We have crafted this privacy policy (version 05.03.2023-112435071) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, the personal data (referred to as “data”) that we, as data controllers, and our commissioned data processors (e.g., providers) process, will process in the future, and the legal options available to you. The terms used are to be understood in a gender-neutral manner.

In essence, we provide comprehensive information about the data we process about you.

Privacy policies typically sound very technical and use legal terminology. However, this privacy policy aims to describe the most important aspects to you in a simple and transparent manner. Where beneficial for transparency, technical terms are explained in reader-friendly language, links to further information are provided, and graphics are used. In this way, we communicate in clear and straightforward language that we only process personal data within the scope of our business activities when there is a corresponding legal basis. This is not achievable if one provides overly concise, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps you will discover some information that you were not previously aware of.

If questions persist, we kindly ask you to contact the responsible party mentioned below or in the imprint, follow the provided links, and seek additional information on third-party sites. Our contact details are, of course, also available in the imprint.

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

1. All online presences (websites, online shops) that we operate.
2. Social media presences and email communication.
3. Mobile apps for smartphones and other devices.

In short, the privacy policy applies to all areas where personal data is systematically processed within the company through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

In the following privacy policy, we provide you with transparent information regarding the legal principles and regulations, namely the legal bases of the General Data Protection Regulation, that allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only when at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we enter into a purchase agreement with you, we need personal information beforehand.
3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.
4. Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not infringe upon your fundamental rights, we reserve the right to process personal data. For instance, we may need to process certain data to operate our website securely and economically efficiently. This processing constitutes a legitimate interest.

Other conditions such as the exercise of tasks carried out in the public interest or in the exercise of official authority, as well as the protection of vital interests, typically do not apply to us. If such a legal basis should be relevant, it will be indicated at the respective point.

In addition to the EU regulation, national laws also apply:

1. In Austria, this is the Federal Act concerning the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
2. In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If additional regional or national laws come into play, we will inform you in the following sections.

If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:

A|Q FORENSICS GmbH
Albert Quehenberger
Roith6
5145 Neukirchen an der Enknach

Email: office@aq-forensics.com
Phone: +43 676513574 8
Imprint: https://www.aq-forensics.com/en/legal-notice/

Below, you will find the contact details of the Data Protection Officer:

A|Q FORENSICS GmbH
Albert Quehenberger
Roith6
5145 Neukirchen an der Enknach

Email: office@aq-forensics.com
Phone: +43 676513574 8

The general criterion for us is that we only store personal data for as long as it is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the purpose for data processing no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, such as for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.

We will inform you below about the specific duration of each data processing, provided we have further information on this matter.

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to ensure fair and transparent data processing:

1. According to Article 15 of the GDPR, you have the right to know whether we process data about you. If so, you have the right to receive a copy of the data and obtain the following information:
   1. The purpose of the processing.
   2. The categories or types of data being processed.
   3. Recipients of the data, and if the data is transferred to third countries, how security is guaranteed.
   4. The duration of data storage.
   5. The right to correction, deletion, or restriction of processing, and the right to object to processing.
   6. The right to file a complaint with a supervisory authority (links to these authorities can be found below).
   7. The origin of the data if not collected from you.
   8. Whether profiling is conducted, meaning whether data is automatically evaluated to create a personal profile of you.

2. According to Article 16 of the GDPR, you have the right to correct data if errors are found.

3. According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), meaning you can request the deletion of your data.

4. According to Article 18 of the GDPR, you have the right to restrict processing, meaning we may only store the data but not further use it.

5. According to Article 20 of the GDPR, you have the right to data portability, meaning we must provide your data in a common format upon request.

6. According to Article 21 of the GDPR, you have the right to object, which, when enforced, leads to a change in processing.
   • If data processing is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to processing. We will then promptly assess whether we can legally comply with this objection.
   • If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing.
   • If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling.

7. According to Article 22 of the GDPR, you may, under certain circumstances, have the right not to be subject to a decision based solely on automated processing (e.g., profiling).

8. According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the supervisory authority at any time if you believe that the processing of personal data violates the GDPR.

In summary: You have rights – do not hesitate to contact the responsible entity listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority Head: Mag. Dr. Andrea Jelinek Address: Barichgasse 40-42, 1030 Vienna Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at/

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection by design and by default,” meaning that security is always considered for both software (e.g., forms) and hardware (e.g., access to the server room), with appropriate measures tailored to specific needs.

TLS, encryption, and HTTPS may sound very technical, and indeed they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.

This means that the entire transmission of data from your browser to our web server is secure—no one can “listen in.”

We have thus introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.

You can recognize the use of this data transmission security by the small padlock symbol at the top left of the browser, to the left of the web address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our internet address.

If you would like to learn more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to additional information.

When you contact us and communicate with us via telephone, email, or online forms, personal data may be processed. The data is processed for the handling and processing of your inquiry and the related business transaction. The data is stored for as long as necessary or as long as the law requires.

Affected Persons

All individuals who seek contact with us through the communication channels we provide are affected.

Telephone

When you call us, call data is pseudonymized and stored on the respective end device and at the telecommunication provider used. Additionally, data such as name and phone number may be sent by email and stored for inquiry response. The data is deleted as soon as the business case is concluded and legal requirements permit.

Email

When you communicate with us via email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and stored on the email server. The data is deleted as soon as the business case is concluded and legal requirements permit.

Online Forms

When you communicate with us via online forms, data is stored on our web server and may be forwarded to an email address from us. The data is deleted as soon as the business case is concluded and legal requirements permit.

Legal Basis

The processing of data is based on the following legal bases: 1. Art. 6(1)(a) GDPR (Consent): You give us consent to store and use your data for business case-related purposes; 2. Art. 6(1)(b) GDPR (Contract): There is a necessity for the fulfillment of a contract with you or a data processor, such as the telephone provider, or we need to process data for pre-contractual activities, such as preparing an offer; 3. Art. 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional manner. Certain technical facilities, such as email programs, exchange servers, and mobile network operators, are necessary to efficiently conduct communication.

In this section, we would like to explain what a Processing Agreement (Auftragsverarbeitungsvertrag) is and why it is necessary. Because the term “Auftragsverarbeitungsvertrag” is quite a tongue twister, we will often use the acronym AVP in this text. Like most companies, we do not operate alone but also avail services from other companies or individuals. By involving various companies or service providers, it may be necessary for us to share personal data for processing. These partners then act as processors, with whom we enter into a contract known as the Processing Agreement (AVP). Most importantly for you to know is that the processing of your personal data is done exclusively according to our instructions and must be regulated by the AVP.

Who are Processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the responsible party, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, agency, or other body that processes personal data on our behalf is considered a processor. Processors can be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

1. Data Subject (You as the customer or interested party) →
2. Controller (We as the company and client) →
3. Processor (Service providers such as web hosts or cloud providers)

Content of a Processing Agreement

As mentioned above, we have entered into a Processing Agreement (AVP) with our partners who act as processors. It is stipulated in the agreement, first and foremost, that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context, electronic contract conclusion is also considered “written.” The processing of personal data is carried out based on the contract. The following must be included in the contract:

1. Binding to us as the Controller
2. Duties and rights of the Controller
3. Categories of data subjects
4. Type of personal data
5. Nature and purpose of data processing
6. Subject and duration of data processing
7. Location of data processing

Furthermore, the contract contains all the duties of the processor. The most important duties include:

– Ensuring measures for data security

– Taking possible technical and organizational measures to protect the rights of the data subject

– Maintaining a data processing register

– Cooperating with the data protection supervisory authority upon request

– Conducting a risk analysis regarding the processed personal data

– Sub-processors may only be engaged with the written approval of the Controller

To see what such a Processing Agreement looks like, you can refer to https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, where a sample contract for processing is presented.

Cookies Summary

👥 Data Subjects: Website Visitors

🤝 Purpose: Dependent on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie.

📓 Processed Data: Dependent on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie.

📅 Storage Duration: Dependent on the respective cookie, ranging from hours to years

⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. In the following, we explain what cookies are and why they are used, so you can better understand the following data protection statement. Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

It cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More precisely, these are HTTP cookies, as there are also other cookies for different application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser like Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be individually evaluated, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

Here’s an example of what cookie data might look like:

Name: _ga

Value: GA1.2.1326744211.152112435071-9

Purpose: Distinguishing website visitors

Expiration Date: after 2 years

Browsers should support the following minimum sizes:

1. At least 4096 bytes per cookie
2. At least 50 cookies per domain
3. At least 3000 cookies in total

What Types of Cookies Are There?

The question of which cookies we use specifically depends on the services used and will be clarified in the following sections of the data protection statement. At this point, we would like to briefly discuss the different types of HTTP cookies.

Four types of cookies can be distinguished:

1. Essential Cookies: Necessary for ensuring basic functions of the website. For example, these cookies are needed if a user puts a product in the shopping cart, continues to other pages, and only later goes to the checkout. These cookies prevent the shopping cart from being deleted even if the user closes their browser window.
2. Functional Cookies: Collect information about user behavior and whether the user receives error messages. These cookies also measure the loading time and behavior of the website in different browsers.
3. Targeted Cookies: Improve user-friendliness. For example, stored locations, font sizes, or form data.
4. Advertising Cookies: Also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Typically, you will be asked which of these types of cookies you want to allow when you first visit a website. And, of course, this decision is also stored in a cookie.

If you want to know more about cookies and don’t shy away

 from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.”

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie.

What Data is Processed?

Cookies are helpful for various tasks. Unfortunately, the data stored in cookies cannot be generalized, but we will inform you about the processed or stored data within the scope of the following data protection statement.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have influence over the storage duration. You can manually delete all cookies at any time through your browser (see also “Right to Object” below). Furthermore, cookies based on consent will be deleted at the latest after revocation of your consent, with the legality of storage remaining unaffected until then.

Right to Object – How Can I Delete Cookies?

Whether and how you want to use cookies is entirely up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block cookies from third-party providers but allow all other cookies.

If you want to find out which cookies have been stored in your browser, change or delete cookie settings, you can find this in your browser settings:

– Chrome: Clear, enable, and manage cookies in Chrome

– Safari: Manage cookies and website data with Safari

– Firefox: Delete cookies to remove data that websites have placed on your computer

– Internet Explorer: Delete and manage cookies

– Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions on Google using the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called “Cookie Guidelines.” It is stipulated therein that storing cookies requires consent (Article 6(1)(a) GDPR) from you. However, within EU countries, there are still very different reactions to these guidelines. In Austria, the implementation of these guidelines is reflected in § 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Guidelines were not implemented as national law. Instead, this directive was largely implemented in § 15(3) of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR) that are mostly of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary.

Where non-essential cookies are used, this only happens with your consent. The legal basis is then Article 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, if the software used uses cookies.

Web Hosting Summary

👥 Data Subjects: Website Visitors

🤝 Purpose: Professional hosting of the website and ensuring operational security

📓 Processed Data: IP address, time of website visit, used browser, and other data. More details can be found below or with the respective web hosting provider.

📅 Storage Duration: Depending on the provider, but usually 2 weeks

⚖️ Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites nowadays, certain information – including personal data – is automatically generated and stored, as is the case with this website. This data should be processed sparingly and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

When you view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser must connect to another computer where the code of the website is stored: the web server. Operating a web server is a complex and labor-intensive task, which is usually taken care of by professional providers, the hosting providers. They offer web hosting and thus ensure reliable and error-free data storage for websites. Quite a lot of technical terms, but please stay with us; it gets even better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during the data transfer to and from the web server, there may be processing of personal data. On the one hand, your computer stores data, and on the other hand, the web server must also store data for some time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and ensuring operational security
2. Maintaining operational and IT security
3. Anonymous analysis of access behavior to improve our offering and, if necessary, for law enforcement or pursuit of claims

What data is processed?

Even as you are currently visiting our website, our web server, which is the computer where this webpage is stored, usually automatically stores data such as:

1. The complete internet address (URL) of the accessed webpage
2. Browser and browser version (e.g., Chrome 87)
3. The operating system used (e.g., Windows 10)
4. The address (URL) of the previously visited page (referrer URL) (e.g., https://www.examplesourcepage.com/howigotthere/)
5. The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
6. Date and time
7. In files, the so-called web server log files

How long is data stored?

Typically, the aforementioned data is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude the possibility that authorities may access this data in the event of unlawful behavior.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not disclose your data without consent!

Legal Basis

The legality of processing personal data in the context of web hosting is based on Art. 6(1)(f) GDPR (Legitimate Interests), as the use of professional hosting with a provider is necessary to present the company on the internet securely and user-friendly, as well as to potentially pursue attacks and claims.

There is typically a contract for order processing between us and the hosting provider in accordance with Art. 28 et seq. GDPR, ensuring compliance with data protection and guaranteeing data security.

World4You Privacy Policy

We use World4You for our website, among other services, as a web hosting provider. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

For more information about the data processed through the use of World4You, please refer to the privacy policy at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html.

Website Builder Systems Privacy Policy Summary

👥 Data Subjects: Website Visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographic location. More details can be found below in this privacy policy and in the provider’s privacy policy.

📅 Storage Duration: Depends on the provider

⚖️ Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(a) GDPR (Consent)

What are Website Builder Systems?

We use a website builder system for our website. Builder systems are special forms of Content Management Systems (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. The use of a builder system can involve the collection, storage, and processing of your personal data. In this privacy text, we provide general information about data processing by builder systems. Further information can be found in the provider’s privacy policies.

Why do we use Website Builder Systems for our website?

The main advantage of a builder system is its user-friendliness. We aim to offer you a clear, simple, and user-friendly website that we can operate and maintain without external support. A builder system now offers many helpful features that we can apply without programming knowledge. This allows us to tailor our web presence to our preferences and provide you with an informative and pleasant experience on our website.

What data is stored by a Builder System?

The exact data stored depends on the specific website builder system used. Each provider processes and collects different data from website visitors. However, in general, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are usually collected. Additionally, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) can be processed. Furthermore, personal data such as contact details like email address, phone number (if provided), IP address, and geographic location data may also be collected and stored. Specific details can be found in the provider’s privacy policy.

How long and where are the data stored?

We will inform you about the duration of data processing in connection with the specific website builder system used, provided we have additional information. Detailed information can be found in the provider’s privacy policy. In general, we process personal data only for as long as it is absolutely necessary for providing our services and products. The provider may store data from you according to its own policies, over which we have no control.

Right to Object

You always have the right to information, correction, and deletion of your personal data. If you have questions, you can also contact the responsible party of the website builder system used. Contact details can be found either in our privacy policy or on the website of the respective provider.

Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on the browser you use, this works in different ways. Please note that this may affect the functioning of some features.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly for you. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the builder system if you have given your consent.

If data processing is not strictly necessary for the operation of the website, the data is processed based on your consent. This particularly applies to tracking activities. The legal basis in this regard is Art. 6(1)(a) GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. If you want more detailed information, you can find further details – if available – in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

We use WordPress.com, a website builder system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress processes data from you, among others, also in the USA. We note that, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, WordPress uses so-called Standard Contractual Clauses (= Art. 46. Abs. 2 und 3 DSGVO). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transmitted and stored in third countries (such as the USA). Through these clauses, WordPress commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms (Data Processing Agreements), which correspond to the Standard Contractual Clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

For more information about the data processed through the use of WordPress.com, please refer to the privacy policy at https://automattic.com/de/privacy/.

Web Analytics Privacy Policy Summary

👥 Data Subjects: Website Visitors

🤝 Purpose: Evaluation of visitor information for the optimization of the web offering.

📓 Processed Data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective Web Analytics Tool used.

📅 Storage Duration: Depends on the Web Analytics Tool used

⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, commonly referred to as Web Analytics or Web Analysis. Data collected by the respective analytics tool provider (also known as a tracking tool) is stored, managed, and processed. Using this data, analyses of user behavior on our website are generated and provided to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. For such test procedures, such as A/B testing, user profiles may be created, and data stored in cookies.

Why do we operate Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we aim to provide the best and most interesting content while ensuring that you feel comfortable on our website. Web analytics tools help us scrutinize the behavior of our website visitors more closely and improve our web offering for both you and us. For instance, we can identify the average age of our visitors, their geographic origin, peak times of website visits, or which content or products are particularly popular. All this information helps us optimize the website to better suit your needs, interests, and preferences.

What data is processed?

The exact data stored depends on the analytics tools used. However, generally, data such as the content viewed on our website, buttons or links clicked, the time a page is accessed, the browser used, the device (PC, tablet, smartphone, etc.) used to visit the website, and, if consented, location data, can be stored by the web analytics tool provider. Additionally, your IP address is stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, IP addresses are usually pseudonymized (rendered unidentifiable and truncated) for the purpose of testing, web analytics, and web optimization. Direct data such as your name, age, address, or email address is not generally stored for these purposes, and if collected, is pseudonymized to prevent identification.

The following example schematically illustrates the functioning of Google Analytics as an example of client-based web tracking with JavaScript code.

The duration of data storage depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while others can retain data for several years.

Duration of Data Processing

We will provide information on the duration of data processing below if we have further details. In general, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. If legally required, such as in the case of accounting, this storage period may be exceeded.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies or third parties at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent the data collection by cookies by managing, disabling, or deleting cookies in your browser. Please note that this may affect the functionality of some features.

Legal Basis

The use of web analytics requires your consent, which we obtained through our cookie popup. According to Art. 6(1)(a) GDPR (Consent), this consent is the legal basis for the processing of personal data that may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. Through web analytics, we can identify website errors, detect attacks, and enhance efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools with the consent you have provided.

As web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To find out exactly which data is stored and processed by you, you should read the privacy policies of the respective tools.

Information about specific web analytics tools is provided in the following sections, if available.

We use Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. For the European region, the responsible entity is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook processes data from you, including in the United States. We would like to inform you that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, Facebook uses the so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Facebook’s data processing terms, which correspond to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

For more information about the data processed through the use of Facebook Conversions API, please refer to the Privacy Policy at https://www.facebook.com/about/privacy

Google Analytics Privacy Policy Summary

👥 Affected individuals: Website visitors

🤝 Purpose: Evaluation of visitor information to optimize the web offering.

📓 Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy.

📅 Storage duration: depends on the properties used

⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Google Analytics?

We use the Google Analytics (GA) analysis tracking tool on our website, provided by the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your preferences. Below, we provide more details about the tracking tool and information on what data is stored and how you can prevent it.

Google Analytics is a tracking tool used for traffic analysis on our website. To make Google Analytics work, a tracking code is embedded in the code of our website. When you visit our website, this code records various actions you perform on our site. Once you leave our website, this data is sent to and stored on Google Analytics servers.

Google processes the data, and we receive reports on your user behavior. These reports may include, among others:

1. Audience Reports: These help us better understand our users and know more about those interested in our service.
2. Advertising Reports: Advertising reports make it easier for us to analyze and improve online advertising.
3. Acquisition Reports: These provide valuable information on how we can engage more people with our service.
4. Behavior Reports: Here, we learn how you interact with our website. We can track the path you take on our site and which links you click.
5. Conversion Reports: A conversion refers to an action you take due to a marketing message, such as becoming a buyer or newsletter subscriber. These reports help us understand how our marketing efforts resonate with you, aiming to increase our conversion rate.
6. Real-Time Reports: These reports provide immediate insights into what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site to be more easily found by interested people on Google. On the other hand, the data helps us understand you as a visitor better. This way, we know exactly what we need to improve on our website to offer you the best possible service. The data also helps us carry out our advertising and marketing activities more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics creates a random, unique ID with the help of a tracking code, which is associated with your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This is essential for evaluating pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the default is Google Analytics 4-Property. Alternatively, you can also create a Universal Analytics property. Depending on the property used, data is stored for different durations.

Your interactions on our website are measured through identifiers such as cookies and app instance IDs. Interactions include all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics may be linked to third-party cookies. Google does not disclose Google Analytics data unless approved by us as website operators. Exceptions may occur if it is legally required.

The following cookies are used by Google Analytics:

– Name: _ga

  Value: 2.1326744211.152112435071-5

  Purpose: analytics.js uses the _ga cookie by default to store the user ID. It is used to distinguish website visitors.

  Expiry: after 2 years

– Name: _gid

  Value: 2.1687193234.152112435071-1

  Purpose: This cookie also serves to distinguish website visitors.

  Expiry: after 24 hours

– Name: _gat_gtag_UA_<property-id>

  Value: 1

  Purpose: Used to lower the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.

  Expiry: after 1 minute

– Name: AMP_TOKEN

  Value: no information

  Purpose: The cookie has a token that can be used to obtain a user ID from the AMP Client ID service. Other possible values indicate logging out, a request, or an error.

  Expiry: after 30 seconds to one year

– Name: __utma

  Value: 1564498958.1564498958.1564498958.1

  Purpose: This cookie allows tracking your behavior on the website and measuring performance. The cookie is updated every time information is sent to Google Analytics.

  Expiry: after 2 years

– Name: __utmt

  Value: 1

  Purpose: The cookie is used, like _gat_gtag_UA_<property-id>, to throttle the request rate.

  Expiry: after 10 minutes

– Name: __utmb

  Value: 3.10.1564498958

  Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.

  Expiry: after 30 minutes

– Name: __utmc

  Value: 167421564

  Purpose: This cookie is used to determine new sessions for returning visitors. It is a session cookie and is only stored until you close the browser.

  Expiry: after closing the browser

– Name: __utmz

  Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/

  Purpose: The cookie is used to identify the source of visitor traffic to our website. That means the cookie stores where you came from to our website. This could have been another page or an advertising campaign.

  Expiry: after 6 months

– Name: __utmv

  Value: no information

  Purpose: The cookie is used to store custom user data. It is always updated when information is sent to Google Analytics.

  Expiry: after 2 years

Note: This list cannot claim to be complete, as Google may change the selection of cookies.

Here is an overview of the key data collected by Google Analytics:

– Heatmaps: Google creates so-called heatmaps. Heatmaps show the exact areas you click on. This provides us with information about where you are “active” on our site.

– Session duration: Google refers to the time you spend on our site without leaving as session duration. If you have been inactive for 20 minutes, the session automatically ends.

– Bounce rate: A bounce occurs when you view only one page on our website and then leave.

– Account creation: If you create an account or place an order on our website, Google Analytics collects this data.

– IP address: The IP address is displayed in abbreviated form so that no unique assignment is possible.

– Location: The IP address can determine the country and approximate location. This process is also called IP geolocation.

– Technical information: Technical information includes, among other things, your browser type, internet provider, or screen resolution.

– Source of origin: Google Analytics, or we, are interested in where you came from to our site, whether through another website or advertising.

Other data includes contact details, reviews, media playback (e.g., if you play a video on our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and serves only as a general orientation of data storage by Google Analytics.

How long and where are the data stored?

Google has servers distributed worldwide, with most servers located in America, and your data is primarily stored on American servers. You can read exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical media. This has the advantage that the data is more quickly accessible and better protected against manipulation. Each Google data center has corresponding emergency programs for your data. For example, if Google hardware fails or natural disasters disable servers, the risk of service interruption at Google remains low.

The storage period of the data depends on the properties used. When using the newer Google Analytics 4-Properties, the storage duration of your user data is fixed at 14 months. For other so-called event data, we have the option to choose a storage duration of 2 months or 14 months.

For Universal Analytics properties, a standard storage period of 26 months is set for your user data at Google Analytics. After that, your user data will be deleted. However, we have the option to choose the storage duration of usage data ourselves. We have five options available:

1. Deletion after 14 months
2. Deletion after 26 months
3. Deletion after 38 months
4. Deletion after 50 months
5. No automatic deletion

Additionally, there is also the option that data is only deleted when you no longer visit our website within the time frame we choose. In this case, the storage duration is reset each time you visit our website within the defined period.

Once the set period has elapsed, the data is deleted once a month. This storage period applies to your data linked to cookies, user identification, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How can I delete my data or prevent data storage?

According to the data protection law of the European Union, you have the right to obtain information about your data, update, delete, or restrict it. By using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you generally want to disable, delete, or manage cookies, you can find the corresponding links to the instructions for the most common browsers under the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we obtained through our cookie popup. This consent provides the legal basis for the processing of personal data, as may occur with the collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (Consent).

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of Google Analytics, we identify website errors, can identify attacks, and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google Analytics if you have given consent.

Google processes data from you, among other places, in the USA. We would like to inform you that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, Google uses the so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we could provide you with the most important information about the data processing of Google Analytics. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. You can find details about what a DPA entails and its essential components in our general section on “Data Processing Agreement (DPA).”

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us according to our instructions and must comply with the GDPR. The link to the Data Processing Terms can be found at https://business.safety.google/intl/de/adsprocessorterms/

Google Analytics Reports on Demographics and Interests

We have activated the advertising reporting features in Google Analytics. The reports on demographics and interests include information on age, gender, and interests. This allows us to gain a better understanding of our users without being able to attribute this data to individual persons. Learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can end the use of activities and information from your Google account under “Ad Settings” at https://adssettings.google.com/authenticated by checking the checkbox.

Google Analytics in Consent Mode

Depending on your consent, personal data about you is processed by Google Analytics in the so-called Consent Mode. You can choose whether to consent to Google Analytics cookies or not, thereby determining which data Google Analytics is allowed to process. The collected data is primarily used to conduct measurements on user behavior on the website, display targeted advertising, and provide us with web analytics reports. Typically, you provide consent for data processing through a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be attributed to individual users, and no user profile of you is created. You can also consent only to statistical measurement, where no personal data is processed and consequently not used for advertisements or advertising success.

Google Analytics IP Anonymization

We have implemented IP address anonymization by Google Analytics on this website. This function was developed by Google to ensure compliance with applicable data protection regulations and recommendations of local data protection authorities, especially when they prohibit the storage of complete IP addresses. Anonymization or masking of the IP occurs as soon as the IP addresses enter the Google Analytics data collection network and before any storage or processing of the data takes place.

For more information on IP anonymization, visit https://support.google.com/analytics/answer/2763052?hl=de.

Google Optimize Privacy Policy

We use Google Optimize, a website optimization tool, on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. We would like to inform you that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, Google uses the so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Learn more about the data processed through the use of Google Optimize in the Privacy Policy at https://policies.google.com/privacy?hl=de.

👥 Concerned parties: Website visitors

🤝 Purpose: Evaluation of visitor information for website optimization.

📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below and in Google Analytics’ privacy policy.

📅 Storage duration: Dependent on the properties used

⚖️ Legal basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate interests)

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics directly in our WordPress dashboard, derived from various Google products such as Google Analytics. The tool, or the tools integrated into Google Site Kit, also collect personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other privacy texts are relevant in this context.

Google Site Kit is a plugin for the WordPress Content Management System. With this plugin, we can view important website analysis statistics directly in our dashboard. These statistics are collected by other Google products, primarily Google Analytics. In addition to Google Analytics, Google Search Console, Page Speed Insight, Google AdSense, Google Optimize, and Google Tag Manager can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our responsibility to provide you with the best possible experience on our website. You should feel comfortable on our website and quickly and easily find what you are looking for. Statistical evaluations help us get to know you better and tailor our offering to your wishes and interests. For these evaluations, we use various Google tools. Site Kit makes our work easier in this regard because we can view and analyze the statistics of Google products directly in the dashboard. Therefore, we no longer need to sign in separately for each tool. Site Kit always provides a good overview of the most important analysis data.

What data does Google Site Kit store?

If you have actively consented to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics set cookies and send data from you, such as your user behavior, to Google, where it is stored and processed. This includes personal data such as your IP address.

For more information on the individual services, we have separate sections in this privacy policy. For example, please refer to our privacy policy for Google Analytics, where we provide detailed information on the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how to prevent data storage. We also have separate privacy policies for other Google services, such as Google Tag Manager or Google AdSense, with comprehensive information.

Below, we show you exemplary Google Analytics cookies that may be set in your browser if you have generally consented to data processing by Google. Please note that these cookies are only a selection:

Name: _ga

Value: 2.1326744211.152112435071-2

Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.

Expiration date: after 2 years

Name: _gid

Value: 2.1687193234.152112435071-7

Purpose: This cookie also serves to distinguish website visitors.

Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>

Value: 1

Purpose: This cookie is used to reduce the request rate.

Expiration date: after 1 minute

How long and where are the data stored?

Google stores collected data on its own servers, which are distributed worldwide. Most servers are located in the United States, so it is likely that your data will be stored there. You can see exactly where the company provides servers at https://www.google.com/about/datacenters/locations/?hl=de.

Data collected by Google Analytics is stored for a standardized 26 months. Afterward, your user data is deleted. The retention period applies to all data linked to cookies, user identification, and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to obtain information about your data, have your data deleted, corrected, or restricted. Additionally, you can disable, delete, or manage cookies in your browser at any time.

If you want to generally disable, delete, or manage cookies, you will find the corresponding links to the instructions of the most popular browsers in the “Cookies” section.

Legal basis

The use of Google Site Kit requires your consent, which we obtained through our cookie popup. According to Art. 6 (1) lit. a GDPR (Consent), this consent is the legal basis for processing personal data that may occur during the collection by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of Google Site Kit, we can identify website errors, recognize attacks, and improve efficiency. The legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate interests). However, we only use Google Site Kit to the extent that you have given consent.

Google processes data from you, among other things, in the USA. We would like to inform you that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, Google uses the so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

To learn more about data processing by Google, we recommend reviewing Google’s comprehensive privacy policies at https://policies.google.com/privacy?hl=de.

We use Pinterest Web Analytics, a web analytics program, on our website. The service provider is the American company Pinterest Inc. The company also has an Irish registered office at Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

Pinterest also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

Pinterest uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.

We use TikTok Pixel, a conversion tracking tool for advertisers, on our website. The service provider is the Chinese company TikTok. For the European region, TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) is responsible.

TikTok processes data from you, among other things, in the USA. We would like to inform you that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfer to such countries, TikTok uses the so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, TikTok commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Learn more about the Standard Contractual Clauses and the data processed by TikTok Pixel in the Privacy Policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de or https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Email marketing summary
👥 Data subjects: Newsletter subscribers
🤝 Purpose: Direct marketing by email, notification of system-relevant events
📓 Processed data: Data entered during registration, but at least the e-mail address. You can find more details on this in the email marketing tool used.
📅 Storage period: Duration of the existence of the subscription
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Email Marketing?

To keep you informed, we also utilize the opportunity of email marketing. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a subset of online marketing, involving sending news or general information about a company, products, or services via email to a specific group of people interested in them.

To participate in our email marketing (usually through newsletters), you generally only need to sign up with your email address by filling out an online form. Sometimes, we may also request your title and name to address you personally. The newsletter subscription typically follows the “Double-Opt-In” procedure. After signing up on our website, you receive an email to confirm your newsletter subscription, ensuring the email address belongs to you and preventing unauthorized sign-ups. Each registration is logged, recording the time of registration, confirmation, and your IP address. Changes to your stored data are also logged.

Why do we use Email Marketing?

We want to stay in touch with you and provide essential updates about our company. Email marketing, often referred to as newsletters, is a key component of our online marketing. We strive to send you only relevant and interesting content, allowing you to learn more about our company, services, or products. By subscribing to our newsletter, you will be among the first to know about news, special promotions, or improvements to our offerings. If we engage a professional mailing tool provider for our email marketing, it is to offer you fast and secure newsletters. The purpose of our email marketing is fundamentally to inform you about new offers and contribute to our business goals.

What data is processed?

If you subscribe to our newsletter through our website, you confirm your membership in an email list. In addition to your IP address and email address, your title, name, address, and phone number may be stored if you consent to this data storage. The data marked as such is necessary for you to participate in the offered service. Providing this information is voluntary, but not doing so may prevent you from using the service. Additionally, information about your device or your preferred content on our website may be stored. For more on data storage when visiting a website, refer to the “Automatic Data Storage” section. We record your consent to ensure compliance with legal registration processes. The duration of data processing If you unsubscribe from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests to prove your past consent. Processing this data is allowed only if we need to defend against possible claims. However, if you confirm that you have given us consent to subscribe to the newsletter, you can request individual deletion at any time. If you permanently object to the consent, we reserve the right to store your email address on a blocklist. As long as you voluntarily subscribe to our newsletter, we will, of course, retain your email address.

Right to object

You have the option to unsubscribe from our newsletter at any time by revoking your consent. This usually takes only a few seconds or one or two clicks. Often, you will find a link at the end of each email to terminate the newsletter subscription. If the link is not present in the newsletter, please contact us via email, and we will promptly cancel your newsletter subscription.

Legal basis

Sending our newsletter is based on your consent (Article 6 (1) lit. a GDPR). This means we can send you a newsletter only if you actively signed up for it. If you become our customer and have not objected to the use of your email address for direct marketing, we may also send you advertising messages.

For information on specific email marketing services and how they process personal data, refer to the following sections, if available.

Social Media Introduction

Summary of Social Media Privacy Policy

👥 Data Subjects: Website visitors

🤝 Purpose: Presentation and optimization of our services, communication with visitors, interested parties, etc., advertising

📓 Processed Data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address.

For more details, refer to the respective social media tool used.

📅 Storage Duration: Depends on the social media platforms used

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are active on various social media platforms. In this context, user data may be processed to address users interested in us through social networks. Additionally, elements of a social media platform may be directly embedded in our website. This occurs, for example, when you click on a social button on our website and are redirected to our social media presence. Social media refers to websites and apps where registered members can produce content, exchange content openly or in specific groups, and connect with other members.

Why do we use Social Media?

For years, social media platforms have been the place where people communicate and connect online. Through our social media presence, we can introduce our products and services to interested parties. The social media elements integrated into our website facilitate a quick and uncomplicated transition to our social media content.

The data stored and processed through your use of a social media channel primarily serve the purpose of conducting web analytics. The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can lead to relevant conclusions about your interests and the creation of user profiles. This allows platforms to present you with tailored advertisements. Cookies are often set in your browser for this purpose, storing data about your usage behavior.

We generally assume that we remain responsible for data protection even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us under Article 26 of the GDPR. If this is the case, we explicitly point it out and operate based on a corresponding agreement. The essential details of the agreement are provided later in the affected platform section.

Please note that when using social media platforms or our embedded elements, your data may be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more challenging for you to assert your rights regarding your personal data.

What data is processed?

The specific data stored and processed depend on the respective provider of the social media platform. However, it usually includes data such as phone numbers, email addresses, information entered into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Particularly if you have a profile on the visited social media channel and are logged in, data can be linked to your profile.

All data collected through a social media platform is also stored on the provider’s servers. Therefore, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, carefully read the respective company’s privacy policy. If you have questions about data storage and processing or want to assert corresponding rights, we recommend contacting the provider directly.

Duration of Data Processing

We will inform you below about the duration of data processing if we have additional information. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. Customer data matched with user data is deleted within two days. Generally, we process personal data only as long as it is absolutely necessary for providing our services and products. If, as in the case of accounting, it is legally required, this storage period may be exceeded.

Right to Object

You have the right and the option to revoke your consent to the use of cookies or third parties such as embedded social media elements at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent the collection of data through cookies by managing, disabling, or deleting cookies in your browser.

As cookies may be used in social media tools, we also recommend reading our general cookie privacy policy. To find out exactly what data is stored and processed by these tools, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data, when consent is given, is also stored and processed based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. We only use these tools if you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend reading our privacy text on cookies carefully and reviewing the privacy policy or cookie policies of the respective service provider.

Information about specific social media platforms can be found in the following sections, if available.

Facebook Privacy Policy

Facebook Privacy Policy Summary

👥 Data Subjects: Website visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as customer data, user behavior data, information about your device, and your IP address.

More details can be found below in the privacy policy.

📅 Storage Duration: Until the data is no longer useful for Facebook’s purposes

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Facebook Tools?

We use selected tools from Facebook on our website. Facebook is a social media network owned by Meta Platforms Inc., or for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools enable us to offer the best possible experience to you and individuals interested in our products and services.

If data is collected and forwarded via our embedded Facebook elements or our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for it. Facebook solely bears responsibility for the further processing of this data. Our mutual obligations are also documented in a publicly available agreement at https://www.facebook.com/legal/controller_addendum. This agreement stipulates that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are responsible for ensuring that the tools are securely integrated into our website from a data protection perspective. On the other hand, Facebook is responsible for the data security of Facebook products. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you direct the question to us, we are obligated to forward it to Facebook.

Below, we provide an overview of the various Facebook tools, the data sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools.” That is the official designation by Facebook. However, since the term is not well known, we have chosen to simply call them Facebook Tools. Among them are:

• Facebook Pixel
• Social plugins (such as the “Like” or “Share” button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interfaces)
• SDKs (Software Development Kits)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentation
• Technologies and services

Through these tools, Facebook expands its services and has the ability to receive information about user activities outside of Facebook.

Why do we use Facebook Tools on our website?

We want to show our services and products only to people who are genuinely interested in them. Using advertisements (Facebook Ads), we can reach precisely those individuals. However, for Facebook to display relevant ads to users, it needs information about the desires and needs of people. Therefore, information about user behavior (and contact details) on our website is provided to the company. In this way, Facebook collects better user data and can show interested individuals targeted ads about our products or services. These tools enable customized advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as “event data.” This data is also used for measurement and analytics services. In our behalf, Facebook can create “campaign reports” on the effectiveness of our advertising campaigns. Furthermore, through analyses, we gain a better understanding of how you use our services, website, or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can directly share content on Facebook using social plugins.

What data is stored by Facebook Tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted.

Facebook uses this information to match the data with the information it already has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, a process called “hashing” takes place. This means that an arbitrarily large dataset is transformed into a string of characters. This also serves the purpose of data encryption.

In addition to contact details, “event data” is also transmitted. “Event data” refers to the information we receive about you on our website, such as which subpages you visit or which products you purchase. Facebook does not share the received information with third parties (such as advertisers) unless the company has explicit permission or is legally obligated to do so. “Event data” can also be linked to contact details, allowing Facebook to offer better-personalized advertising. After the mentioned matching process, Facebook deletes the contact details.

To deliver optimized advertisements, Facebook uses event data only when combined with other data (collected by Facebook in other ways). Facebook also uses event data for security, protection, development, and research purposes. Many of these data are transmitted to Facebook through cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, various cookies are created in your browser. In the descriptions of individual Facebook tools, we provide more details on specific Facebook cookies. General information about the use of Facebook cookies is also available at https://www.facebook.com/policies/cookies.

How long and where are the data stored?

In general, Facebook stores data until it is no longer needed for its own services and products. Facebook has servers distributed worldwide where its data is stored. However, customer data is deleted within 48 hours after being matched with user data.

How can I delete my data or prevent data storage?

According to the General Data Protection Regulation (GDPR), you have the right to information, correction, portability, and deletion of your data. Complete deletion of data occurs only if you completely delete your Facebook account. Here’s how you can delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Then click on “Your Facebook Information” in the left column.

3) Now click on “Deactivation and Deletion.”

4) Choose “Delete Account” and then click on “Continue and Delete Account.”

5) Enter your password, click on “Continue,” and then on “Delete Account.”

The storage of data that Facebook receives through our site is done, among other methods, through cookies (e.g., with social plugins). In your browser, you can disable, delete, or manage individual or all cookies. Depending on the browser you use, this works in different ways. In the “Cookies” section, you’ll find the corresponding links to the instructions for the most popular browsers. If you generally do not want cookies, you can configure your browser to inform you every time a cookie is to be set. This way, you can decide for each cookie whether to allow it or not.

Legal Basis

If you have consented to the processing and storage of data through embedded Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tools if you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend reading our privacy text on cookies carefully and reviewing Facebook’s privacy policy or cookie policies.

Facebook processes data from you, among other places, in the United States. We note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the United States. This may entail various risks for the legality and security of data processing.

As the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the United States) or data transfer to such countries, Facebook uses so-called standard contract clauses (= Art. 46 para. 2 and 3 GDPR). Standard contract clauses (Standard Contractual Clauses – SCC) are template contracts provided by the European Commission and are intended to ensure that your data complies with European data protection standards, even when transferred and stored in third countries (such as the United States). Through these clauses, Facebook commits to maintaining the European level of data protection in processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contract clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Facebook data processing terms, which correspond to the standard contract clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend checking the data policies at https://www.facebook.com/about/privacy/update.

Instagram Privacy Policy

Instagram Privacy Policy Summary

👥 Data Subjects: Website visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as user behavior data, information about your device, and your IP address.

More details can be found below in the privacy policy.

📅 Storage Duration: Until Instagram no longer needs the data for its purposes

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?

We have integrated Instagram features on our website. Instagram is a social media platform owned by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook products. Embedding Instagram content on our website is referred to as Embedding. This allows us to display content such as buttons, photos, or videos from Instagram directly on our website. When you visit pages on our web presence that have integrated Instagram functions, data is transmitted, stored, and processed by Instagram. Instagram uses the same systems and technologies as Facebook, and thus, your data is processed across all Facebook companies.

In the following, we want to provide you with a closer look at why Instagram collects data, what data is involved, and how you can largely control data processing. As Instagram belongs to Meta Platforms Inc., we gather information from both Instagram policies and Meta’s privacy policies.

Instagram is one of the most well-known social media networks globally, combining the advantages of a blog with those of audiovisual platforms like YouTube or Vimeo. On “Insta,” as many users colloquially refer to the platform, you can upload photos and short videos, edit them with various filters, and share them on other social networks. If you prefer not to be active yourself, you can also follow interesting users.

Why do we use Instagram on our website?

Instagram has experienced tremendous growth in recent years, becoming a major player in the social media landscape. Naturally, we have responded to this trend. We aim to make you feel as comfortable as possible on our website. Therefore, a diverse presentation of our content is essential to us. Through embedded Instagram features, we can enrich our content with helpful, amusing, or exciting content from the Instagram world. As Instagram is a subsidiary of Facebook, the collected data can also be useful for personalized advertising on Facebook. This ensures that our ads reach only those individuals genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics to gain more insight into your preferences and interests. Importantly, these reports do not personally identify you.

What data is stored by Instagram?

When you encounter one of our pages that has integrated Instagram features (such as Instagram images or plugins), your browser automatically connects to Instagram servers. Data is then transmitted, stored, and processed by Instagram, irrespective of whether you have an Instagram account. This includes information about our website, your computer, purchases made, ads you view, and how you interact with our offering. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores more data about you.

Facebook distinguishes between customer data and event data, and we assume that Instagram follows the same practice. Customer data includes information like name, address, phone number, and IP address. These customer data are transmitted to Instagram only after being “hashed” to encrypt the contact details. Additionally, the aforementioned “event data” is transmitted, referring to data about your user behavior. It is possible that contact data may be combined with event data. The collected contact data is then matched with the data Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies) that are typically set in your browser. Depending on the Instagram features used and whether you have an Instagram account, varying amounts of data are stored.

We assume that data processing at Instagram functions similarly to Facebook. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has likely set at least one cookie. In such cases, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. After a maximum of 90 days (after matching), this data is either deleted or anonymized. Although we have thoroughly examined Instagram’s data processing, we cannot precisely specify the exact data Instagram collects and stores.

Below, we list cookies that are set in your browser at a minimum when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies are set in your browser.

These cookies were used in our test:

Name: csrftoken

Value: “”

Purpose: This cookie is likely set for security reasons to prevent forgery of requests. We could not obtain more precise information.

Expiration date: after one year

Name: mid

Value: “”

Purpose: Instagram sets this cookie to optimize its own services and offerings within and outside of Instagram. The cookie assigns a unique user ID.

Expiration date: after the end of the session

Name: fbsr_112435071124024

Value: no information

Purpose: This cookie stores the login request for users of the Instagram app.

Expiration date: after the end of the session

Name: rur

Value: ATN

Purpose: This is an Instagram cookie ensuring functionality on Instagram.

Expiration date: after the end of the session

Name: urlgen

Value: “{“194.96.75.33″: 1901}:1iEtYv:Y833k2_UjKvXgYe112435071”

Purpose: This cookie serves Instagram’s marketing purposes.

Expiration date: after the end of the session

Note: We cannot claim completeness here. The cookies set in individual cases depend on the embedded features and your use of Instagram.

How long and where are the data stored?

Instagram shares the information received with external partners and with individuals you connect with worldwide, among Facebook companies. Data processing adheres to Instagram’s own data policy. For security reasons, your data is distributed across Facebook servers worldwide. Most of these servers are located in the United States.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction, and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And here’s how to delete your Instagram account:

1. Open the Instagram app.
2. On your profile page, scroll down and click on “Help Center.”
3. Now, you will be directed to the company’s website. Click on “Managing Your Account” on the website and then on “Delete Your Account.” If you completely delete your account, Instagram will delete posts such as your photos and status updates. However, information shared by others about you does not belong to your account and will not be deleted.

As mentioned above, Instagram primarily stores your data through cookies. You can manage, disable, or delete these cookies in your browser. The management process may vary slightly depending on your browser. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

You can also set up your browser to notify you whenever a cookie is set. This way, you can always decide individually whether to allow or deny the cookie.

Legal Basis:

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Generally, your data is also stored and processed based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use embedded social media elements if you have given consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend carefully reading our cookie privacy text and reviewing the privacy policy or cookie policies of the respective service providers.

Instagram or Facebook processes data in the USA. It is important to note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks for the legality and security of data processing.

For data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfers to such countries, Facebook uses EU Commission-approved standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). These clauses obligate Facebook to comply with EU data protection standards in processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other things, here: https://germany.representation.ec.europa.eu/index_de.

We have endeavored to provide you with the most important information about data processing by Instagram. You can delve deeper into Instagram’s data policies at https://help.instagram.com/519522125107875.

Pinterest Privacy Policy Summary:

👥 Data Subjects: Website visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as user behavior data, information about your device, your IP address, and search terms.

More details can be found below in the privacy policy.

📅 Storage Duration: Until Pinterest no longer needs the data for its purposes

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Pinterest?

We use buttons and widgets from the social media network Pinterest on our site, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related aspects.

Pinterest is a social network specializing in visual representations or photographs, derived from the words “pin” and “interest.” Users can exchange information about various hobbies and interests on Pinterest and view profiles with pictures openly or in defined groups.

Why do we use Pinterest?

Pinterest has been around for several years, and it remains one of the most visited and appreciated platforms. Especially for our industry, Pinterest is suitable because the platform is primarily known for beautiful and interesting images. Therefore, we are naturally present on Pinterest and want to showcase our content beyond our website. The collected data can also be used for advertising purposes, allowing us to show ads to people interested in our services or products.

What data does Pinterest process?

Log data can be stored, including information about your browser, IP address, the address of our website, and activities performed on it (e.g., when you click the save or pin button), search histories, date and time of the request, and cookie and device data. When interacting with an embedded Pinterest feature, cookies that store various data may also be set in your browser. Typically, the above-mentioned log data, pre-set language settings, and clickstream data are stored in cookies. Clickstream data for Pinterest refers to information about your website behavior.

If you have a Pinterest account and are logged in, the data collected through our site can be added to your account and used for advertising purposes. When interacting with our embedded Pinterest features, you are usually redirected to the Pinterest page. Here is an exemplary selection of cookies that may be set in your browser.

Name: _auth

Value: 0

Purpose: The cookie is used for authentication. For example, a value like your “username” can be stored in it.

Expiration date: after one year

Name: _pinterest_referrer

Value: 1

Purpose: The cookie stores that you came to Pinterest through our website. So, the URL of our website is stored.

Expiration date: after the end of the session

Name: _pinterest_sess

Value: …9HRHZvVE0rQlUxdG89

Purpose: The cookie is used for logging in to Pinterest and contains user IDs, authentication tokens, and timestamps.

Expiration date: after one year

Name: _routing_id

Value: “8d850ddd-4fb8-499c-961c-77efae9d4065112435071-8”

Purpose: The cookie contains an assigned value used to identify a specific routing destination.

Expiration date: after one day

Name: cm_sub

Value: denied

Purpose: This cookie stores a user ID and timestamp.

Expiration date: after one year

Name: csrftoken

Value: 9e49145c82a93d34fd933b0fd8446165112435071-1

Purpose: This cookie is likely set for security reasons to prevent forgery of requests. We could not obtain more precise information.

Expiration date: after one year

Name: sessionFunnelEventLogged

Value: 1

Purpose: We could not find more detailed information about this cookie.

Expiration date: after one day

How long and where are the data stored?

Pinterest generally stores the collected data until it is no longer needed for the company’s purposes. Once data storage is no longer necessary, either due to meeting legal requirements, the data is deleted or anonymized so that you can no longer be identified as an individual. The data may also be stored on American servers.

Right to Object:

You also have the right and the option to revoke your consent to the use of cookies or third parties such as Pinterest at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used in embedded Pinterest elements, we also recommend reading our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal Basis:

If you have consented to the processing and storage of your data through embedded social media elements, this

 consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Generally, your data is also stored and processed based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tool if you have given consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend carefully reading our cookie privacy text and reviewing the privacy policy or cookie policies of the respective service providers.

Pinterest processes data from you, among others, in the USA. It is important to note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks for the legality and security of data processing.Art. 46. Abs. 2 und 3 DSGVO). Standard Contractual Clauses (SCC) are template agreements provided by the European Commission. They are designed to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through these clauses, Pinterest commits to adhering to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission, and you can find the decision and corresponding standard contractual clauses, among other places, here: [link](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de).

For more information about the standard contractual clauses at Pinterest, you can refer to [Pinterest’s privacy policy](https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea).

We have attempted to provide you with essential information about data processing by Pinterest. You can further explore Pinterest’s data policies at [https://policy.pinterest.com/de/privacy-policy](https://policy.pinterest.com/de/privacy-policy).

Snapchat Privacy Policy:

We also use the instant messaging service Snapchat, provided by the American company Snap Inc., 2772 Donald Douglas Loop N, Santa Monica (HQ), CA, USA. Snap processes data from you, including in the USA. Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries, Snap uses Standard Contractual Clauses (SCC), as provided by the EU Commission (Article 46, paragraphs 2 and 3 GDPR). These clauses ensure that your data complies with European data protection standards even when transferred and stored in third countries like the USA. They are based on an implementing decision by the EU Commission, and you can find the decision and corresponding standard contractual clauses, among other places, here: [link](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de).

For more information about the standard contractual clauses at Snap, you can refer to [Snap’s terms](https://snap.com/en-US/terms/standard-contractual-clauses). Learn more about the data processed through the use of Snapchat in the Privacy Policy at [https://snap.com/de-DE/privacy/privacy-policy](https://snap.com/de-DE/privacy/privacy-policy).

TikTok Privacy Policy:

We also use TikTok, a social media and video platform. The service is provided by the Chinese company Beijing Bytedance Technology Ltd. For the European region, the Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible.

TikTok processes data from you, including in the USA. Similar to other platforms, there is currently no adequate level of protection for data transfers to the USA according to the European Court of Justice, leading to potential risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries, TikTok uses Standard Contractual Clauses (SCC), as provided by the EU Commission (Article 46, paragraphs 2 and 3 GDPR). These clauses ensure that your data complies with European data protection standards even when transferred and stored in third countries like the USA. They are based on an implementing decision by the EU Commission, and you can find the decision and corresponding standard contractual clauses, among other places, here: [link](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de).

For more information about the standard contractual clauses at TikTok and the data processed through the use of TikTok Pixel, you can refer to [TikTok’s Privacy Policy](https://www.tiktok.com/legal/privacy-policy-eea?lang=de) and [https://ads.tiktok.com/i18n/official/policy/controller-to-controller](https://ads.tiktok.com/i18n/official/policy/controller-to-controller).

Twitter Privacy Policy Summary:

👥 Data Subjects: Website visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as user behavior data, information about your device, and your IP address. More details can be found below in the privacy policy.

📅 Storage Duration: Twitter deletes data collected from other websites after a maximum of 30 days.

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Twitter?

We have embedded Twitter features on our website, such as embedded tweets, timelines, buttons, or hashtags. Twitter is a short messaging service and a social media platform operated by Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

To our knowledge, the mere inclusion of Twitter features on subpages does not transfer personal data or data about your web activities to Twitter if you or your browser is in the European Economic Area or Switzerland. Data transmission to Twitter occurs only when you interact with Twitter features, such as clicking on a button. We do not have control over this data processing and bear no responsibility for it. In this privacy policy, we aim to provide an overview of what data Twitter stores, how Twitter uses this data, and how you can largely protect yourself from data transfer.

Twitter serves different purposes for different users, such as a news service, a social media platform, or a microblogging service. All these designations are valid and essentially mean the same thing. Twitter is used by individuals and companies to communicate with interested parties through short messages called “tweets,” limited to 280 characters. Unlike some other platforms, Twitter does not focus on building networks of “friends” but aims to be a global and open news platform. Twitter allows users to have anonymous accounts, and tweets can be deleted by both the company and users themselves.

Why do we use Twitter on our website?

Like many other websites and businesses, we aim to offer our services and communicate with our customers through various channels. Twitter, in particular, has become a useful “small” messaging service for us. We often tweet or retweet exciting, funny, or interesting content. We understand that you may not be able to follow every channel separately, as you have other things to do. Therefore, we have embedded Twitter features on our website to allow you to experience our Twitter activity “on-site” or come directly to our Twitter page through a direct link. The integration aims to strengthen our service and user-friendliness on our website.

What data does Twitter store?

On some of our subpages, you will find embedded Twitter features. When you interact with Twitter content, such as clicking on a button, Twitter can collect and store data, even if you do not have a Twitter account. Twitter refers to this data as “Log Data,” which may include demographic data, browser cookie IDs, your smartphone’s ID, hashed email addresses, information about which pages you visited on Twitter, and actions you took. If you have a Twitter account and are logged in, Twitter may store more data. This storage usually occurs through cookies, small text files placed in your browser that transmit various information to Twitter.

Here is an example of

 cookies used when you visit a website with embedded Twitter features but are not logged into Twitter. Please consider this list as an example, as it may not be exhaustive, and the choice of cookies may vary based on your individual interactions with Twitter content:

– Name: personalization_id

  Value: “v1_cSJIsogU51SeE112435071”

  Purpose: This cookie stores information about how you use the website and how you may have come to Twitter through advertising.

  Expiry: after 2 years

– Name: lang

  Value: de

  Purpose: This cookie stores your pre-set or preferred language.

  Expiry: after the session

– Name: guest_id

  Value: 112435071v1%3A157132626

  Purpose: This cookie is set to identify you as a guest.

  Expiry: after 2 years

– Name: fm

  Value: 0

  Purpose: Unfortunately, we could not determine the purpose of this cookie.

  Expiry: after the session

– Name: external_referer

  Value: 1124350712beTA0sf5lkMrlGt

  Purpose: This cookie collects anonymous data, such as how often you visit Twitter and how long you visit.

  Expiry: after 6 days

– Name: eu_cn

  Value: 1

  Purpose: This cookie stores user activity and serves various advertising purposes for Twitter.

  Expiry: after one year

– Name: ct0

  Value: c1179f07163a365d2ed7aad84c99d966

  Purpose: Unfortunately, we could not find information about the purpose of this cookie.

  Expiry: after 6 hours

– Name: _twitter_sess

  Value: 53D%253D–dd0248112435071-

  Purpose: This cookie allows you to use functions within the Twitter website.

  Expiry: after the session

Please note that Twitter also collaborates with third parties. Therefore, during our test, we identified three Google Analytics cookies: _ga, _gat, _gid.

Twitter uses the collected data to better understand user behavior and improve its services and advertising offers. Additionally, the data serves internal security measures.

How long and where are the data stored?

When Twitter collects data from other websites, it is deleted, summarized, or otherwise obscured after a maximum of 30 days. Twitter’s servers are located in various data centers in the United States. Therefore, it is assumed that the collected data is gathered and stored in America. Based on our research, we could not definitively determine whether Twitter has its own servers in Europe. In principle, Twitter can store the collected data until it is no longer useful to the company, until you delete the data, or until a legal retention period exists.

How can I delete my data or prevent data storage?

Twitter emphasizes in its privacy policies that it does not store data from external website visits when you or your browser is in the European Economic Area or Switzerland. However, if you interact directly with Twitter, Twitter naturally stores data about you.

If you have a Twitter account, you can manage your data by clicking on “More” under the “Profile” button and then selecting “Settings and Privacy.” Here, you can manage data processing individually.

If you do not have a Twitter account, you can go to twitter.com and click on “Personalization.” Under “Customization and Data,” you can manage your collected data.

Most data is stored via cookies, as mentioned above, and you can manage, disable, or delete cookies in your browser. Please note that you can only “edit” cookies in the browser you choose. In other words, if you use a different browser in the future, you will need to manage your cookies there according to your preferences. You can find the corresponding links to the instructions for the most popular browsers under the “Cookies” section.

You can also manage your browser to notify you about each individual cookie, allowing you to decide whether to allow or deny each cookie.

Twitter also uses the data for personalized advertising within and outside of Twitter. In the settings, you can turn off personalized advertising under “Customization and Data.” If you use Twitter on a browser, you can deactivate personalized advertising at [https://optout.aboutads.info/?c=2&lang=EN](https://optout.aboutads.info/?c=2&lang=EN).

Legal Basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed and stored based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only utilize embedded social media elements if you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend carefully reading our cookie privacy text and reviewing the privacy policy or cookie policies of the respective service provider.

Twitter processes data from you, including in the USA. Please be aware that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfers to these countries, Twitter uses Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are designed to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through these clauses, Twitter commits to adhering to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses at Twitter, you can refer to https://gdpr.twitter.com/en/controller-to-controller-transfers.html. We hope to have provided you with a fundamental overview of data processing by Twitter. We do not receive any data from Twitter and bear no responsibility for how Twitter handles your data. If you have further questions on this topic, we recommend consulting the Twitter privacy policy at https://twitter.com/de/privacy.

XING Privacy Policy Summary

👥 Data Subjects: Website visitors

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Your IP address, browser data, date, and time of your page visit may be stored.

More details can be found below in the privacy policy.

📅 Storage Duration: Data of Xing users is stored until deletion is requested.

⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Xing?

We use social plugins of the social media network Xing, operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany, on our website. Through these functions, you can directly share content on Xing, log in via Xing, or follow interesting content on Xing directly through our website. You recognize the plugins by the company name or the Xing logo. When you open a website that uses an Xing plugin, data can be transmitted, stored, and analyzed on the “Xing servers.” In this privacy policy, we want to inform you about the data involved and how you can manage or prevent this data storage.

Xing is a social network headquartered in Hamburg, specializing in managing professional contacts. Unlike other networks, Xing primarily focuses on professional networking. The platform is often used for job searches or finding employees for a company. Additionally, Xing provides interesting content on various professional topics. The global counterpart to Xing is the American company LinkedIn.

Why do we use Xing on our website?

There is a plethora of social media channels, and we are aware that your time is precious. Not every social media channel of a company can be thoroughly examined. Therefore, we aim to make your life as easy as possible, allowing you to directly share or follow interesting content on Xing through our website. With such “social plugins,” we enhance our service on our website. Furthermore, the data collected by Xing helps us to carry out targeted advertising measures on the platform. This means our service is shown only to people genuinely interested.

What data does Xing store?

Xing offers the Share button, Follow button, and Log-in button as plugins for websites. Once you open a page where an Xing social plugin is embedded, your browser connects to servers in a data center used by Xing. According to Xing, no data is stored in connection with the Share button that could directly relate to a person. In particular, Xing does not store your IP address. Furthermore, no cookies are set in connection with the Share button, and thus, no evaluation of your user behavior takes place. More information can be found at https://dev.xing.com/plugins/share_button/privacy_policy

For other Xing plugins, cookies are only set in your browser when you interact with the plugin or click on it. Here, personal data such as your IP address, browser data, date, and time of your page visit can be stored by Xing. If you have an Xing account and are logged in, the collected data is associated with your personal account and the data stored therein.

The following cookies are set in your browser when you click on the Follow or Log-in button and are not yet logged in to Xing. Please note that this list is exemplary, and we cannot claim completeness:

– Name: AMCVS_0894FF2554F733210A4C98C6%40AdobeOrg

  Value: 1

  Purpose: This cookie is used to create and store identifications of website visitors.

  Expiry: after the session

– Name: c_

  Value: 157c609dc9fe7d7ff56064c6de87b019112435071-8

  Purpose: We could not obtain further information about this cookie.

  Expiry: after one day

– Name: prevPage

  Value: wbm%2FWelcome%2Flogin

  Purpose: This cookie stores the URL of the previous website you visited.

  Expiry: after 30 minutes

– Name: s_cc

  Value: true

  Purpose: This Adobe Site Catalyst Cookie determines whether cookies are generally enabled in the browser.

  Expiry: after the session

– Name: s_fid

  Value: 6897CDCD1013221C-39DDACC982217CD1112435071-2

  Purpose: This cookie is used to identify a unique visitor.

  Expiry: after 5 years

– Name: visitor_id

  Value: fe59fbe5-e9c6-4fca-8776-30d0c1a89c32

  Purpose: The visitor cookie contains a unique visitor ID and the unique identifier for your account.

  Expiry: after 2 years

– Name: _session_id

  Value: 533a0a6641df82b46383da06ea0e84e7112435071-2

  Purpose: This cookie creates a temporary

 session ID used as an in-session user ID. The cookie is essential to provide Xing’s functions.

  Expiry: after the session

Once you are logged in or a member of Xing, further personal data is definitively collected, processed, and stored. Xing also shares personal data with third parties if necessary for its own operational purposes, with your consent, or if a legal obligation exists.

How long and where are the data stored?

Xing stores data on various servers in various data centers. The company stores this data until you delete the data or until the deletion of a user account. This applies only to users who are already Xing members.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not an Xing member, you can prevent or manage potential data processing through your browser according to your preferences. Most data is stored via cookies. Depending on your browser, the management process may vary. Under the “Cookies” section, you will find the corresponding links to the instructions for the most popular browsers.

You can also configure your browser to notify you whenever a cookie is set. This way, you can decide individually whether to allow or deny the cookie.

Legal Basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed and stored based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only utilize embedded social media elements if you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend carefully reading our cookie privacy text and reviewing the privacy policy or cookie policies of the respective service provider.

We have tried to provide you with the most important information about data processing by Xing. You can find out more about the data processing of the Xing social media network at https://privacy.xing.com/de/datenschutzerklaerung.

Blogs and Publication Media Privacy Policy Summary

👥 Affected Individuals: Website Visitors

🤝 Purpose: Representation and optimization of our service, communication between website visitors, security measures, and administration

📓 Processed Data: Information such as contact details, IP address, and published content. For more details, refer to the tools used.

📅 Storage Duration: Depends on the tools used

⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(b) GDPR (Contract)

What are Blogs and Publication Media?

On our website, we utilize blogs and other communication tools to interact with you and vice versa. This may involve the storage and processing of your data to ensure proper content representation, functional communication, and increased security. Our privacy policy provides general information about potential data processing, while specific details depend on the tools and functions employed. Detailed information about data processing can be found in the privacy notices of individual providers.

Why do we use Blogs and Publication Media?

Our primary goal is to provide you with interesting and engaging content while valuing your opinions and contributions. To facilitate an interactive exchange between us and you, we employ various blogs and publication opportunities. For instance, you can leave comments on our content, respond to other comments, or in some cases, create your own posts.

What data is processed?

The specific data processed depends on the communication functions we use. Typically, IP addresses, usernames, and published content are stored to ensure security, prevent spam, and address illicit content. Cookies may also be used for data storage, and further details about the collected and stored data can be found in our sections and in the privacy policy of the respective provider.

Duration of Data Processing

Details about the duration of data processing are provided below, whenever available. For example, data from post and comment functions may be stored until you revoke data storage. Generally, personal data is stored only as long as necessary for the provision of our services.

Right to Object

You have the right and the option to revoke your consent for the use of cookies or third-party communication tools at any time. This can be done through our cookie management tool or other opt-out functions. You can also prevent cookie data collection by managing, disabling, or deleting cookies in your browser settings.

As publication media may also use cookies, we recommend reviewing our general cookie privacy policy. To understand which data of yours is stored and processed, please read the privacy policies of the respective tools.

Legal Basis

We primarily use communication tools based on our legitimate interests (Art. 6(1)(f) GDPR) in efficient communication with you, other customers, business partners, and visitors. If the use is related to contractual relationships or their initiation, the legal basis is also Art. 6(1)(b) GDPR.

Certain processes, especially the use of cookies and comment or messaging functions, require your consent. If you have consented to the processing and storage of your data by embedded publication media, this consent serves as the legal basis (Art. 6(1)(a) GDPR). Most communication functions we use employ cookies to store data in your browser, hence we recommend reading our cookie privacy policy carefully and reviewing the privacy policy or cookie policies of the respective service providers.

Information about specific tools, if available, can be found in the following sections.

Online Marketing Privacy Policy Summary

👥 Concerned Individuals: Website Visitors

🤝 Purpose: Evaluation of visitor information to optimize the web offering.

📓 Processed Data: Access statistics, including data such as location of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Also, personal data such as name or email address may be processed. For more details, refer to the respective Online Marketing Tool in use.

📅 Storage Duration: Depends on the Online Marketing Tools used

⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all activities conducted online to achieve marketing goals, such as increasing brand awareness or completing a business transaction. Our online marketing efforts aim to draw attention to our website, employing methods such as online advertising, content marketing, or search engine optimization. To use online marketing efficiently and effectively, personal data is stored and processed. This data helps us show our content to individuals genuinely interested in it and measure the success of our online marketing efforts.

Why do we use Online Marketing Tools?

Our goal is to showcase our website to anyone interested in our offering, recognizing that this is not possible without deliberate measures. Therefore, we engage in online marketing. Various tools make our work on online marketing more manageable and provide improvement suggestions based on data. The purpose of these employed online marketing tools is ultimately the optimization of our offering.

What data is processed?

For our online marketing to function and for the success of the measures to be measured, user profiles are created, and data is stored in, for example, cookies (small text files). With this data, we can not only display advertising in the traditional sense but also present our content on our website in a way that suits your preferences. Third-party tools offering these functions collect and store data from you accordingly. For instance, these cookies may store which pages you visited on our website, how long you viewed these pages, which links or buttons you clicked, or from which website you came to us. Additionally, technical information such as your IP address, browser, device used to visit our website, and the time you accessed and left our website may be stored. If you have consented, we may also store and process your location.

Your IP address is stored in pseudonymized form (i.e., shortened). Unique data directly identifying you as a person, such as name, address, or email address, is also stored in pseudonymized form within the framework of advertising and online marketing procedures. We cannot identify you as an individual; instead, we only have pseudonymized stored information in user profiles.

Cookies may, under certain circumstances, be used, analyzed, and utilized for advertising purposes on other websites employing the same advertising tools. The data may then be stored on the servers of the advertising tools providers.

In exceptional cases, unique data (names, email addresses, etc.) may be stored in user profiles. This occurs, for example, when you are a member of a social media channel used for our online marketing efforts, and the network combines previously acquired data with the user profile.

All advertising tools we use only provide us with aggregated information on their servers and never data that makes you identifiable as an individual. The data merely shows how well-placed advertising measures worked. For example, we can see which measures prompted you or other users to visit our website and acquire a service or product. Based on the analyses, we can improve our advertising offering in the future and tailor it more precisely to the needs and desires of interested individuals.

Duration of Data Processing

Details on the duration of data processing are provided below, if available. Generally, we process personal data only for as long as absolutely necessary to provide our services and products. Data stored in cookies varies in storage duration. Some cookies are deleted after leaving the website, while others may be stored in your browser for several years. In the respective privacy policies of individual providers, you usually receive precise information about the specific cookies the provider uses.

Right to Object

You have the right and the option to revoke your consent for the use of cookies or third-party tools at any time. This can be done through our cookie management tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser settings. The legality of the processing until revocation remains unaffected.

As Online Marketing Tools typically use cookies, we also recommend reading our general privacy policy on cookies. To understand which data of yours is stored and processed, please read the privacy policies of the respective tools.

Legal Basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (Consent), this consent is the legal basis for processing personal data, as may occur during the collection by online marketing tools.

From our side, there is also a legitimate interest in measuring online marketing measures in an anonymized form to optimize our offering and measures based on the data obtained. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given consent.

Information about specific Online Marketing Tools is provided, if available, in the following sections.

Cookie Consent Management Platform Summary

👥 Concerned Individuals: Website Visitors

🤝 Purpose: Gathering and managing consent for specific cookies and the use of certain tools

📓 Processed Data: Data for managing the configured cookie settings, such as IP address, consent timestamp, type of consent, individual consents. For more details, refer to the respective tool in use.

📅 Storage Duration: Depends on the tool used, expecting periods of several years

⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We employ a Consent Management Platform (CMP) software on our website, facilitating proper and secure handling of used scripts and cookies for both you and us. The software automatically generates a cookie popup, scans and controls all scripts and cookies, provides legally required cookie consent for you, and helps us and you keep track of all cookies. Most Cookie Consent Management Tools identify and categorize all existing cookies. As a website visitor, you then decide whether and which scripts and cookies to allow or disallow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a Cookie Management Tool?

Our goal is to provide you with the best possible transparency in terms of data protection, which is also a legal obligation. We want to inform you about all tools and cookies that can store and process data about you. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a Cookie Management Tool that regularly scans the website for all existing cookies, we are informed about all cookies and can provide GDPR-compliant information. Through the consent system, you can then accept or reject cookies.

What data is processed?

Within our Cookie Management Tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The explanation of your consent is stored so that we do not have to ask you for consent with each new visit to our website, and we can provide evidence of your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the Cookie Management Tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent timestamp, detailed information on cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing

Details about the duration of data processing are provided below, if available. Generally, we process personal data only for as long as absolutely necessary to provide our services and products. Data stored in cookies varies in storage duration. Some cookies are deleted after leaving the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, and you can usually find precise information about the duration of data processing in the respective privacy policies of individual providers.

Right to Object

You have the right and the option to revoke your consent for the use of cookies at any time. This can be done through our Cookie Management Tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser settings. The legality of the processing until revocation remains unaffected.

Information about specific Cookie Management Tools

Information about specific Cookie Management Tools is provided, if available, in the following sections.

Legal Basis

If you consent to cookies, personal data about you is processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. To manage the consent for cookies and to enable your consent, a Cookie Consent Management Platform Software is used. The use of this software allows us to operate the website efficiently in compliance with the law, representing a legitimate interest (Article 6(1)(f) GDPR).

Recruiting Tools Privacy Policy Summary

👥 Concerned Individuals: Users who conduct an online application process or use a recruiting tool

🤝 Purpose: Conducting an application process

📓 Processed Data: Data such as name, address, contact details, email address, or phone number. For more details, refer to the respective recruiting tool used.

📅 Storage Duration: In the case of a successful application, until the end of the employment relationship. Otherwise, data will be deleted after the application process.

⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 9 para. 2 lit. a GDPR (processing of special categories)

What are Recruiting Tools?

Various companies offer software programs that can significantly simplify the application process. Most systems provide filter options to search through databases of potential candidates. This allows us to quickly and efficiently find employees who fit our company. Both online forms and recruiting tools transfer, store, and manage your personal data. In this general text, we refer not only to recruiting tools but also to the traditional application process via email or online form. For more detailed information on recruiting tools, refer to the privacy policies of the respective providers.

Why do we use Recruiting Tools?

To search for suitable candidates and administer all application documents, we use software programs and platforms specializing in application management, taking into account all legal guidelines. Recruiting tools generally streamline the application process by automating many administrative tasks and optimizing processes. This enables us to find suitable employees for our company more quickly in some cases.

For the terms of the recruiting processes, please refer to the respective job postings.

What data is processed?

When you apply to us, you need to provide us with your data so that we can assess your application appropriately. The information you provide depends on the job posting or the required details in the online form. Typically, this includes data such as name, address, date of birth, and proof of qualifications necessary for the job. During the application process, not only standard personal data like name or address may be transmitted but also information about your health or ethnic origin may be requested. This is done to exercise rights related to labor law, social security, and social protection, while simultaneously fulfilling corresponding obligations. These data are referred to as special category data.

Through the online form, the data or your application is encrypted and sent to us. Alternatively, you can also send your application to us via email. If you choose this option, the data will be transmitted encrypted but not stored encrypted by the sending and receiving servers.

Duration of Data Processing

The data you provide may be further processed by us in the case of a successful application for an employment relationship. If the application does not meet our expectations, we delete the received data. Even if you withdraw your application, this data will be deleted. If you agree to be included in our applicant pool, we will store the data collected in this context until your exit from the applicant pool. The same rules apply to the exit as for the revocation of your consent.

Right to Object

You always have the right and the option to revoke your consent. To address possible questions regarding the application and fulfill our documentation obligations, the data will be deleted no later than 6 months after receipt. In accordance with tax regulations, we archive invoices for possible travel cost reimbursements.

Legal Basis

If we include you in our applicant pool, this is done based on your consent (Art. 6 para. 1 lit. a GDPR). We would like to point out that your consent to join our applicant pool is voluntary, has no impact on the application process, and you have the option to revoke your consent at any time.

In the case of protecting vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c GDPR. For the purposes of health care, occupational medicine, medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h GDPR. If you voluntarily provide data of special categories, processing is based on Art. 9 para. 2 lit. a GDPR.

Information on specific recruiting tools is available, if applicable, in the following sections.

Facebook Jobs Privacy Policy

We use the job management tool Facebook Jobs. The service provider is the American company Meta Platforms Inc. For the European region, the responsible company is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook processes your data, among other things, in the United States. We would like to inform you that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the United States. This may be associated with various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the United States) or for data transfer to them, Facebook uses the so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are model templates provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when transferred and stored in third countries (such as the United States). Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Facebook data processing terms, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing

Learn more about the data processed through the use of Facebook in the privacy policy at https://www.facebook.com/policy.php.

LinkedIn Recruiter Privacy Policy

We use the recruiting tool LinkedIn Recruiter on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

LinkedIn processes your data, among other things, in the United States. We would like to inform you that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the United States. This may be associated with various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the United States) or for data transfer to them, LinkedIn uses the so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are model templates provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when transferred and stored in third countries (such as the United States). Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data

 is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about the standard contractual clauses at LinkedIn can be found at https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.

Learn more about the data processed through the use of LinkedIn Recruiter in the privacy policy at https://www.linkedin.com/legal/privacy-policy.

We always strive to make our privacy policy as clear and understandable as possible. However, in technical and legal matters, this is not always straightforward. It often makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP address). We do not want to use these without explanation. Below is an alphabetical list of important terms we have used, on which we may not have sufficiently elaborated in the existing privacy policy. If these terms have been taken from the GDPR and are definitions, we will also provide the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “processor” refers to a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors can include service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “consent” of the data subject refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Explanation: Typically, websites obtain such consent through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked through a banner whether you agree or consent to data processing. Often, you can also make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data from you may be processed. In principle, consent can also be given in writing, not through a tool.

Personal Data

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “personal data” refers to any information relating to an identified or identifiable natural person (hereafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Explanation: Personal data includes all information that can identify you as a person. Typically, these are data such as:

1. Name
2. Address
3. Email address
4. Postal address
5. Phone number
6. Date of birth
7. Identifiers such as social security number, tax identification number, ID number, or matriculation number
8. Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device based on your IP address and subsequently identify you as the subscriber. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that are particularly sensitive. These include:

1. Racial and ethnic origin
2. Political opinions
3. Religious or philosophical beliefs
4. Trade union membership
5. Genetic data, such as data obtained from blood or saliva samples
6. Biometric data (information about mental, physical, or behavioral characteristics that can identify a person).

Health data

7. Data concerning sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “profiling” refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

Explanation: Profiling involves collecting various information about a person to learn more about them. In the web domain, profiling is often used for advertising purposes or credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a specific audience.

Controller

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “controller” refers to a natural or legal person, authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for the processing of your personal data and, consequently, the “controller.” If we share collected data with other service providers for processing, they are “processors.” A “Data Processing Agreement (DPA)” must be signed for this.

Processing

Definition according to Article 4 of the GDPR

In the context of this regulation, the term “processing” refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Note: When we mention processing in our privacy policy, we mean any type of data processing. This includes, as mentioned in the original GDPR statement above, not only collecting but also storing and processing data.

Congratulations! If you are reading these lines, you have truly “battled through” our entire privacy policy or at least scrolled down to this point. As you can see from the extent of our privacy policy, we take the protection of your personal data very seriously.

It is important for us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to inform you about the data processed but also explain the reasons for using various software programs. Privacy policies typically sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language. This is not always possible due to the nature of the topic. Therefore, the most important terms are explained in more detail at the end of the privacy policy.

If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator by AdSimple