookies, device IDs, and login credentials, users can be identified across different devices. This enables cross-platform analysis of your actions.

For example, when you click a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your needs. Below, we delve deeper into the tracking tool and inform you specifically about the data processed and how you can prevent it.

Google Analytics is a tracking tool used to analyze website traffic. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as names or addresses but is used to associate events with a device. GA4 uses an event-based model that captures detailed information on user interactions, such as page views, clicks, scrolling, and conversion events. Additionally, GA4 integrates various machine learning functions to better understand user behavior and trends.

GA4 uses machine learning to model data, meaning it extrapolates missing data based on collected information to optimize analysis and provide predictions.

To make Google Analytics work, a tracking code is embedded into our website's code. When you visit our website, this code records various actions you perform on our site. With GA4's event-based data model, we can define and track specific events to analyze user interactions. In addition to general information like clicks or page views, we can track specific events critical to our business, such as form submissions or product purchases.

Once you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data, and we receive reports on your user behavior, including:

Audience Reports: Helps us better understand our users and determine who is interested in our services.
Ad Reports: Enables easier analysis and improvement of online advertising.
Acquisition Reports: Provides useful insights into how we can attract more users to our services.
Behavior Reports: Tracks your interactions with our website, such as the paths you take and the links you click.
Conversion Reports: Tracks desired actions like purchases or newsletter sign-ups to evaluate marketing effectiveness.
Real-Time Reports: Provides immediate insights into current website activities, such as the number of users reading this text.

Additional Features of Google Analytics 4:

Event-Based Data Model: This model captures specific events that occur on our website, such as playing a video, purchasing a product, or signing up for our newsletter.
Enhanced Analysis Capabilities: These features help us better understand user behavior on our website and general trends. For example, we can segment user groups, conduct comparative analyses of target audiences, or track user journeys on our site.
Predictive Modeling: Machine learning extrapolates missing data based on collected information, predicting future events and trends. This helps us develop better marketing strategies.
Cross-Platform Analysis: Data collection and analysis are possible across both websites and apps. This allows us to analyze user behavior across platforms, provided you have consented to data processing.

Why Do We Use Google Analytics on Our Website?

Our goal with this website is clear: to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this.

The analyzed data give us a clear picture of our website's strengths and weaknesses. On one hand, we can optimize our site to make it easier for interested users to find us on Google. On the other hand, the data help us understand you as a visitor better, enabling us to improve our services. Additionally, the data allow us to tailor our advertising and marketing efforts more effectively and cost-efficiently, targeting only users genuinely interested in our products and services.

What Data Does Google Analytics Store?

Google Analytics creates a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. Upon subsequent visits, you will be recognized as a "returning" user. All collected data are stored along with this user ID, enabling pseudonymous user profile analysis.

For website analysis using Google Analytics, a Property ID must be embedded in the tracking code. The data are then stored in the corresponding property, which by default in GA4 is event-based. Data retention varies depending on the property used.

Through identifiers like cookies, app instance IDs, user IDs, or custom event parameters, your interactions (if you have consented) are tracked across platforms. Interactions include all actions you perform on our website. If you use other Google services (e.g., a Google account), data generated by Google Analytics can be linked to third-party cookies. Google only shares Google Analytics data if we, as website operators, authorize it or if required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. Instead, IP address data are used to derive location data and are deleted immediately afterward. For users in the EU, IP addresses are erased before being stored in a data center or server.

Cookies Used in Google Analytics 4:

_ga: Used to distinguish website visitors; expires after 2 years.
_gid: Also used to distinguish website visitors; expires after 24 hours.
gat_gtag_UA<property-id>: Reduces request rates; expires after 1 minute.

(Note: This list may change, as Google occasionally updates its cookie policies. GA4 aims to enhance data privacy, offering various control options like adjustable data retention and collection limits.)

Overview of Key Data Collected:

Heatmaps: Visualizes which areas of the website you click on, providing insights into user navigation.
Session Duration: Measures the time you spend on the website without leaving. After 20 minutes of inactivity, a session ends.
Bounce Rate: Indicates when you view only one page on the site before leaving.
Account Creation: Tracks data if you create an account or place an order.
Location: IP addresses are not logged or stored but are briefly used to infer location data before deletion.
Technical Information: Includes browser type, internet provider, and screen resolution.
Source of Origin: Tracks the website or advertisement that brought you to the site.

Additional data may include contact details, reviews, media playback (e.g., video viewing), social media shares, or adding items to favorites. This list is not exhaustive and provides only a general overview of data collected by Google Analytics.

How Long and Where Are Data Stored?

Google has servers distributed across the globe. You can find detailed information about the locations of Google's data centers here: Google Data Center Locations.

Data are stored on multiple physical storage devices, ensuring faster access and better protection against tampering. Each Google data center implements specific disaster recovery protocols. Even in the event of hardware failures or natural disasters, Google's services are designed to minimize disruption risks.

Retention Periods for Data

The retention period of data depends on the properties used, which can be customized for each property. Google Analytics provides four options for data retention:

2 months: The shortest retention period.
14 months: Default retention for GA4.
26 months: Data can also be stored for this extended period.
Manual Deletion: Data remain until manually deleted.

Additionally, retention resets if you revisit the website within the specified timeframe. If the period lapses, data linked to cookies, user identifiers, and ad IDs (e.g., DoubleClick cookies) are deleted monthly. Aggregated data, which combine individual data into broader datasets, remain stored independently.

How to Delete or Prevent Data Storage

Under the EU General Data Protection Regulation (GDPR), you have rights to access, update, delete, or restrict your data. The Google Analytics Opt-Out Browser Add-on can prevent data collection by Google Analytics. Download it here: Opt-Out Add-on.

For managing cookies in general, refer to the “Cookies” section for guides tailored to major browsers.

Legal Basis for Data Processing

The use of Google Analytics is based on your explicit consent obtained through our cookie popup. This aligns with Article 6(1)(a) GDPR, permitting data processing for analytics purposes. Additionally, we have a legitimate interest under Article 6(1)(f) GDPR in analyzing visitor behavior to improve technical performance and economics. Google Analytics is employed only with your consent.

Google processes your data in compliance with the EU-US Data Privacy Framework, ensuring secure data transfers between the EU and the USA. For further details, visit Data Privacy Framework.

Safeguards for International Transfers

Google adheres to Standard Contractual Clauses (SCC) under Article 46(2) and (3) GDPR to ensure European data protection standards when processing data in third countries. These clauses are provided by the European Commission and mandate adherence to EU privacy principles, even outside the EU. You can review the relevant decision and clauses here.

For Google Ads Data Processing Terms linked to SCCs, refer to: Google Ads Processor Terms.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. Details about what a DPA entails and its essential components can be found in our general section titled "Data Processing Agreement (DPA)."

This agreement is legally required since Google processes personal data on our behalf. It specifies that Google may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to Google's Data Processing Terms at Google Ads Data Processing Terms.

Google Analytics Reports on Demographics and Interests

We have enabled advertising reporting features in Google Analytics. These demographic and interest reports provide insights into user age, gender, and interests, allowing us to better understand our audience without linking the data to specific individuals. Learn more about these features at Google Support - Demographic Reports.

You can opt out of using your Google Account activity and information under "Ad Settings" at Google Ads Settings.

Google Analytics in Consent Mode

Depending on your consent, personal data may be processed by Google Analytics in "Consent Mode." You can choose to allow or disallow Google Analytics cookies, which determines the data Google Analytics is permitted to process. The collected data are primarily used for analyzing user behavior on the website, delivering targeted advertisements, and providing web analytics reports.

If you do not consent to data processing, only aggregated data, which cannot be linked to individual users, are collected. This prevents the creation of user profiles. You can also opt to consent solely to statistical measurement, which processes no personal data and excludes advertising purposes.

Google Analytics IP Anonymization

We have implemented IP anonymization on this website via Google Analytics. This feature ensures compliance with applicable data protection regulations and recommendations of local data authorities, which may prohibit the storage of full IP addresses. Anonymization occurs as soon as the IP addresses enter Google's data collection network, prior to any storage or processing. Learn more at Google Support - IP Anonymization.

Google Optimize Privacy Policy

We use Google Optimize on our website, a tool for website optimization. The service provider is Google Inc., while for the European region, the responsible entity is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Google may process your data in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the secure transfer of personal data from EU citizens to the USA. Further details are available at EU-US Data Privacy Framework.

Additionally, Google applies Standard Contractual Clauses (SCCs) under Articles 46(2) and 46(3) of the GDPR. These clauses, provided by the European Commission, ensure that your data adhere to European data protection standards, even when stored or processed in third countries such as the USA. These clauses are based on a European Commission implementation decision, which can be accessed here: EU SCC Decision.

The Google Ads Data Processing Terms, which reference SCCs, can be found at Google Ads Data Processing Terms.

More information about data processed through Google Optimize can be found in the Google Privacy Policy.

Data Processing Agreement (DPA) Google Optimize

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. Details about what a DPA is and what it must include can be found in our general section titled "Data Processing Agreement (DPA)."

This agreement is legally required since Google processes personal data on our behalf. It clarifies that Google may process data received from us only according to our instructions and must comply with GDPR regulations. You can access Google's Data Processing Terms at Google Ads Data Processing Terms.

Google Site Kit Privacy Policy

Summary of the Google Site Kit Privacy Policy

Affected parties: Website visitors
Purpose: Evaluation of visitor information to optimize website offerings.
Processed data: Access statistics, including data such as access locations, device details, session duration and timing, navigation behavior, click behavior, and IP addresses. More details are provided below and in the Google Analytics Privacy Policy.
Storage duration: Depends on the properties used.
Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests).

What is Google Site Kit?

We use the WordPress plugin Google Site Kit by Google Inc. (Google Ireland Limited for the EU region). Google Site Kit enables us to quickly and easily view statistics from various Google products, such as Google Analytics, directly within our WordPress dashboard. These tools, including Google Analytics, collect personal data. This privacy policy explains why we use Google Site Kit, where and how long the data is stored, and additional relevant privacy policies.

Google Site Kit consolidates data from services such as Google Analytics, Google Search Console, Page Speed Insights, Google AdSense, Google Optimize, and Google Tag Manager, providing an integrated analytics view directly on the WordPress dashboard.

Why do we use Google Site Kit?

Our goal is to offer you the best possible experience on our website. Understanding user behavior through statistical analysis helps us improve our content and offerings. Google Site Kit simplifies this process by aggregating statistics from multiple tools in one dashboard, eliminating the need for separate logins for each tool.

What data does Google Site Kit store?

If you consent to tracking tools through the cookie notice, Google products like Google Analytics set cookies and send user data (e.g., user behavior) to Google for storage and processing. This includes personal data such as IP addresses.

For detailed information on each tool, please refer to our dedicated sections, such as our Google Analytics Privacy Policy. There, you will learn about data retention, cookie usage, and how to prevent data storage.

Here are examples of Google Analytics cookies that may be set if you consent to Google data processing:

Name: _ga
Purpose: Used by analytics.js to distinguish users by storing a unique ID.
Expiration: 2 years.
Name: _gid
Purpose: Used to distinguish users.
Expiration: 24 hours.
Name: gat_gtag_UA<property-id>
Purpose: Used to throttle the request rate.
Expiration: 1 minute.

These cookies represent only a selection of what may be set.

How Can I Delete My Data or Prevent Data Storage?

You have the right to request access to your data, have it deleted, corrected, or restricted. Additionally, you can disable, delete, or manage cookies in your browser at any time.

For general instructions on how to disable, delete, or manage cookies, refer to the “Cookies” section, which includes links to guides for the most popular browsers.

Legal Basis

The use of Google Site Kit requires your consent, which we obtain via our cookie popup. This consent serves as the legal basis under Article 6(1)(a) GDPR for processing personal data collected through web analytics tools.

In addition to consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Google Site Kit helps us identify website errors, detect attacks, and enhance efficiency. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests). However, Google Site Kit is only used when you have provided consent.

Google processes your data, potentially including in the United States. Google is a participant in the EU-US Data Privacy Framework, ensuring the safe transfer of EU citizens’ data to the U.S. Learn more at EU Data Privacy Framework.

Additionally, Google employs Standard Contractual Clauses (SCCs) as per Articles 46(2) and 46(3) GDPR. These EU-approved templates ensure your data meets European data protection standards even when transferred to third countries like the U.S. Learn more about SCCs at EUR-Lex Decision 2021/914.

The Google Ads Data Processing Terms, which reference these SCCs, can be accessed at Google Ads Data Processing Terms.

For further information on Google’s data processing, refer to Google’s Privacy Policy.

Email Marketing Introduction

Email Marketing Summary

Affected parties: Newsletter subscribers
Purpose: Direct marketing via email, notifications of system-relevant events
Processed data: Registration data, at minimum the email address.
Storage duration: As long as the subscription exists.
Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests).

What is Email Marketing?

Email marketing allows us to keep you informed about our company, products, and services. If you’ve consented to receive our emails, we process and store your data. To subscribe, typically only your email address is required, though we may request additional details such as your name for personalized communication.

Subscriptions are managed through a “double opt-in” process, ensuring that the email address provided belongs to you. Subscription data, including timestamps, IP address, and any updates, is recorded to maintain a legally compliant process.

Why Do We Use Email Marketing?

We aim to maintain communication and keep you updated about our latest news and offers. Email marketing (or “newsletters”) is a key aspect of our online marketing strategy. With your consent, we send you relevant and engaging content about our business, services, and products. Our newsletters may also inform you about updates or special promotions.

To deliver secure and efficient email communications, we may use professional third-party email marketing tools. These tools ensure timely and reliable service while aligning with our goals to share updates and improve our business outcomes.

What Data Is Processed?

If you subscribe to our newsletter via our website, you confirm your subscription to an email list through a verification email. In addition to your IP address and email address, other data such as your title, name, address, and phone number may also be stored, but only if you have given your explicit consent to such data storage. Mandatory fields marked as required are necessary to access the offered service. Providing this information is voluntary, but not providing it may prevent you from using the service. Additional data, such as information about your device or your preferences on our website, may also be stored. More details on data storage when visiting a website can be found in the "Automatic Data Storage" section. Your consent declaration is recorded to ensure compliance with legal requirements.

Duration of Data Processing

If you unsubscribe from our email/newsletter list, we may retain your email address for up to three years based on our legitimate interests to provide evidence of your initial consent. This data will only be processed if needed to defend against potential claims.

However, if you confirm your consent for the newsletter subscription, you may request individual data deletion at any time. If you permanently object to the use of your data, we reserve the right to add your email address to a suppression list. As long as you voluntarily remain subscribed to our newsletter, we will retain your email address.

Right to Object

You can unsubscribe from our newsletter at any time by withdrawing your consent. This process usually takes only a few seconds or a click or two. Typically, a link to cancel your subscription is provided at the bottom of each email. If the link cannot be found, please contact us via email, and we will promptly cancel your subscription.

Legal Basis

The sending of our newsletter is based on your consent (Article 6(1)(a) GDPR). This means we are only allowed to send newsletters if you have actively subscribed. Additionally, we may send you promotional emails if you are a customer and have not objected to the use of your email address for direct marketing.

Details on specific email marketing services and how they process personal data are provided in the following sections if applicable.

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary:

Affected parties: Website visitors
Purpose: To handle inquiries and general communication between us and you
Processed data: Includes name, address, email address, phone number, general content data, and potentially your IP address.
Storage duration: Varies based on the messenger and communication tools used.
Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests), Article 6(1)(b) GDPR (contractual or pre-contractual obligations).

What Are Messenger & Communication Tools?

Our website offers various tools for communication, including messenger/chat functions, online/contact forms, email, and phone. These tools process and store your data to respond to your inquiries and any follow-up actions.

In addition to traditional communication channels like email or phone, we use chat and messenger tools. The most commonly used messenger is WhatsApp, but several specialized website messaging providers exist. End-to-end encryption is often employed, ensuring message content is not visible to providers. However, technical data such as device information and location settings may still be processed and stored.

Why Do We Use Messenger & Communication Tools?

Communication options are essential to provide you with the best possible service. Practical messenger and communication tools enable you to choose the method that suits you best. However, certain questions, such as contractual issues, may not be handled through chat or messenger for security reasons. In such cases, email or phone communication is recommended.

Even when using third-party platforms, we typically remain the primary data controller. However, in some cases, such as social media platforms, shared responsibility under Article 26 GDPR may apply. This shared responsibility will be explicitly highlighted if applicable.

Please note that using integrated features may involve data processing outside the EU, as many providers (e.g., WhatsApp) are American companies. This could make enforcing your rights regarding personal data more challenging.

What Data Is Processed?

The specific data processed depends on the provider of the messenger or communication tool. This usually includes:

Name
Address
Phone number
Email address
Content entered in contact forms
Device information and IP address

Data collected through messenger tools is also stored on the providers' servers. For detailed information on specific providers, consult their privacy policies.

How Long Is Data Stored?

The duration of data processing and storage depends on the tools used. Generally, personal data is processed only as long as necessary for providing our services. Data stored in cookies may have varying durations, ranging from being deleted immediately upon leaving the site to being retained for several years. Review the provider's privacy policy for specific storage durations.

Right to Object

You can withdraw your consent to data processing via cookies or third-party providers at any time. This can be done using our cookie management tool or other opt-out options. Managing cookies in your browser (enabling, disabling, or deleting) can also prevent data collection. For more information, refer to the "Consent" section of this document.

If messenger and communication functions involve cookies, see our general privacy policy on cookies for further information.

Legal Basis

Data processing through messenger and communication tools is based on your consent (Article 6(1)(a) GDPR). If the data is processed for pre-contractual or contractual obligations, the legal basis is Article 6(1)(b) GDPR. If no consent is given, we may rely on our legitimate interest (Article 6(1)(f) GDPR) in efficient and effective communication with you and other stakeholders.

Facebook Messenger Privacy Policy

We use the instant messaging service Facebook Messenger on our website. The service provider is the American company Meta Platforms Inc., and for Europe, the responsible entity is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

What Is Facebook Messenger?

Facebook Messenger is a chat messaging feature developed by Facebook that allows users to send and receive text messages, voice and video calls, photos, and other media files with other Facebook users. When using Facebook Messenger, personal data such as your phone number, chat messages, sent photos, videos, profile data, address, and location are processed and stored on Facebook servers.

Why Do We Use Facebook Messenger?

We aim to stay in touch with you in the most convenient way, and services like Facebook Messenger are highly effective for this purpose. The platform remains one of the most popular social media networks, offering practical and seamless communication.

How Secure Is Data Transfer via Facebook Messenger?

Facebook processes your data, including in the U.S. Meta Platforms actively participates in the EU-U.S. Data Privacy Framework, ensuring secure and lawful data transfers of personal data from EU citizens to the U.S. For more information, visit:
EU-U.S. Data Privacy Framework Document.

Facebook also uses Standard Contractual Clauses (SCC) in accordance with Article 46(2) and (3) of the GDPR. SCCs are EU Commission-approved templates ensuring your data adheres to European data protection standards when transferred to third countries (e.g., the U.S.). Through the EU-U.S. Data Privacy Framework and SCCs, Facebook commits to maintaining the European level of data protection even when storing and managing your data in the U.S. Learn more here:
EU SCC Decision Document.

You can find Facebook's data processing terms, which reference the SCCs, here:
Facebook Data Processing Terms.

Additional information on how Facebook processes data is available in its Privacy Policy:
Facebook Privacy Policy.

Facebook Messenger Data Processing Agreement (DPA)

In compliance with Article 28 of the GDPR, we have entered into a Data Processing Agreement (DPA) with Facebook. This agreement is mandatory as Facebook processes personal data on our behalf. It ensures that Facebook only processes data according to our instructions and complies with GDPR requirements. The DPA with Facebook can be accessed here:
Facebook DPA Terms.

Social Media Overview

Social Media Privacy Policy Summary:

Affected Parties: Website visitors
Purpose: Showcase and optimize our services, connect with visitors and prospects, and advertise
Processed Data: Includes phone numbers, email addresses, user behavior data, device information, and IP addresses.
Details for each social media tool are provided below.
Storage Duration: Varies by social media platform
Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Is Social Media?

Social media platforms allow registered users to create content, exchange it publicly or within specific groups, and network with other members. We are active on various social media platforms to connect with interested users and promote our products and services. Social media elements embedded on our website, such as "social buttons," enable you to switch directly to our social media presence.

Why Do We Use Social Media?

Social media platforms are central to online communication and interaction. They allow us to showcase our offerings, engage with users, and conduct targeted marketing and advertising. The data collected from your usage helps us refine our strategies based on user behavior and interests, often through web analytics and cookies.

While we remain responsible for data processing when using social media tools, joint responsibility with the platform providers may apply under Article 26 GDPR. Where this occurs, we will notify you and outline the agreement in relevant sections.

What Data Is Processed?

The data processed varies by platform but often includes phone numbers, email addresses, user activity (e.g., likes, follows, interactions), and device information. If you are logged into your social media account, this data may be linked to your profile.

To understand how your data is stored, processed, and how you can object to this, refer to the privacy policies of the respective platforms.

Data Processing Duration

The duration of data storage depends on the specific platform. For example, Facebook retains data until it is no longer needed. Other platforms may delete data, such as matched customer data, within two days. Generally, we only process personal data as long as it is necessary for providing our services unless extended retention is required by law (e.g., for accounting).

Right to Object

You may withdraw your consent for the use of cookies or third-party tools, such as embedded social media elements, at any time. This can be done via our cookie management tool or browser settings. For details on social media-related cookies, refer to our general privacy policy on cookies.

Legal Basis

The processing of your data is based on your consent under Article 6(1)(a) GDPR. In some cases, it may also be based on our legitimate interest under Article 6(1)(f) GDPR in efficient communication and user engagement. Many platforms use cookies to store and process data. For detailed information, refer to the privacy policies and cookie guidelines of the respective platforms.

For specific details about individual platforms, refer to the following sections of this policy.

Facebook Privacy Policy

Facebook Privacy Policy Summary
Affected Individuals: Website visitors
Purpose: Optimization of our services
Processed Data: Information such as customer data, user behavior, device details, and IP address.
More details can be found in the privacy policy below.
Retention Period: Until the data is no longer useful for Facebook’s purposes
Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Are Facebook Tools?

On our website, we use select tools from Facebook. Facebook is a social media network operated by Meta Platforms Inc., or in Europe by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools enable us to provide the best possible offerings to you and others interested in our products and services.

When data is collected through our embedded Facebook elements or our Facebook Page (Fanpage), both we and Facebook Ireland Ltd. share responsibility. However, Facebook solely assumes responsibility for subsequent data processing. Our mutual obligations are outlined in a public agreement at Facebook's Controller Addendum, stating, for instance, that we must inform you clearly about the use of Facebook tools on our site. Additionally, we are responsible for integrating the tools securely into our website, while Facebook ensures data security within its products.

For questions about Facebook’s data collection and processing, you can contact Facebook directly. Should questions be addressed to us, we are obligated to forward them to Facebook.

Below, we provide an overview of the various Facebook tools, the data transmitted to Facebook, and how you can delete it.

Why Do We Use Facebook Tools on Our Website?

We aim to present our services and products to people genuinely interested in them. With Facebook Ads, we can reach precisely these individuals. To deliver relevant ads, Facebook needs data about user preferences and behaviors. This information allows Facebook to show ads tailored to users' interests.

What Data Is Stored by Facebook Tools?

Using specific Facebook tools may result in personal data, such as names, addresses, phone numbers, and IP addresses, being transmitted to Facebook. These details are hashed before being sent to Facebook for encryption purposes.

Additionally, Facebook collects "Event Data," such as your activity on our website (e.g., pages visited or products purchased). This data is not shared with third parties unless authorized or legally required.

Cookies play a significant role in data collection. Depending on the tools used and whether you are a Facebook member, various cookies may be set in your browser. Detailed information about Facebook cookies can be found here.

How Long and Where Is the Data Stored?

Facebook retains data only as long as it is necessary for its services and products. Data servers are distributed globally, but customer data is deleted within 48 hours after matching it with Facebook user data.

How Can I Delete My Data or Prevent Data Storage?

According to the General Data Protection Regulation (GDPR), you have the right to access, rectify, transfer, and delete your data.

Steps to Completely Delete Your Facebook Account:

Open Facebook and click on Settings in the top-right menu.
In the left-hand column, select Your Facebook Information.
Click on Deactivation and Deletion.
Choose Delete Account, then click Continue to Account Deletion.
Enter your password, click Continue, and confirm with Delete Account.

Managing Cookies:

Data collected via our site often involves cookies (e.g., from social plugins). You can manage or delete cookies in your browser settings. Depending on the browser you use, the process differs:

Disable, delete, or manage individual/all cookies.
Configure your browser to notify you before setting a cookie, enabling you to allow or deny each one.

For detailed instructions, consult the browser-specific cookie management guides.

Legal Basis for Data Processing

If you consent to the use of embedded Facebook tools, this consent serves as the legal basis under Article 6(1)(a) GDPR. Additionally, data may be stored based on our legitimate interests (Article 6(1)(f) GDPR) in ensuring effective communication with users and business partners. However, we only use these tools with your consent.

Many social media platforms, including Facebook, set cookies to store data. We recommend reviewing our cookie privacy policy and Facebook’s privacy or cookie policies:

Data Processing Outside the EU

Facebook processes data in the U.S., among other countries. Facebook/Meta is part of the EU-US Data Privacy Framework, ensuring proper and secure data transfer from EU citizens to the U.S. More details can be found here.

Additionally, Facebook uses Standard Contractual Clauses (SCCs) as outlined in Article 46(2) and (3) GDPR. These ensure compliance with European data protection standards even when data is stored or processed in third countries.

Using Facebook Login

Our site offers Facebook Login for convenient registration. When you log in with your Facebook credentials, data such as user behavior is transmitted to Facebook and may involve the use of cookies, such as:

Name: fr
- Purpose: Enables optimal functioning of social plugins.
- Expiration: 3 months.
Name: datr
- Purpose: Identifies login activity and protects users.
- Expiration: 2 years.
Name: _js_datr
- Purpose: Session tracking even without a Facebook account or while logged out.
- Expiration: Session-based.

For further details on cookies, consult Facebook’s cookie policy.

The Facebook Login streamlines the registration process while allowing us to better tailor our offerings and advertising to your interests. For additional public data shared by Facebook, review their privacy guidelines.

Your Profile Picture
Email Address
Friend Lists
Button Interactions (e.g., "Like" Button)
Date of Birth
Language
Place of Residence

In return, we provide Facebook with information about your activities on our website. This includes details about your device, the pages you visit on our site, and products you purchase.

By using Facebook Login, you consent to the processing of your data. You may revoke this consent at any time. For more information on Facebook’s data processing practices, please refer to Facebook’s Privacy Policy.

If you are logged in to Facebook, you can adjust your ad preferences directly under Facebook Ad Preferences.

Facebook Social Plugins Privacy Policy

Our website incorporates social plugins from Meta Platforms Inc. These are identifiable by Facebook’s logo, such as the "Like" button (thumbs-up icon) or a "Facebook Plugin" label. Each plugin has a unique function, with the most popular being the "Like" and "Share" buttons.

Facebook offers the following social plugins:

Save Button
Like, Share, Send, and Quote Buttons
Page Plugin
Comments Plugin
Messenger Plugin
Embedded Posts and Video Player
Groups Plugin

For detailed usage of these plugins, visit Facebook’s Developer Page.

When visiting our site, if you are logged in to Facebook or have previously visited Facebook, at least one cookie is set in your browser. Your browser sends information via these cookies to Facebook when you visit our site or interact with the social plugins.

Collected Data

Facebook states that the following data is typically processed within 90 days and then deleted or anonymized:

Your IP address
The website you visited
Date and time of your visit
Browser details

To minimize data collection, log out of Facebook during your visit to our website. If you are not logged in or do not have a Facebook account, fewer cookies are sent, but data such as your IP address or visited pages might still be transmitted to Facebook.

For more details on Facebook’s use of cookies and data, please visit Facebook's Privacy Policy.

Cookies Example

Name: dpr
- Purpose: Ensures social plugins function correctly.
- Expiration: End of session.
Name: fr
- Purpose: Enables plugins to work properly.
- Expiration: 3 months.

Even non-Facebook users might encounter these cookies when interacting with social plugins.

Flickr Privacy Policy

We also use the Flickr platform, provided by Flickr Inc., based in the U.S. Note that data processing in the U.S. currently lacks the European Court of Justice’s guarantee of an adequate data protection level.

Legal Basis

To ensure compliance, Flickr relies on Standard Contractual Clauses (SCCs) as approved by the EU Commission (Article 46(2) and (3) GDPR). These clauses ensure data processed outside the EU maintains the same level of protection. For more details on SCCs, visit EU SCC Decision.

For Flickr's privacy practices, consult their Privacy Policy.

Gravatar Privacy Policy
Summary

Affected Parties: Website visitors
Purpose: Optimization of our services
Data Processed: Including your encrypted email address, IP address, and the URL of our server
Retention Period: Data is generally deleted when no longer needed for the provider’s services
Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Gravatar?
Our website incorporates the Gravatar plugin by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). Gravatar, often pre-activated on WordPress websites, enables displaying user avatars (profile pictures) with posts or comments if the associated email address is registered on www.gravatar.com.

This function transmits data to Gravatar (Automattic Inc.), which is stored and processed there. Below, we explain what data is transmitted, how Gravatar uses it, and how you can manage or block data storage.

Gravatar stands for "Globally Recognized Avatar," a globally accessible profile picture tied to an email address. When users provide an email address registered with Gravatar, the associated avatar is automatically displayed with posts or comments.

Why Do We Use Gravatar?
Gravatar adds a personal touch to user interactions, helping commenters appear more recognizable and authentic online. By enabling this feature, we aim to enhance user experience and foster a more engaging, personalized community.

What Data is Stored by Gravatar?
When you submit a comment requiring an email address, WordPress checks if this address is linked to a Gravatar. To do so, it transmits your encrypted email address, IP address, and our server URL to Gravatar.

If a match is found, the associated avatar is displayed alongside the comment. For registered Gravatar users, additional data—such as browser type, unique device identifiers, preferred language, date/time of access, operating system, and mobile network information—may be transmitted, stored, and processed by Gravatar to improve services and gather usage insights.

Cookies Used by Gravatar:

Name: gravatar
- Purpose: Not specified in detail
- Expiration: After 50 years
Name: is-logged-in
- Purpose: Indicates whether the user is logged in with a registered email
- Expiration: After 50 years

Data Retention and Storage
Gravatar (Automattic) retains data only as long as needed for its services or as legally required. Logs like IP addresses, browser details, and operating systems are typically deleted after 30 days. Data may be stored on U.S.-based servers.

How to Delete or Prevent Data Storage

Users can delete their Gravatar accounts or registered email addresses directly via the Gravatar website.
To prevent data transmission to Gravatar, use an email address not registered with Gravatar when commenting.
Manage or disable cookies via browser settings. Note that disabling cookies might limit comment functionality.

Legal Basis
Gravatar processes your data under GDPR Article 6(1)(a) (Consent) and Article 6(1)(f) (Legitimate Interests). Data processing in the U.S. follows the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards.

For further details, consult:

Automattic’s Privacy Policy
General Gravatar information: Gravatar Overview

Instagram Privacy Policy

Summary of Instagram Privacy Policy

Affected Parties: Website visitors
Purpose: To optimize our service offerings
Processed Data: Data related to user behavior, device information, and IP addresses (more details are provided below).
Retention Period: Until Instagram no longer requires the data for its purposes
Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Instagram?

Our website integrates features of Instagram, a social media platform owned by Instagram LLC (1601 Willow Rd, Menlo Park, CA 94025, USA). Instagram has been a subsidiary of Meta Platforms Inc. (formerly Facebook, Inc.) since 2012. Embedding Instagram features allows us to display content such as buttons, photos, or videos directly on our website. Whenever you visit a page with an embedded Instagram feature, data is transmitted, stored, and processed by Instagram.

Since Instagram operates using the same systems and technology as Facebook, the data collected may be shared and processed across the Facebook family of companies.

Below, we explain why Instagram collects data, what data it collects, and how you can manage or limit this data processing. Information is sourced from both Instagram and Meta's data policies.

Why Do We Use Instagram on Our Website?

Instagram has become a major social media platform in recent years, and we want to reflect this trend by integrating Instagram content on our website. This allows us to enrich our offerings with engaging, fun, or informative Instagram posts, enhancing your experience. Additionally, Instagram data helps us target relevant audiences with personalized advertising, particularly on Facebook platforms.

Instagram also uses the collected data for analytics, providing us with anonymized reports to understand user interests and preferences better.

What Data is Stored by Instagram?

When you access pages on our website with Instagram features, your browser connects to Instagram’s servers, transmitting data regardless of whether you have an Instagram account. Data collected may include:

Information about the webpage you accessed
Details about your device
Purchases and ad interactions
Your usage behavior

If you are logged into Instagram, the platform stores additional personal information. Facebook (and therefore Instagram) categorizes data into Customer Data (e.g., name, address, phone number, IP address) and Event Data (user behavior data). Customer Data is hashed before transmission, while Event Data is matched with Instagram's existing data about you.

Instagram also uses cookies to collect and process this data. Depending on the features and whether you have an Instagram account, the volume and type of data collected may vary.

Example Cookies Set by Instagram:

csrftoken: Likely used for security purposes to prevent cross-site request forgery.
- Expiration: 1 year
mid: Creates a unique user ID for optimizing Instagram services.
- Expiration: End of session
fbsr_...: Stores login requests for Instagram app users.
- Expiration: End of session
rur: Ensures Instagram functionality.
- Expiration: End of session
urlgen: Used for Instagram marketing purposes.
- Expiration: End of session

How Long and Where Are Data Stored?

Instagram shares data with Facebook companies and third-party partners globally. Most data is stored on Meta's servers, primarily located in the USA.

How Can I Delete or Prevent Data Storage?

Under GDPR, you have the right to access, transfer, correct, or delete your data. You can manage your data directly in Instagram’s settings. To delete all data, you must permanently delete your Instagram account.

Steps to delete an Instagram account:

Open the Instagram app.
Navigate to your profile, scroll down, and click "Help Center."
On the website, go to "Manage Your Account" and select "Delete Your Account."

Note: Content shared by others about you is not deleted when you delete your account.

You can also manage cookies in your browser settings to prevent data collection.

Legal Basis

Data processing through Instagram relies on your consent (Article 6(1)(a) GDPR) or Meta's legitimate interests (Article 6(1)(f) GDPR) in effective communication. Meta complies with the EU-US Data Privacy Framework to ensure secure data transfers. For more information, refer to:

Pinterest Privacy Policy

Summary of Pinterest Privacy Policy

Affected Parties: Website visitors
Purpose: Optimization of our services
Processed Data: Data such as user behavior, device information, IP address, and search terms.
More details are provided below in the privacy policy.
Storage Duration: Until Pinterest no longer needs the data for its purposes
Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Pinterest?

We use buttons and widgets from the social media platform Pinterest, operated by Pinterest Inc., located at 808 Brannan Street, San Francisco, CA 94103, USA. For the European region, Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for data protection matters.

Pinterest is a social network specializing in graphic representations and photographs. The name comes from the words "pin" and "interest." Users can share various hobbies and interests on Pinterest and view profiles with images either openly or in defined groups.

Why Do We Use Pinterest?

Pinterest has been around for several years and continues to be one of the most visited and appreciated social media platforms. It is especially suited for our industry as it is primarily known for beautiful and interesting images. Therefore, we are also active on Pinterest, aiming to showcase our content beyond our website. The data collected can also be used for advertising purposes so that we can display targeted ads to people interested in our services and products.

What Data Does Pinterest Process?

Pinterest may store so-called log data, including information about your browser, IP address, the address of our website, activities performed on it (e.g., clicking the save or pin button), search histories, date and time of requests, and cookie and device data. If you interact with an embedded Pinterest function, cookies may also be set in your browser to store various data. Typically, the aforementioned log data, default language settings, and clickstream data are stored in cookies. Clickstream data refers to Pinterest's information about your website behavior.

If you have a Pinterest account and are logged in, the data collected from our page may be linked to your account and used for advertising purposes. If you interact with Pinterest's embedded functions, you are usually redirected to the Pinterest site. Below is a sample of cookies that may be set in your browser:

Name: _auth
Value: 0
Purpose: This cookie is used for authentication, such as storing your "username."
Expiration: After one year
Name: _pinterest_referrer
Value: 1
Purpose: This cookie stores the fact that you arrived at Pinterest via our website, storing the URL.
Expiration: At session end
Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie helps with Pinterest login and includes user IDs, authentication tokens, and timestamps.
Expiration: After one year
Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065122693978-8”
Purpose: This cookie contains a value used to identify a specific routing target.
Expiration: After one day
Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and a timestamp.
Expiration: After one year
Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165122693978-1
Purpose: Likely used for security reasons to prevent request forgery, though further details are unclear.
Expiration: After one year
Name: sessionFunnelEventLogged
Value: 1
Purpose: No further details available.
Expiration: After one day

How Long and Where Are the Data Stored?

Pinterest generally stores collected data until it is no longer needed for the company's purposes. Once data retention is no longer necessary to comply with legal requirements, the data will either be deleted or anonymized so that it is no longer identifiable. Data may also be stored on servers in the United States.

Right to Object

You have the right to withdraw your consent for the use of cookies or third-party providers like Pinterest at any time. This can be done through our cookie management tool or other opt-out features. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since embedded Pinterest elements may use cookies, we recommend reviewing our general cookie privacy statement. To understand which data is stored and processed, please read the privacy policies of the respective tools.

Legal Basis

If you consent to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for the data processing (Article 6(1)(a) GDPR). Your data may also be stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in effective and efficient communication with you or other customers and partners. We only use the tool if you have granted consent. Most social media platforms also set cookies in your browser to store data. We recommend reading our cookie privacy statement and reviewing the privacy policy or cookie guidelines of the respective service provider.

Pinterest processes data in the United States. Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the U.S., which may pose risks to the legality and security of data processing.

For data processing with recipients in third countries (outside the European Union, Iceland, Liechtenstein, Norway—especially the U.S.) or data transfer to these countries, Pinterest uses Standard Contractual Clauses (Article 46(2) and (3) GDPR). These clauses are templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred and stored in third countries like the U.S. Pinterest commits to ensuring that European privacy standards are maintained when processing your data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an EU Commission implementation decision. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information on Pinterest's Standard Contractual Clauses, visit https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest. You can read more about Pinterest’s data policies at https://policy.pinterest.com/de/privacy-policy.

Snapchat Privacy Policy

Summary of Snapchat Privacy Policy

Affected Parties: Website visitors
Purpose: Optimization of our services
Processed Data: Data such as user behavior, device information, and IP address
More details can be found below in the privacy policy.
Retention Period: Depends on the type of data
Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Snapchat?
We use integrations of the messaging and social media service Snapchat on our website. The service provider is the American company Snap Inc., 2772 Donald Douglas Loop N, Santa Monica (HQ), CA, USA.

Snapchat allows users to create "Snaps," short images or videos, and share them with friends or followers. Snapchat is particularly popular among younger people. These "Snaps" are deleted after a limited time, unlike other social media tools. Depending on the user's preferences, this time can be set anywhere from a few seconds to 24 hours. Snapchat also offers features like group chats, video calls, and a "Discover" section for media companies.

Why do we use Snapchat on our website?
We have integrated Snapchat features on our website to highlight Snapchat content and offer you the opportunity to follow us on Snapchat. This allows us to stay in contact with you beyond our website presence. By integrating Snapchat content, we also provide visitors who are not on Snapchat a glimpse into the Snapchat world. Thus, we view the integration as part of our overall offering on the website.

What data is processed by Snapchat?
When you view or interact with Snapchat content on our website, Snapchat can collect information about your user behavior and device. This may include data such as your IP address, browser type, operating system, location, language settings, and other technical information. Snapchat may also use cookies and similar technologies to gather information and personalize your user experience.

If you have or create a Snapchat account, additional information may be collected and processed. In this case, you voluntarily provide data such as your name, username, email address, phone number, and date of birth. If you make a purchase within the app, you must also provide payment details. All this information is processed by Snapchat if you provide it. If you actively use the service with your account, all information sent through Snapchat, such as chats, messages, images, and videos, will be processed.

How long and where is the data stored?
Snapchat stores different data for varying periods, and Snapchat servers are distributed worldwide in different regions. This means your data may also be processed in the USA. As mentioned above, the retention period of "Snaps" can be partially selected in the settings. Most messages sent through the service are automatically deleted from the servers once they are received or expired. However, some data is stored for much longer. This includes account information such as name, phone number, or email address. The retention period of location data depends on its accuracy and which Snapchat service is being used.

You can find a good overview of the retention periods of various Snapchat data at Snapchat Help.

How can I delete my data or prevent data storage?
If you have a Snapchat account, you can directly manage your privacy settings on Snapchat and determine the retention period for various contents. For example, in your Snapchat account settings, you can set whether "Snaps" are deleted after a few seconds or only after 24 hours. Additionally, you can request that Snapchat delete your personal data. However, the Snapchat privacy policy states that while most data will be deleted, there may be legal reasons preventing data deletion, and some data may still be stored.

Moreover, you can manage and disable cookies that Snapchat may set in your web browser to limit data collection. This is also possible without a Snapchat account. However, please note that this may affect the functionality of our website.

Legal Basis
If you have consented to the processing and storage of your data by Snapchat, this consent serves as the legal basis for data processing (Article 6(1)(a) GDPR). Generally, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in maintaining effective and prompt communication with you or other customers and business partners. We only use the embedded Snapchat features to the extent you have granted consent. Snapchat may also set cookies in your browser to store data. Therefore, we recommend reading our cookie privacy text carefully and reviewing the privacy policy or cookie guidelines of the respective service provider.

Snap processes data from you, including in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks regarding the legality and security of data processing.

As the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or data transfer to those countries, Snap uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards when transferred to third countries (such as the USA) and stored there. By using these clauses, Snap commits to maintaining European data protection levels when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EUR-Lex.

For more information on Snap’s Standard Contractual Clauses, please visit Snap Terms.

For more information on the data processed by Snapchat, please refer to the Privacy Policy at Snapchat Privacy Policy.

TikTok Privacy Policy

TikTok Privacy Policy Summary

Affected Parties: Website visitors
Purpose: Optimization of our service
Processed Data: Data such as your IP address, browser data, and the date and time of your page visit may be stored.
Storage Duration: Varies depending on settings.
Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is TikTok?

We use TikTok integration on our website. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European region, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible. TikTok is a popular social media platform, especially among young people, where users can create, share, and view short video clips.

In this privacy policy, we inform you about the data processed by TikTok, how long the data is stored, and how you can manage your privacy settings.

Why do we use TikTok on our website?

We have integrated TikTok into our website so that you can watch TikTok videos and interact with them if you wish. TikTok is especially known for funny and creative content, and we don't want to withhold such content from you. After all, we also enjoy watching creative TikTok videos ourselves.

What data is processed by TikTok?

When you watch TikTok videos on our website or interact with them, TikTok may collect information about your usage behavior and your device. This can include data such as your IP address, browser type, operating system, location, and other technical details. TikTok may also use cookies and similar technologies to collect information and personalize your user experience.

If you have a TikTok account, additional information may also be collected and processed, such as user details (name, date of birth, email address) and data about your interactions with other TikTok users.

How long and where is the data stored?

The storage duration and locations of the data collected by TikTok may vary significantly and are subject to TikTok’s privacy policies. TikTok may also store data on servers in the USA and other countries. The storage duration generally depends on legal requirements and internal policies. However, we have not yet been able to obtain precise information on how long data is stored. We will, of course, notify you as soon as we have more details.

How can I delete my data or prevent data storage?

If you have a TikTok account, you can manage your privacy settings directly on TikTok. You can specify which information can be shared and which cannot. Additionally, you can manage and disable cookies in your web browser to limit data collection. This is also possible without a TikTok account. Please note that this may affect the functionality of our website and your TikTok experience.

Legal Basis

If you have consented to the processing and storage of your data by TikTok, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining fast and effective communication with you or other customers and business partners. We use the embedded social media elements only if you have provided consent. TikTok may also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy notice regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

TikTok processes data in the USA as well. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may pose various risks to the legality and security of the data processing.

For data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically the USA), TikTok uses Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). These clauses are model templates provided by the EU Commission and are intended to ensure that your data meets European data protection standards even if transferred and stored in third countries (e.g., the USA). By agreeing to these clauses, TikTok commits to maintaining the European level of data protection even if data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the corresponding Standard Contractual Clauses here: EU Standard Contractual Clauses.

For more information about TikTok's privacy policy and data collection, visit the TikTok website: TikTok Privacy Policy and TikTok General Information.

Blogs and Publication Media Privacy Policy

Blogs and Publication Media Privacy Policy Summary

Affected Parties: Website visitors
Purpose: Display and optimization of our service, communication between website visitors, security measures, and management
Processed Data: Data such as contact information, IP addresses, and published content.
Storage Duration: Depends on the tools used
Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 S. 1 lit. b GDPR (Contract)

What are Blogs and Publication Media?

We use blogs or other communication tools on our website that allow communication both ways: between us and you, and vice versa. Data may also be stored and processed by us for this purpose. This may be necessary to display content, facilitate communication, and enhance security. In our privacy text, we explain generally what data might be processed. Exact details depend on the tools and functions used. You will find precise information on data processing in the privacy notices of individual providers.

Why do we use Blogs and Publication Media?

Our main goal with our website is to offer you interesting and exciting content, and we value your opinions and content as well. We aim to create good interactive communication between us and you. Through various blogs and publication options, we can achieve this. For example, you can comment on our content, respond to other comments, or, in some cases, write your own posts.

What data is processed?

The data processed depends on the communication functions we use. Commonly, the IP address, username, and the published content are stored. This is primarily done to ensure security, prevent spam, and address unlawful content. Cookies may also be used for data storage. These are small text files stored in your browser with information. More details about the collected and stored data can be found in the relevant sections of our privacy statement and the privacy policy of the respective provider.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on it. For example, post and comment functions store data until you withdraw consent for data storage. In general, personal data is only stored as long as necessary to provide our services.

Right to Object

You have the right at any time to withdraw your consent to the use of cookies or third-party communication tools. This can be done via our cookie management tool or other opt-out functions. You can also prevent data collection by managing, disabling, or deleting cookies in your browser.

As publication media may also use cookies, we recommend reading our general privacy statement about cookies. To learn which data is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

We use communication tools primarily based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in maintaining fast and effective communication with you or other customers, business partners, and visitors. If the tools are used for the execution or initiation of contractual relationships, the legal basis is also Art. 6 para. 1 S. 1 lit. b GDPR.

Certain processes, particularly the use of cookies and the use of comment or messaging functions, require your consent. If and to the extent you have consented to the processing and storage of your data by embedded publication media, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend reading our privacy text about cookies carefully and reviewing the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools can be found in the following sections, if available.

Blog Posts and Comment Functions Privacy Policy

There are various online communication tools that we use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on or write posts. If you use this function, your IP address may be stored for security reasons. This helps us protect ourselves from illegal content, such as insults, unauthorized advertising, or prohibited political propaganda. To identify whether comments are spam, we may also store and process user data based on our legitimate interest. If we conduct a survey, we also store your IP address for the duration of the survey to ensure that all participants vote only once. Cookies may also be used for the purpose of storing data. All data we store from you (such as content or information about your person) remains stored until you object.

Online Marketing Privacy Policy Introduction

Online Marketing Privacy Policy Summary

Affected parties: Website visitors
Purpose: Evaluation of visitor information to optimize the web offering.
Processed data: Access statistics, including data such as access locations, device data, duration and time of access, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found in the online marketing tool used.
Storage duration: Depends on the online marketing tools used
Legal bases: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all measures carried out online to achieve marketing goals, such as increasing brand awareness or making a business deal. Our online marketing efforts aim to make people aware of our website. In order to show our offering to as many interested people as possible, we engage in online marketing. This usually involves online advertising, content marketing, or search engine optimization. To use online marketing efficiently and purposefully, personal data is also stored and processed. The data helps us show our content only to those who are truly interested and allows us to measure the success of our online marketing efforts.

Why Do We Use Online Marketing Tools?

We want to show our website to everyone who is interested in our offering. We are aware that this is not possible without consciously implemented measures, which is why we engage in online marketing. There are various tools that help us with our online marketing efforts and provide improvement suggestions based on data. This allows us to better target our campaigns to our target audience. The goal of these online marketing tools is ultimately to optimize our offering.

What Data is Processed?

For our online marketing to work and to measure the success of measures, user profiles are created, and data is stored, for example, in cookies (small text files). Using this data, we can not only place traditional ads but also directly adjust our website content to present it in a way that is preferred by you. Various third-party tools offer these functions and collect and store data from you. Cookies may store which pages you visited on our website, how long you viewed those pages, which links or buttons you clicked, or from which website you came to ours. Technical information may also be stored, such as your IP address, the browser you use, the device from which you visit our website, and the time when you accessed and left our website. If you have agreed that we can also determine your location, we may also store and process this data.

Your IP address is stored in a pseudonymized form (i.e., shortened). Identifiable data, such as name, address, or email address, is also stored in pseudonymized form within the context of advertising and online marketing procedures. Thus, we cannot identify you as a person, but we only store the pseudonymized data in the user profiles.

Cookies may also be used on other websites that work with the same advertising tools, analyzed, and used for advertising purposes. The data may also be stored on the servers of the advertising tool providers.

In exceptional cases, identifiable data (such as name, email address, etc.) may be stored in user profiles. This occurs if you are a member of a social media channel that we use for our online marketing measures, and the network links previously entered data with the user profile.

For all advertising tools we use that store your data on their servers, we always receive only aggregated information and never data that identifies you as an individual. The data only shows how well the advertising measures performed. For example, we can see which actions led you or other users to visit our website and purchase a product or service. Based on these analyses, we can improve our advertising offerings in the future and better tailor them to the needs and wishes of interested parties.

Data Processing Duration

We will inform you about the duration of data processing further below, if we have more information on that. Generally, we process personal data only as long as it is necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted once you leave the website, while others can be stored in your browser for several years. You can find detailed information about the cookies used by each provider in their respective privacy policies.

Right to Object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The lawfulness of processing until withdrawal remains unaffected.

Since online marketing tools generally use cookies, we also recommend reading our general cookie privacy policy. To learn exactly which data is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have given consent for third-party providers to be used, the legal basis for the respective data processing is your consent. This consent constitutes the legal basis for processing personal data, as it occurs when using online marketing tools, according to Art. 6 (1) (a) GDPR (Consent).

Additionally, we have a legitimate interest in measuring online marketing measures in anonymized form to optimize our offering and actions based on the data. The corresponding legal basis is Art. 6 (1) (f) GDPR (Legitimate Interests). We only use the tools as long as you have given consent.

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For the European region, Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Facebook processes data from you, including in the USA. Facebook (Meta Platforms) is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Facebook uses so-called Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are meant to ensure that your data still complies with European data protection standards when transferred and stored in third countries (such as the USA). Facebook is committed to complying with European data protection standards during the processing of your relevant data, even if the data is stored, processed, and managed in the USA. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Facebook data processing terms that refer to the Standard Contractual Clauses can be found at https://www.facebook.com/legal/terms/dataprocessing.

More about the data processed through the use of Facebook Custom Audiences can be found in their privacy policy at https://www.facebook.com/about/privacy.

Google AdMob Privacy Policy

We use Google AdMob on our website, a mobile advertising tool. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). These clauses are templates provided by the EU Commission to ensure that your data complies with European data protection standards when transferred and stored in third countries (such as the USA). Google is committed to adhering to European data protection standards in the processing of your data. You can find the decision and relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

More about the data processed through the use of Google AdMob can be found in their privacy policy at https://policies.google.com/privacy?hl=de.

Google Marketing Platform (formerly DoubleClick) Privacy Policy

We use Google Marketing Platform products on our website. These include various marketing tools such as Data Studio, Surveys, Campaign Manager 360, Display & Video 360, and Search Ads 360. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which ensures the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Art. 46, Para. 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to the European data protection level when processing your relevant data, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at: https://business.safety.google/intl/de/adsprocessorterms/.

For more information about the data processed through Google Marketing Platform products, you can refer to the Privacy Policy at: https://policies.google.com/privacy?hl=en.

HubSpot Privacy Policy

We use HubSpot on our website, a tool for digital marketing. The service provider is the American company HubSpot, Inc., 25 First Street, 2nd Floor Cambridge, MA, USA. The company also has an office in Ireland at 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.

HubSpot processes your data, including in the USA. HubSpot is an active participant in the EU-US Data Privacy Framework, which ensures the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, HubSpot uses so-called Standard Contractual Clauses (Art. 46, Para. 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, HubSpot commits to adhering to the European data protection level when processing your relevant data, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Data Processing Agreement (DPA) that corresponds to the Standard Contractual Clauses can be found at: https://legal.hubspot.com/dpa.

For more information about the data processed through HubSpot, you can refer to the Privacy Policy at: https://legal.hubspot.com/de/privacy-policy.

HubSpot Data Processing Agreement (DPA)

We have concluded a Data Processing Agreement (DPA) with HubSpot in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read more about what a DPA is and what it contains in our general section “Data Processing Agreement (DPA).”

This agreement is legally required because HubSpot processes personal data on our behalf. It clarifies that HubSpot may only process the data they receive from us based on our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found at: https://legal.hubspot.com/dpa.

LinkedIn Insight-Tag Privacy Policy

LinkedIn Insight-Tag Privacy Policy Summary

Affected Parties: Visitors to the website
Purpose: Analysis of visitor information to optimize the web offering
Processed Data: Access statistics, including data such as location of access, device data, access duration, time, navigation behavior, click behavior, and IP addresses. More details are available below and in LinkedIn's privacy policy.
Retention Period: Direct identifiers through LinkedIn Insight-Tag are removed within seven days
Legal Bases: Art. 6 Para. 1 (a) GDPR (Consent), Art. 6 Para. 1 (f) GDPR (Legitimate Interests)

What is LinkedIn Insight-Tag?

We use the LinkedIn Insight-Tag conversion tracking tool on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection aspects in the European Economic Area (EEA), the EU, and Switzerland, the responsible company is LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland).

By embedding the tracking tool, data can be sent, stored, and processed by LinkedIn. In this privacy policy, we aim to inform you about what data is involved, how the network uses this data, and how you can manage or prevent the data storage.

LinkedIn is the largest social network for business contacts. Unlike Facebook, which focuses on social interaction, LinkedIn focuses solely on building business relationships. Companies can showcase their services and products on the platform and build business connections. Many people also use LinkedIn for job searches or to find suitable employees for their company. In Germany alone, the network has over 11 million members. In Austria, it has approximately 1.3 million members.

The LinkedIn conversion tracking tool is a small JavaScript code embedded on our website. This function helps us better tailor our advertising offer to your interests and needs. We aim to ensure that our advertising campaigns reach only those people who are interested in our offerings. With the LinkedIn Insight-Tag, we can collect detailed information about your website behavior if you are a LinkedIn member. This helps us understand which keywords, ads, ad groups, and campaigns on LinkedIn lead to desired customer actions. We can see how many customers interact with our ads on a device and then complete a conversion. This data allows us to calculate our return on investment, measure the success of individual advertising efforts, and optimize our online marketing measures. Additionally, we can use the data to make our website more attractive to you and further personalize our advertising offers to your needs.

What data is stored by LinkedIn Insight-Tag?

As mentioned above, we have embedded a conversion tracking tag or code snippet on our website to better analyze certain user actions. When you click on one of our LinkedIn ads, a cookie may be stored on your computer (typically in the browser) or mobile device. LinkedIn processes data using a combination of cookies and server-side functions.

Once you complete an action on the website, LinkedIn recognizes the cookie and stores your action as a "conversion." As long as you are browsing our website, both we and LinkedIn can identify that you came to our site through our LinkedIn ad. The cookie is read, and the conversion data is sent back to LinkedIn. It is also possible that additional cookies are used to measure conversions.

Along with your IP address, other information such as URL, referrer URL, device and browser properties, and timestamps are stored. The IP address is considered personal data and is anonymized or hashed by LinkedIn.

You may be wondering, what exactly are conversions? A conversion occurs when you go from being a purely interested website visitor to an engaged visitor. This happens when you click on our ad and then take another action, such as visiting our website or purchasing a product. Using LinkedIn's conversion tracking tool, we capture what happens after a user clicks on our LinkedIn ad. For example, we can see whether products are purchased, services are used, or if you sign up for our newsletter.

Additionally, demographic data you provide in your LinkedIn profile may be processed. This includes information about your profession, geographical location, industry, or company.

We receive statistical reports from LinkedIn, which show, for example, the total number of users who clicked on our ad and which campaigns performed well.

How long and where is the data stored?

In general, LinkedIn retains your personal data for as long as it deems necessary to provide its services. However, LinkedIn will delete your personal data once you delete your account. In certain exceptional cases, LinkedIn may retain some data in aggregated and anonymized form even after account deletion.

Direct identifiers through LinkedIn Insight-Tag are removed within seven days to pseudonymize the data. The resulting pseudonymized data is deleted within 180 days.

The data is stored on various servers in the United States and likely also in Europe.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time.

You can opt out of LinkedIn's conversion tracking. If you disable the cookie for Google conversion tracking via your browser or do not consent to data processing via the Consent Manager (pop-up), you block conversion tracking. In this case, you will not be included in the tracking statistics. You can change your cookie settings in your browser at any time. The procedure varies slightly by browser. Under the "Cookies" section, you'll find links to guides for the most common browsers.

You can also manage, modify, and delete your data in your LinkedIn account. Additionally, you can request a copy of your personal data from LinkedIn.

To access your LinkedIn account data:

Click on your profile icon in LinkedIn and choose "Settings & Privacy."
Go to the "Privacy" section and click "Change" under "How LinkedIn Uses Your Data."
You can quickly download selected data about your web activity and account history.

Legal Basis

If you have consented to the use of LinkedIn Insight-Tag, the legal basis for the corresponding data processing is your consent. According to Art. 6 (1) (a) GDPR (Consent), this consent serves as the legal basis for processing personal data that may be collected through the LinkedIn Insight-Tag.

Additionally, we have a legitimate interest in using LinkedIn Insight-Tag to optimize our online services and marketing efforts. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). However, we only use LinkedIn Insight-Tag to the extent that you have granted consent.

LinkedIn processes your data, including in the United States. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may involve various risks for the legality and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the United States) or for data transfers to such countries, LinkedIn uses Standard Contractual Clauses (SCC) under Art. 46 (2) and (3) GDPR. These clauses are model templates provided by the European Commission and are intended to ensure that your data remains in compliance with European data protection standards, even when transferred and stored in third countries (such as the United States). LinkedIn commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementation decision by the European Commission. You can find the decision and the relevant SCCs here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more information on LinkedIn's Standard Contractual Clauses, visit https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

More information about LinkedIn Insight-Tag can be found at https://www.linkedin.com/help/linkedin/answer/a427660. More details about the data processed through the use of LinkedIn Insight-Tag are available in LinkedIn's Privacy Policy at https://de.linkedin.com/legal/privacy-policy.

PayPal Marketing Solutions Privacy Policy

PayPal Marketing Solutions Privacy Policy Summary

Affected: Website visitors
Purpose: Optimizing our services
Processed data: Information such as IP address, registration and contact details, identification and signature data, payment information, etc. More details are provided below in this privacy policy.
Storage duration: Data is stored for as long as necessary to fulfill obligations and purposes.
Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is PayPal Marketing Solutions?

We use PayPal Marketing Solutions on our website. The service provider is PayPal Inc. The European entity responsible for this service is PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

PayPal Marketing Solutions allows us to conduct targeted marketing campaigns to better promote our services or products. Founded in 1998, PayPal is one of the largest and most well-known online payment service providers globally, with over 325 million active customers. PayPal Marketing Solutions is an additional service offered by the company beyond payment processing.

Why do we use PayPal Marketing Solutions on our website?

We use PayPal Marketing Solutions to provide you with the best possible service and user experience (UX) on our website. This also means delivering content and advertisements that truly interest you. PayPal Marketing Solutions enables us to tailor ads and other content to your preferences and interests. This helps us deliver better content and achieve our business goals more effectively and efficiently.

What data is processed by PayPal Marketing Solutions?

PayPal distinguishes various categories of personal data processed through the service. These include registration and contact details, identification and signature data, payment information, imported contact information, data from your profile, device data like your IP address, location data, and derived data. Derived data refers to information derived from transactions or other data, such as purchasing habits, behavioral patterns, creditworthiness, or personal preferences.

Additionally, PayPal and its partners use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and conduct analyses for interest-based advertising.

How long and where are the data stored?
In principle, PayPal stores data for as long as necessary to fulfill its obligations and within the scope of the intended purpose. Personal data necessary for the customer relationship will be stored for up to 10 years after the relationship ends. If PayPal is subject to a legal obligation, the retention period for personal data follows the applicable law (e.g., insolvency law). PayPal also stores personal data as long as necessary if retention is advisable in relation to legal disputes.

Since PayPal is a global company, it has data centers worldwide where your data may be stored. This means your data may also be stored outside your country and outside the scope of the GDPR on PayPal servers.

How can I delete my data or prevent data storage?
You have the right to access, correct, delete, or restrict the processing of your personal data at any time. You can also withdraw your consent for data processing at any time.

If you want to deactivate, delete, or manage cookies in general, you can find the relevant links to instructions for the most common browsers under the "Cookies" section.

Legal Basis
The use of PayPal Marketing Solutions requires your consent, which we obtain through our cookie pop-up. According to Article 6 (1) (a) GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as may occur with the collection by PayPal Marketing Solutions.

In addition to consent, we also have a legitimate interest in analyzing website visitor behavior and improving our services both technically and economically. The legal basis for this is Article 6 (1) (f) GDPR (Legitimate Interests). We use PayPal Marketing Solutions only to the extent that you have granted consent.

PayPal processes your data, including in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This could involve various risks regarding the lawfulness and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA), or for data transfer to these countries, PayPal uses Standard Contractual Clauses (Article 46, Paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data continues to meet European data protection standards when transferred and stored in third countries (e.g., the USA). With these clauses, PayPal commits to ensuring the European level of data protection when processing relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding SCCs here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information about the Standard Contractual Clauses at PayPal and the data processed by PayPal Marketing Solutions, refer to the Privacy Policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Affiliate Programs Introduction
Affiliate Programs Privacy Policy Summary
Affected Parties: Website visitors
Purpose: Economic success and optimization of our services
Processed Data: Access statistics, including location data, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed.
Retention Period: Personal data is generally stored by affiliate programs until it is no longer needed.
Legal Basis: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (f) GDPR (Legitimate Interests)

What are Affiliate Programs?
We use affiliate programs from various providers on our website. When using an affiliate program, your data may be transferred, stored, and processed by the respective affiliate program provider. This privacy notice provides a general overview of data processing by affiliate programs and explains how you can stop or withdraw consent for data transmission.

Each affiliate program (also known as an affiliate marketing program) is based on the principle of commission-based mediation. On our website, a link or an advertisement with a link is placed. If you click on it and purchase a product or service through this link, we receive a commission (advertising cost reimbursement).

Why do we use affiliate programs on our website?
Our goal is to provide you with a pleasant experience with many helpful contents. We invest considerable time and effort into developing our website. With affiliate programs, we can be compensated for our work. Every affiliate link is of course relevant to our topic and shows offers that you might be interested in.

Which data is processed?
To track whether you clicked on one of our affiliate links, the affiliate program provider must be informed that it was you who followed the link from our website. Correct attribution of affiliate program links to actions (such as a purchase, conversion, impression, etc.) is necessary for commission billing to work.

For this attribution, a value may be appended to a link (in the URL) or information stored in cookies. This typically stores data like the referring page, the time of the click, a reference to our website, the offer concerned, and a user ID.

When you interact with products and services from an affiliate program, the provider will also collect data about you. The exact data stored depends on the individual providers. For example, the Amazon affiliate program distinguishes between active and automatic information. Active information includes name, email address, phone number, age, payment information, or location. Automatically stored information may include user behavior, IP address, device information, and the URL.

Data Retention Duration
We will inform you about the data retention duration below if we have further information. In general, personal data is processed only as long as necessary to provide the services and products. Data stored in cookies may be stored for varying lengths of time. Some cookies are deleted immediately after leaving the website, while others may remain in your browser for several years unless actively deleted. The exact duration depends on the provider, and most providers should store data for several years. You can usually find more information about the duration of data processing in the respective privacy policies of the providers.

Right to Object
You have the right to access, correct, or delete your personal data at any time. You can also contact the affiliate program provider's responsible party if you have questions. Contact information can be found in our specific privacy policy or on the provider's website.

Cookies used by providers for their functions can be deleted, deactivated, or managed in your browser. Depending on the browser you use, this process differs.

Legal Basis
If you have consented to the use of affiliate programs, the legal basis for processing your data is your consent. According to Article 6 (1) (a) GDPR (Consent), this consent is the legal basis for processing personal data, as it may occur during data collection through an affiliate program.

Additionally, we have a legitimate interest in using affiliate programs to optimize our online service and marketing measures. The legal basis for this is Article 6 (1) (f) GDPR (Legitimate Interests). We will use the affiliate program only if you have granted consent.

Information about specific affiliate programs will be provided in the following sections, if available.

Amazon Affiliate Program Privacy Policy

Summary of the Amazon Affiliate Program Privacy Policy
Affected individuals: Visitors to the website
Purpose: Economic success and optimization of our services.
Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed.
Retention period: Personal data is stored by Amazon until it is no longer needed.
Legal basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is the Amazon Affiliate Program?
We use the Amazon Affiliate Program, provided by Amazon.com, Inc. The responsible entities for the purposes of this privacy policy are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l., Amazon Media EU S.à.r.l., all based at 5, Rue Plaetis, L-2338 Luxembourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, acts as the data processor. By using this Amazon Affiliate Program, your data may be transferred, stored, and processed by Amazon.

In this privacy policy, we inform you about what data is processed, why we use the program, and how you can manage or stop the data transfer.

The Amazon Affiliate Program is an affiliate marketing program by the online retailer Amazon.de. Like any affiliate program, the Amazon Affiliate Program is based on the principle of referral commissions. Amazon or we place advertisements or partner links on our website, and if you click on them and purchase a product via Amazon, we receive a commission (advertising reimbursement).

Why do we use the Amazon Affiliate Program on our website?
Our goal is to provide you with a pleasant experience and valuable content. We put a lot of work and energy into developing our website. With the help of the Amazon Affiliate Program, we can also be compensated for our work. Each partner link to Amazon is relevant to our topic and shows offers that may interest you.

What data is collected through the Amazon Affiliate Program?
Once you interact with Amazon products and services, Amazon collects data from you. Amazon differentiates between information you actively provide and information automatically collected and stored. “Active information” includes your name, email address, phone number, age, payment information, and location. “Automatic information” is primarily collected via cookies, such as user behavior, IP address, device information (browser type, location, operating systems), or URL. Amazon also stores the clickstream, which refers to the sequence of pages you visit before reaching a product. To track the origin of a purchase, Amazon places cookies in your browser. This allows Amazon to recognize that you clicked on an advertisement or partner link from our website.

If you have an Amazon account and are logged in while browsing our website, the collected data can be associated with your account. You can prevent this by logging out of your Amazon account before browsing our website.

Here are examples of cookies that will be set in your browser when you click on an Amazon link on our website:

Name: uid
Value: 3230928052675285215122693978-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiration: After 2 months
Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com for various advertising purposes.
Expiration: After 8 months
Name: uuid2
Value: 8965834524520213028122693978-2
Purpose: This cookie enables targeted and interest-based advertising via the AppNexus platform. It collects and stores anonymous data about which ads you clicked on and which pages you visited.
Expiration: After 3 months
Name: session-id
Value: 262-0272718-2582202122693978-1
Purpose: This cookie stores a unique user ID assigned by the server during a website visit (session). When you visit the same page again, the information stored is retrieved.
Expiration: After 15 years
Name: APID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information on how you use a website and which ads you viewed before visiting the website.
Expiration: After 1 year
Name: session-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie captures the time you spend on a webpage with a unique cookie ID.
Expiration: After 2 years
Name: csm-hit
Value: 2082754801l
Purpose: We cannot retrieve exact information about this cookie.
Expiration: After 15 years

Note: This list shows sample cookies and is not comprehensive.

Amazon uses the collected data to better target ads to users' interests.

How long and where is the data stored?
Amazon stores personal data for as long as necessary for Amazon’s business services or as required by legal obligations. Since Amazon is headquartered in the U.S., the collected data is also stored on U.S. servers.

How can I delete my data or prevent data storage?
You have the right to access and delete your personal data at any time. If you have an Amazon account, you can manage or delete much of the collected data within your account.

Another option for managing data processing and storage according to your preferences is through your browser. You can manage, disable, or delete cookies there. This process varies depending on the browser you use. Under the "Cookies" section, you will find links to guides for the most popular browsers.

Legal basis
If you have consented to the use of the Amazon Affiliate Program, the legal basis for processing your data is this consent. According to Article 6(1)(a) GDPR (Consent), this consent serves as the legal basis for the processing of personal data that may be collected by the Amazon Affiliate Program.

Additionally, we have a legitimate interest in using the Amazon Affiliate Program to optimize our online service and marketing activities. The corresponding legal basis is Article 6(1)(f) GDPR (Legitimate Interests). We use the Amazon Affiliate Program only to the extent you have given consent.

Amazon processes your data, including in the U.S. Amazon is an active participant in the EU-U.S. Data Privacy Framework, which governs the correct and secure transfer of personal data from EU citizens to the U.S. More information on this can be found at EU Commission.

Furthermore, Amazon uses Standard Contractual Clauses (Article 46(2) and 3 GDPR). These are model clauses provided by the European Commission to ensure that your data continues to meet European data protection standards, even when transferred and stored in third countries (e.g., the U.S.). By adhering to the EU-U.S. Data Privacy Framework and Standard Contractual Clauses, Amazon commits to maintaining the European level of data protection even when data is stored, processed, and managed in the U.S. These clauses are based on an implementation decision by the EU Commission. You can find the decision and corresponding Standard Contractual Clauses here: EUR-Lex.

The Amazon Data Processing Agreement (AWS GDPR DATA PROCESSING), which corresponds to the Standard Contractual Clauses, can be found at AWS GDPR DPA.

We hope we have provided you with the key information regarding data transfer through the use of the Amazon Affiliate Program. For more information, please visit Amazon Help.

Security & Anti-Spam Privacy Policy

Summary

Affected parties: Website visitors
Purpose: Cybersecurity
Processed data: Data such as your IP address, name, or technical data like browser version
Storage duration: Data is usually stored until no longer required for service provision
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What is Security & Anti-Spam Software?

Security & Anti-Spam software helps protect both you and us from various spam or phishing emails and other potential cyberattacks. Spam refers to unsolicited advertising emails sent in bulk. These are also known as "data waste" and can lead to additional costs. Phishing emails, on the other hand, are designed to trick recipients with fake messages or websites to steal personal data. Anti-Spam software typically blocks unwanted spam or malicious emails that might introduce viruses into our system. We also use general firewall and security systems to protect our computers from unauthorized network attacks.

Why Do We Use Security & Anti-Spam Software?

We place great emphasis on security on our website. It's not just about our safety but primarily yours. Cyber threats are now a regular part of IT and internet life. Hackers often attempt to steal personal data from IT systems through cyberattacks. Therefore, an effective defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. In addition to standardized security systems on our computers, we also use external security services to increase our protection against cyberattacks. Unauthorized data traffic is better blocked, helping us defend against cybercrime.

What Data is Processed by Security & Anti-Spam Software?

The exact data collected and stored depends on the specific service used. However, we always strive to use services that collect minimal data and store only what is necessary to provide the service. Generally, the service may store data such as name, address, IP address, email address, and technical information like browser type or browser version. Performance and log data may also be collected to identify incoming threats. These data are processed within the service and in accordance with applicable laws, including the GDPR for US providers (through Standard Contractual Clauses). Some security services may collaborate with third parties who can store and/or process data under the provider's instructions, following privacy policies and additional security measures. Data is often stored through cookies.

Duration of Data Processing

We will provide more information about data processing duration below if available. For example, security programs store data until you or we revoke the data storage. In general, personal data is only stored as long as necessary to provide the services. In many cases, we lack precise information from providers on the storage duration.

Right to Object

You have the right to withdraw your consent for the use of cookies or third-party security software at any time. This can be done via our cookie management tool or other opt-out functions. For instance, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since security services may also use cookies, we recommend reading our general cookie privacy statement. To learn more about the specific data stored and processed, you should refer to the privacy policies of the respective tools.

Legal Basis

We primarily use security services based on our legitimate interests (Art. 6(1)(f) GDPR) in having a robust system against various cyberattacks.

Certain processing, especially the use of cookies and security functions, requires your consent. If you have consented to the processing and storage of data by integrated security services, this consent serves as the legal basis for the data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data, so we recommend reading our cookie privacy statement and the privacy policy or cookie guidelines of the respective service provider.

Google reCAPTCHA Privacy Policy

Summary

Affected parties: Website visitors
Purpose: Optimize our service and protect against cyberattacks
Processed data: Data such as IP address, browser information, operating system, limited location, and usage data
Storage duration: Depends on the stored data
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What is reCAPTCHA?

Our primary goal is to secure and protect our website for both you and us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can verify that you are indeed a human and not a robot or other spam software. Spam refers to any unwanted electronic communication that is sent without solicitation. While traditional CAPTCHAs required users to solve text or image puzzles for verification, reCAPTCHA usually just asks you to check a box confirming you are not a bot. The new Invisible reCAPTCHA doesn't even require checking the box.

reCAPTCHA is a free CAPTCHA service from Google that protects websites from spam software and misuse by non-human visitors. This service is often used when you fill out forms online. CAPTCHA is a type of automatic Turing test designed to ensure that a task on the internet is being performed by a human, not a bot. Traditional CAPTCHAs present small tasks that are easy for humans to solve but difficult for machines. With reCAPTCHA, you don't actively solve puzzles; instead, it uses advanced risk techniques to differentiate humans from bots. It uses a JavaScript element embedded in the website source code, running in the background and analyzing your user behavior. From these actions, the software calculates a CAPTCHA score, which Google uses to determine the likelihood of you being human even before you enter the CAPTCHA. reCAPTCHA is used whenever bots might manipulate or misuse actions like registrations or surveys.

Why do we use reCAPTCHA on our website?

We only want to welcome real humans to our site. Bots or spam software of any kind are not welcome here. Therefore, we take all necessary precautions to protect ourselves and offer the best possible user experience for you. That’s why we use Google’s reCAPTCHA service. This ensures that we can stay a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are indeed a human. reCAPTCHA is thus for the security of our website, and indirectly, for your security as well. For example, without reCAPTCHA, a bot could register many email addresses during a sign-up process, only to later "spam" forums or blogs with unwanted advertisements. With reCAPTCHA, we can prevent such bot attacks.

What data is collected by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether actions on our website are truly human. It may send data such as your IP address and other information that Google needs for the reCAPTCHA service. IP addresses are usually anonymized within the member states of the EU or other signatories of the European Economic Area Agreement before the data is sent to servers in the United States. The IP address is not combined with other data from Google unless you are signed into your Google account while using reCAPTCHA. The reCAPTCHA algorithm first checks whether your browser already has Google cookies from other Google services (e.g., YouTube, Gmail). Then, reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.

The following list of browser and user data collected is not exhaustive. It contains examples of data that, to our knowledge, are processed by Google:

Referrer URL (the address of the page from which the visitor comes)
IP address (e.g., 256.123.123.1)
Information about the operating system (the software enabling your computer's operation, e.g., Windows, Mac OS X, or Linux)
Cookies (small text files storing data in your browser)
Mouse and keyboard behavior (any action you take with the mouse or keyboard is recorded)
Date and language settings (your PC’s preset language or date settings)
All JavaScript objects (JavaScript is a programming language allowing websites to adapt to the user. JavaScript objects can store various data under one name)
Screen resolution (indicating the number of pixels on your display)

It is undisputed that Google uses and analyzes this data even before you click the "I am not a robot" checkbox. In the case of the invisible reCAPTCHA version, even the checkbox is omitted, and the whole recognition process runs in the background. How much and what data Google exactly stores is not disclosed in detail by Google.

Cookies used by reCAPTCHA:

We refer to Google’s reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Below is a list of cookies set by Google reCAPTCHA in the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-122693978-8
Purpose: This cookie is set by DoubleClick (also owned by Google) to register and report user actions on the website related to advertisements. This helps measure ad effectiveness and optimize it. IDE is stored under the domain doubleclick.net.
Expiration: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. It also helps display relevant advertisements and prevents users from seeing the same ad repeatedly.
Expiration: after one month
Name: ANID
Value: U7j1v3dZa1226939780xgZFmiqWppRWKOr
Purpose: Not much information is available about this cookie. In Google’s privacy policy, this cookie is mentioned in connection with advertising cookies such as "DSID", "FLC", "AID", and "TAID". ANID is stored under the domain google.com.
Expiration: after 9 months
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the user’s consent status for using different Google services. CONSENT is also used for security, verifying users, preventing login fraud, and protecting user data from unauthorized access.
Expiration: after 19 years
Name: NID
Value: 0WmuWqy122693978zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to personalize ads based on your Google search activity. It helps Google "remember" your most frequent search queries or past interactions with ads, tailoring the ads you see.
Expiration: after 6 months
Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc122693978-4
Purpose: Once you check the "I am not a robot" box, this cookie is set. It is used by Google Analytics for personalized ads, collecting information in an anonymized form. It helps differentiate users.
Expiration: after 10 minutes

Note: This list is not exhaustive, as Google frequently changes its cookies.

How long and where is data stored?

When reCAPTCHA is integrated, your data is transferred to Google servers. Google does not clarify exactly where this data is stored, even after repeated inquiries. Without confirmation from Google, it is assumed that data like mouse interaction, time spent on the site, or language settings are stored on European or American Google servers. The IP address transmitted by your browser to Google is not merged with other Google data unless you are logged into your Google account while using reCAPTCHA.

How can I delete my data or prevent data storage?

If you do not want data about you and your behavior to be transmitted to Google, you must log out of Google completely before visiting our site or using the reCAPTCHA software, and delete all Google cookies. Data is transmitted to Google automatically when you visit our page. To delete this data, you must contact Google Support at https://support.google.com/?hl=en&tid=122693978.

By using our website, you consent to Google LLC and its representatives automatically collecting, processing, and using your data.

Please note that when using this tool, data may also be stored and processed outside of the EU. Most third countries (including the USA) are considered unsafe under current European data protection law. Therefore, data cannot simply be transferred to and processed or stored in unsafe third countries unless appropriate safeguards (such as EU standard contractual clauses) exist between us and the non-European service provider.

Legal Basis

If you consent to the use of Google reCAPTCHA, the legal basis for data processing is your consent. According to Art. 6, para. 1, lit. a DSGVO (General Data Protection Regulation), this consent provides the legal foundation for processing personal data, as might occur during the collection by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimize and secure our online service. The legal basis for this is Art. 6, para. 1, lit. f DSGVO (Legitimate Interests). We use Google reCAPTCHA only if you have provided consent.

Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (Art. 46, para. 2 and 3 DSGVO). These clauses, provided by the EU Commission, ensure that your data complies with European data protection standards when transferred to third countries like the USA. More details about the decision and standard contractual clauses can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which refer to these standard clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

You can learn more about reCAPTCHA on Google’s Developer page at https://developers.google.com/recaptcha/. Although Google provides technical details about reCAPTCHA, specific information about data storage and privacy issues is not disclosed. For a general overview of Google’s data use, refer to their privacy policy at https://policies.google.com/privacy.

Cloud Services

Cloud Services Privacy Policy Summary
Affected parties: Us as the website operator and you as the website visitor
Purpose: Security and data storage
Processed data: Data such as your IP address, name, or technical data like browser version
Further details can be found below in the individual privacy texts or in the privacy policies of the providers
Storage duration: Most data will be stored until it is no longer needed to provide the service
Legal basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate interests)

What are Cloud Services?

Cloud services provide us as website operators with storage space and computing power via the internet. Data can be transferred, processed, and stored on an external system through the internet. The relevant cloud provider manages this data. Depending on the requirements, an individual or a company can choose the storage capacity or computing power. Access to cloud storage is done via an API or storage protocols. API stands for Application Programming Interface, which is a software interface that connects software and hardware components.

Why do we use Cloud Services?

We use cloud services for several reasons. A cloud service allows us to store our data securely. Additionally, we can access the data from various locations and devices, giving us more flexibility and streamlining our workflows. Cloud storage also saves us costs because we don't need to build and manage our own infrastructure for data storage and security. By centrally storing our data in the cloud, we can also expand our application fields and manage our information much more efficiently.

As website operators or as a company, we primarily use cloud services for our own purposes. For example, we use the services to manage our calendar, store documents, or other important information in the cloud. However, personal data of yours may also be stored in the process. For instance, if you provide us with your contact details (such as your name and email address), and we store our customer data with a cloud provider. Consequently, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies for web analysis and advertising purposes may also be set. Furthermore, such cookies remember your settings (such as the language used) so that when you visit our website again, you can experience your usual web environment.

What data is processed by Cloud Services?

Many of the data we store in the cloud are not personally identifiable, but some data are considered personal data under the GDPR definition. These often include customer data like name, address, IP address, or phone number, as well as technical device information. Videos, images, and audio files may also be stored in the cloud. The specific way data is collected and stored depends on the service provider. We aim to use only services that are highly trustworthy and professional in handling data. In general, services like Amazon Drive have access to the stored files to provide their service accordingly. However, these services need permissions, such as the right to copy files for security reasons. This data is processed and managed as part of the services in compliance with applicable laws, including the GDPR for US-based providers (via standard contractual clauses). These cloud services may also work with third parties who may process data under instruction and in compliance with privacy policies and additional security measures. We want to emphasize again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) have the right to access stored content to offer and optimize their services.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. Generally, cloud services store data until you or we revoke the data storage or the data is deleted. Personal data are generally stored only as long as necessary to provide the services. However, permanent deletion of data from the cloud may take several months because the data is usually not stored on a single server, but distributed across multiple servers.

Right to Object

You have the right and the option to withdraw your consent for data storage in a cloud at any time. If cookies are used, you also have the right to object here. This can be done either via our cookie management tool or other opt-out features. For example, you can prevent data collection by cookies by managing, deactivating, or deleting the cookies in your browser. We also recommend reviewing our general privacy policy on cookies. To find out what data is stored and processed about you, you should read the privacy policies of the respective cloud providers.

Legal Basis

We use cloud services primarily based on our legitimate interests (Article 6(1)(f) GDPR) in having a good security and storage system.

Certain processes, especially the use of cookies and the use of storage features, require your consent. If you have consented to the processing and storage of your data by cloud services, this consent serves as the legal basis for data processing (Article 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend you carefully read our privacy text about cookies and review the privacy policy or cookie guidelines of the respective service provider.

Google Cloud Privacy Policy

We use Google Cloud for our website, an online storage service for files, photos, and videos. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information on this can be found at EU Commission link.

Furthermore, Google uses standard contractual clauses (= Article 46(2) and (3) GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission to ensure that your data also complies with European data protection standards when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to adhering to the European data protection level when processing your relevant data, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: EU Lex

Google maintains a processing agreement under Article 28 GDPR, which serves as the data protection legal basis for our customer relationship with Google. This agreement refers to the EU standard contractual clauses. You can find the processing conditions here: Google Ads Processor Terms

Learn more about the data processed by Google Cloud in their Privacy Policy: Google Privacy Policy.

Payment Providers Introduction
Payment Providers Privacy Policy Summary
Affected parties: Website visitors
Purpose: Enabling and optimizing the payment process on our website
Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data
Further details can be found with the respective payment provider tool.
Storage duration: Depends on the payment provider used
Legal basis: Article 6(1)(b) GDPR (Performance of a contract)

What is a Payment Provider?

We use online payment systems on our website that enable us and you to have a secure and smooth payment process. Personal data may be sent, stored, and processed by the respective payment provider. Payment providers are online systems that allow you to make payments through online banking. The payment is processed by the chosen payment provider, and we are notified about the completed transaction. This method can be used by anyone with an active online banking account with PIN and TAN. Most banks now accept such payment methods.

Why do we use Payment Providers on our Website?

We aim to provide the best possible service on our website and online store, so you can enjoy using our site. We understand that your time is valuable, and especially payment processes need to be quick and smooth. For these reasons, we offer a variety of payment providers, allowing you to choose your preferred one and pay in your usual manner.

Which Data is Processed?

The data processed depends on the respective payment provider. Generally, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary to conduct a transaction. Contract and user data, such as when you visit our website, what content you are interested in, or which subpages you click, may also be stored. Most payment providers also store your IP address and computer information.

The data is usually stored and processed on the servers of the payment providers. As website operators, we do not receive these data. We are only informed about whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. All payment transactions are subject to the terms and conditions and privacy policies of the respective provider. Therefore, always check the terms and privacy policy of the payment provider. You also have the right to delete or correct your data at any time. Please contact the service provider regarding your rights (right of withdrawal, right of access, and right of rectification).

Duration of Data Processing

We will inform you about the duration of data processing below if we have further information. In general, we process personal data only as long as necessary for providing our services and products. If required by law, such as for accounting purposes, this retention period may be extended. For example, we retain invoices, contracts, and bank statements for 10 years (Section 147 AO) and other relevant business documents for 6 years (Section 247 HGB).

Right to Object

You always have the right to request information, correction, and deletion of your personal data. You can also contact the respective payment provider at any time regarding your rights. Contact details are available in our specific privacy policy or on the website of the relevant payment provider.

Cookies used by payment providers can be deleted, deactivated, or managed in your browser. Depending on the browser you use, this process differs. However, please note that this may prevent the payment process from working correctly.

Legal Basis

We offer other payment service providers in addition to traditional banks and credit institutions to handle contractual and legal relationships (Article 6(1)(b) GDPR). The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide a detailed overview of data processing and data storage. You can also contact the relevant parties with any questions regarding privacy issues.

EPS Transfer Privacy Policy
We use EPS transfer on our website, an online payment service. The service provider is the Austrian company Stuzza GmbH, Frankgasse 10/8, 1090 Vienna, Austria. For more information about the data processed through the use of EPS transfer, please refer to the privacy policy at https://eservice.psa.at/de/datenschutzerklaerung.html.

Giropay Privacy Policy
We use the online payment provider Giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany.
For more information about the data processed through the use of Giropay, please refer to the privacy policy at https://www.giropay.de/agb/index.html.

Google Pay Privacy Policy
We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Google uses Standard Contractual Clauses (Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data continues to meet European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The data processing terms for Google Ads (Google Ads Controller-Controller Data Protection Terms), which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/adscontrollerterms/.
For more information about the data processed through the use of Google Pay, please refer to the privacy policy at https://policies.google.com/privacy.

Klarna Checkout Privacy Policy
Summary of Klarna Checkout Privacy Policy
Affected: Website visitors
Purpose: Optimization of the payment process on our website
Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data
For more details, please refer to the privacy policy below.
Storage period: Data is stored as long as Klarna needs it for processing purposes.
Legal bases: Art. 6 Para. 1 lit. c GDPR (legal obligation), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Klarna Checkout?
We use the online payment system Klarna Checkout from the Swedish company Klarna Bank AB on our website. Klarna Bank is headquartered at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose this service, personal data will be sent, stored, and processed by Klarna. This privacy policy provides an overview of the data processing by Klarna.

Klarna Checkout is a payment system for orders in an online store. The user selects the payment method, and Klarna Checkout handles the entire payment process. After a user makes a payment through the system and provides the relevant data, future online purchases can be made more quickly and easily. The Klarna system then recognizes the existing customer after entering their email address and postal code.

Why do we use Klarna Checkout on our website?
Our goal with our website and integrated online store is to provide you with the best possible service. This includes a seamless, fast, and secure payment process for your orders. To ensure this, we use the Klarna Checkout payment system.

What data is stored by Klarna Checkout?
When you choose Klarna for payment, you also transmit personal data to the company. Technical data such as browser type, operating system, our website address, date and time, language settings, timezone settings, and IP address will be collected and transmitted to Klarna's servers, where it is stored. This data is also stored even if you haven't completed an order.

If you order a product or service through our store, you must enter personal information in the required fields. This data is processed by Klarna for payment processing. To perform creditworthiness and identity checks, Klarna may store and process the following personal data (as well as general product information):

Contact details: name, date of birth, national ID number, title, billing and shipping address, email address, phone number, nationality, or salary
Payment information: credit card details or account number
Product information: tracking number, type of item, and price
Optional data such as political, religious, or ideological beliefs or health data may also be collected if you choose to provide it.

Klarna may also collect data related to the goods or services you purchase or order from third parties (such as us or public databases), such as tracking numbers, the type of item purchased, and credit or income information. Klarna may share your personal data with service providers such as software providers, data storage providers, or us as the merchant.

How long and where is data stored?
Klarna strives to store your data within the EU or the European Economic Area (EEA). However, data may be transferred outside the EU/EEA. If this happens, Klarna ensures that the data protection complies with the GDPR and that the third country is subject to an adequacy decision by the European Union. Data is stored as long as Klarna needs it for processing purposes.

How can I delete my data or prevent data storage?
You can withdraw your consent for Klarna to process your personal data at any time. You also have the right to access, correct, and delete your personal data. To do this, you can contact Klarna or its data protection team by email at datenschutz@klarna.de. You can also contact Klarna directly via the "My Data Request" section on their website.

Cookies used by Klarna can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this process varies. See the section on "Cookies" for instructions for the most common browsers.

Legal basis
To fulfill contractual or legal obligations (Art. 6 Para. 1 lit. b GDPR), we offer the payment service provider Klarna Checkout alongside traditional banks/credit institutions.

We hope this provides you with a good overview of Klarna's data processing. For more information on how your data is handled, we recommend the Klarna Privacy Policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

PayPal Privacy Policy

Summary

Affected parties: Website visitors
Purpose: Optimization of the payment process on our website
Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contractual data may be processed.
Data retention period: Data is generally retained until the collaboration with PayPal is terminated
Legal basis: Article 6(1)(b) GDPR (Contract performance), Article 6(1)(a) GDPR (Consent)

What is PayPal?
We use the PayPal online payment service on our website. The service provider is the American company PayPal Inc. For the European region, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

PayPal allows users to send and receive money electronically. The company, founded in 1998, has grown to become one of the largest and most well-known online payment service providers globally, with over 325 million active customers.

Why do we use PayPal on our website?
There are several reasons why we use PayPal and offer it on our website. Since PayPal is one of the most well-known online payment providers, many of our website visitors use and trust this service. PayPal also offers high-security standards for digital money transfers, utilizing various encryption methods to protect your personal data. We also appreciate the user-friendly interface of PayPal and the ability to make international payments in different currencies. Transactions are usually completed quickly, which benefits both us and our customers.

What data is processed by PayPal?
PayPal distinguishes several categories of personal data that may be processed when using the service. These include registration and contact details, identification and signature data, payment information, imported contact data, account profile data, device data such as your IP address, location data, and so-called derived data. Derived data includes information that can be inferred from transactions or other data, such as purchasing habits, behavior patterns, creditworthiness, or personal preferences.

There are also personal data collected from third parties (e.g., identity verification services, fraud detection providers, or your bank). This data includes information from credit agencies, transaction data, legal regulatory information, technical usage data, location data, and derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize users, personalize content, and conduct analysis for interest-based advertising.

How long and where is the data stored?
PayPal stores data for as long as necessary to fulfill its obligations and for the intended purpose. Personal data essential for customer relationships is stored for up to 10 years after the relationship ends. If PayPal is legally obligated, the retention period for personal data follows applicable laws (e.g., insolvency law). PayPal also stores personal data for as long as necessary if retention is advisable for legal disputes.

Since PayPal is a global company, it has data centers worldwide where your data may be stored. This means that your data can also be stored outside your country and outside the scope of the GDPR on PayPal servers.

How can I delete or prevent the storage of my data?
You have the right to request information, correction, deletion, or restriction of the processing of your personal data at any time. You can also withdraw consent to data processing at any time.

If you want to disable, delete, or manage cookies, you can find the corresponding links to instructions for the most common browsers under the "Cookies" section.

Legal Basis
We have a legitimate interest in integrating PayPal as an external payment service to make our offering more attractive and technically and economically improve it. The legal basis for this is Article 6(1)(f) GDPR (Legitimate interests). We would like to point out that you can only use PayPal if you enter into a contractual relationship with PayPal. This may require additional privacy and contractual statements (e.g., consent).

PayPal processes your data, including in the USA. We would like to note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This could entail various risks for the legality and security of the data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically in the USA) or for data transfers to such countries, PayPal uses so-called Standard Contractual Clauses (= Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are meant to ensure that your data still complies with European data protection standards when transferred and stored in third countries (such as the USA). Through these clauses, PayPal commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: Link to SCC.

For more information on the Standard Contractual Clauses and the data processed by PayPal, please visit the Privacy Policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Shop Pay Privacy Policy

We use Shop Pay on our website, an online payment solution service. The service provider is the American company Shopify Inc. For the European region, the responsible entity is Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is primarily carried out by Shop Pay. This may result in data not being anonymized during processing and storage. Additionally, U.S. government authorities may have access to certain data. Furthermore, it is possible that these data will be linked with data from other Shop Pay services where you have a user account.

For more information about the data processed by using Shop Pay, refer to the Privacy Policy at https://www.shopify.de/legal/datenschutz.

Visa Privacy Policy

We use Visa, a globally operating payment provider, on our website. The service provider is the American company Visa Inc. For the European region, Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, UK) is responsible.

Visa processes your data, including in the USA. Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can carry various risks for the legality and security of the data processing.

For data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically the USA), Visa uses Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the European Commission to ensure that your data complies with European privacy standards even when transferred and stored in third countries like the USA. By these clauses, Visa commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information about Visa's Standard Contractual Clauses, visit https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For further details on the data processed by Visa, refer to their Privacy Policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

External Online Platforms Privacy Policy Summary

Affected individuals: Visitors to the website and visitors of external online platforms
Purpose: Presentation and optimization of our services, contact with visitors and prospects
Processed data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address.
Storage duration: Depends on the platform used
Legal bases: Art. 6 (1) lit. a GDPR (consent), Art. 6 (1) lit. f GDPR (legitimate interest)

What are external online platforms?

To offer our services or products beyond our website, we also use external platforms. These are usually online marketplaces like Amazon or eBay. In addition to our responsibility for data protection, the data protection regulations of the platforms we use also apply, especially when our products are purchased through these platforms (i.e., when a payment transaction occurs). Moreover, most platforms also use your data to optimize their own marketing efforts. For example, the platform may tailor ads to your interests using the data collected.

Why do we use external online platforms?

We want to reach more customers and offer our products on platforms like Amazon, eBay, or Digistore24, as they provide large sales websites that introduce our products to people who might not know our website. Some elements on our website may also link to external online platforms. Data processed and stored by these platforms helps record the payment transaction and enables web analytics to optimize marketing strategies.

The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a platform, the data analyzed can lead to conclusions about your interests, and user profiles may be created. This allows platforms to present tailored ads or products to you. Typically, cookies are used to store data about your usage behavior in your browser.

Please note that when using platforms or embedded elements, your data may be processed outside the European Union, as many online platforms (e.g., Amazon or eBay) are U.S.-based companies. As a result, you might not be able to easily enforce your rights concerning your personal data.

What data is processed?

The specific data stored and processed depends on the external platform used, but generally, it includes data such as phone numbers, email addresses, information entered into a contact form, user data like which buttons you click, when you visited certain pages, device information, and your IP address. Many of these data are stored in cookies. If you have a profile on an external platform and are logged in, data may be linked with your profile. The collected data is stored on the servers of the respective platform and processed there. For more details on how a platform stores, manages, and processes data, refer to its privacy policy. If you have questions about data storage and processing or wish to exercise your rights, we recommend contacting the platform directly.

Duration of data processing

The duration of data processing is specified further below if we have more information. For instance, Amazon stores data until it is no longer needed for its own purposes. Generally, we process personal data only for as long as necessary to provide our services and products.

Right to object

You have the right to withdraw your consent to the use of cookies at any time. This can be done through our cookie management tool or via opt-out functions on the respective external platform. You can also prevent data collection through cookies by managing, disabling, or deleting them in your browser.

Since cookies may be used, we recommend reviewing our general privacy policy on cookies. To learn about the specific data stored and processed, please refer to the privacy policies of the respective external platforms.

Legal basis

If you have consented to the processing and storage of your data by external platforms, this consent serves as the legal basis for the data processing (Art. 6 (1) lit. a GDPR). In general, your data is also stored and processed based on legitimate interest (Art. 6 (1) lit. f GDPR) for efficient communication with you and other customers or business partners. If we embed elements of external platforms on our website, we will only use them if you have provided consent.

Information about specific external platforms is provided in the following sections (if available).

Amazon (Europe) Privacy Policy
We also use the online marketplace Amazon (Europe). The service provider is the American company Amazon Inc. For the European region, the responsible company is Amazon Europe Core S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg.

Amazon processes data from you, including in the USA. Amazon is an active participant in the EU-US Data Privacy Framework, which governs the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Amazon uses so-called Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Amazon commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Amazon Data Processing Agreement (AWS GDPR Data Processing) corresponding to the Standard Contractual Clauses can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

More information about the data processed through the use of Amazon can be found in the Privacy Policy at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010&ref_=footer_privacy.

Digistore24 Privacy Policy
We use the online sales platform Digistore24. The service provider is the German company Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany. More information about the data processed through the use of Digistore24 can be found in the Privacy Policy at https://www.digistore24.com/page/privacy.

Etsy Privacy Policy
We use the online marketplace Etsy. The service provider is the American company Etsy Inc. For the European region, the company responsible is Etsy Ireland UC (66/67 Great Strand Street, Dublin 1, Ireland) for all Google services.

Etsy processes data from you, including in the USA. We point out that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may pose various risks for the legality and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically the USA) or data transfers to such countries, Etsy uses Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through these clauses, Etsy commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

More information about the Standard Contractual Clauses and data processed through the use of Etsy can be found in the Privacy Policy at https://www.etsy.com/legal/privacy/.

Shopify Privacy Policy
We use the online marketplace Shopify. The service provider is the American company Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify processes data from you, including in the USA. We point out that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may pose various risks for the legality and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically the USA) or data transfers to such countries, Shopify uses Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through these clauses, Shopify commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

More information about the Standard Contractual Clauses and data processed through the use of Shopify can be found in the Privacy Policy at https://www.shopify.de/legal/datenschutz or https://help.shopify.com/en/manual/your-account/privacy/GDPR/gdpr-faq#will-shopify-sign-standard-contractual-clauses.

Single Sign-On Registration Introduction
Single Sign-On Registration Privacy Policy Summary
Affected: Visitors to the website
Purpose: Simplification of the authentication process
Processed Data: Depends on the respective provider; typically, email address and username can be stored.
More details can be found with the respective tool.
Storage Duration: Depends on the tools used
Legal Grounds: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract fulfillment), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What are Single Sign-On registrations?
On our website, you have the option to quickly and easily sign up for our online service via a user account from another provider (e.g., Facebook). This authentication process is known as "Single Sign-On Registration." This method works only if you are registered with the other provider and have a user account, entering the relevant login credentials into the online form. Often, you are already logged in, and your credentials are automatically filled into the form, with only the need to confirm the Single Sign-On Registration by pressing a button. During this process, personal data may be processed and stored. This privacy notice generally addresses data processing through Single Sign-On registrations. More detailed information can be found in the privacy notices of the respective providers.

Why do we use Single Sign-On registrations?
We aim to make your experience on our website as simple and pleasant as possible. Therefore, we also offer Single Sign-On registrations. This saves you valuable time because only one authentication is required. Since you only need to remember one password and it is transmitted only once, security is also increased. In many cases, your password is already saved through cookies, so the login process on our website takes only a few seconds.

Which data is stored through Single Sign-On registrations?
Although you log in to our website using this specific method, the actual authentication is done by the respective Single Sign-On provider. As website operators, we receive a user ID during the authentication. This ID indicates that you are logged in with the corresponding provider under that ID. This ID cannot be used for other purposes. Other data may also be transmitted, depending on the Single Sign-On providers used. It also depends on which data you voluntarily provide during the authentication process and which data you generally share in your settings with the provider. Typically, this includes data such as your email address and username. We do not know or store your password, which is necessary for the registration. It is also important to note that data stored with us may be automatically synchronized with the data of your user account from the respective provider.

Duration of Data Processing
We will inform you further about the duration of data processing below, if we have further information on this. For example, the social media platform Facebook stores data until it is no longer required for its own purposes. Customer data, which is synchronized with the provider's user data, is usually deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products.

Right to Object
You also have the right and ability to withdraw your consent for the use of Single Sign-On registrations at any time. This is usually possible through the opt-out functions of the provider. If available, you will find links to the respective opt-out functions in our privacy notices for the individual tools.

Legal Basis
If agreed with you, and within the framework of contract fulfillment (Art. 6 para. 1 lit. b GDPR) and consent (Art. 6 para. 1 lit. a GDPR), we can use the Single Sign-On method based on these legal grounds.

Additionally, from our side, there is a legitimate interest in offering you a quick and easy registration process. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we will only use the Single Sign-On registration if you have given consent.

If you no longer wish to link your account to the provider via Single Sign-On, please unlink it in your user account with the respective provider. If you also want to delete your data with us, you must cancel your registration.

Auth0 Single-Sign-On Privacy Policy

We use the authentication service Auth0 Single-Sign-On for login on our website. The service provider is the American company Auth0 Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.

Auth0 processes data, including in the USA. Auth0 is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at EU Commission - Data Privacy Framework.

More information about the data processed through the use of Auth0 can be found in the privacy policy at Okta Privacy Policy.

Facebook Single-Sign-On Privacy Policy

We also use the authentication service Facebook Single-Sign-On for login on our website. The service provider is the American company Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible.

Facebook processes data, including in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at EU Commission - Data Privacy Framework.

Additionally, Facebook uses Standard Contractual Clauses (Art. 46, paragraphs 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data continues to comply with European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EU Lex.

You can find the Facebook Data Processing Terms, which refer to the Standard Contractual Clauses, at Facebook Data Processing Terms.

If you are logged into Facebook, you can withdraw your consent to use Single-Sign-On logins via the Opt-Out function at Facebook Ad Preferences. More information about the data processed through the use of Facebook can be found in the privacy policy at Facebook Privacy Policy.

Facebook Single-Sign-On Data Processing Agreement (DPA)

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Facebook. You can learn more about what a DPA is and what it must contain in our general section "Data Processing Agreement (DPA)."

This agreement is legally required because Facebook processes personal data on our behalf. It specifies that Facebook may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) here: Facebook Data Processing Terms.

Google Single-Sign-On Privacy Policy

We also use the authentication service Google Single-Sign-On for login on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at EU Commission - Data Privacy Framework.

Additionally, Google uses Standard Contractual Clauses (Art. 46, paragraphs 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data continues to comply with European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EU Lex.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at Google Ads Data Processing Terms.

At Google, you can withdraw your consent for using Single-Sign-On logins via the Opt-Out function at Google Ads Settings. More information about the data processed through the use of Google Single-Sign-On can be found in the privacy policy at Google Privacy Policy.

Instagram Single-Sign-On Privacy Policy

We use the authentication service Instagram Single-Sign-On for logging into our website. The service provider is the American company Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is part of the Facebook products.

Instagram processes data about you, including in the USA. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which ensures the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at EU-US Data Privacy Framework.

Additionally, Instagram uses so-called Standard Contractual Clauses (Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data still complies with European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to complying with European data protection levels, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: EU Commission Decision.

If you are logged into Meta or Instagram, you can revoke your consent for Single-Sign-On logins via the opt-out function at Facebook Ad Preferences. More about the data processed through the use of Instagram/Meta can be found in the privacy policy at Instagram Privacy Policy.

Data Processing Agreement (DPA) Instagram Single-Sign-On

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Instagram/Meta. For more information on what a DPA is and what it contains, please refer to our general section on "Data Processing Agreement (DPA)."

This agreement is legally required because Instagram processes personal data on our behalf. It clarifies that Instagram can only process data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at Facebook Data Processing Agreement.

Web Design Introduction

Web Design Privacy Policy Summary

Affected Parties: Website visitors
Purpose: Improvement of the user experience
Processed Data: The data processed largely depends on the services used. It usually involves IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found with the respective web design tools used.
Retention Duration: Varies depending on the tools used
Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website that serve our web design. Web design is not just about how pretty our website looks, but also about functionality and performance. Of course, a fitting visual appearance is one of the main goals of professional web design. Web design is a subfield of media design and deals with both the visual and structural as well as functional design of a website. The goal is to improve your experience on our website through web design. In web design terminology, this is referred to as User Experience (UX) and Usability. User Experience encompasses all the impressions and experiences that a website visitor encounters on a website. A subset of User Experience is Usability, which focuses on the user-friendliness of a website. Emphasis is placed on ensuring that content, subpages, or products are clearly structured, and you can easily and quickly find what you're looking for. To provide you with the best possible experience on our website, we also use third-party web design tools. In this privacy policy, all services that improve the appearance of our website fall under the "Web Design" category. These may include fonts, various plugins, or other integrated web design functions.

Why Do We Use Web Design Tools?

How you take in information on a website is strongly influenced by the structure, functionality, and visual perception of the website. Therefore, good and professional web design has always been crucial for us. We continuously work on improving our website and consider this an added service for you as a website visitor. Furthermore, a beautiful and functional website also has economic benefits for us, as you will only visit and use our services if you feel comfortable.

What Data is Stored by Web Design Tools?

When you visit our website, web design elements may be embedded that can also process data. The specific data depends on the tools used. Below you will see which tools we use for our website. We recommend reading the privacy policy of each tool used for more details about data processing. Usually, you will find out which data is processed, whether cookies are used, and how long the data is retained. For example, fonts like Google Fonts automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers.

Duration of Data Processing

The duration of data processing is very individual and depends on the web design elements used. For example, if cookies are used, the retention period can range from one minute to several years. Please familiarize yourself with this by referring to our general cookie section and the privacy policies of the tools used. Typically, you will learn about which cookies are used and what data is stored within them. Google Font files, for instance, are stored for one year to improve website loading speed. In general, data is stored only as long as necessary for providing the service. In the case of legal requirements, data can also be stored longer.

Right to Object

You also have the right and the option to withdraw your consent for the use of cookies or third-party tools at any time. This can be done either through our cookie management tool or through other opt-out functions. You can also prevent the collection of data by cookies by managing, disabling, or deleting cookies in your browser. However, some data related to web design elements (usually fonts) cannot be so easily deleted. This occurs when data is automatically collected and transmitted to a third party (e.g., Google) during page access. In this case, please contact the support of the respective provider. For Google, you can reach support at Google Support.

Legal Basis

If you have consented to the use of web design tools, the legal basis for the data processing is your consent. This consent, according to Art. 6 para. 1 lit. a GDPR (Consent), serves as the legal basis for processing personal data, as can occur when data is collected through web design tools. We also have a legitimate interest in improving the web design on our website. After all, we can only provide you with a beautiful and professional web offering if we ensure the design meets your needs. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We only use web design tools to the extent that you have given your consent, which we emphasize here.

For information on specific web design tools, please refer to the following sections, if applicable.

Other - Introduction
Other Privacy Policy Summary
Affected: Website visitors
Purpose: Improvement of user experience
Processed data: The data processed depends largely on the services used. Typically, this includes IP address and/or technical data. More details can be found in the privacy policy of the respective tools.
Storage duration: Depending on the tools used
Legal basis: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What falls under "Other"?
The "Other" category includes services that do not fall under any of the categories mentioned above. These are typically various plugins and embedded elements that improve our website. Generally, these functions are sourced from third parties and integrated into our website. For example, this may include web search services like Algolia Place, Giphy, Programmable Search Engine, or online services for weather data such as OpenWeather.

Why do we use additional third-party services?
We aim to provide you with the best web offering in our industry. A website is no longer just a business card for a company; it should also help you find what you are looking for. To make our website more interesting and useful for you, we use various services from third parties.

Which data is processed?
Whenever elements are embedded into our website, your IP address is transmitted, stored, and processed by the respective provider. This is necessary so that the content can be sent to your browser and properly displayed. It may also happen that service providers use pixel tags or web beacons. These are small graphics on websites that record log files and can analyze them. With the information collected, the providers can improve their own marketing efforts. Besides pixel tags, such information (e.g., which button you click or when you visit which page) may also be stored in cookies. These can store not only analytical data about your web behavior but also technical information like your browser type or operating system. Some providers may also combine the data collected with other internal services or third parties. Each provider handles your data differently, so we recommend reading the privacy policy of the respective services carefully. We strive to only use services that handle data privacy with care.

Data Processing Duration
We will inform you about the duration of data processing further down if we have additional information on this. In general, we process personal data only as long as necessary for providing our services and products.

Legal Basis
If we ask for your consent and you consent to using the service, that consent serves as the legal basis for processing your data (Art. 6 Para. 1 lit. a GDPR). In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offerings technically and economically. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). We only use tools to the extent that you have given your consent.

Information about specific tools can be found in the following sections, if available.

Explanation of Terms Used
We strive to write our privacy policy as clearly and understandably as possible. However, particularly with technical and legal topics, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or certain technical expressions (e.g., cookies, IP address). We do not want to use these terms without explanation. Below is an alphabetical list of important terms used, which we may not have sufficiently explained in the previous sections of the privacy policy. If these terms are derived from the GDPR and are definitions, we will also provide the corresponding GDPR texts and, if necessary, additional explanations.

Supervisory Authority
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:
"Supervisory authority" means an independent public authority established by a Member State in accordance with Article 51;

Explanation: "Supervisory authorities" are always state, independent bodies that, in certain cases, have the authority to issue instructions. They serve the implementation of so-called state supervision and are located in ministries, special departments, or other authorities. For data protection in Austria, there is an Austrian data protection authority, and for Germany, each federal state has its own data protection authority.

Processor
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:
"Processor" means a natural or legal person, authority, agency, or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to the controller, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as accountants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Filing System
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:
"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;

Explanation: Any organized storage of data on a computer's data carrier is referred to as a "filing system." For example, when we store your name and email address for our newsletter on a server, that data is stored in a so-called "filing system." One of the main tasks of a "filing system" is to quickly search for and find specific data and, of course, to securely store the data.

Information Society Service
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:
"Information society service" means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and the Council;

Explanation: In general, the term "information society" refers to a society that relies on information and communication technologies. Specifically, as a website visitor, you are familiar with various types of online services, and most online services are considered "information society services." A classic example of this is online transactions, such as purchasing goods over the internet.

Third Party
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Third Party" means a natural or legal person, authority, institution, or other body, other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data;

Explanation: The GDPR essentially defines what a "Third Party" is not. In practice, a "Third Party" refers to any entity that has an interest in personal data but is not part of the listed categories of data subject, data controller, or processor. For example, a parent company could act as a "Third Party". In this case, the subsidiary would be the data controller, and the parent company would be the "Third Party". However, this does not mean that the parent company automatically has the right to access, collect, or store the personal data of the subsidiary.

Restriction of Processing
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Restriction of processing" means marking stored personal data with the aim of limiting its future processing;

Explanation: It is one of your rights to request the restriction of your personal data from processors at any time, which would prevent further processing. Specific data such as your name, birthdate, or address can be marked so that full processing is no longer possible. For example, you could restrict the processing of your data so that it cannot be used for personalized advertising.

Consent
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them;

Explanation: Typically, consent on websites is given through a cookie consent tool. You are likely familiar with this — whenever you visit a website for the first time, you are usually asked through a banner whether you consent to data processing or not. You can usually adjust settings and decide which data processing you allow. If you do not consent, no personal data may be processed. Consent can also occur in writing, not just via a tool.

Recipient
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Recipient" means a natural or legal person, authority, institution, or other body to whom personal data are disclosed, regardless of whether it is a third party or not. Authorities which may receive personal data under a particular inquiry in accordance with Union or Member State law are not considered recipients; the processing of this data by such authorities will be in line with applicable data protection laws according to the purposes of the processing;

Explanation: Any person or company that receives personal data is considered a recipient. This includes us and our processors. However, authorities with a legal inquiry are not considered recipients.

Personal Data
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Personal data" means any information relating to an identified or identifiable natural person (the "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person;

Explanation: Personal data includes all information that can identify you as an individual. This typically includes data such as:

Name
Address
Email address
Postal address
Phone number
Date of birth
Identification numbers such as social security numbers, tax identification numbers, ID card numbers, or student registration numbers
Bank details such as account number, credit information, balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine your approximate location and subsequently identify you as the account holder based on your IP address. Therefore, storing an IP address requires a legal basis under the GDPR. There are also so-called "special categories" of personal data that require extra protection. These include:

Racial and ethnic origin
Political opinions
Religious or philosophical beliefs
Union membership
Genetic data such as those obtained from blood or saliva samples
Biometric data (information about physical, physiological, or behavioral characteristics that can identify a person)
Health data
Data concerning sexual orientation or sex life

Profiling
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves collecting various pieces of information about a person to learn more about them. In the web context, profiling is often used for advertising or credit checks. Web or advertising analytics programs, for example, gather data about your behavior and interests on a website. This results in a special user profile that helps target advertisements to a specific audience.

Controller
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "controller." When we pass on the collected data for processing to other service providers, these are considered "processors." A "data processing agreement (DPA)" must be signed.

Processing
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we refer to processing in our privacy policy, we mean any form of data processing. This includes, as mentioned above, not only the collection but also the storage and handling of data.

Country/region

Language

Privacy Policy

Privacy Policy

Introduction and Overview

Scope

Legal Grounds

Contact Details of the Responsible Party

Retention Period

Rights under the General Data Protection Regulation

Austrian Data Protection Authority

Data Transfer to Third Countries

Data Processing Security

TLS Encryption with HTTPS

Communication

Summary of Communication

Affected Individuals

Phone

Email

Online Forms

Legal Basis

Data Processing Agreement (DPA)

Who are Data Processors?

Content of a Data Processing Agreement

Cookies Cookies Summary

What are Cookies?

What Types of Cookies Are There?

Purpose of Processing Through Cookies

What Data Is Processed?

Cookie Retention Period

Right to Object – How Can I Delete Cookies?

Legal Basis

Web Hosting Introduction

Web Hosting Summary

What is Web Hosting?

Why Do We Process Personal Data?

What Data is Processed?

How Long is the Data Stored?

Legal Basis

Shopify Web Hosting Privacy Policy

What is Shopify Web Hosting?

Why Do We Use Shopify?

Data Processing Agreement (DPA) with Shopify

etracker Privacy Policy

What is etracker?

What data is stored by etracker?

How long and where is the data stored?

How can I delete or prevent data storage?

Legal basis

Data Processing Agreement (DPA) with etracker

Google Analytics Privacy Policy

Summary

What is Google Analytics?

Additional Features of Google Analytics 4:

Why Do We Use Google Analytics on Our Website?

What Data Does Google Analytics Store?

Cookies Used in Google Analytics 4:

Overview of Key Data Collected:

How Long and Where Are Data Stored?

Retention Periods for Data

How to Delete or Prevent Data Storage

Legal Basis for Data Processing

Safeguards for International Transfers

Data Processing Agreement (DPA) Google Analytics

Google Analytics Reports on Demographics and Interests

Google Analytics in Consent Mode

Google Analytics IP Anonymization

Google Optimize Privacy Policy

Data Processing Agreement (DPA) Google Optimize

Google Site Kit Privacy Policy

Summary of the Google Site Kit Privacy Policy

What is Google Site Kit?

Why do we use Google Site Kit?

What data does Google Site Kit store?

How Can I Delete My Data or Prevent Data Storage?

Legal Basis

Email Marketing Introduction

Email Marketing Summary

What is Email Marketing?

Why Do We Use Email Marketing?