Privacy Policy

Table of Contents

• Introduction and Overview
• Scope of Application
• Legal Bases
• Contact Details of the Controller
• Storage Duration
• Rights Under the General Data Protection Regulation
• Data Transfer to Third Countries
• Security of Data Processing
• Communication
• Data Processing Agreement (DPA)
• Cookies
• Application Data
• Customer Data
• Registration
• Web Hosting Introduction
• Website Builder Systems Introduction
• Web Analytics Introduction
• Messenger & Communication Introduction
• Blogs and Publication Media Introduction
• Content Delivery Networks Introduction
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Cloud Services
• Audio & Video Introduction
• Web Design Introduction
• Online Booking Systems Introduction
• Miscellaneous Introduction
• Closing Remarks

Introduction and Overview

We have drafted this privacy policy (version 10.09.2024-312870189) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors commissioned by us (e.g. providers) - process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral. In short: We comprehensively inform you about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it serves transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one provides the most concise, unclear, and legally technical explanations possible, as is often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information that you did not already know. If you still have questions, we would like to ask you to contact the responsible body named below or in the imprint, to follow the existing links, and to look at further information on third-party sites. Our contact details can of course also be found in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us in the company and to all personal data that companies commissioned by us (processors) process. By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner in the company through the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, that allow us to process personal data. As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this General Data Protection Regulation of the EU online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your data entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Additional conditions such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis is relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

Should you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible person or body: IJONIS UG (haftungsbeschränkt) c/o Factory Works GmbH Stadtdeich 2-4 20097 Hamburg

Email: [E-Mail]Hover to reveal

Phone: [Telefon]Hover to reveal

Imprint: /en/imprint

Storage Duration

That we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided we have further information on this.

Rights Under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:

• You have the right to information under Article 15 GDPR as to whether we process data about you. Should this be the case, you have the right to receive a copy of the data and to be informed of the following:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
• You have the right to rectification of data under Article 16 GDPR, which means that we must correct data if you find errors.
• You have the right to erasure ("right to be forgotten") under Article 17 GDPR, which specifically means that you may request the deletion of your data.
• You have the right to restriction of processing under Article 18 GDPR, which means that we may only store the data but not use it further.
• You have the right to data portability under Article 20 GDPR, which means that upon request we will provide you with your data in a commonly used format.
• You have the right to object under Article 21 GDPR, which, once enforced, entails a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter.
  • If data is used for profiling purposes, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
• You may have the right under Article 22 GDPR not to be subject to a decision based solely on automated processing (for example, profiling).
• You have the right to lodge a complaint under Article 77 GDPR. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights - do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a Data Protection Commissioner for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Hamburg Data Protection Authority

State Commissioner for Data Protection: Thomas Fuchs Address: Ludwig-Erhard-Str. 22 7.OG, 20459 Hamburg Phone: 040/428 54-40 40 Email: mailbox@datenschutz.hamburg.de

Website: https://datenschutz-hamburg.de/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is other legal permission to do so. This applies in particular if the processing is required by law or necessary for the fulfilment of a contractual relationship, and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information on this can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants of the EU-US Data Privacy Framework may result in data not being anonymised and stored. Furthermore, US government authorities may have access to individual data. In addition, collected data may be linked with data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered. We will inform you in more detail at the appropriate points in this privacy policy about data transfers to third countries, where applicable.

Security of Data Processing

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In doing so, we make it as difficult as possible within the scope of our capabilities for third parties to infer personal information from our data.

Art. 25 GDPR refers to "data protection by design and by default", meaning that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and appropriate measures should be taken. If necessary, we will go into specific measures below.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical - and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data securely on the internet. This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".

We have thus introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission security by the small lock symbol in the top left of the browser, to the left of the internet address (e.g. examplesite.com) and the use of the https scheme (instead of http) as part of our internet address. If you would like to know more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

If you contact us and communicate by telephone, email, or online form, personal data may be processed.

The data is processed for the handling and processing of your enquiry and the related business transaction. The data is stored for as long as required or as prescribed by law.

Data Subjects

All persons who seek contact with us through the communication channels provided by us are affected by the aforementioned processes.

Telephone

If you call us, the call data is stored in pseudonymised form on the respective end device and by the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by email and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been concluded and legal requirements permit.

Email

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted as soon as the business case has been concluded and legal requirements permit.

Online Forms

If you communicate with us via an online form, data is stored on our web server and may be forwarded to an email address of ours. The data is deleted as soon as the business case has been concluded and legal requirements permit.

Legal Bases

The processing of data is based on the following legal bases:

• Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and continue to use it for purposes relevant to the business case;
• Art. 6(1)(b) GDPR (Contract): There is a necessity for the fulfilment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing a quote;
• Art. 6(1)(f) GDPR (Legitimate Interests): We want to conduct customer enquiries and business communication in a professional manner. Certain technical facilities such as email programmes, exchange servers, and mobile operators are necessary to operate communication efficiently.

Data Processing Agreement (DPA)

In this section, we would like to explain to you what a data processing agreement is and why it is needed. Because the term "data processing agreement" is quite a mouthful, we will also often just use the acronym DPA here in the text. Like most companies, we do not work alone but also make use of the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who Are Processors?

As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service provider such as a web host or cloud provider)

Content of a Data Processing Agreement

As already mentioned above, we have concluded a DPA with our partners who act as processors. Above all, it stipulates that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context the electronic conclusion of a contract is also considered "in writing". The processing of personal data only takes place on the basis of the contract. The contract must contain the following:

• Binding to us as the controller
• Duties and rights of the controller
• Categories of data subjects
• Types of personal data
• Nature and purpose of data processing
• Subject matter and duration of data processing
• Place of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• To ensure measures for data security
• To take possible technical and organisational measures to protect the rights of the data subject
• To maintain a data processing register
• To cooperate with the data protection supervisory authority upon request
• To carry out a risk analysis with regard to the personal data received
• Sub-processors may only be commissioned with the written permission of the controller

You can see what such a DPA looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A sample contract is presented there.

Cookies

Our website uses cookies only with your express consent. When you first visit, a cookie banner appears in which you can accept or reject the use of cookies.

Cookie Consent

We use an opt-in procedure: No tracking cookies are set before you have expressly consented. Only one essential cookie (ijonis-cookie-consent) is set to save your choice.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR

Detailed information about all cookies used can be found in our Cookie Policy.

Your Choices

• Accept: You consent to the use of analytics cookies (Google Analytics)
• Reject: Only essential cookies are used
• Change settings: Click on "Cookie Settings" in the footer at any time

You can revoke your consent at any time. Revocation is as simple as granting consent.

What Are Cookies?

Our website uses HTTP cookies to store user-specific data. In the following, we explain what cookies are and why they are used, so that you can better understand this privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are truly useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you revisit our site, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, trojans, or other "malware". Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga Value: GA1.2.1326744211.152312870189-9 Purpose: Distinguishing website visitors Expiry date: after 2 years

These minimum sizes should be supported by a browser:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What Types of Cookies Are There?

The question of which cookies we specifically use depends on the services used and is clarified in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues browsing other pages, and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Functional cookies These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are used to measure the loading time and the behaviour of the website in different browsers.

Targeting cookies These cookies provide a better user experience. For example, entered locations, font sizes, or form data are stored.

Advertising cookies These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical but also very annoying.

Usually, when you first visit a website, you are asked which of these cookie types you wish to allow. And of course, this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data Is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalise which data is stored in cookies, but we will inform you about the processed or stored data in the context of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted in less than an hour; others can remain stored on a computer for several years.

You also have an influence on the storage duration yourself. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the legality of storage until that point remains unaffected.

Right to Object - How Can I Delete Cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting, deactivating, or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. The best thing to do is search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called "Cookie Directives". These state that the storage of cookies requires consent (Article 6(1)(a) GDPR) from you. Within EU countries, however, there are still very different reactions to these directives. In Austria, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie directives were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often strictly necessary for this.

Where cookies that are not strictly necessary are used, this only occurs with your consent. The legal basis in this regard is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Application Data

What Is Application Data?

You can apply for a position in our company by email, online form, or via a recruiting tool. All data that we receive and process from you in the context of an application counts as application data. In doing so, you always disclose personal data such as name, date of birth, address, and telephone number.

Why Do We Process Application Data?

We process your data so that we can conduct a proper selection process for the advertised position. In addition, we also like to keep your application documents in our application archive. This is because it often happens that a collaboration for the advertised position does not work out for a variety of reasons, but we are impressed by you and your application and can very well imagine a future collaboration. Provided you give us your consent, we will archive your documents so that we can easily contact you for future tasks in our company.

We guarantee that we handle your data with particular care and always only process your data within the legal framework. Even within our company, your data is only forwarded to persons who are directly involved with your application. In short: your data is safe with us!

What Data Is Processed?

When you apply to us by email, for example, we naturally also receive personal data, as mentioned above. Even the email address counts as personal data. However, only data that is relevant to our decision as to whether we want to welcome you to our team or not is processed during an application procedure.

Which data is processed depends primarily on the job advertisement. Usually, this involves name, date of birth, contact details, and qualification certificates. If you submit your application via an online form, the data is transmitted to us in encrypted form. If you send us your application by email, this encryption does not take place. We therefore cannot accept responsibility for the transmission path. However, once the data is on our servers, we are responsible for the lawful handling of your data.

During an application process, in addition to the data mentioned above, information about your health or ethnic origin may also be requested so that we and you can exercise rights relating to labour law, social security, and social protection and at the same time fulfil the corresponding obligations. This data constitutes data of special categories.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• Email address
• Telephone number
• Date of birth
• Information from cover letters and CVs
• Qualification certificates (e.g. references)
• Data of special categories (e.g. ethnic origin, health data, religious beliefs)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How Long Is the Data Stored?

If we take you on as a team member in our company, your data will continue to be processed for the purpose of the employment relationship and retained at least until the end of the employment relationship. All application documents will then go into your employee file.

If we do not offer you the position, you decline our offer, or you withdraw your application, we may retain your data for up to 6 months after the conclusion of the application procedure on the basis of legitimate interest (Art. 6(1)(f) GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can still answer any follow-up questions or so that we can present evidence of the application in the event of a legal dispute. If a legal dispute is looming and we may still need the data after the 6-month period, we will only delete the data once there is no longer any reason for retention. If there are statutory retention obligations to be fulfilled, we must generally store the data for longer than 6 months.

Furthermore, we may also retain your data for longer if you have given special consent for this. We do this, for example, if we can well imagine a collaboration with you in the future. Then it is helpful to have your data archived so that we can reach you without any problems. In this case, the data goes into our applicant pool. Of course, you can revoke your consent to the longer retention of your data at any time. If there is no revocation and you do not give new consent, your data will be deleted after 2 years at the latest.

Legal Basis

The legal bases for the processing of your data are Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract or pre-contractual measures), Art. 6(1)(f) GDPR (Legitimate Interests), and Art. 9(2)(a) GDPR (Processing of special categories).

If we include you in our applicant tool, this is done on the basis of your consent (Art. 6(1)(a) GDPR). We would like to point out that your consent to our applicant pool is voluntary, has no influence on the application process, and you have the option of revoking your consent at any time. The legality of processing up to the time of revocation remains unaffected.

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9(2)(c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, the provision of care or treatment in the health or social sector, or the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9(2)(h) GDPR. If you voluntarily provide data of special categories, the processing is carried out on the basis of Art. 9(2)(a) GDPR.

Customer Data

What Is Customer Data?

In order to offer our service or contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data refers to all information that is processed on the basis of a contractual or pre-contractual cooperation in order to provide the services offered. Customer data is therefore all collected information that we collect and process about our customers.

Why Do We Process Customer Data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes your email address alone is sufficient, but if you purchase a product or service, we also need data such as name, address, bank details, or contract data. We also use the data for marketing and sales optimisation, so that we can improve our overall service for our customers. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers, and for this we need at least your email address.

What Data Is Processed?

Which data is stored exactly can only be given in terms of categories at this point. This always depends on which services you receive from us. In some cases, you only provide us with your email address so that we can contact you or answer your questions, for example. In other cases, you purchase a product or service from us, and for this we need significantly more information, such as your contact details, payment data, and contract data.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• Email address
• Telephone number
• Date of birth
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (term, content)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How Long Is the Data Stored?

Once we no longer need the customer data to fulfil our contractual obligations and our purposes, and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is generally 3 years, although longer periods are possible in individual cases. We of course also comply with statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent to do so.

Legal Basis

The legal bases for the processing of your data are Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract or pre-contractual measures), Art. 6(1)(f) GDPR (Legitimate Interests), and in special cases (e.g. medical services) Art. 9(2)(a) GDPR (Processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9(2)(c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, the provision of care or treatment in the health or social sector, or the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9(2)(h) GDPR. If you voluntarily provide data of special categories, the processing is carried out on the basis of Art. 9(2)(a) GDPR.

Registration

When you register with us, personal data may be processed if you enter data with a personal reference or data such as the IP address is captured in the course of processing. What we mean by the somewhat cumbersome term "personal data" can be read below.

Please only enter data that we need for registration and for which you have the consent of a third party if you are registering on behalf of a third party. Where possible, use a secure password that you do not use anywhere else and an email address that you check regularly.

In the following, we inform you about the exact type of data processing, because you should feel comfortable with us!

What Is Registration?

During registration, we accept certain data from you and allow you to subsequently log in online with us easily and use your account with us. An account with us has the advantage that you do not have to re-enter everything each time. It saves time, effort, and ultimately prevents errors in the provision of our services.

Why Do We Process Personal Data?

In short, we process personal data to enable the creation and use of an account with us.

If we did not do this, you would have to enter all your data each time, wait for approval from us, and enter everything again. We and many, many customers would not find that very pleasant. How would you find that?

What Data Is Processed?

All data that you provided during registration, entered during login, or entered as part of managing your data in the account.

During registration, we process the following types of data:

• First name
• Last name
• Email address
• Company name
• Street + house number
• City
• Postal code
• Country

During login, we process the data that you enter during login, such as username and password, and data captured in the background such as device information and IP addresses.

During account use, we process data that you enter during account use and that is created as part of using our services.

Storage Duration

We store the entered data at least for as long as the account linked to the data exists with us and is being used, for as long as contractual obligations exist between us, and, when the contract ends, until the respective claims arising from it are time-barred. In addition, we store your data for as long as and to the extent that we are subject to legal obligations to store it. After that, we retain accounting records related to the contract (invoices, contract documents, account statements, etc.) as well as other relevant business documents for the legally prescribed period (generally several years).

Right to Object

You have registered, entered data, and want to revoke the processing? No problem. As you can read above, the rights under the General Data Protection Regulation also apply during and after registration, login, or the account with us. Contact the data protection officer listed above to exercise your rights. If you already have an account with us, you can easily view and manage your data and texts in the account.

Legal Basis

By carrying out the registration process, you are approaching us on a pre-contractual basis to conclude a user agreement for our platform (even if a payment obligation does not automatically arise). You invest time to enter data and register, and we offer you our services after login to our system and the ability to view your customer account. In addition, we fulfil our contractual obligations. Finally, we must keep registered users informed of important changes by email. This means that Art. 6(1)(b) GDPR (performance of pre-contractual measures, fulfilment of a contract) applies.

Where applicable, we also obtain your consent, e.g. if you voluntarily provide more than the absolutely necessary data or if we are permitted to send you advertising. Art. 6(1)(a) GDPR (Consent) thus applies.

We also have a legitimate interest in knowing who we are dealing with in order to make contact in certain cases. In addition, we need to know who is using our services and whether they are being used as stipulated in our terms of use; therefore Art. 6(1)(f) GDPR (Legitimate Interests) applies.

Note: The following sections are to be ticked by users (as needed):

Registration with Real Names

Since we need to know who we are dealing with in business operations, registration is only possible with your real name and not with pseudonyms.

Registration with Pseudonyms

Pseudonyms may be used for registration, meaning you do not have to register with your real name. This ensures that your name cannot be processed by us.

Storage of IP Address

During registration, login, and account use, we store the IP address in the background for security reasons in order to be able to determine lawful use.

Public Profile

User profiles are publicly visible, meaning parts of the profile can also be seen on the internet without providing a username and password.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) provides additional security during login, as it prevents logging in without, for example, a smartphone. This technical measure to secure your account protects you against the loss of data or unauthorised access even if the username and password were known. Which 2FA is used can be found during registration, login, and in the account itself.

Web Hosting Introduction

What Is Web Hosting?

When you visit websites nowadays, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last sub-page (like this one). By domain, we mean, for example, example.com or samplesite.com.

When you want to view a website on a computer, tablet, or smartphone, you use a programme called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and demanding task, which is why this is usually handled by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us, it gets better!

When connecting the browser on your computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interplay between the browser, the internet, and the hosting provider.

Why Do We Process Personal Data?

The purposes of data processing are:

1. Professional hosting of the website and ensuring its operation
2. Maintaining operational and IT security
3. Anonymous evaluation of access behaviour to improve our offerings and, if necessary, for prosecution or pursuit of claims

What Data Is Processed?

Even while you are visiting our website right now, our web server, the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed web page
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.com/whereichamefrom/)
• the host name and IP address of the device being accessed from (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files called web server log files

How Long Is the Data Stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without consent!

Legal Basis

The lawfulness of processing personal data in the context of web hosting results from Art. 6(1)(f) GDPR (safeguarding of legitimate interests), as the use of professional hosting with a provider is necessary to present the company on the internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising therefrom if necessary.

There is generally a contract between us and the hosting provider for order processing in accordance with Art. 28 ff. GDPR, which ensures compliance with data protection and guarantees data security.

Website Builder Systems Introduction

What Are Website Builder Systems?

We use a website builder system for our website. Builder systems are special forms of a content management system (CMS). With a builder system, website operators can very easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. Through the use of a builder system, personal data from you may also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. More detailed information can be found in the privacy policies of the provider.

Why Do We Use Website Builder Systems for Our Website?

The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and well-organised website that we can easily operate and maintain ourselves - without external support. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant experience on our website.

What Data Is Stored by a Builder System?

Which data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from website visitors. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Furthermore, tracking data (e.g. browser activity, clickstream activities, session heatmaps, etc.) may also be processed. Personal data may also be captured and stored. This usually involves contact details such as email address, telephone number (if you have provided it), IP address, and geographical location data. You can find out which data is stored exactly in the provider's privacy policy.

How Long and Where Is the Data Stored?

We will inform you about the duration of data processing below in connection with the website builder system used, if we have further information. You can find detailed information about this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own standards, over which we have no influence.

Right to Object

You always have the right to information, rectification, and erasure of your personal data. If you have questions, you can also contact those responsible for the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal Basis

We have a legitimate interest in using a website builder system to optimise our online service and present it efficiently and in a user-friendly manner. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use the builder system to the extent that you have given consent.

Where the processing of data is not strictly necessary for the operation of the website, the data is only processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this regard is Art. 6(1)(a) GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information, you can find further information - if available - in the following section or in the provider's privacy policy.

WordPress.com Privacy Policy

What Is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

In 2003, the company was born and in a relatively short time developed into one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us to design our website and present content in an attractive and organised manner. The content can be text, audio, and video. Through the use of WordPress, personal data from you may also be collected, stored, and processed. As a rule, mainly technical data such as operating system, browser, screen resolution, or hosting provider are stored. However, personal data such as IP address, geographical data, or contact details may also be processed.

Why Do We Use WordPress on Our Website?

We have many strengths, but real programming is simply not one of our core competencies.

Nevertheless, we want a powerful and attractive website that we can manage and maintain ourselves. With a website builder system or a content management system like WordPress, this is exactly what is possible. With WordPress, we do not need to be programming experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily even without technical knowledge. If technical problems arise or we have special wishes for our website, there are always our specialists who feel at home in HTML, PHP, CSS, and the like.

The ease of use and comprehensive functionality of WordPress allow us to design our web presence according to our wishes and offer you good user-friendliness.

What Data Is Processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider, and date of the page visit.

In addition, personal data is also captured. This primarily involves contact data (email address or telephone number, if you provide it), IP address, or your geographical location.

WordPress may also use cookies to collect data. These often capture data about your behaviour on our website. For example, it may be recorded which sub-pages you particularly like to view, how long you spend on individual pages, when you leave a page (bounce rate), or what default settings (e.g. language selection) you have made. Based on this data, WordPress can also better adapt its own marketing measures to your interests and user behaviour. When you next visit our website, our website will therefore be displayed to you as you previously set it.

WordPress may also use technologies such as pixel tags (web beacons) to, for example, clearly identify you as a user and possibly offer interest-based advertising.

How Long and Where Is the Data Stored?

How long the data is stored depends on various factors. It depends primarily on the type of data stored and the specific settings of the website. In principle, data is deleted by WordPress when it is no longer needed for its own purposes. There are, of course, exceptions, especially when legal obligations require longer retention of the data. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyse traffic on its own websites (for example, all WordPress sites) and to resolve possible problems. Deleted content on WordPress websites is also kept in the recycle bin for 30 days to allow recovery; after that, it may remain in backups and caches until these are deleted. The data is stored on American servers of Automattic.

How Can I Delete My Data or Prevent Data Storage?

You have the right and the ability to access your personal data and to object to its use and processing at any time. You can also lodge a complaint with a state supervisory authority at any time.

In your browser, you also have the option of managing, deleting, or deactivating cookies individually. Please note, however, that deactivated or deleted cookies may have possible negative effects on the functions of our WordPress site. Depending on which browser you use, managing cookies works slightly differently. Under the "Cookies" section, you will find the corresponding links to the instructions for the most well-known browsers.

Legal Basis

If you have consented to the use of WordPress, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by WordPress, in accordance with Art. 6(1)(a) GDPR (Consent).

On our part, there is also a legitimate interest in using WordPress to optimise our online service and present it attractively. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use WordPress to the extent that you have given consent.

WordPress or Automattic also processes your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More details about the privacy policy and what data WordPress processes and how can be found at https://automattic.com/privacy/.

Data Processing Agreement (DPA) WordPress.com

We have concluded a Data Processing Agreement (DPA) with WordPress.com within the meaning of Article 28 of the General Data Protection Regulation (GDPR). What a DPA is and what must be included in a DPA can be read in our general section "Data Processing Agreement (DPA)".

This contract is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data that it receives from us according to our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found at https://wordpress.com/support/data-processing-agreements/.

Web Analytics Introduction

We use Google Analytics 4 to analyse user behaviour on our website. Google Analytics is only loaded if you have expressly consented to the use of analytics cookies.

Google Analytics 4

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Purpose: Improvement of our website through analysis of visitor numbers, dwell time, pages viewed, and demographic information (anonymised)

Cookies used:

• _ga (Duration: 2 years) - User distinction
• _ga_G004E0PNJC (Duration: 2 years) - Session status
• _gid (Duration: 24 hours) - User distinction

Data protection measures:

• IP anonymisation enabled (standard in GA4)
• Data processing in EU region (where possible)
• Data retention: 14 months
• Data Processing Agreement concluded with Google

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR

Data transfer to third countries: Google may transfer data to the USA. Google is certified under the EU-U.S. Data Privacy Framework.

Revocation: Revoke your consent via "Cookie Settings" in the footer. Cookies will be deleted and Google Analytics will no longer be loaded.

Further information:

• Google Analytics Privacy
• Google Analytics Opt-Out

Google Analytics Privacy Policy

What Is Google Analytics?

We use the analytics tracking tool Google Analytics in the version Google Analytics 4 (GA4) from the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. Through the combination of various technologies such as cookies, device IDs, and login information, you can be identified as a user across different devices. This allows your actions to be analysed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your needs. In the following, we will go into more detail about the tracking tool and inform you above all about which data is processed and how you can prevent this.

Google Analytics is a tracking tool used for traffic analysis on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but serves to assign events to a device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Various machine learning functions have also been built into GA4 to better understand user behaviour and certain trends. GA4 uses machine learning functions for modelling. This means that on the basis of the collected data, missing data can also be extrapolated in order to optimise the analysis and also to be able to make forecasts.

For Google Analytics to work in principle, a tracking code is built into our website code. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define and track specific events to obtain analyses of user interactions. In addition to general information such as clicks or page views, specific events that are important to our business can also be tracked. Such special events can be, for example, the submission of a contact form or the purchase of a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behaviour. These may include the following reports:

• Audience reports: Through audience reports, we get to know our users better and know more precisely who is interested in our service.
• Display reports: Through display reports, we can more easily analyse and improve our online advertising.
• Acquisition reports: Acquisition reports provide us with helpful information about how we can attract more people to our service.
• Behaviour reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click.
• Conversion reports: Conversion refers to a process in which you perform a desired action as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. Using these reports, we learn more about how our marketing efforts resonate with you. This is how we want to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website right now. For example, we can see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following functions, among others:

• Event-based data model: This model captures very specific events that can take place on our website. For example, playing a video, purchasing a product, or subscribing to our newsletter.
• Advanced analysis functions: With these functions, we can better understand your behaviour on our website or certain general trends. For example, we can segment user groups, conduct comparative analyses of target groups, or track your journey or path on our website.
• Predictive modelling: Based on collected data, machine learning can extrapolate missing data that predict future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: Data collection and analysis is possible from both websites and apps. This gives us the opportunity to analyse user behaviour across platforms, provided you have of course consented to data processing.

Why Do We Use Google Analytics on Our Website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data show us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it can be found more easily on Google by interested people. On the other hand, the data helps us to better understand you as a visitor. We therefore know very precisely what we need to improve on our website to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What Data Is Stored by Google Analytics?

Google Analytics creates a random, unique ID linked to your browser cookie using a tracking code. This is how Google Analytics recognises you as a new user and you are assigned a user ID. When you next visit our site, you are recognised as a "returning" user. All collected data is stored together with this user ID. This is how it is possible to evaluate pseudonymous user profiles.

To analyse our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked with third-party cookies. Google does not pass on Google Analytics data unless we as website operators authorise this. Exceptions may occur if required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. Google uses the IP address data for the derivation of location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data centre or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies used by GA4. These include, for example:

Name: _ga Value: 2.1326744211.152312870189-5 Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors. Expiry date: after 2 years

Name: _gid Value: 2.1687193234.152312870189-1 Purpose: The cookie is also used to distinguish website visitors Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id> Value: 1 Purpose: Used to throttle the request rate. When Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>. Expiry date: after 1 minute

Note: This list cannot claim to be exhaustive, as Google also changes its choice of cookies from time to time. The goal of GA4 is also to improve data protection. Therefore, the tool offers several options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we show you an overview of the main types of data collected by Google Analytics:

Heatmaps: Google creates so-called heatmaps. Through heatmaps, you can see exactly the areas that you click on. This gives us information about where you "travel" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce is when you only view one page on our website and then leave our website again.

Account creation: When you create an account on our website or place an order, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations for location data are used.

Technical information: Technical information includes your browser type, your internet provider, or your screen resolution, among other things.

Source of origin: Google Analytics or we are of course also interested in which website or which advertisement brought you to our site.

Further data includes contact details, any reviews, playing media (e.g. when you play a video via our site), sharing content via social media, or adding to your favourites. The list does not claim to be exhaustive and only serves as a general orientation of data storage by Google Analytics.

How Long and Where Is the Data Stored?

Google has its servers distributed all over the world. You can read exactly where the Google data centres are located here: https://www.google.com/about/datacenters/locations/?hl=en

Your data is distributed across different physical storage media. This has the advantage that the data is more quickly retrievable and better protected against manipulation. Every Google data centre has corresponding emergency programmes for your data. If, for example, hardware at Google fails or natural disasters paralyse servers, the risk of service interruption at Google remains low.

The retention period of the data depends on the properties used. The storage duration is set individually for each property. Google Analytics offers us four options for controlling the storage duration:

• 2 months: this is the shortest storage duration.
• 14 months: by default, data is stored at GA4 for 14 months.
• 26 months: data can also be stored for 26 months.
• Data is only deleted when we delete it manually

In addition, there is also the option that data is only deleted when you no longer visit our website within the period chosen by us. In this case, the retention period is reset each time you visit our website again within the specified period.

When the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g. cookies of the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How Can I Delete My Data or Prevent Data Storage?

Under the data protection law of the European Union, you have the right to obtain information about your data, to update it, to delete it, or to restrict it. Using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to deactivate, delete, or manage cookies, you will find the corresponding links to the respective instructions for the most well-known browsers under the "Cookies" section.

Legal Basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by web analytics tools, in accordance with Art. 6(1)(a) GDPR (Consent).

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we can identify website errors, identify attacks, and improve profitability. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use Google Analytics to the extent that you have given consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/us/ and https://support.google.com/analytics/answer/6004245?hl=en.

If you would like to learn more about data processing, please use the Google Privacy Policy at https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Analytics

We have concluded a Data Processing Agreement (DPA) with Google within the meaning of Article 28 of the General Data Protection Regulation (GDPR). What a DPA is and what must be included in a DPA can be read in our general section "Data Processing Agreement (DPA)".

This contract is required by law because Google processes personal data on our behalf. It clarifies that Google may only process data that it receives from us according to our instructions and must comply with the GDPR. The link to the data processing terms can be found at https://business.safety.google/intl/en/adsprocessorterms/

Google Analytics Reports on Demographics and Interests

We have enabled the advertising reporting features in Google Analytics. The reports on demographics and interests contain information about age, gender, and interests. This allows us - without being able to assign this data to individual persons - to get a better picture of our users. You can learn more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=en&utm_id=ad.

You can end the use of the activities and information of your Google Account under "Ad Settings" at https://adssettings.google.com/authenticated by checking the box.

Google Analytics in Consent Mode

Depending on your consent, personal data from you will be processed by Google Analytics in the so-called Consent Mode. You can choose whether or not you consent to Google Analytics cookies. This also determines which data Google Analytics is allowed to process from you. This collected data is mainly used to carry out measurements of user behaviour on the website, to deliver targeted advertising, and to provide us with web analysis reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be assigned to individual users and no user profile is created for you. You can also consent only to statistical measurement. In this case, no personal data is processed and consequently not used for advertising or advertising measurement success.

Google Analytics IP Anonymisation

We have implemented IP address anonymisation from Google Analytics on this website. This function was developed by Google so that this website can comply with applicable data protection regulations and recommendations from local data protection authorities when they prohibit the storage of the full IP address. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

More information on IP anonymisation can be found at https://support.google.com/analytics/answer/2763052?hl=en.

Messenger & Communication Introduction

What Are Messenger & Communication Functions?

We offer various ways to communicate with us on our website (such as messenger and chat functions, online or contact forms, email, telephone). Your data is processed and stored to the extent necessary for answering your enquiry and our subsequent measures.

In addition to classic communication tools such as email, contact forms, or telephone, we also use chats and messengers. The currently most widely used messenger function is WhatsApp, but there are of course many different providers that offer messenger functions specifically for websites. If content is end-to-end encrypted, this is indicated in the individual privacy texts or in the privacy policy of the respective provider. End-to-end encryption means nothing other than that the content of a message is not even visible to the provider itself. However, information about your device, location settings, and other technical data may still be processed and stored.

Why Do We Use Messenger & Communication Functions?

Communication options with you are of great importance to us. After all, we want to talk to you and answer all possible questions about our service as best we can. Good communication is an important part of our service. With the practical messenger & communication functions, you can choose the one you prefer at any time. In exceptional cases, however, it may happen that we cannot answer certain questions via chat or messenger. This is the case when it concerns internal contractual matters, for example. In this case, we recommend other communication options such as email or telephone.

We generally assume that we remain responsible under data protection law, even if we use services from a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of a relevant agreement. The essence of the agreement is reproduced below for the affected platform.

Please note that when using our embedded elements, data from you may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may mean that you can no longer as easily assert or enforce your rights in relation to your personal data.

What Data Is Processed?

Which data is stored and processed exactly depends on the respective provider of the messenger & communication functions. Basically, this involves data such as name, address, telephone number, email address, and content data such as all information you enter into a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the providers' servers.

If you want to know exactly which data is stored and processed by the respective providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company.

How Long Is the Data Stored?

How long the data is processed and stored depends primarily on the tools we use. Below you can find out more about the data processing of the individual tools. The privacy policies of the providers usually state exactly which data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary for the provision of our services. When data is stored in cookies, the storage duration varies greatly. Data may be deleted immediately after leaving a website, but it can also be stored for several years. Therefore, you should examine each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the privacy policies of the individual providers.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. For further information, we refer to the section on consent.

Since cookies may be used with messenger & communication functions, we also recommend our general privacy policy on cookies. To find out which data is stored and processed exactly, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to data being processed and stored by integrated messenger & communication functions, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). We process your enquiry and manage your data in the context of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to respond to enquiries. The basis for this is Art. 6(1)(b) GDPR. In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners, provided consent has been given.

WhatsApp Privacy Policy

We use the instant messaging service WhatsApp on our website. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. (until October 2021, Facebook Inc.). For the European area, the company WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible.

What Is WhatsApp?

We probably do not need to introduce WhatsApp to you in more detail. The probability that you yourself use this well-known messaging service on your smartphone is relatively high. For many years, there have been voices criticising WhatsApp and its parent company Meta Platforms regarding the handling of personal data. The main criticism in recent years related to the merging of WhatsApp user data with Facebook. Facebook responded in 2021 and adjusted the terms of use. Facebook stated that currently (as of 2021) no personal data of WhatsApp users is shared with Facebook. Nevertheless, numerous personal data from you are of course processed by WhatsApp, provided you use WhatsApp and have consented to data processing. This includes your telephone number and chat messages, as well as sent photos, videos, and profile data. Photos and videos are said to be only briefly cached, and all messages and phone calls are end-to-end encrypted. They should therefore not be viewable even by Meta itself. In addition, information from your address book and other metadata is stored by WhatsApp.

Why Do We Use WhatsApp?

We want to stay in touch with you and this works best via WhatsApp. On the one hand, because the service works flawlessly, and on the other hand, because WhatsApp is still the most widely used instant messaging tool worldwide. The service is practical and enables uncomplicated and fast communication with you.

How Secure Is Data Transfer with WhatsApp?

WhatsApp also processes your data in the USA, among other places. WhatsApp is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, WhatsApp uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Information on data transfer at WhatsApp, which complies with the Standard Contractual Clauses, can be found at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927

We hope we have provided you with the most important information about the use and data processing by WhatsApp. More about the data processed through the use of WhatsApp can be found in the Privacy Policy at https://www.whatsapp.com/privacy.

Blogs and Publication Media Introduction

What Are Blogs and Publication Media?

We use blogs or other communication tools on our website with which, on the one hand, we can communicate with you and, on the other hand, you can communicate with us. Your data may also be stored and processed by us in the process. This may be necessary for us to display content appropriately, for communication to work, and for security to be enhanced. In our privacy text, we generally address which data from you may be processed. Exact details about data processing always depend on the tools and functions used. Detailed information about data processing can be found in the privacy notices of the individual providers.

Why Do We Use Blogs and Publication Media?

Our greatest concern with our website is to offer you interesting and exciting content, and at the same time your opinions and content are also important to us. That is why we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. You can, for example, write comments on our content, comment on other comments, or in some cases write posts yourself.

What Data Is Processed?

Which data is processed always depends on the communication functions we use. Very often, IP address, username, and the published content are stored. This is done primarily to ensure security protection, to prevent spam, and to take action against unlawful content. Cookies may also be used for data storage. These are small text files that are stored with information in your browser. More details about the data collected and stored can be found in our individual sections and in the privacy policy of the respective provider.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information. For example, post and comment functions store data until you revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies or third-party communication tools at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may also be used with publication media, we also recommend our general privacy policy on cookies. To find out which data is stored and processed exactly, you should read the privacy policies of the respective tools.

Legal Basis

We primarily use the communication tools on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers, business partners, and visitors. Where use serves the handling of contractual relationships or their initiation, the legal basis is also Art. 6(1)(b) GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or messaging functions, require your consent. If and to the extent that you have consented to data being processed and stored by integrated publication media, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the communication functions we use set cookies in your browser to store data. We therefore recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools can be found - if available - in the following sections.

Blog Posts and Comment Functions Privacy Policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or to write posts. If you use this function, your IP address, for example, may be stored for security reasons. This is how we protect ourselves against unlawful content such as insults, unauthorised advertising, or prohibited political propaganda. To recognise whether comments are spam, we may also store and process user details on the basis of our legitimate interest. If we start a survey, we also store your IP address for the duration of the survey to ensure that all participants only vote once. Cookies may also be used for storage purposes. All data we store about you (such as content or information about your person) will remain stored until you object.

WordPress Emojis Privacy Policy

We also use so-called emojis and smileys in our blog. What emojis are exactly probably does not need to be explained in more detail here. You know these laughing, angry, or sad faces. They are graphic elements or files that we make available and that are loaded from another server. The service provider for the retrieval of WordPress emojis and smileys is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address in order to transmit the emoji files to your browser.

Automattic also processes your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Data Processing Agreements, which comply with the Standard Contractual Clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

More about the data processed through the use of WordPress emojis can be found in the Privacy Policy at https://automattic.com/privacy/.

Content Delivery Networks Introduction

What Is a Content Delivery Network?

We use a so-called content delivery network on our website. Most commonly, such a network is simply called a CDN. A CDN helps us to load our website quickly and smoothly regardless of your location. Personal data from you is also stored, managed, and processed on the servers of the CDN provider used. Below, we go into more general detail about the service and its data processing. Detailed information about the handling of your data can be found in the respective privacy policy of the provider.

Every content delivery network (CDN) is a network of regionally distributed servers that are all connected to each other via the internet. Via this network, website content (especially very large files) can be delivered quickly and smoothly even during peak loads. The CDN creates a copy of our website on its servers. Since these servers are distributed worldwide, the website can be delivered quickly. The data transfer to your browser is thus significantly shortened by the CDN.

Why Do We Use a Content Delivery Network for Our Website?

A fast-loading website is part of our service. We know, of course, how annoying it is when a website loads at a snail's pace. Most people even lose patience and leave before the website has fully loaded. We naturally want to avoid that. Therefore, a fast-loading website is a matter of course for our website offering. With a content delivery network, our website loads significantly faster in your browser. The use of the CDN is particularly helpful when you are abroad, as the website is delivered from a server near you.

What Data Is Processed?

When you request a website or the content of a website and it is cached in a CDN, the CDN routes the request to the server closest to you, which delivers the content. Content delivery networks are designed so that JavaScript libraries can be downloaded and hosted on npm and GitHub servers. Alternatively, WordPress plugins can also be loaded from most CDNs if they are hosted on WordPress.org. Your browser may send personal data to the content delivery network we use. This involves data such as IP address, browser type, browser version, which web page is loaded, or the time and date of the page visit. This data is collected and also stored by the CDN. Whether cookies are used for data storage depends on the network used. Please read the privacy texts of the respective service.

Right to Object

If you want to completely prevent this data transfer, you can install a JavaScript blocker (see for example https://noscript.net/) on your PC. Of course, our website can then no longer offer the usual service (such as fast loading speed).

Legal Basis

If you have consented to the use of a content delivery network, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by a content delivery network, in accordance with Art. 6(1)(a) GDPR (Consent).

On our part, there is also a legitimate interest in using a content delivery network to optimise our online service and make it more secure. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use the tool to the extent that you have given consent.

Information on specific content delivery networks can be found - if available - in the following sections.

Cloudflare Privacy Policy

What Is Cloudflare?

We use Cloudflare from the company Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider. We will try to explain in more detail below what all of this means.

A content delivery network (CDN), as provided by Cloudflare, is nothing more than a network of connected servers. Cloudflare has such servers distributed all over the world to bring web pages to your screen faster. Simply put, Cloudflare creates copies of our website and places them on its own servers. When you now visit our website, a load balancing system ensures that the largest parts of our website are delivered from the server that can display our website to you the fastest. The data transfer path to your browser is significantly shortened by a CDN. Thus, the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers all over the world. The use of Cloudflare is particularly helpful for users from abroad, as the page can be delivered from a server nearby. In addition to the fast delivery of websites, Cloudflare also offers various security services such as DDoS protection or the Web Application Firewall.

Why Do We Use Cloudflare on Our Website?

Of course, we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare offers us both web optimisations and security services such as DDoS protection and web firewall. This also includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centres and blocking spam software, Cloudflare enables us to reduce our bandwidth usage by approximately 60%. The delivery of content through a data centre near you and some web optimisations carried out there reduce the average loading time of a web page by approximately half. By setting "I'm Under Attack Mode", according to Cloudflare, further attacks can be mitigated by displaying a JavaScript computational challenge that must be solved before a user can access a website. Overall, this makes our website significantly more powerful and less vulnerable to spam or other attacks.

What Data Is Processed by Cloudflare?

Cloudflare generally only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received corresponding instructions. In most cases, Cloudflare receives data such as IP address, contact and log information, security fingerprints, and website performance data. Log data helps Cloudflare, for example, to detect new threats. In this way, Cloudflare can ensure a high level of security protection for our website. Cloudflare processes this data in the context of services in compliance with applicable laws. This of course also includes the General Data Protection Regulation (GDPR). Cloudflare also works with third-party providers. These may only process personal data under the direction of Cloudflare and in accordance with privacy policies and other confidentiality and security measures. Without our explicit consent, Cloudflare does not pass on personal data.

How Long and Where Is the Data Stored?

Cloudflare stores your information primarily in the USA and the European Economic Area. Cloudflare may transfer and access the information described above from around the world. In general, Cloudflare stores user-level data for domains on the Free, Pro, and Business plans for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger Cloudflare security warnings, there may be exceptions to the storage durations mentioned above.

How Can I Delete My Data or Prevent Data Storage?

Cloudflare retains data logs only as long as necessary, and this data is also deleted in most cases within 24 hours. Cloudflare also does not store personal data such as your IP address. However, there is information that Cloudflare stores as part of its permanent logs indefinitely to improve the overall performance of Cloudflare Resolver and to detect potential security risks. You can find out which permanent logs are stored exactly at https://www.cloudflare.com/application/privacypolicy/. All data collected by Cloudflare (temporary or permanent) is cleansed of all personal data. All permanent logs are also anonymised by Cloudflare.

Cloudflare states in its privacy policy that it is not responsible for the content it receives. If, for example, you ask Cloudflare whether it can update or delete your content, Cloudflare generally refers to us as the website operator. You can also completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker in your browser.

Legal Basis

If you have consented to the use of Cloudflare, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by Cloudflare, in accordance with Art. 6(1)(a) GDPR (Consent).

On our part, there is also a legitimate interest in using Cloudflare to optimise our online service and make it more secure. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use Cloudflare to the extent that you have given consent.

Cloudflare also processes your data in the USA, among other places. Cloudflare is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Cloudflare uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Cloudflare undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

More about the Standard Contractual Clauses and the data processed through the use of Cloudflare can be found in the privacy policy at https://www.cloudflare.com/privacypolicy/.

Cookie Consent Management Platform Introduction

What Is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a data protection-compliant cookie consent for you, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorised. You as a website visitor then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why Do We Use a Cookie Management Tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as best we can about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. Via the consent system, you can then accept or reject cookies.

What Data Is Processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and so that we can also prove your consent if legally necessary. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent time, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are already deleted after leaving the website; others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. In the respective privacy policies of the individual providers, you will usually receive precise information about the duration of data processing.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information on specific cookie management tools can be found - if available - in the following sections.

Legal Basis

If you consent to cookies, personal data from you will be processed and stored via these cookies. If we are allowed to use cookies with your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. To be able to manage consent to cookies and to enable you to give consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in an efficient, legally compliant manner, which constitutes a legitimate interest (Article 6(1)(f) GDPR).

Security & Anti-Spam

What Is Security & Anti-Spam Software?

With so-called security & anti-spam software, you and we can protect ourselves against various spam or phishing emails and possible other cyber attacks. Spam refers to mass advertising emails that one did not request. Such emails are also called junk mail and can also incur costs. Phishing emails are messages aimed at building trust through fake messages or websites in order to obtain personal data. Anti-spam software usually protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers against unwanted network attacks.

Why Do We Use Security & Anti-Spam Software?

We place a particularly high value on security on our website. After all, it is not just about our security, but above all about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT and the internet. Often, hackers try to steal personal data from an IT system using a cyber attack. That is why a good defence system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyber attacks, we use additional external security services in addition to the standardised security systems on our computer. Unauthorised data traffic is thus better prevented, and we protect ourselves against cybercrime.

What Data Is Processed by Security & Anti-Spam Software?

Which data is collected and stored exactly depends, of course, on the respective service. However, we always strive to use only programmes that collect data very sparingly or only store data necessary for the fulfilment of the service offered. In principle, the service may store data such as name, address, IP address, email address, and technical data such as browser type or browser version. Any performance and log data may also be collected to detect possible incoming threats in time. This data is processed in the context of services and in compliance with applicable laws. This includes the GDPR for US providers as well (via the Standard Contractual Clauses). In some cases, these security services also work with third-party providers who may store and/or process data under instruction and in accordance with privacy policies and other security measures. Data storage is usually via cookies.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information. For example, security programmes store data until you or we revoke data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. Unfortunately, in many cases we lack precise information from the providers about the length of storage.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies or third-party security software at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend our general privacy policy on cookies. To find out which data is stored and processed exactly, you should read the privacy policies of the respective tools.

Legal Basis

We primarily use the security services on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in a good security system against various cyber attacks.

Certain processing operations, in particular the use of cookies and the use of security functions, require your consent. If you have consented to data being processed and stored by integrated security services, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools can be found - if available - in the following sections.

Akismet Privacy Policy

We use Akismet for our website, an anti-spam solution for WordPress. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Automattic also processes your data in the USA, among other places. Akismet or Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Data Processing Agreements, which refer to the Standard Contractual Clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

More about the data processed through the use of Akismet or WordPress can be found in the privacy policy at https://automattic.com/privacy/.

Google reCAPTCHA Privacy Policy

What Is reCAPTCHA?

Our primary goal is to secure and protect our website in the best possible way for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are really a human being and not a robot or other spam software. By spam, we mean any electronically transmitted, unsolicited information that reaches us unsolicited. With classic CAPTCHAs, you usually had to solve text or image puzzles for verification. With reCAPTCHA from Google, we usually do not have to bother you with such puzzles. Here, in most cases, it is sufficient if you simply tick a box and thus confirm that you are not a bot. With the new Invisible reCAPTCHA version, you do not even have to tick a box anymore. How this works exactly and above all which data is used for this, you will find out in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. The most common use of this service is when you fill out forms on the internet. A captcha service is a type of automatic Turing test designed to ensure that an action on the internet is performed by a human and not by a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the distinction between a bot and a human. With captchas, the computer or a software programme also takes over this task. Classic captchas work with small tasks that are easy for humans to solve but present considerable difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk technologies to distinguish humans from bots. Here you only need to tick the text field "I am not a robot" or with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is embedded in the source code and then the tool runs in the background and analyses your user behaviour. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate even before the captcha entry how likely it is that you are a human. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why Do We Use reCAPTCHA on Our Website?

We only want to welcome real human beings to our site. Bots or spam software of various kinds can stay at home. That is why we pull out all the stops to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way, we can be fairly certain that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are really a human being. reCAPTCHA therefore serves the security of our website and, by extension, your security. For example, without reCAPTCHA, it could happen that a bot registers as many email addresses as possible during registration in order to subsequently "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.

What Data Is Stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website really come from humans. The IP address and other data that Google needs for the reCAPTCHA service may therefore be sent to Google. IP addresses are almost always truncated within the member states of the EU or other contracting states of the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other Google data unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data does not claim to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google.

• Referrer URL (the address of the page from which the visitor came)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (the software that enables the operation of your computer. Well-known operating systems are Windows, Mac OS X, or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is stored)
• Date and language settings (which language or date you have preset on your PC is stored)
• All JavaScript objects (JavaScript is a programming language that enables web pages to adapt to the user. JavaScript objects can collect all kinds of data under one name)
• Screen resolution (shows how many pixels the display consists of)

It is undisputed that Google uses and analyses this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, even the ticking is omitted, and the entire recognition process runs in the background. Google does not reveal in detail how much and which data it stores exactly.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA set on the demo version:

Name: IDE Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-312870189-8 Purpose: This cookie is set by the company DoubleClick (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. This allows advertising effectiveness to be measured and corresponding optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net. Expiry date: after one year

Name: 1P_JAR Value: 2019-5-14-12 Purpose: This cookie collects website usage statistics and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same advertisement more than once. Expiry date: after one month

Name: ANID Value: U7j1v3dZa3128701890xgZFmiqWppRWKOr Purpose: We could not find much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under the domain google.com. Expiry date: after 9 months

Name: CONSENT Value: YES+AT.en+20150628-20-0 Purpose: The cookie stores the consent status of a user for the use of various Google services. CONSENT also serves security purposes, to verify users, prevent fraud of login information, and protect user data from unauthorised attacks. Expiry date: after 19 years

Name: NID Value: 0WmuWqy312870189zILzqV_nmt3sDXwPeM5Q Purpose: NID is used by Google to customise advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with advertisements. This way, you always get tailored advertisements. The cookie contains a unique ID to collect the user's personal settings for advertising purposes. Expiry date: after 6 months

Name: DV Value: gEAABBCjJMXcI0dSAAAANbqc312870189-4 Purpose: Once you have ticked the "I am not a robot" checkbox, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymised form and is also used to make user distinctions. Expiry date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience shows that Google also changes its choice of cookies from time to time.

How Long and Where Is the Data Stored?

By inserting reCAPTCHA, data from you is transferred to the Google server. Where exactly this data is stored is not clearly stated by Google, even after repeated enquiry. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website, or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plugin, the data will be merged. The separate privacy provisions of Google apply for this.

How Can I Delete My Data or Prevent Data Storage?

If you do not want any data about you and your behaviour to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. In principle, as soon as you access our site, data is automatically transmitted to Google. To delete this data again, you must contact Google support at https://support.google.com/?hl=en&tid=312870189.

By using our website, you agree that Google LLC and its representatives automatically collect, process, and use data.

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered safe under current European data protection law. Data may not simply be transferred to, stored in, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

Legal Basis

If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by Google reCAPTCHA, in accordance with Art. 6(1)(a) GDPR (Consent).

On our part, there is also a legitimate interest in using Google reCAPTCHA to optimise our online service and make it more secure. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use Google reCAPTCHA to the extent that you have given consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

You can learn a bit more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. While Google goes into more detail about the technical development of reCAPTCHA here, you will also search in vain for precise information about data storage and data protection-relevant topics. A good overview of the basic use of data at Google can be found in the company's own privacy policy at https://policies.google.com/privacy.

Cloud Services

What Are Cloud Services?

Cloud services provide us as website operators with storage space and computing power over the internet. Data can be transferred to, processed, and stored on an external system via the internet. The management of this data is handled by the respective cloud provider. Depending on requirements, an individual or a company can choose the storage space size or computing power. Cloud storage is accessed via an API or via storage protocols. API stands for Application Programming Interface, meaning a programming interface that connects software with hardware components.

Why Do We Use Cloud Services?

We use cloud services for several reasons. A cloud service offers us the possibility to store our data securely. In addition, we have access to the data from different locations and devices, which gives us more flexibility and facilitates our work processes. Cloud storage also saves us costs because we do not have to set up and manage our own infrastructure for data storage and data security. By centrally storing our data in the cloud, we can also expand our areas of application and manage our information significantly better.

As website operators or as a company, we primarily use cloud services for our own purposes. For example, we use the services to manage our calendar, to store documents or other important information in the cloud. However, personal data from you may also be stored. This is the case, for example, when you provide us with your contact details (such as name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you may also be stored and processed on external servers. When we offer certain forms or content from cloud services on our website, cookies may also be set for web analytics and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that you find your familiar web environment when you next visit our website.

What Data Is Processed by Cloud Services?

Many of the data we store in the cloud are not personally identifiable; however, some data counts as personal data under the GDPR definition. This frequently involves customer data such as name, address, IP address, or telephone number, or technical device information. Videos, images, and audio files may also be stored in the cloud. How the data is collected and stored exactly depends on the respective service. We try to only use services that handle data very reliably and professionally. In principle, services such as Amazon Drive have access to the stored files to be able to offer their own service accordingly. However, the services require permissions for this, such as the right to copy files for security reasons. This data is processed and managed in the context of services and in compliance with applicable laws. This includes the GDPR for US providers as well (via Standard Contractual Clauses). In some cases, these cloud services also work with third-party providers who may process data under instruction and in accordance with privacy policies and other security measures. We would like to emphasise once again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) obtain the right to access stored content in order to offer and optimise their own service accordingly.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information. In general, cloud services store data until you or we revoke data storage or delete the data. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. However, a final data deletion from the cloud may take several months. This is because the data is usually not stored on just one server but distributed across different servers.

Right to Object

You also have the right and the ability to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of revocation here. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. We also recommend our general privacy policy on cookies. To find out which data is stored and processed exactly, you should read the privacy policies of the respective cloud providers.

Legal Basis

We primarily use cloud services on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in a good security and storage system.

Certain processing operations, in particular the use of cookies and the use of storage functions, require your consent. If you have consented to data being processed and stored by cloud services, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools can be found - if available - in the following sections.

Google Cloud Privacy Policy

We use Google Cloud for our website, an online storage service for files, photos, and videos. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Google holds a contract for order processing in accordance with Art. 28 GDPR, which serves as the data protection legal basis for our customer relationship with Google. This refers in content to the EU Standard Contractual Clauses. You can find the order processing terms here: https://business.safety.google/intl/en/adsprocessorterms/

More about the data processed through the use of Google Cloud can be found in the Privacy Policy at https://policies.google.com/privacy?hl=en.

Audio & Video Introduction

What Are Audio and Video Elements?

We have embedded audio and video elements on our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is generally free, but paid content may also be published. With the help of these embedded elements, you can listen to or view the respective content via our website.

When you use audio or video elements on our website, personal data from you may also be transmitted to, processed, and stored by the service providers.

Why Do We Use Audio & Video Elements on Our Website?

Of course, we want to offer you the best offering on our website. And we are aware that content is no longer conveyed merely through text and static images. Instead of just giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and ideally both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What Data Is Stored by Audio & Video Elements?

When you access a page on our website that has, for example, an embedded video, your server connects to the server of the service provider. Data from you is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked, or which website you use the service from. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymised data is usually stored in cookies in your browser. You can always find out which data is stored and processed exactly in the privacy policy of the respective provider.

Duration of Data Processing

How long the data is stored exactly on the servers of the third-party providers can be found either below in the privacy text of the respective tool or in the provider's privacy policy. In principle, personal data is always only processed for as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. In most cases, you can assume that certain data is stored on the servers of third-party providers for several years. Data can be stored in cookies for different lengths of time. Some cookies are deleted after leaving the website; others can be stored in your browser for several years.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The legality of processing until revocation remains unaffected.

Since the embedded audio and video functions on our site usually also use cookies, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers, you can find out more about the handling and storage of your data.

Legal Basis

If you have consented to data being processed and stored by embedded audio and video elements, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. We nevertheless only use the embedded audio and video elements to the extent that you have given consent.

YouTube Privacy Policy

What Is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Various data is transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.

In the following, we want to explain to you in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. To display videos on our website, YouTube provides a code snippet that we have built into our site.

Why Do We Use YouTube Videos on Our Website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos must not be missing. With our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, our website is easier to find on the Google search engine through the embedded videos. Even when we run advertising through Google Ads, Google can - thanks to the collected data - really only show these ads to people who are interested in our offerings.

What Data Is Stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually use cookies to associate your interactions on our website with your profile. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Additional data may include contact details, any ratings, sharing content via social media, or adding to your favourites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. But many interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be exhaustive because the user data always depends on the interactions on YouTube.

Name: YSC Value: b9-CV6ojI5Y312870189-1 Purpose: This cookie registers a unique ID to store statistics of the video viewed. Expiry date: after session end

Name: PREF Value: f1=50000000 Purpose: This cookie also registers your unique ID. Google receives statistics via PREF about how you use YouTube videos on our website. Expiry date: after 8 months

Name: GPS Value: 1 Purpose: This cookie registers your unique ID on mobile devices to track the GPS location. Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE Value: 95Chz8bagyU Purpose: This cookie tries to estimate the bandwidth of the user on our web pages (with built-in YouTube video). Expiry date: after 8 months

Additional cookies that are set when you are logged into your YouTube account:

Name: APISID Value: zILlvClZSkqGsSwI/AU1aZI6HY7312870189- Purpose: This cookie is used to create a profile of your interests. The data is used for personalised advertisements. Expiry date: after 2 years

Name: CONSENT Value: YES+AT.en+20150628-20-0 Purpose: The cookie stores the consent status of a user for the use of various Google services. CONSENT also serves security purposes, to verify users and protect user data from unauthorised attacks. Expiry date: after 19 years

Name: HSID Value: AcRwpgUik9Dveht0I Purpose: This cookie is used to create a profile of your interests. This data helps display personalised advertising. Expiry date: after 2 years

Name: LOGIN_INFO Value: AFmmF2swRQIhALl6aL... Purpose: Information about your login data is stored in this cookie. Expiry date: after 2 years

Name: SAPISID Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests. Expiry date: after 2 years

Name: SID Value: oQfNKjAsI312870189- Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form. Expiry date: after 2 years

Name: SIDCC Value: AN0-TYuqub2JOcDTyL Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site. Expiry date: after 3 months

How Long and Where Is the Data Stored?

The data that YouTube receives and processes from you is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=en you can see exactly where the Google data centres are located. Your data is distributed across the servers. This means the data is more quickly retrievable and better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time, and still others are stored by Google for a longer period. Some data (such as items from "My Activity", photos or documents, products) stored in your Google account remain stored until you delete them. Even if you are not logged into a Google account, you can delete some data linked to your device, browser, or app.

How Can I Delete My Data or Prevent Data Storage?

In principle, you can manually delete data in your Google account. With the automatic deletion function for location and activity data introduced in 2019, information is stored and then deleted depending on your decision - either 3 or 18 months.

Regardless of whether you have a Google account or not, you can configure your browser to delete or deactivate cookies from Google. Depending on which browser you use, this works in different ways. Under the "Cookies" section, you will find the corresponding links to the instructions for the most well-known browsers.

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether you allow it or not.

Legal Basis

If you have consented to data being processed and stored by embedded YouTube elements, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. We nevertheless only use the embedded YouTube elements to the extent that you have given consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

YouTube or Google also processes your data in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to learn more about the handling of your data, we recommend the privacy policy at https://policies.google.com/privacy?hl=en.

Web Design Introduction

What Is Web Design?

We use various tools on our website that serve our web design. Web design is not, as often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right look of a website is also one of the great goals of professional web design. Web design is a sub-area of media design and deals with both the visual as well as the structural and functional design of a website. The goal is to improve your experience on our website with the help of web design. In web design jargon, this is referred to as User Experience (UX) and Usability. User Experience refers to all impressions and experiences that a website visitor has on a website. A sub-point of User Experience is Usability. This is about the user-friendliness of a website. The focus here is on ensuring that content, sub-pages, or products are clearly structured and that you can find what you are looking for easily and quickly. To offer you the best possible experience on our website, we also use so-called web design tools from third-party providers. Under the category "Web Design" in this privacy policy, all services that improve our website from a design perspective fall. These can be, for example, fonts, various plugins, or other embedded web design functions.

Why Do We Use Web Design Tools?

How you absorb information on a website depends heavily on the structure, functionality, and visual perception of the website. That is why a good and professional web design has also become increasingly important for us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic benefits for us. After all, you will only visit us and use our offerings if you feel completely comfortable.

What Data Is Stored by Web Design Tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. Which data this is exactly depends, of course, heavily on the tools used. Below you can see exactly which tools we use for our website. We recommend reading the respective privacy policy of the tools used for more detailed information on data processing. In most cases, you will find out which data is processed, whether cookies are used, and how long the data is retained. For example, fonts such as Google Fonts also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.

Duration of Data Processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the retention period can range from just one minute to several years. Please inform yourself in this regard. We recommend our general text section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used exactly and which information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only retained for as long as is necessary for the provision of the service. Statutory requirements may also require data to be stored for longer.

Right to Object

You also have the right and the ability to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out functions. You can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. With web design elements (usually fonts), however, there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected on a page visit and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach support at https://support.google.com/?hl=en.

Legal Basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data, as it may occur through collection by web design tools, in accordance with Art. 6(1)(a) GDPR (Consent). On our part, there is also a legitimate interest in improving the web design of our website. After all, we can only offer you a beautiful and professional web offering this way. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use web design tools to the extent that you have given consent. We definitely want to emphasise this here once again.

Information on specific web design tools can be found - if available - in the following sections.

Google Fonts Local Privacy Policy

On our website, we use Google Fonts from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e. on our web server - not on Google's servers. As a result, there is no connection to Google servers and therefore no data transfer or storage.

What Are Google Fonts?

Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, one could use fonts without uploading them to one's own server. However, in order to prevent any information transfer to Google servers, we have downloaded the fonts to our server. In this way, we act in compliance with data protection and do not send any data to Google Fonts.

Online Booking Systems Introduction

What Is an Online Booking System?

So that you can make bookings via our website, we use one or more booking systems. Appointments, for example, can be easily created online. A booking system is a software application embedded in our website that displays available resources (such as free appointments) and through which you can book directly online and usually also pay. You probably already know such booking systems from the hospitality or hotel industry. By now, such systems are used in a wide variety of industries. Booking systems can be used both internally for us and for customers like you, depending on the tool and settings. Personal data from you is usually also collected and stored in the process.

Most of the time, the booking works as follows: You find the booking system on our website, where you can directly book an appointment for a service by clicking and entering your data, and usually also pay right away. It is possible that you can enter various information about yourself via a form. Please be aware that all data you enter can be stored and managed in a database.

Why Do We Use an Online Booking System?

We also see our website in a way as a free service for you. You should receive helpful information and feel completely comfortable on our site. This also includes an online service that makes booking appointments or services as easy as possible for you. Gone are the days when you had to wait for days for a booking confirmation by telephone or email. With an online booking system, you have everything done after a few clicks and can get on with other things. The system also makes it easier for us to manage all bookings and appointments. We therefore consider such a booking system to be absolutely sensible for both you and us.

What Data Is Processed?

Which data is processed exactly, we cannot of course tell you in this general information text about booking systems. This always depends on the tool used and the functions and options it contains. Many booking systems offer a range of additional features in addition to the standard booking function. For example, many systems also have an external online payment system (e.g. from Stripe, Klarna, or PayPal) and a calendar synchronisation function integrated. Accordingly, different data and different amounts of data may be processed depending on the functions. As a rule, data such as IP address, name and contact details, technical information about your device, and the time of a booking are processed. If you also make a payment in the system, bank data such as account number, credit card number, passwords, TANs, etc. are also stored and passed on to the respective payment provider. We recommend that you carefully read the respective privacy policy of the tool used so that you know which data is specifically processed.

Duration of Data Processing

Each booking system stores data for different lengths of time. We therefore cannot yet give any specific information about the duration of data processing here. In principle, however, personal data is always only stored for as long as is absolutely necessary for the provision of the services. Booking systems also generally use cookies that store information for different lengths of time. Some cookies are deleted immediately after leaving the site; others can be stored for several years. In our "Cookies" section, you can find out more. Please also look at the respective privacy policies of the providers. They should explain how long your data is stored in the specific case.

Right to Object

If you have consented to data processing by a booking system, you of course also always have the option and the right to revoke this consent. Please therefore always be aware that you have rights in relation to your personal data and that you can exercise these rights at any time. If you do not want personal data to be processed, then no personal data may be processed. It is as simple as that. The easiest way to revoke data processing is through a cookie consent tool or through other opt-out functions offered. You can also manage data storage by cookies directly in your browser, for example. The legality of data management until your revocation remains unaffected.

Legal Basis

If you have consented to the use of booking systems, the legal basis for the corresponding data processing is this consent. It constitutes the legal basis for the processing of personal data, as it may occur through booking systems, in accordance with Art. 6(1)(a) GDPR (Consent).

Furthermore, we also have a legitimate interest in using booking systems because on the one hand we expand our customer service and on the other hand we optimise our internal booking organisation. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use the tools to the extent that you have given consent. We definitely want to have this stated once again at this point.

Information on specific booking systems can be found - if available - in the following sections.

Calendly Privacy Policy

We also use the online booking system Calendly. The service provider is the American company Calendly Inc., 115 E. Main St., Ste A1B, Buford, GA 30518, USA.

Calendly also processes your data in the USA, among other places. Calendly is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Calendly uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template provisions provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Calendly undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

More information about the Standard Contractual Clauses at Calendly can be found in the data processing terms at https://calendly.com/dpa.

We hope we have been able to provide you with the most important information about data processing by Calendly. More about the data processed through the use of Calendly can be found in the privacy policy at https://calendly.com/privacy.

Miscellaneous Introduction

What Falls Under "Miscellaneous"?

The "Miscellaneous" category covers those services that do not fit into any of the above-mentioned categories. These are generally various plugins and embedded elements that improve our website. As a rule, these functions are sourced from third-party providers and embedded in our website. For example, these include web search services such as Algolia Place, Giphy, Programmable Search Engine, or online services for weather data such as OpenWeather.

Why Do We Use Other Third-Party Providers?

We want to offer you the best web offering in our industry with our website. A website has long ceased to be merely a business card for companies. Rather, it is a place that should help you find what you are looking for. To constantly make our website even more interesting and helpful for you, we use various third-party services.

What Data Is Processed?

Whenever elements are embedded in our website, your IP address is transmitted to the respective provider, stored, and processed there. This is necessary because otherwise the content cannot be sent to your browser and consequently cannot be displayed accordingly. It may also happen that service providers use pixel tags or web beacons. These are small graphics on websites that record a log file and can also create analyses of this file. With the information obtained, the providers can improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you access which page) can also be stored in cookies. In addition to analytics data about your web behaviour, technical information such as your browser type or operating system can also be stored. Some providers may also link the obtained data with other internal services or with third-party providers. Each provider handles your data differently. We therefore recommend that you carefully read the privacy policies of the respective services. We are fundamentally committed to only using services that handle the topic of data protection very carefully.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Legal Basis

If we ask for your consent and you also consent to our using the service, this constitutes the legal basis for the processing of your data (Art. 6(1)(a) GDPR). In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offering technically and economically. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We nevertheless only use the tools to the extent that you have given consent.

Information on the specific tools can be found - if available - in the following sections.

DATEV Privacy Policy

We use the accounting software DATEV for our website. The service provider is the German company DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany.

More about the data processed through the use of DATEV can be found in the privacy policy at https://www.datev.de/web/de/m/ueber-datev/datenschutz/.

Closing Remarks

Congratulations! If you are reading these lines, you have truly "fought" your way through our entire privacy policy, or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data anything but lightly. It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we do not only want to tell you which data is processed, but also to explain the reasons for the use of various software programmes. As a rule, privacy policies sound very technical and legalistic. Since most of you are neither web developers nor lawyers, we also wanted to take a different approach linguistically and explain the matter in simple and clear language. Of course, this is not always possible due to the subject matter. The most important terms are therefore explained in more detail at the end of the privacy policy. If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to welcome you to our website again soon.

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator by AdSimple