Table of Contents

• Introduction and Overview
• Scope
• Legal Basis
• Contact Details of the Controller
• Retention Period
• Rights under the General Data Protection Regulation
• Data Transfer to Third Countries
• Data Processing Security
• Communication
• Data Processing Agreement (DPA)
• Cookies
• Website Builders Introduction
• Web Analytics Introduction
• Online Marketing Introduction
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Cloud Services
• External Online Platforms Introduction
• Single Sign-On Logins Introduction
• Web Design Introduction
• Content Search Providers Introduction
• Other Introduction
• Explanation of Used Terms
• Conclusion

Introduction and Overview

We have created this privacy policy (version 10.03.2025-112962427) to explain, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (referred to as data) we, as the data controller – and our appointed data processors (e.g., providers) – process, will process in the future, and the legal options you have. The terms used are to be understood in a gender-neutral way.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. However, this privacy policy aims to describe the key aspects in the simplest and most transparent way possible. To promote transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible with brief, unclear, and legal-technical explanations, which are often the standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative, and perhaps there is some information you didn't know before.
If you still have questions, we kindly ask you to contact the responsible party mentioned below or in the imprint, follow the provided links, and check additional information on third-party sites. Our contact details can of course also be found in the imprint.

Scope

This privacy policy applies to all personal data processed by us within the company and all personal data processed by companies we engage (data processors). By personal data, we mean information as defined in Art. 4 (1) GDPR, such as name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy covers:

• all online presences (websites, online stores) operated by us
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner through the mentioned channels in the company. If we enter into legal relationships with you outside of these channels, we will inform you separately, if necessary.

Legal Basis

In the following privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation (GDPR), that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. This EU General Data Protection Regulation can be read online at EUR-Lex, the access point to EU law, under https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we will need personal information in advance.
3. Legal Obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally required to keep invoices for accounting purposes, which typically contain personal data.
4. Legitimate Interests (Article 6(1)(f) GDPR): We may process personal data in cases of legitimate interests, as long as these do not infringe on your fundamental rights. For example, we need to process certain data to operate our website securely and efficiently. This processing is considered a legitimate interest.

Other conditions, such as performing tasks in the public interest or exercising public authority, as well as protecting vital interests, do not typically apply to us. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If additional regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

If you have any questions regarding data protection or the processing of personal data, you can find the contact details of the controller according to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:

PLANLICHT GmbH & Co.KG
Au 25, 6134 Vomp, Austria

Email: datenschutz@planlicht.com
Phone: +43 5242 71608
Imprint: https://katalog.planlicht.com/impressum/

Data Retention Period

We store personal data only as long as it is necessary to provide our services and products. This is the general criterion we follow. This means that we will delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally required to store certain data even after the original purpose has been fulfilled, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, unless there is a legal obligation to retain it.

We will inform you further about the specific duration of data processing below, if we have more information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights you have to ensure a fair and transparent data processing:

• According to Article 15 GDPR, you have the right to access information about whether we process data about you. If that is the case, you have the right to receive a copy of the data and to be informed about the following:
  • the purpose of the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how the security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, deletion, or restriction of processing, and the right to object to processing;
  • the right to file a complaint with a supervisory authority (links to these authorities are provided below);
  • the source of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically analyzed to create a personal profile of you.
• According to Article 16 GDPR, you have the right to rectify your data, meaning we must correct the data if you find any errors.
• According to Article 17 GDPR, you have the right to deletion ("right to be forgotten"), which means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restrict processing, meaning that we can only store the data but not further use it.
• According to Article 20 GDPR, you have the right to data portability, meaning that we will provide your data to you in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object to the processing, which would result in a change in how the data is processed:
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will examine as soon as possible whether we can legally comply with your objection.
  • If data is used for direct marketing, you can object to this type of data processing at any time. We will no longer use your data for direct marketing purposes.
  • If data is used for profiling, you can object to this type of data processing at any time. We will no longer use your data for profiling purposes.

According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (e.g., profiling).

According to Article 77 GDPR, you have the right to lodge a complaint. This means you can file a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – don’t hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been otherwise infringed, you can file a complaint with the supervisory authority. For Austria, the relevant authority is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or there is another legal basis for it. This particularly applies if the processing is required by law or necessary to fulfill a contractual relationship, and in any case only to the extent that this is generally permitted. Your consent is, in most cases, the primary reason for us processing data in third countries. The processing of personal data in third countries, such as the USA, where many software providers offer services and have their server locations, may result in personal data being processed and stored in ways that are unexpected.

We explicitly point out that, in the opinion of the European Court of Justice, there is currently only an adequate level of protection for data transfers to the USA if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information about this can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

The data processing by US services that are not active participants of the EU-US Data Privacy Framework may lead to the possibility that data are not anonymized and stored. Furthermore, US government authorities may have access to individual data. It may also happen that collected data are linked with data from other services of the same provider if you have an associated user account. Whenever possible, we try to use server locations within the EU, if available.
We will provide more details about data transfer to third countries where applicable in the appropriate sections of this privacy policy.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," which means that both software (e.g., forms) and hardware (e.g., access to server rooms) should always consider security and implement corresponding measures. Below, we will go into specific measures if necessary.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of data from your browser to our web server is secured – no one can "eavesdrop."

With this, we have added an extra layer of security and comply with data protection by design (Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transfer over the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transfer protection by the small padlock icon on the left side of the browser, to the left of the website address (e.g., beispielseite.de) and the use of the "https" schema (instead of "http") as part of our web address.
If you want to know more about encryption, we recommend searching on Google for "Hypertext Transfer Protocol Secure wiki" to find good links for further information.

Communication

Communication Summary 👥 Affected individuals: Anyone who communicates with us via phone, email, or online form 📓 Processed data: e.g., phone number, name, email address, form data entered. More details on each contact method can be found accordingly. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Retention period: Duration of the business case and legal requirements ⚖️ Legal basis: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (b) GDPR (Contract), Article 6 (1) (f) GDPR (Legitimate Interests)

If you contact us and communicate via phone, email, or online form, personal data may be processed.

The data will be processed for the handling and processing of your inquiry and the associated business transaction. The data will be stored for as long as necessary or as long as required by law.

Data Subjects

All individuals who contact us through the communication channels we provide are affected by the processes mentioned above.

Phone

If you call us, call data will be pseudonymized and stored on the respective device and with the telecommunications provider. Additionally, data such as your name and phone number may be sent via email afterward and stored for responding to your inquiry. The data will be deleted as soon as the business case is concluded, and legal requirements allow.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and may be stored on the email server. The data will be deleted once the business case is concluded, and legal requirements allow.

Online Forms

If you communicate with us using an online form, data will be stored on our web server and may be forwarded to one of our email addresses. The data will be deleted once the business case is concluded, and legal requirements allow.

Legal Basis

The processing of the data is based on the following legal grounds:

• Article 6 (1) (a) GDPR (Consent): You give us your consent to store your data and further use it for purposes related to the business case;
• Article 6 (1) (b) GDPR (Contract): It is necessary for the fulfillment of a contract with you or a data processor, such as the telephone provider, or we need to process data for pre-contractual activities, such as preparing an offer;
• Article 6 (1) (f) GDPR (Legitimate Interests): We wish to handle customer inquiries and business communication in a professional manner. For this, certain technical means, such as email programs, exchange servers, and mobile network providers, are necessary to efficiently conduct communication.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement (DPA) is and why it is required. Because the term "Data Processing Agreement" is quite a mouthful, we will also refer to it as DPA in this text. Like most companies, we do not operate alone, and we also rely on services from other companies or individuals. By involving various companies or service providers, we may transfer personal data for processing. These partners act as data processors, and we enter into a contract, called a Data Processing Agreement (DPA), with them. What is most important for you to know is that the processing of your personal data will only occur according to our instructions and must be regulated by the DPA.

Who are Data Processors?

We, as a company and website owner, are responsible for all the data that we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual that processes personal data on our behalf. More specifically, according to the GDPR definition: any natural or legal person, authority, agency, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

To better understand the terminology, here is an overview of the three roles under the GDPR:

Data Subject (You as a customer or prospect) → Controller (we as the company and client) → Processor (service providers such as web hosts or cloud providers)

Content of a Data Processing Agreement

As mentioned above, we have entered into a Data Processing Agreement (DPA) with our partners who act as data processors. It is explicitly stated in the agreement that the data processor processes the data exclusively in accordance with the GDPR. The agreement must be concluded in writing, but an electronic contract conclusion is also considered "written" in this context. Personal data will only be processed based on the contract. The following must be included in the agreement:

• Obligation to comply with the controller's instructions
• Rights and duties of the controller
• Categories of data subjects
• Type of personal data
• Nature and purpose of the data processing
• Subject and duration of the data processing
• Location of the data processing

Additionally, the contract includes all the obligations of the data processor. The most important obligations are:

• Ensuring data security measures
• Implementing possible technical and organizational measures to protect the rights of the data subject
• Maintaining a data processing record
• Cooperating with the data protection authority upon request
• Conducting a risk analysis regarding the personal data received
• Sub-processors may only be engaged with the written consent of the controller

For an example of what such a DPA looks like, you can refer to a sample agreement provided by the Chamber of Commerce at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html.

Cookies

Cookies Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: Varies depending on the respective cookie. More details can be found below or with the software provider setting the cookie. 📓 Processed Data: Varies depending on the cookie used. More details can be found below or with the software provider setting the cookie. 📅 Storage Duration: Varies depending on the cookie, from hours to years ⚖️ Legal Basis: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are very useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other types of cookies for different purposes. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser sends the "user-specific" information back to our site. Thanks to cookies, our website knows who you are and provides the settings you are accustomed to. In some browsers, each cookie is stored in its own file, while in others like Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. In this process, the web browser requests a website and receives a cookie from the server, which the browser then reuses when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each stores different data. The expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other "malicious software." Cookies also cannot access information on your PC.

For example, cookie data may look like this:

Name: _ga
Value: GA1.2.1326744211.152112962427-9
Purpose: Distinguish between website visitors
Expiration Date: After 2 years

The following minimum sizes should be supported by a browser:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used, and this will be clarified in the following sections of the privacy policy. At this point, we would like to briefly introduce the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, they are needed when a user adds a product to the shopping cart, continues browsing on other pages, and later proceeds to checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user encounters any error messages. Additionally, these cookies measure the loading time and behavior of the website on different browsers.

Targeted Cookies
These cookies help improve user experience. For example, they store entered locations, font sizes, or form data.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver personalized advertisements to the user. This can be very useful, but also quite annoying.

Typically, when you first visit a website, you are asked which types of cookies you would like to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and don't mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism."

Purpose of Processing via Cookies

The purpose ultimately depends on the specific cookie. More details about this can be found further below or with the software provider that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data as part of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the specific cookie and is specified further below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies that are based on consent will be deleted at the latest after you revoke your consent, although the legality of the storage remains unaffected until that point.

Right to Object – How Can I Delete Cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to check which cookies are stored in your browser or change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Delete cookies to remove data websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and Manage Cookies

If you generally do not want cookies, you can configure your browser to notify you whenever a cookie is about to be set. This way, you can decide whether to allow the cookie or not for each individual case. The process varies depending on the browser. It is best to search Google with the term “Delete cookies Chrome” or “Disable cookies Chrome” if you are using Chrome.

Legal Basis

Since 2009, the so-called "Cookie Guidelines" have been in place. They state that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, the implementation of these guidelines has varied significantly across EU countries. In Austria, the directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation largely took place in Section 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For strictly necessary cookies, even without consent, there are legitimate interests (Article 6(1)(f) GDPR), which are often of an economic nature. We aim to provide website visitors with a pleasant user experience, and certain cookies are often essential for this.

Where cookies that are not strictly necessary are used, this will only happen with your consent. The legal basis is, therefore, Article 6(1)(a) GDPR.

In the following sections, you will be provided with detailed information about the use of cookies, provided the software used employs cookies.

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed Data: Data such as technical usage information, browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographic location. More details about this can be found below in this privacy policy and in the privacy policy of the providers. 📅 Retention Period: Depends on the provider ⚖️ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests), Article 6(1)(a) GDPR (Consent)

What are Website Builder Systems?

We use a website builder system for our website. Website builder systems are a special form of a content management system (CMS). With a website builder system, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer website builder systems. The use of a website builder system can also involve the collection, storage, and processing of personal data. In this privacy notice, we provide general information about data processing by website builder systems. Further information can be found in the privacy policies of the provider.

Why do we use Website Builder Systems for our Website?

The greatest advantage of a website builder system is its ease of use. We want to offer you a clear, simple, and organized website that we can manage and maintain ourselves—without external support. A website builder system now provides many helpful features that we can apply without programming knowledge. This allows us to design our online presence according to our preferences and provide you with an informative and enjoyable experience on our website.

What data is stored by a website builder system?

The exact data stored depends on the website builder system used. Each provider processes and collects different data from the website visitor. However, generally, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. Additionally, personal data may be collected and stored. This typically includes contact information such as email address, phone number (if provided), IP address, and geographic location data. The exact data stored can be found in the provider’s privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing further below in relation to the website builder system used, if we have additional information. You can find detailed information in the provider’s privacy policy. In general, we process personal data only as long as it is necessary for providing our services and products. The provider may store data according to their own guidelines, which we have no influence over.

Right to object

You always have the right to request information, correction, and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.

Cookies used by providers for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you are using, this will work in different ways. Please note that some functions may no longer work as expected.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and present it to you efficiently and user-friendly. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We will only use the builder system to the extent that you have given your consent.

If the processing of data is not strictly necessary for operating the website, the data will only be processed based on your consent. This particularly applies to tracking activities. The legal basis for this is Article 6(1)(a) GDPR.

With this privacy policy, we have provided you with the most important general information regarding data processing. If you wish to learn more about this, you can find further information—if available—below or in the privacy policy of the provider.

Sana Commerce Privacy Policy

We use Sana Commerce for our website, a website builder system. The service provider is the Dutch company Sana Commerce EMEA B.V., Van Nelleweg 1, 3044 BC Rotterdam, Netherlands.

To learn more about the data processed through the use of Sana Commerce, you can refer to the privacy policy at https://www.sana-commerce.com/privacy-statement/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected Parties: Visitors of the website 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics, including data such as locations of access, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. More details can be found in the privacy policy of the respective web analytics tool. 📅 Storage Duration: Depends on the web analytics tool used ⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, referred to as web analytics. Data is collected, stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). The data is used to create analyses of user behavior on our website and is provided to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. To do this, we show you two different offers for a limited time. After the test (called an A/B test), we know which product or content is more interesting to our website visitors. For such testing procedures, as well as for other analytics methods, user profiles can be created, and data can be stored in cookies.

Why Do We Use Web Analytics?

With our website, we have a clear goal: we want to deliver the best web offering on the market for our industry. To achieve this, we want to provide the best and most interesting offers while also ensuring that you feel completely comfortable on our website. Using web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for both you and us. For example, we can determine the average age of our visitors, where they come from, when our website is visited the most, or which content or products are particularly popular. All of this information helps us optimize the website and adapt it to your needs, interests, and preferences.

What Data is Processed?

The exact data stored depends on the analysis tools used. However, typically, data such as which content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use to visit the website, or what computer system you are using is stored. If you agreed to the collection of location data, these can also be processed by the web analytics tool provider.

Additionally, your IP address is stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized form (i.e., in an anonymized and shortened version). For testing purposes, web analysis, and web optimization, no direct data, such as your name, age, address, or email address, is typically stored. If such data is collected, it is pseudonymized, so you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-based web tracking with JavaScript code.

The duration for which the respective data is stored depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of Data Processing

We will inform you about the duration of data processing further below, if we have additional information about it. In general, we process personal data only as long as necessary to provide our services and products. If it is legally required, such as in the case of accounting, the storage duration may also exceed this period.

Right to Object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we obtained through our cookie popup. According to Article 6(1)(a) GDPR (Consent), this consent is the legal basis for the processing of personal data as it occurs during the collection by web analytics tools.

In addition to the consent, we also have a legitimate interest in analyzing the behavior of website visitors and improving our offering both technically and economically. With the help of web analytics, we can identify errors on the website, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we recommend reading our general privacy policy regarding cookies. To find out exactly which data is stored and processed about you, you should read the privacy policies of the respective tools.

Information on specific web analytics tools will be provided – if available – in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics, including data such as access locations, device data, access duration and timing, navigation behavior, and click behavior. More details on this can be found further down in this privacy policy. 📅 Storage Duration: Customizable; by default, Google Analytics 4 stores data for 14 months. ⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics version Google Analytics 4 (GA4) from the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining different technologies such as cookies, device IDs, and login credentials, you can be identified as a user across different devices. This allows your actions to be analyzed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and services to your preferences. Below, we will go into more detail about the tracking tool and provide information about which data is processed and how you can prevent it.

Google Analytics is a tracking tool used for analyzing the traffic on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as name or address, but is used to assign events to an end device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Additionally, GA4 has incorporated various machine learning functions to better understand user behavior and certain trends. GA4 uses modeling with the help of machine learning functions. This means that based on the collected data, missing data can also be estimated to optimize the analysis and provide predictions.

To make Google Analytics work, a tracking code is embedded in the code of our website. When you visit our website, this code records various events you perform on our website. With GA4's event-based data model, we, as website operators, can define and track specific events to obtain analyses of user interactions. Therefore, in addition to general information such as clicks or page views, specific events that are important for our business can also be tracked. Such specific events may include, for example, submitting a contact form or purchasing a product.

Once you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data, and we receive reports on your user behavior. These reports can include, among other things, the following:

• Audience Reports: Through audience reports, we get to know our users better and know more precisely who is interested in our service.
• Ad Reports: Ad reports allow us to analyze and improve our online advertising efforts more easily.
• Acquisition Reports: Acquisition reports provide us with helpful information on how we can attract more people to our service.
• Behavior Reports: Here, we learn how you interact with our website. We can track the path you take on our site and which links you click on.
• Conversion Reports: A conversion refers to an action where you perform a desired action as a result of a marketing message. For example, when you become a buyer or newsletter subscriber instead of just being a website visitor. These reports help us learn more about how our marketing efforts resonate with you. We aim to improve our conversion rate through this.
• Real-Time Reports: These reports show us immediately what is happening on our website. For example, we can see how many users are reading this text right now.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features:

• Event-Based Data Model: This model records very specific events that can occur on our website. For example, playing a video, purchasing a product, or signing up for our newsletter.
• Advanced Analysis Functions: With these features, we can better understand your behavior on our website or general trends. For example, we can segment user groups, conduct comparative analysis of target audiences, or track your path across our site.
• Predictive Modeling: Based on collected data, machine learning can estimate missing data to predict future events and trends. This can help us develop better marketing strategies.
• Cross-Platform Analysis: The collection and analysis of data are possible from both websites and apps. This gives us the ability to analyze user behavior across platforms, provided you have consented to the data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data provides us with a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site to ensure that it is more easily found by interested people on Google. On the other hand, the data helps us understand you as a visitor better. This allows us to know exactly what we need to improve on our website to provide you with the best service possible. The data also helps us make our advertising and marketing efforts more targeted and cost-effective. After all, it makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics generates a random, unique ID through a tracking code, which is associated with your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored along with this user ID. This is how pseudonymous user profiles are evaluated.

In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, the data is stored for different periods of time.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions, provided you have consented, are measured across platforms. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics may be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur if legally required.

According to Google, Google Analytics 4 does not log or store IP addresses. However, Google uses IP address data to derive location data and deletes it immediately afterward. Therefore, all IP addresses collected from users in the EU are deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). However, there are still some specific cookies used by GA4. These include:

Name: _ga
Value: 2.1326744211.152112962427-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is used to distinguish between website visitors.
Expiration Date: After 2 years

Name: _gid
Value: 2.1687193234.152112962427-1
Purpose: This cookie is also used to distinguish between website visitors.
Expiration Date: After 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiration Date: After 1 minute

Note: This list cannot claim to be exhaustive, as Google frequently changes its choice of cookies. The goal of GA4 is also to improve data protection. Therefore, the tool offers several options to control data collection. For example, we can set the data retention period ourselves and control data collection.

Here is an overview of the most important types of data collected by Google Analytics:

Heatmaps: Google generates so-called heatmaps. With heatmaps, we can see exactly which areas you click on. This provides us with information about where you are "navigating" on our site.

Session Duration: Google defines session duration as the time you spend on our page without leaving it. If you are inactive for 20 minutes, the session automatically ends.

Bounce Rate: A bounce occurs when you view only one page on our website and then leave our site.

Account Creation: If you create an account or make a purchase on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, before the IP address is deleted, it is used to derive location data.

Technical Information: Technical information includes your browser type, internet service provider, or screen resolution, among other things.

Source of Origin: Google Analytics, or we, are also interested in which website or advertisement brought you to our site.

Other data may include contact information, ratings, media playback (e.g., if you play a video on our site), content sharing via social media, or adding items to your favorites. This list is not exhaustive and serves as a general guide to the data stored by Google Analytics.

How long and where is the data stored?

Google has distributed its servers around the world. You can read exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/?hl=en

Your data is distributed across various physical media. The advantage of this is that the data is more quickly accessible and better protected against manipulation. Each Google data center has appropriate contingency plans for your data. For example, if hardware fails at Google or natural disasters take down servers, the risk of service interruption remains low.

The retention period of data depends on the properties used. The retention period is determined separately for each property. Google Analytics offers four options for controlling the retention period:

• 2 months: This is the shortest retention period.
• 14 months: By default, data is stored in GA4 for 14 months.
• 26 months: Data can also be stored for 26 months.
• Data is deleted only when we manually delete it.

Additionally, there is the option to have data deleted only when you no longer visit our website within the chosen period. In this case, the retention period is reset every time you visit our website within the designated time frame.

When the set period has expired, data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a combination of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under the privacy laws of the European Union, you have the right to access your data, update it, delete it, or restrict it. Using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js) will prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables data collection by Google Analytics.

If you want to disable, delete, or manage cookies in general, you can find relevant links to instructions for the most common browsers in the "Cookies" section.

Legal Basis

Der Einsatz von Google Analytics setzt Ihre Einwilligung voraus, welche wir mit unserem Cookie Popup eingeholt haben. Diese Einwilligung stellt laut Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) die Rechtsgrundlage für die Verarbeitung personenbezogener Daten, wie sie bei der Erfassung durch Web-Analytics Tools vorkommen kann, dar.

Zusätzlich zur Einwilligung besteht von unserer Seite ein berechtigtes Interesse daran, das Verhalten der Websitebesucher zu analysieren und so unser Angebot technisch und wirtschaftlich zu verbessern. Mit Hilfe von Google Analytics erkennen wir Fehler der Website, können Attacken identifizieren und die Wirtschaftlichkeit verbessern. Die Rechtsgrundlage dafür ist Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen). Wir setzen Google Analytics gleichwohl nur ein, soweit Sie eine Einwilligung erteilt haben.

Google verarbeitet Daten von Ihnen u.a. auch in den USA. Google ist aktiver Teilnehmer des EU-US Data Privacy Frameworks, wodurch der korrekte und sichere Datentransfer personenbezogener Daten von EU-Bürgern in die USA geregelt wird. Mehr Informationen dazu finden Sie auf https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Zudem verwendet Google sogenannte Standardvertragsklauseln (= Art. 46. Abs. 2 und 3 DSGVO). Standardvertragsklauseln (Standard Contractual Clauses – SCC) sind von der EU-Kommission bereitgestellte Mustervorlagen und sollen sicherstellen, dass Ihre Daten auch dann den europäischen Datenschutzstandards entsprechen, wenn diese in Drittländer (wie beispielsweise in die USA) überliefert und dort gespeichert werden. Durch das EU-US Data Privacy Framework und durch die Standardvertragsklauseln verpflichtet sich Google, bei der Verarbeitung Ihrer relevanten Daten, das europäische Datenschutzniveau einzuhalten, selbst wenn die Daten in den USA gespeichert, verarbeitet und verwaltet werden. Diese Klauseln basieren auf einem Durchführungsbeschluss der EU-Kommission. Sie finden den Beschluss und die entsprechenden Standardvertragsklauseln u.a. hier: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Die Google Ads Datenverarbeitungsbedingungen (Google Ads Data Processing Terms), welche auf die Standardvertragsklauseln verweisen, finden Sie unter https://business.safety.google/intl/de/adsprocessorterms/.

Wir hoffen, wir konnten Ihnen die wichtigsten Informationen rund um die Datenverarbeitung von Google Analytics näherbringen. Wenn Sie mehr über den Tracking-Dienst erfahren wollen, empfehlen wir diese beiden Links: https://marketingplatform.google.com/about/analytics/terms/de/ und https://support.google.com/analytics/answer/6004245?hl=de.

Wenn Sie mehr über die Datenverarbeitung erfahren wollen, nutzen Sie die Google-Datenschutzerklärung auf https://policies.google.com/privacy?hl=de.

Auftragsverarbeitungsvertrag (AVV) Google Analytics

We have entered into a Data Processing Agreement (DPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read more about what a DPA is and what it must include in our general section "Data Processing Agreement (DPA)."

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us in accordance with our instructions and must comply with the GDPR. You can find the link to the data processing terms at https://business.safety.google/intl/en/adsprocessorterms/

Google Analytics Reports on Demographic Features and Interests

We have enabled the advertising reports features in Google Analytics. The reports on demographic features and interests include data on age, gender, and interests. This allows us – without being able to attribute this data to specific individuals – to gain a better understanding of our users. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=en_AT&utm_id=ad.

You can stop the use of your Google account's activities and information by going to "Ad Settings" on https://adssettings.google.com/authenticated and unchecking the box.

Google Analytics in Consent Mode

Depending on your consent, personal data may be processed by Google Analytics in what is called Consent Mode. You can choose whether to consent to Google Analytics cookies or not. By doing so, you also choose what data Google Analytics may process. These collected data are primarily used for measuring user behavior on the website, displaying targeted ads, and providing us with web analytics reports. Usually, you give consent for data processing by Google through a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be attributed to individual users, and no user profile will be created. You can also consent only to statistical measurements. In this case, no personal data is processed and, therefore, not used for ads or advertising performance measurement.

Google Analytics IP Anonymization

We have implemented IP address anonymization in Google Analytics on this website. This feature was developed by Google to ensure compliance with applicable data protection regulations and local data protection authorities' recommendations, in case the full IP address storage is prohibited. The anonymization or masking of the IP address occurs as soon as the IP addresses arrive at the Google Analytics data collection network and before any data is stored or processed.

For more information about IP anonymization, visit https://support.google.com/analytics/answer/2763052?hl=en.

Google Optimize Privacy Policy

We use Google Optimize on our website, a website optimization tool. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission to ensure that your data continues to comply with European data protection standards, even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

More information about the data processed through the use of Google Optimize can be found in the privacy policy at https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Optimize

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. What exactly a DPA is and what must be included in a DPA, you can read in our general section "Data Processing Agreement (DPA)."

This contract is legally required because Google processes personal data on our behalf. It specifies that Google may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the data processing terms can be found at https://business.safety.google/intl/en/adsprocessorterms/

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary 👥 Affected individuals: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the website offer. 📓 Processed data: Access statistics, including data such as locations of accesses, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. More details can be found below and in Google Analytics' privacy policy. 📅 Retention period: dependent on the properties used ⚖️ Legal grounds: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What is Google Site Kit?

We have integrated the Google Site Kit WordPress plugin from the American company Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics from various Google products, such as Google Analytics, directly in our WordPress dashboard. The tool, or the tools embedded in Google Site Kit, also collect personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other privacy texts are relevant to you in this context.

Google Site Kit is a plugin for the content management system WordPress. With this plugin, we can directly view important website analytics statistics in our dashboard. These are statistics collected by other Google products, primarily Google Analytics. In addition to Google Analytics, Google Site Kit can also be linked with Google Search Console, Page Speed Insights, Google AdSense, Google Optimize, and Google Tag Manager.

Why do we use Google Site Kit on our website?

As a service provider, it is our responsibility to provide you with the best possible experience on our website. You should feel comfortable on our website and easily find exactly what you're looking for. Statistical evaluations help us get to know you better and adapt our offerings to your wishes and interests. To perform these evaluations, we use various Google tools. Site Kit makes this work much easier because we can view and analyze the statistics of Google products directly in the dashboard. We no longer have to log in to each individual tool separately. Site Kit thus provides a good overview of the most important analytics data.

What data is stored by Google Site Kit?

If you have actively consented to tracking tools in the cookie notice (also known as scripts or banners), Google products like Google Analytics will set cookies, and data about your user behavior will be sent to Google, stored, and processed. This includes personal data such as your IP address.

For more detailed information on the individual services, we have dedicated sections in this privacy policy. For example, refer to our privacy policy for Google Analytics, where we go into detail about the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how you can prevent data storage. We also have separate privacy policies for other Google services, such as Google Tag Manager or Google AdSense, which provide comprehensive information.

Below, we show example Google Analytics cookies that may be set in your browser if you have generally consented to data processing by Google. Please note that these are just a selection of cookies:

Name: _ga
Value: 2.1326744211.152112962427-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.
Expiration: after 2 years

Name: _gid
Value: 2.1687193234.152112962427-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration: after 24 hours

Name: _gat_gtag_UA_
Value: 1
Purpose: This cookie is used to throttle the request rate.
Expiration: after 1 minute

How long and where is the data stored?

Google stores the collected data on its own Google servers, which are distributed worldwide. Most of the servers are located in the United States, so it is highly likely that your data is also stored there. You can see the exact locations of Google's data centers at https://www.google.com/about/datacenters/locations/?hl=en.

Data collected through Google Analytics is typically retained for 26 months. After that, your user data is deleted. The retention period applies to all data linked with cookies, user identification, and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to obtain information about your data, have it deleted, corrected, or restricted. You can also disable, delete, or manage cookies in your browser at any time.

If you want to disable, delete, or manage cookies in general, you can find the respective guides for the most popular browsers in the "Cookies" section.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained through our cookie popup. This consent, in accordance with Art. 6 (1) lit. a GDPR (Consent), forms the legal basis for the processing of personal data, as can occur with web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to improve our offerings technically and economically. Using Google Site Kit, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate Interests). We only use Google Site Kit if you have granted your consent.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information about this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data complies with European data protection standards, even when it is transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to complying with the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

To learn more about data processing by Google, we recommend reading Google's comprehensive privacy policies at https://policies.google.com/privacy?hl=en.

Pinterest Web Analytics Privacy Policy

Pinterest Web Analytics Privacy Policy Summary 👥 Affected individuals: Website visitors 🤝 Purpose: Analyzing visitor information to optimize the website offering. 📓 Processed data: Access statistics, including data such as access locations, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. More details can be found below and in Pinterest's privacy policy. 📅 Retention period: Generally, data is stored as long as necessary for business purposes. ⚖️ Legal grounds: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What is Pinterest Web Analytics?

We use the Pinterest Web Analytics program from the social media network Pinterest, Inc., 808 Brannan Street, San Francisco, CA 94103, USA, for our website. For the European region, Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related matters.

Pinterest is a social network focused on graphic representations and photographs. The name is a combination of the words "pin" and "interest." Users can exchange ideas about various hobbies and interests and view profiles with images, either publicly or in defined groups. The Pinterest Web Analytics program refers to data analysis regarding the interaction between our website and our Pinterest page. When Pinterest users visit our website, we can analyze their behavior on our website using Pinterest Web Analytics.

Why do we use Pinterest Web Analytics?

Pinterest has been around for several years now, and it still remains one of the most visited and popular social media platforms. It is especially suitable for our industry because the platform is primarily known for beautiful and interesting images. Therefore, we are also active on Pinterest and aim to showcase our content beyond our website. With the help of Pinterest's analytics tool, we gain valuable insights into the performance of our content and can optimize our offerings accordingly. The collected data can also be used for advertising purposes, allowing us to display ads to people who are interested in our services or products.

What data is processed by Pinterest Web Analytics?

Log data may be stored, including information about your browser, IP address, the address of our website, and the activities performed on it (such as clicking the Save or Pin button), search history, the date and time of the request, and cookie and device data. If you interact with a Pinterest feature, cookies that store various data may be set in your browser. Typically, the aforementioned log data, default language settings, and clickstream data are stored in cookies. Clickstream data refers to information about your website behavior.

If you have a Pinterest account and are logged in, the data collected through our site may be added to your account and used for advertising purposes. Below is an example selection of cookies that may be set in your browser:

Name: _auth
Value: 0
Purpose: This cookie is used for authentication. For example, it may store a value like your "username".
Expiration: After one year

Name: _pinterest_referrer
Value: 1
Purpose: This cookie stores that you arrived at Pinterest from our website. The URL of our website is saved.
Expiration: After the session ends

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie is used for logging into Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiration: After one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065112962427-8”
Purpose: This cookie contains an assigned value used to identify a specific routing destination.
Expiration: After one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and a timestamp.
Expiration: After one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165112962427-1
Purpose: This cookie is most likely set for security purposes to prevent request forgery. However, we could not determine the exact details.
Expiration: After one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet gathered further information on this cookie.
Expiration: After one day

How long and where are the data stored?

Pinterest generally stores the collected data until it is no longer needed for the company's purposes. Once the data retention is no longer necessary, such as to comply with legal regulations, the data is either deleted or anonymized so that individuals can no longer be identified. The data may also be stored on American servers.

Right to Object

You also have the right at any time to withdraw your consent for the use of cookies or third-party providers like Pinterest. You can do this either through our cookie management tool or other opt-out functions. For instance, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since embedded Pinterest elements may use cookies, we recommend reading our general privacy policy regarding cookies. To find out which data is specifically collected and processed about you, you should review the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data by Pinterest Web Analytics, this consent serves as the legal basis for the data processing (Art. 6 Abs. 1 lit. a DSGVO). In general, your data is also stored and processed based on our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in maintaining prompt and effective communication with you or other customers and business partners. However, we only use the tool as long as you have given your consent. Most web analytics tools also set cookies in your browser to store data. Therefore, we recommend reading our privacy statement about cookies carefully and reviewing the privacy policy or cookie guidelines of the respective service provider.

Pinterest also processes data about you in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, specifically in the USA) or data transfers to these countries, Pinterest uses so-called Standard Contractual Clauses (= Art. 46 Abs. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are designed to ensure that your data still complies with European data protection standards when transferred to third countries (such as the USA) and stored there. Through these clauses, Pinterest commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information on the Standard Contractual Clauses at Pinterest, please visit https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about the data processing by Pinterest Web Analytics. You can learn more about Pinterest's data policies at https://policy.pinterest.com/de/privacy-policy.

Online Marketing Introduction

Online Marketing Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics, including data like the locations of accesses, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. Personal data like names or email addresses may also be processed. Further details can be found with the respective online marketing tool. 📅 Storage Duration: Depends on the online marketing tools used. ⚖️ Legal Bases: Art. 6 Abs. 1 lit. a DSGVO (Consent), Art. 6 Abs. 1 lit. f DSGVO (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all actions conducted online to achieve marketing goals, such as increasing brand awareness or making a business transaction. Our online marketing efforts aim to bring attention to our website. To show our offer to a wide audience of interested people, we engage in online marketing. This usually involves online advertising, content marketing, or search engine optimization. To apply online marketing efficiently and purposefully, personal data is stored and processed. These data help us, on the one hand, show our content only to those who are interested in it, and on the other hand, measure the success of our online marketing campaigns.

Why do we use Online Marketing Tools?

We want to show our website to everyone who is interested in our offer. We are aware that this is not possible without consciously implemented measures. Therefore, we do online marketing. There are various tools that make our work on online marketing easier and also provide data-driven improvement suggestions. This allows us to tailor our campaigns more precisely to our target audience. Ultimately, the purpose of the online marketing tools we use is to optimize our offer.

Which data is processed?

For our online marketing to work and for the success of the measures to be measured, user profiles are created, and data is stored, for example, in cookies (these are small text files). With the help of this data, we can not only display traditional advertisements but also present our content on our website in a way that is most appealing to you. There are various third-party tools that offer these functions and, accordingly, collect and store data from you. These cookies store information such as which pages you visited on our website, how long you viewed these pages, which links or buttons you clicked, or which website you came from. Additionally, technical information may also be stored, such as your IP address, which browser you are using, from which device you accessed our website, and the time when you accessed and left our website. If you have consented to us determining your location, we can also store and process this information.

Your IP address is stored in pseudonymized form (i.e., shortened). Unique data that directly identifies you as a person, such as your name, address, or email address, is also stored in pseudonymized form within the advertising and online marketing processes. Therefore, we cannot identify you as an individual; instead, we only have the pseudonymized, stored information in the user profiles.

The cookies may also be used on other websites that work with the same advertising tools, analyzed, and used for advertising purposes. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (such as names, email addresses, etc.) may be stored in the user profiles. This occurs, for example, when you are a member of a social media channel that we use for our online marketing measures, and the network links previously collected data with the user profile.

For all the advertising tools we use that store data from you on their servers, we only ever receive aggregated information and never data that can personally identify you. The data simply shows how well the advertising measures worked. For example, we can see which measures prompted you or other users to visit our website and purchase a service or product. Based on the analyses, we can improve our advertising offers in the future and better tailor them to the needs and desires of interested individuals.

Duration of Data Processing

We will inform you about the duration of data processing further below if we have additional information. In general, we process personal data only as long as it is absolutely necessary for providing our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted immediately after you leave the website, while others may remain in your browser for several years. In the privacy statements of the individual providers, you will typically find detailed information about the specific cookies used by the provider.

Right to Object

You also have the right and the ability to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The legality of the processing until the withdrawal remains unaffected.

Since online marketing tools typically use cookies, we recommend you also read our general privacy policy regarding cookies. To learn more about the specific data stored and processed, you should review the privacy policies of the respective tools.

Legal Basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Article 6 (1) (a) GDPR (Consent), this consent is the legal basis for processing personal data, as can be the case when collecting data through online marketing tools.

In addition, we have a legitimate interest in measuring online marketing efforts in an anonymized form, in order to optimize our offer and actions with the data obtained. The corresponding legal basis for this is Article 6 (1) (f) GDPR (Legitimate Interests). We will only use the tools to the extent that you have given consent.

Information on specific online marketing tools is provided – if available – in the following sections.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected: Website Visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of specific tools 📓 Processed Data: Data to manage the set cookie settings, such as IP address, time of consent, type of consent, individual consents. More details are available in the respective tool used. 📅 Storage Duration: Depends on the tool used, usually for periods of several years ⚖️ Legal Bases: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website, which helps both us and you manage scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides the legally required cookie consent for you, and helps both us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide whether and which scripts and cookies you want to allow or not. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a Cookie Management Tool?

Our goal is to provide you with the best possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process data about you. It is also your right to decide which cookies you accept and which ones you do not. To give you this right, we first need to know exactly which cookies are placed on our website. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we are aware of all the cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies.

Which data is processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you again during each new visit to our website, and we can also prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Typically, this data (such as pseudonymous user ID, consent time, detailed information about the cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing

We will inform you about the duration of data processing further below if we have more information on this. Generally, we process personal data only as long as it is necessary to provide our services and products. Data stored in cookies is stored for varying durations. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, and you should generally expect a storage duration of several years. In the privacy policies of the individual providers, you will typically find exact information about the duration of data processing.

Right to Object

You also have the right and the possibility to withdraw your consent to the use of cookies at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information about specific cookie management tools can be found — if available — in the following sections.

Legal Basis

If you consent to the use of cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) GDPR), this consent is also the legal basis for the use of cookies and the processing of your data. To manage consent for cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software allows us to operate the website efficiently and in compliance with the law, which represents a legitimate interest (Article 6 (1) (f) GDPR).

UserCentrics Privacy Policy

UserCentrics Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Obtaining consent for certain cookies and the use of specific tools 📓 Processed Data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool. 📅 Storage Duration: Data will be deleted after one year ⚖️ Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

UserCentrics Privacy Policy

UserCentrics Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Obtaining consent for certain cookies and the use of specific tools 📓 Processed Data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool. 📅 Storage Duration: Data will be deleted after one year ⚖️ Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What is UserCentrics?

We use functions of the provider UserCentrics on our website. The company UserCentrics A/S, Havnegade 39, 1058 Copenhagen, DK, offers us the possibility to provide a comprehensive cookie notice (also known as a cookie banner or cookie notice). By using this function, data about you can be sent, stored, and processed by UserCentrics. In this privacy policy, we inform you why we use UserCentrics, which data is transferred, and how you can prevent this data transfer.

The software automatically creates a GDPR-compliant cookie notice for our website visitors. Additionally, the technology behind UserCentrics scans, monitors, and evaluates all cookies and tracking measures on our website.

Why do we use UserCentrics on our website?

We take data protection very seriously. We want to show you exactly what is happening on our website and which of your data is being stored. UserCentrics helps us get a good overview of all our cookies (first-party and third-party cookies). This allows us to inform you exactly and transparently about the use of cookies on our website. You will always receive an up-to-date and GDPR-compliant cookie notice and can decide for yourself which cookies you want to allow and which ones you do not.

Which data is stored by UserCentrics?

If you allow cookies, the following data will be transferred, stored, and processed by UserCentrics:

• IP address (in anonymized form, the last 3 digits are set to 0)
• Date and time of your consent
• Our website URL
• Technical browser data
• Encrypted, anonymous key
• The cookies you have allowed (as proof of consent)

The following cookies are set by UserCentrics when you have consented to the use of cookies:

Name: CookieConsent
Value: {stamp:’P7to4eNgIHvJvDerjKneBsmJQd9112962427-2
Purpose: This cookie stores your consent status. This allows our website to read and follow the current status during future visits.
Expiration Date: after one year

Name: CookieConsentBulkTicket
Value: kDSPWpA%2fjhljZKClPqsncfR8SveTnNWhys5NojaxdFYBPjZ2PaDnUw%3d%3112962427-6
Purpose: This cookie is set when you allow all cookies and activate a "bulk consent". The cookie then stores a unique random ID.
Expiration Date: after one year

Note: Please keep in mind that this is an example list, and we make no claim to completeness. In the cookie declaration below, you can see which additional cookies may be used.

According to UserCentrics' privacy policy, the company does not sell personal data. However, UserCentrics shares data with trusted third parties or subcontractors who help the company achieve its business goals. Data is also shared when required by law.

How long and where is the data stored?

All collected data is transferred, stored, and forwarded exclusively within the European Union. The data is stored in an Azure data center (Cloud provider is Microsoft). You can learn more about all "Azure regions" at https://azure.microsoft.com/de-de/explore/global-infrastructure/geographies/. All user data is deleted by UserCentrics 12 months after registration (cookie consent) or immediately upon termination of the UserCentrics services.

How can I delete my data or prevent data storage?

You have the right to access your personal data at any time and to delete it. You can prevent data collection and storage, for example, by rejecting the use of cookies through the cookie notice. Another way to stop or manage the data processing according to your preferences is through your browser. Cookie management works differently depending on the browser. Under the "Cookies" section, you will find links to instructions for the most popular browsers.

Legal Basis

If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies based on your consent (Article 6 (1) lit. a GDPR), this consent is also the legal basis for using cookies and processing your data. To manage consent to cookies and enable you to provide consent, UserCentrics is used. The use of this software allows us to operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Article 6 (1) lit. f GDPR).

If you want to learn more about the privacy policies of "UserCentrics" or the company behind it, we recommend reading the privacy policy at https://usercentrics.com/de/datenschutzerklaerung/.

 

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Cybersecurity 📓 Processed Data: Data such as your IP address, name, or technical data like browser version More details can be found further below and in the individual privacy texts. 📅 Storage Duration: Most data is stored as long as necessary to fulfill the service ⚖️ Legal Grounds: Article 6 (1) lit. a GDPR (Consent), Article 6 (1) lit. f GDPR (Legitimate Interests)

What is Security & Anti-Spam Software?

Security & Anti-Spam software helps protect both you and us from various spam or phishing emails and other potential cyber-attacks. Spam refers to unsolicited mass advertising emails that were not requested. Such emails are also called "data junk" and can also incur costs. Phishing emails, on the other hand, are messages that aim to build trust through fake messages or websites to steal personal data. Anti-Spam software generally protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use Security & Anti-Spam Software?

We place great importance on security on our website. After all, it is not just about our security but especially yours. Unfortunately, cyber threats have become a regular part of life in the world of IT and the internet. Hackers often try to steal personal data from an IT system through cyber-attacks. Therefore, a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computers. In addition to the standard security systems on our computers, we also use additional external security services to achieve even greater protection against cyberattacks. Unauthorized data traffic is better prevented, thus protecting us from cybercrime.

What data is processed by Security & Anti-Spam Software?

The specific data collected and stored depends on the service used. However, we always strive to use programs that collect minimal data or only store data necessary to fulfill the provided service. In general, the service may store data such as name, address, IP address, email address, and technical data like browser type or browser version. It may also collect performance and log data to detect incoming threats in time. These data are processed as part of the services and in compliance with applicable laws. This includes the GDPR even with US-based providers (through standard contractual clauses). In some cases, these security services also work with third-party providers, who, under instructions and in accordance with the privacy policies and other security measures, may store and/or process data. Data storage usually occurs via cookies.

Duration of Data Processing

Regarding the duration of data processing, we will inform you further below if we have more information. For example, security programs store data until you or we revoke the data storage. In general, personal data is only stored for as long as necessary to provide the services. In many cases, we unfortunately do not have precise information from the providers about the duration of storage.

Right to Object

You also have the right and option to withdraw your consent to the use of cookies or third-party security software at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since security services may also use cookies, we recommend that you read our general privacy policy on cookies. To learn exactly what data is being stored and processed, you should read the privacy policies of the respective tools.

Legal Grounds

We primarily use security services based on our legitimate interests (Article 6(1) lit. f GDPR) in having a good security system against various cyberattacks.

Certain processing activities, especially the use of cookies and security features, require your consent. If you have consented to the processing and storage of your data by integrated security services, that consent serves as the legal basis for the data processing (Article 6(1) lit. a GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text on cookies and view the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools can be found – if available – in the following sections.

Cloud Services

Cloud Services Privacy Policy Summary 👥 Affected: Us as website operators and you as website visitors 🤝 Purpose: Security and data storage 📓 Processed Data: Data such as your IP address, name, or technical data like browser version More details can be found below and in the individual privacy texts or in the privacy policies of the providers 📅 Storage Duration: Most data is stored as long as necessary to fulfill the service ⚖️ Legal Grounds: Article 6 (1) lit. a GDPR (Consent), Article 6 (1) lit. f GDPR (Legitimate Interests)

What are Cloud Services?

Cloud services provide us as website operators with storage space and computing power over the internet. Data can be transferred, processed, and stored externally via the internet. The management of this data is handled by the respective cloud provider. Depending on the requirements, an individual or company can choose the amount of storage space or computing power needed. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface, which is a program interface that connects software and hardware components.

Why do we use Cloud Services?

We use cloud services for several reasons. A cloud service allows us to store our data securely. Additionally, we can access the data from different locations and devices, giving us more flexibility and streamlining our work processes. A cloud storage solution also saves us costs because we do not have to build and manage our own infrastructure for data storage and data security. By centrally storing our data in the cloud, we can also expand our areas of application and manage our information much more efficiently.

As website operators and businesses, we primarily use cloud services for our own purposes. For example, we use these services to manage our calendar, store documents, or other important information in the cloud. However, personal data from you may also be stored. This is the case, for instance, when you provide us with your contact details (such as name and email address), and we store our customer data with a cloud provider. Consequently, data we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analysis and advertising purposes. Furthermore, these cookies remember your settings (such as the language used), so you can find your usual web environment when you visit our website again.

What data is processed by cloud services?

Many of the data we store in the cloud are not personally identifiable, but some data, according to the definition of the GDPR, are considered personal data. This often includes customer data such as name, address, IP address, or telephone number, as well as technical device information. Additionally, videos, images, and audio files can also be stored in the cloud. How the data is collected and stored depends on the respective service. We try to use only services that handle the data in a very trustworthy and professional manner. In general, services such as Amazon Drive have access to the stored files to provide their own service. However, these services require permissions, such as the right to copy files for security purposes. These data are processed and managed in the context of the services and in compliance with applicable laws. This also applies to U.S.-based providers (through standard contractual clauses) in compliance with the GDPR. These cloud services sometimes work with third-party providers who can process data under instructions and in accordance with privacy policies and additional security measures. We would like to emphasize again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) obtain the right to access stored content to provide and optimize their services.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, cloud services store data until you or we revoke the data storage or delete the data. Personal data is generally only stored for as long as it is necessary to provide the services. However, a complete data deletion from the cloud may take several months. This is because the data is typically not stored on just one server, but is split across multiple servers.

Right to Object

You also have the right and option to withdraw your consent to data storage in the cloud at any time. If cookies are used, you also have a right to withdraw. This can be done either via our cookie management tool or through other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. We also recommend reviewing our general privacy policy regarding cookies. To learn which data is specifically stored and processed from you, you should read the privacy policies of the respective cloud providers.

Legal Basis

We use cloud services primarily based on our legitimate interests (Article 6(1)(f) GDPR) in having a good security and storage system.

Certain data processing activities, especially the use of cookies and storage functions, require your consent. If you have consented to your data being processed and stored by cloud services, this consent serves as the legal basis for the data processing (Article 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend reading our privacy policy on cookies carefully and reviewing the privacy policy or cookie guidelines of the respective service providers.

Information about specific tools will be provided – if available – in the following sections.

Google Cloud Privacy Policy

We use Google Cloud, an online storage service for files, photos, and videos, for our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information about this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Google uses so-called Standard Contractual Clauses (= Art. 46, Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template contracts provided by the EU Commission and are intended to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Google has a Data Processing Agreement in accordance with Art. 28 GDPR, which serves as the data protection legal basis for our customer relationship with Google. This agreement refers to the EU Standard Contractual Clauses. Here you can find the Data Processing Terms: https://business.safety.google/intl/en/adsprocessorterms/

To learn more about the data processed through the use of Google Cloud, please refer to the Privacy Policy at https://policies.google.com/privacy?hl=en.

External Online Platforms Introduction

External Online Platforms Privacy Policy Summary 👥 Affected parties: Website visitors and visitors to external online platforms 🤝 Purpose: Presentation and optimization of our services, contact with visitors, and potential customers 📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior data, device information, and your IP address. More details can be found on the respective platform. 📅 Data retention: Dependent on the platforms used ⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What are external online platforms?

In order to offer our services or products outside of our website, we also use external platforms. These are usually online marketplaces like Amazon or eBay. In addition to our responsibility for data protection, the privacy policies of the external platforms we use also apply. This is especially the case when our products are purchased through the platform, such as during a payment transaction. Furthermore, most platforms also use your data to optimize their own marketing measures. For example, the platform can tailor advertisements to the specific interests of customers and website visitors by using the data collected.

Why do we use external online platforms?

In addition to our website, we also want to offer our products on other platforms to bring our offerings to a broader audience. External online marketplaces like Amazon, eBay, or Digistore24 provide large sales websites that present our products to people who might not be familiar with our website. It may also happen that embedded elements on our site direct you to an external online platform. The data processed and stored by the used online platform serves the company both to record the payment process and to conduct web analyses.

The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a platform, the analyzed data can help make inferences about your interests and create so-called user profiles. This allows the platforms to present you with tailored ads or products. Typically, cookies are placed in your browser for this purpose, which store data about your usage behavior.

Please note that when using these platforms or our embedded elements, your data may be processed outside of the European Union, as online platforms such as Amazon or eBay are U.S.-based companies. As a result, you may find it more difficult to assert or enforce your rights regarding your personal data.

What data is processed?

The exact data stored and processed depends on the respective external platform. However, it typically includes data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, when you visited which pages, information about your device, and your IP address. Most of this data is frequently stored in cookies. If you have a profile on an external platform and are logged in, data can be linked to your profile. The collected data is stored on the servers of the platforms used and processed there. To find out exactly how an external platform stores, manages, and processes data, please refer to their respective privacy policy. If you have questions about data storage and processing or wish to exercise your rights, we recommend contacting the platform directly.

Duration of data processing

We will inform you about the duration of data processing further below, if we have more information on this. For example, Amazon stores data until it is no longer needed for their own purpose. In general, we process personal data only for as long as necessary to provide our services and products.

Right to object

You also have the right at any time to withdraw your consent to the use of cookies. This can be done either through our cookie management tool or through opt-out functions on the respective external platform. Additionally, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

As cookies may be used, we also recommend reviewing our general privacy policy on cookies. To learn which data is exactly stored and processed, you should read the privacy policies of the respective external platforms.

Legal Basis

If you have consented to the processing and storage of your data by external platforms, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). In principle, your data is also stored and processed based on a legitimate interest (Art. 6 (1) (f) GDPR) for fast and effective communication with you or other customers and business partners. If we have embedded elements from external platforms on our website, we will only use them to the extent that you have granted consent.

Information about specific external platforms can be found – if available – in the following sections.

Single Sign-On Logins Introduction

Single Sign-On Logins Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Simplification of the authentication process 📓 Processed data: Highly depends on the provider, typically email address and username can be stored. More details can be found in the respective tool used. 📅 Data retention period: Dependent on the tools used ⚖️ Legal grounds: Art. 6 (1) (a) GDPR (consent), Article 6 (1) (b) GDPR (contract fulfillment), Art. 6 (1) (f) GDPR (legitimate interests)

What are Single Sign-On Logins?

On our website, you have the option to log in to our online service quickly and easily using a user account from another provider (e.g., Facebook). This authentication method is also referred to as "Single Sign-On Login". This login process only works if you are registered with the other provider or have a user account, and you enter the relevant access credentials into the online form. In many cases, you may already be logged in, and the access credentials will be automatically filled into the form, requiring you to simply confirm the Single Sign-On login with a button. During this login process, personal data may also be processed and stored. In this privacy policy, we provide general information about data processing through Single Sign-On logins. You can find more specific details in the privacy policies of the respective providers.

Why do we use Single Sign-On Logins?

We want to make your experience on our website as simple and convenient as possible. Therefore, we also offer Single Sign-On logins. This saves you valuable time because you only need one authentication. Since you only need to remember one password and it is only transmitted once, security is also enhanced. In many cases, your password may already be automatically saved with the help of cookies, and the login process on our website takes just a few seconds.

What data is stored through Single Sign-On Logins?

Although you log in to our website using this specific login method, the actual authentication takes place with the respective Single Sign-On provider. As the website operator, we receive a user ID during the authentication process. This ID indicates that you are logged in with the corresponding provider under this ID. This ID cannot be used for other purposes. Other data may also be transmitted to us, but this depends on the Single Sign-On providers used. It also depends on what data you voluntarily provide during the authentication process and what data you generally share in your settings with the provider. Typically, this data includes your email address and username. We do not know your password required for login, and it is not stored with us. It is also important for you to know that the data stored with us can be automatically matched with the data of the respective user account during the login process.

Data Retention Period

We will inform you further below about the duration of data processing, as long as we have more information about it. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with the user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products.

Right to Object

You also have the right and the ability to withdraw your consent to the use of Single Sign-On logins at any time. This can usually be done through the opt-out functions of the provider. If available, you can also find links to the relevant opt-out functions in our privacy texts for the individual tools.

Legal Basis

If agreed with you, and in the context of fulfilling the contract (Article 6 (1) (b) GDPR) and consent (Article 6 (1) (a) GDPR), we may use the Single Sign-On procedure based on these legal grounds.

In addition to consent, we have a legitimate interest in providing you with a fast and simple login procedure. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). We will, however, only use the Single Sign-On login as long as you have granted consent.

If you no longer want this link to the provider with the Single Sign-On login, please remove it in your user account with the respective provider. If you also want to delete data with us, terminating your registration is necessary.

Auth0 Single Sign-On Privacy Policy

We also use the Auth0 Single Sign-On authentication service for login on our website. The service provider is the American company Auth0 Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA.

Auth0 processes data from you, including in the USA. Auth0 is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

To learn more about the data processed through the use of Auth0, please refer to the privacy policy at https://www.okta.com/privacy-policy/.

Web Design Introduction

Web Design Privacy Policy Summary 👥 Affected: Visitors of the website 🤝 Purpose: Improving the user experience 📓 Processed Data: The data processed largely depends on the tools used. Usually, this includes data like IP addresses, technical data, language settings, browser version, screen resolution, and the browser name. More details can be found in the privacy policies of the respective web design tools used. 📅 Data Retention Period: Dependent on the tools used ⚖️ Legal Bases: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website that serve our web design. Web design is not just about making our website look attractive, as often assumed, but also about functionality and performance. However, the right appearance of a website is certainly one of the major goals of professional web design. Web design is a subfield of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website through web design. In web design jargon, this is referred to as User Experience (UX) and Usability. User Experience includes all the impressions and experiences a visitor has on a website. A subpoint of User Experience is Usability, which is about the user-friendliness of a website. The focus here is primarily on ensuring that content, subpages, or products are clearly structured, so you can easily and quickly find what you're looking for. To offer you the best possible experience on our website, we also use third-party web design tools. So, in this privacy policy, the category "Web Design" includes all services that improve the aesthetic quality of our website. These can be things like fonts, various plugins, or other integrated web design features.

Why do we use web design tools?

How you process information on a website is strongly influenced by the structure, functionality, and visual perception of the website. Therefore, good and professional web design has always become more important for us. We are constantly working on improving our website, considering this as an extended service for you as a visitor. Additionally, an attractive and well-functioning website has economic benefits for us. After all, you will only visit us and use our services if you feel comfortable and at ease on our site.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. The exact data depends largely on the tools used. Further down, you will see which tools we use for our website. We recommend that you also read the privacy policies of the respective tools used for more information on data processing. There, you will usually learn which data is processed, whether cookies are used, and how long the data is stored. For example, font services like Google Fonts automatically transmit information such as language settings, IP address, browser version, screen resolution, and browser name to Google's servers.

Data Retention Period

The duration of data processing is very individual and depends on the web design elements used. If cookies are used, the retention period may range from one minute to several years. Please inform yourself about this. We recommend you read our general section on cookies and the privacy policies of the tools used. There, you will typically learn which cookies are specifically used and what information is stored in them. For example, Google Font files are stored for one year to improve website load times. In general, data is only stored as long as necessary for the service to be provided. In the case of legal requirements, data may be stored longer.

Right to Object

You have the right and the option to withdraw your consent to the use of cookies or third-party services at any time. This can be done either via our cookie management tool or through other opt-out functions. You can also prevent the collection of data through cookies by managing, disabling, or deleting cookies in your browser. However, there are also data associated with web design elements (usually fonts) that may not be as easily deleted. This is the case when data is automatically collected and transmitted to a third party (such as Google) upon visiting a page. In this case, please contact the support of the respective provider. For Google, you can reach support at https://support.google.com/?hl=en.

Legal Basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use Google Fonts if you have given your consent.

Google also processes your data in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data continues to comply with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Which data Google generally collects and how this data is used can also be read at https://www.google.com/intl/en/policies/privacy/.

Google Fonts Privacy Policy

We use Google Fonts from Google Inc. on our website. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). We have embedded Google Fonts partly locally, meaning they are hosted on our web server – and also on Google's servers. This results in a connection to Google servers and thus data transfer or storage.

What are Google Fonts?

Google Fonts was previously known as Google Web Fonts. It is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, fonts could be used without having to upload them to your own server. However, to prevent any data transmission to Google servers in this regard, we have downloaded the fonts to our own server. This ensures compliance with data protection regulations, and no data is sent to Google Fonts.

Content Search Provider Introduction

Content Search Provider Privacy Policy Summary 👥 Affected parties: Visitors of the website 🤝 Purpose: Improving user experience 📓 Processed data: The type of data processed depends largely on the services used. It typically includes IP addresses, search interests, and/or technical data. More details can be found in the respective tools used. 📅 Storage duration: Depends on the tools used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is a Content Search Provider?

Over time, we have published a lot of content on our website. Of course, we do not want this content to be forgotten simply because it is not easily found. That is why we use a content search provider on our website. You are probably familiar with major search engines like Google. A content search provider is essentially a search engine as well, but unlike Google, it does not search the entire web for content—only the website you are currently on. Using a text field, you can enter terms related to the content you are looking for, and the search program will provide you with the relevant articles. When you use the integrated search function, personal data may also be processed.

Why do we use a Content Search Provider?

When browsing our website, you will quickly notice how much useful content we have published over the years. There are some real gems among them, and we want to make sure you can find them quickly without excessive clicking. With an internal content search function on our website, you can easily find the content you need by entering keywords related to your topic. This feature is extremely practical, and we see it as our responsibility to make your experience on our website as pleasant and helpful as possible. That is why we have decided to integrate a content search program into our website.

What data is processed?

When you use the search function on our website, the integrated content search provider (such as Algolia Places or Giphy) may automatically receive and store data from you. This includes technical data about your browser, as well as information such as your IP address, device ID, and entered search terms. Please note that IP addresses are considered personal data. According to the privacy policies of these providers, this information is collected and stored to enhance security and improve their services. The automatically collected usage data, which does not include personal data and is processed in an anonymized form, may also be used for analytical purposes. Some providers may even share this anonymized data with third parties. To learn more about this, we recommend carefully reading the specific privacy policies of each provider. For these services to function properly, cookies are typically set in your browser. You can learn more about cookies in our general "Cookies" section. If you want to know whether and which cookies are used by individual search tools, you can find more details below or in the respective privacy policies of the integrated tools.

How long and where is the data stored?

As a general rule, each content search provider processes different types of data. Therefore, this general section cannot specifically address the data processing of individual tools. Typically, these services store personal data only for as long as necessary for the smooth functioning of the tools. Some services (such as Giphy) may retain personal data for longer if required by legal obligations. In a depersonalized form, data is usually stored for a longer period by most providers. Content search providers may also use cookies to store various types of data. You can learn more about this in our general "Cookies" section. If you want to find out about the specific cookies used by a search provider, we recommend reading the privacy policy of the provider we use. Most of the time, you will find an example list of the cookies used there.

Right to Object

Always keep in mind: If you do not want your personal data to be processed, it must not be processed. You always have the right to access your personal data and to object to its use. You can also withdraw your consent at any time via the cookie consent tool or other opt-out options. You can easily manage, delete, or disable used cookies directly through your browser. If you delete cookies, some functions of the tool may no longer work as expected—so don’t be surprised. How you manage cookies in your browser depends on the browser you are using. In the "Cookies" section, you will also find links to instructions for the most common browsers.

Legal Basis

If you have consented to the use of a content search provider, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as it may occur when data is collected by a content search provider.

We also have a legitimate interest in using a content search provider to optimize our service on our website. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use a content search provider if you have given your consent. We want to emphasize this point once again.

Information about specific content search providers can be found – if available – in the following sections.

Custom Google Search Privacy Policy

Custom Google Search Privacy Policy Summary 👥 Affected parties: Visitors of the website 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as IP address and entered search terms are stored by Google More details can be found further down in this privacy policy. 📅 Storage duration: Varies depending on the stored data ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is the Custom Google Search?

We have integrated the Google Custom Search plug-in on our website. Google is the world's largest and most well-known search engine, operated by the U.S. company Google Inc. For the European region, the responsible entity is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). Through the Custom Google Search, data may be transferred to Google. In this privacy policy, we inform you about why we use this plug-in, what data is processed, and how you can manage or prevent this data transfer.

The Custom Google Search plug-in is a Google search bar directly on our website. The search works just like on www.google.com, but the search results are focused on our content and products or a restricted search area.

Why do we use the Custom Google Search on our website?

A website with a lot of interesting content can sometimes become so extensive that it is difficult to keep track of everything. Over time, we have accumulated a wealth of valuable material, and as part of our service, we want you to find our content as quickly and easily as possible. The Custom Google Search makes finding relevant content a breeze. The integrated Google plug-in enhances the overall quality of our website and makes searching easier for you.

What data is stored by the Custom Google Search?

Data is only transmitted to Google through the Custom Google Search if you actively use the Google Search embedded on our website. This means that only when you enter a search term into the search bar and confirm it (e.g., by pressing "Enter"), your search term along with your IP address is sent to Google, stored, and processed there. Based on the cookies set (such as 1P_JAR), it can be assumed that Google also collects data about website usage. If you search for content via the embedded Google search function while being logged into your Google account, Google may also associate the collected data with your Google account. As website operators, we have no control over what Google does with the collected data or how it processes them.

The following cookies are set in your browser when you use the Custom Google Search and are not logged into a Google account:

Name: 1P_JAR
Value: 2020-01-27-13112962427-5
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users.
Expiration: after one month

Name: CONSENT
Value: WP.282f52112962427-9
Purpose: This cookie stores the user’s consent status regarding the use of different Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.
Expiration: after 18 years

Name: NID
Value: 196=pwIo3B5fHr-8
Purpose: NID is used by Google to customize advertisements for your Google searches. With this cookie, Google "remembers" your previous search queries or interactions with ads to provide you with tailored ads.
Expiration: after 6 months

Note: This list does not claim to be exhaustive, as Google frequently changes its selection of cookies.

How long and where are the data stored?

Google’s servers are distributed worldwide. Since Google is an American company, most data is stored on American servers. You can see exactly where Google’s servers are located at https://www.google.com/about/datacenters/locations/?hl=en.

Your data is distributed across different physical data carriers. This allows for faster access and better protection against potential manipulation. Google also has appropriate contingency programs in place for your data. For example, if Google encounters internal technical issues that cause server malfunctions, the risk of service interruptions and data loss remains minimal.

Depending on the type of data, Google stores them for different periods. Some data can be deleted manually, others are automatically deleted or anonymized by Google. However, some data may be retained by Google for longer periods for legal or business reasons.

How can I delete my data or prevent data storage?

Under the data protection laws of the European Union, you have the right to access, update, delete, or restrict the processing of your data. Some data can be deleted at any time. If you have a Google account, you can delete data related to your web activity or set it to be deleted automatically after a certain period.

Additionally, your browser allows you to disable, delete, or manage cookies according to your preferences. You can find links to instructions for managing cookies in popular browsers in the “Cookies” section.

Legal Basis

If you have given consent for the use of the Custom Google Search, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (Consent), this consent serves as the legal basis for processing personal data that may be collected through the Custom Google Search.

Furthermore, we have a legitimate interest in using the Custom Google Search to optimize our online services. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use the Custom Google Search if you have given your consent.

Google also processes your data in the USA, among other locations. Google is an active participant in the EU-U.S. Data Privacy Framework, which regulates the proper and secure transfer of personal data from EU citizens to the USA. More information on this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (SCCs) in accordance with Article 46(2) and (3) GDPR. SCCs are templates provided by the European Commission to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

We hope we have provided you with the key information regarding Google’s data processing. If you would like to learn more, we recommend reading Google’s comprehensive privacy policy at https://policies.google.com/privacy?hl=en.

Miscellaneous Introduction

Miscellaneous Privacy Policy Summary 👥 Affected Parties: Website visitors 🤝 Purpose: Improving user experience 📓 Processed Data: The data processed depends heavily on the services used. Usually, this includes IP addresses and/or technical data. More details can be found in the respective tools used. 📅 Storage Duration: Depends on the tools used ⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What falls under "Miscellaneous"?

The "Miscellaneous" category includes services that do not fit into any of the previously mentioned categories. These are typically various plugins and embedded elements that enhance our website. Generally, these functions are sourced from third-party providers and integrated into our website. Examples include web search services like Algolia Place, Giphy, Programmable Search Engine, or online weather services such as OpenWeather.

Why do we use additional third-party providers?

We strive to provide you with the best web experience in our industry. A website is no longer just a digital business card for companies; it is a tool designed to help you find what you are looking for. To continuously make our website more interesting and helpful for you, we use various third-party services.

What data is processed?

Whenever elements are embedded into our website, your IP address is transmitted to, stored, and processed by the respective provider. This is necessary to ensure that the content is sent to your browser and displayed correctly. Additionally, service providers may use pixel tags or web beacons—small graphics embedded in websites that record log files and analyze their data. These insights help providers optimize their marketing strategies. Besides pixel tags, such data (e.g., which button you click or when you visit a specific page) can also be stored in cookies. These cookies may contain analytical data about your web behavior as well as technical information such as your browser type or operating system. Some providers may also link the collected data with other internal services or third-party providers. Each provider has its own data handling policies, so we recommend reviewing the privacy policies of the respective services carefully. We make every effort to use services that handle privacy responsibly.

Duration of Data Processing

We provide details about the duration of data processing below when such information is available to us. In general, we process personal data only for as long as it is strictly necessary to provide our services and products.

Legal Basis

If we request your consent and you agree to the use of the service, this serves as the legal basis for processing your data (Art. 6(1)(a) GDPR). In addition to consent, we have a legitimate interest in analyzing website visitor behavior to improve our services technically and economically. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools if you have given your consent.

Information about the special tools can be found – if available – in the following sections.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these terms without explanation. Below, you will find an alphabetical list of important terms used, which we may not have sufficiently explained in the privacy policy so far. If these terms are taken from the GDPR and represent definitions, we will also provide the GDPR texts here and, if necessary, add our own explanations.

Data Processor

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Data Processor” means a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the controller, there can also be so-called data processors. This includes any company or person who processes personal data on our behalf. Data processors can therefore include service providers such as tax advisors, as well as hosting or cloud providers, payment providers, or large companies like Google or Microsoft.

File System

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“File System” means any structured collection of personal data that is accessible according to specific criteria, regardless of whether this collection is organized centrally, decentrally, or by functional or geographical criteria;

Explanation: Any organized storage of data on a computer storage medium is referred to as a "file system." For example, if we store your name and email address on a server for our newsletter, this data is in a so-called "file system." The key functions of a "file system" include quickly searching for and retrieving specific data, as well as securely storing the data.

Information Society Service

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Information Society Service” means a service within the meaning of Article 1, paragraph 1, letter b of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);

Explanation: In general, the term "information society" refers to a society that relies on information and communication technologies. Specifically, as a website visitor, you are familiar with various types of online services, and most online services are considered "information society services." A classic example of this is online transactions, such as purchasing goods via the internet.

Third Party

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Third Party” means a natural or legal person, authority, agency, or other body, other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data;

Explanation: The GDPR essentially explains here what a “Third Party” is not. In practice, a “Third Party” is anyone who has an interest in the personal data but is not one of the above-mentioned persons, authorities, or institutions. For example, a parent company can act as a “Third Party.” In this case, the subsidiary is the controller, and the parent company is the “Third Party.” However, this does not mean that the parent company automatically has the right to view, collect, or store the personal data of the subsidiary.

Restriction of Processing

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Restriction of Processing” means marking stored personal data with the aim of limiting its future processing;

Explanation: It is your right to request at any time that processors restrict the processing of your personal data for further processing activities. Specific personal data, such as your name, date of birth, or address, can be marked so that further processing is no longer possible. For example, you might restrict processing so that your data can no longer be used for personalized advertising.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject's wishes, either by a statement or by a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them;

Explanation: Typically, consent on websites is obtained via a cookie consent tool. You are probably familiar with this. When you visit a website for the first time, you are often asked via a banner whether you consent to the data processing. You can usually also make individual settings, allowing you to decide which data processing activities you permit and which you do not. If you do not consent, no personal data may be processed. Of course, consent can also be given in writing, not just through a tool.

Recipient

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Recipient” means a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether or not it is a third party. However, authorities that may receive personal data under a specific investigation mandate under Union or Member State law are not considered recipients; the processing of such data by these authorities is carried out in accordance with the applicable data protection laws in line with the purposes of the processing;

Explanation: Any person or company receiving personal data is considered a recipient. Thus, we and our processors are also considered recipients. Only authorities with an investigation mandate are not considered recipients.

Genetic Data

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Genetic Data” means personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information about the physiology or health of that natural person and are obtained, in particular, from the analysis of a biological sample of the natural person concerned;

Explanation: With some effort, individuals can be identified using genetic data. Therefore, genetic data is considered personal data. Genetic data is typically obtained through blood or saliva samples.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data are all those data that can identify you as an individual. These are typically data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number, or student ID number
• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device and, in turn, identify you as the owner of the connection based on your IP address. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that are particularly sensitive and require enhanced protection. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• membership in a trade union
• genetic data, such as data obtained from blood or saliva samples
• biometric data (which refers to information about psychological, physical, or behavioral characteristics that can identify a person)
  health data
• data concerning sexual orientation or sexual life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Profiling” means any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects regarding the person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about them. On the web, profiling is often used for advertising purposes or even for credit checks. Web or advertising analytics programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a specific audience.

 

Pseudonymization

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Explanation: In our privacy policy, pseudonymized data is often mentioned. With pseudonymized data, you cannot be identified as a person unless additional information is added. However, you should not confuse pseudonymization with anonymization. In anonymization, all personal references are removed, so that it can only be reconstructed with an unreasonably large amount of technical effort.

 

Company

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Company” means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations that regularly engage in an economic activity;

Explanation: For example, we are a company and also engage in economic activity through our website by offering and selling services and/or products. For every company, the formal feature is legal status, such as GmbH or AG.

Corporate Group

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Corporate group” means a group consisting of a parent company and the subsidiaries controlled by it;

Explanation: A "corporate group" refers to multiple companies that are united, legally and financially connected, but still have a central, overarching company. For example, Instagram, WhatsApp, Oculus VR, and Facebook are largely independent companies but are all part of the parent company Meta Platforms, Inc.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Controller” means the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "Controller." When we pass the collected data to other service providers for processing, they are considered "Processors." This requires the signing of a "Data Processing Agreement (DPA)."

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Processing” means any operation or set of operations performed on personal data, whether by automated means or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned in the original GDPR definition above, this includes not only collecting but also storing and processing data.

Binding Internal Data Protection Rules

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Binding internal data protection rules” means measures for the protection of personal data to which a controller or processor established in a Member State undertakes to comply with, concerning data transfers or a category of data transfers of personal data to a controller or processor in the same corporate group or a group of companies engaged in a joint economic activity, in one or more third countries;

Explanation: You may have often heard or read the term "Binding Corporate Rules." This is the term most commonly used when referring to binding internal data protection rules. It is especially recommended for companies (such as Google) that process data in third countries. These internal rules essentially bind a company to adhere to data protection regulations. The rule governs how personal data is handled when transferred and processed in third countries.

Breach of Personal Data Protection

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Breach of personal data protection” means a security breach that, whether accidental or unlawful, leads to the destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data that has been transmitted, stored, or otherwise processed;

Explanation: A "breach of personal data protection" can occur, for example, during a data leak, a technical issue, or a cyberattack. If the breach results in a risk to the rights and freedoms of natural persons, the controller must immediately report the incident to the relevant supervisory authority. Additionally, affected individuals must be informed if the breach poses a high risk to their rights and freedoms.

Representative

Definition according to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Representative” means a natural or legal person established in the Union who has been designated in writing by the controller or processor in accordance with Article 27, and who represents the controller or processor with regard to their obligations under this regulation;

Explanation: A "representative" can be any person appointed in writing by us (the controller) or one of our service providers (the processor). Companies outside the EU that process data of EU citizens must designate a representative within the EU. For example, if a web analytics provider has its main office in the USA, it must designate a "representative" within the European Union to handle obligations related to data processing.

Conclusion

All texts are protected by copyright.

Source: Privacy Policy created with the help of the Privacy Policy Generator by AdSimple