Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version 24.06.2024-112820537) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as the data controller – and the processors we engage (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Privacy statements usually sound very technical and use legal jargon. This privacy statement, on the other hand, aims to describe the most important things as simply and transparently as possible. As far as it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform in clear and simple language that we only process personal data in the context of our business activities when there is a corresponding legal basis. This is certainly not possible when one gives brief, unclear, and legal-technical explanations, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or another piece of information that you did not know.

"If you still have questions, we kindly ask you to contact the responsible party mentioned below or in the imprint, follow the available links, and view further information on third-party sites. Our contact details can also be found in the imprint."

scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate

• Social Media Presence and Email Communication

• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas where personal data is processed in a structured manner within the company through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, namely the legal bases of the General Data Protection Regulation, that enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

"We only process your data if at least one of the following conditions is met:"

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.

2. Contract (Article 6 paragraph 1 letter b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase contract with you, we need personal information in advance.

3. Legal Obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.

4. Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

"Further conditions such as the exercise of public interest recordings and the exercise of public authority as well as the protection of vital interests do not usually occur with us. If such a legal basis should be applicable, it will be indicated at the appropriate place."

In addition to the EU regulation, national laws also apply:

• In Austria this is the federal law for the protection of natural persons in the processing of personal data (Data Protection Act), abbreviated DPA.

• In Germany the Federal Data Protection Act, abbreviated BDSG.

"If any further regional or national laws apply, we will inform you about them in the following sections."

Contact details of the person responsible

"If you have any questions regarding data protection or the processing of personal data, you will find below the contact details of the responsible person or office:"

ELIAS Heating Technology Ltd.

Horst Burgstaller

Unterbruckendorf 14, 9314 Launsdorf, Austria

Authorized representative: Horst Burgstaller

E-Mail: info@schimmel-dry.at

Phone: +43 4212 46715

Imprint: https://schimmel-dry.com/impressum/

Storage period

"That we only store personal data as long as it is absolutely necessary for the provision of our services and products is considered a general criterion for us. This means that we delete personal data as soon as the reason for data processing is no longer present. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased, for example for accounting purposes."

"If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible and as long as there is no obligation to retain it."

"We will inform you about the specific duration of the respective data processing further down, provided we have more information on this."

Rights under the General Data Protection Regulation

"In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights that you have to ensure fair and transparent processing of data:"

• "You have the right to information under Article 15 of the GDPR regarding whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:"

o for what purpose we carry out the processing;

o the categories, that is, the types of data that are processed;

o who receives this data and when the data is transmitted to third countries, how security can be guaranteed;

o how long the data will be stored;

o the right to rectification, erasure or restriction of processing and the right to object to processing;

o that you can file a complaint with a supervisory authority (links to these authorities can be found further down);

o the source of the data, if we did not collect it from you;

o whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.

• "According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find errors."

• "According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the deletion of your data."

• "According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further."

• "You have the right to data portability under Article 20 of the GDPR, which means that we will provide your data to you in a commonly used format upon request."

• "You have the right to object according to Article 21 GDPR, which brings about a change in processing upon enforcement."

o If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.

o "If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing afterwards."

o "If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling afterwards."

• "You have the right, under Article 22 of the GDPR, not to be subject to a decision based solely on automated processing (such as profiling), under certain circumstances."

• "You have the right to lodge a complaint according to Article 77 of the GDPR. This means that you can file a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR."

In short: You have rights – do not hesitate to contact the responsible party listed above with us!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl

Address: Barichgasse 40-42, 1030 Vienna

Phone number: +43 1 52 152-0

Email address: dsb@dsb.gv.at

Website: https://www.dsb.gv.at/

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to draw personal information from our data.

"Art. 25 GDPR refers here to 'data protection by design and by default' and means that one always thinks of security and implements appropriate measures both in software (e.g. forms) and in hardware (e.g. access to the server room). In the following, we will address specific measures if necessary."

TLS encryption with https

'TLS, encryption, and https sound very technical, and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data securely over the Internet.'

This means that the complete transfer of all data from your browser to our web server is secured – no one can "eavesdrop."

"This has introduced an additional layer of security and complies with data protection by design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data."

"You can recognize the use of this data transmission security by the small lock symbol

in the upper left corner of the browser, to the left of the internet address (e.g., beispielseite.de) and the use of the https scheme (instead of http) as part of our internet address."

If you want to know more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

Communication Summary

👥 Affected: Everyone who communicates with us via phone, email, or online form

📓 Processed data: e.g. phone number, name, email address, entered form data. More details can be found under the respective type of contact used.

🤝 Purpose: Handling communication with customers, business partners, etc.

📅 Retention period: Duration of the business case and legal regulations

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

"If you contact us and communicate via telephone, email, or online form, it may involve the processing of personal data."

The data will be processed for the handling and processing of your inquiry and the related business transaction. The data will be stored for as long as necessary or as required by law.

Affected persons

"All those affected by the aforementioned processes are those who seek contact with us through the communication channels we provide."

phone

"If you call us, the call data will be stored in a pseudonymized form on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent via email afterwards and stored for the purpose of responding to the inquiry. The data will be deleted as soon as the business case has been completed and legal requirements allow."

e-mail

"If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data will be stored on the email server. The data will be deleted as soon as the business case is completed and legal requirements allow."

Online Forms

"If you communicate with us via the online form, data will be stored on our web server and may be forwarded to one of our email addresses. The data will be deleted as soon as the business case is completed and legal requirements allow."

Legal basis

The processing of the data is based on the following legal grounds:

• Art. 6 para. 1 lit. a GDPR (Consent): You give us your consent to store your data and to further use it for purposes related to the business case;

• Art. 6 para. 1 lit. b GDPR (Contract): There is a necessity for the fulfillment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;

• Art. 6 para. 1 lit. f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to enable efficient communication.

Cookies Summary

👥 Affected: Visitors of the website

🤝 Purpose: depending on the respective cookie. More details can be found further down or from the software manufacturer that sets the cookie.

📓 Processed data: Depending on the cookie used. More details can be found further down or from the software manufacturer that sets the cookie.

📅 Storage duration: depending on the respective cookie, can vary from hours to years.

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.

"In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy."

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for different applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and provides you with the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. In this process, the web browser requests a website and receives a cookie back from the server, which the browser reuses as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other "malware." Cookies also cannot access information on your PC.

For example, cookie data may look like this:

Name: _ga

Value: GA1.2.1326744211.152112820537-9

Purpose: Distinction of website visitors

Expiration date: after 2 years

'These minimum sizes should be supported by a browser:'

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly address the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential Cookies

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages and only later goes to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional Cookies

These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies also measure the loading time and the behavior of the website across different browsers.

Goal-oriented Cookies

These cookies ensure a better user experience. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies

These cookies are also called targeting cookies. They are used to deliver personalized advertising to the user. This can be very convenient, but also very annoying.

"Typically, when you first visit a website, you will be asked which of these types of cookies you would like to allow. And of course, this decision is also stored in a cookie."

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) titled “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found further down or with the manufacturer of the software that sets the cookie.

What data is being processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

"You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also below "Right to Object"). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, while the legality of the storage remains unaffected until then."

Right of objection – how can I delete cookies?

"How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or allow them only partially. For example, you can block third-party cookies but allow all other cookies."

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing Cookies and Website Data with Safari

'Firefox: Delete cookies to remove data that websites have stored on your computer'

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for the instructions on Google using the search terms "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, there have been the so-called "cookie regulations." These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, within the EU countries, there are still very different reactions to these regulations. In Austria, the implementation of this directive took place in § 165(3) of the Telecommunications Act (2021). In Germany, the cookie regulations were not implemented as national law. Instead, the implementation of this directive largely occurred in § 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DSA) since May 2024.

"For absolutely necessary cookies, even in the absence of consent, there are legitimate interests (Article 6 para. 1 lit. f GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and for that, certain cookies are often absolutely necessary."

"Cookies that are not strictly necessary will only be used with your consent. The legal basis for this is Article 6(1)(a) of the GDPR."

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Customer data

Customer Data Summary

👥 Affected: Customers or business and contractual partners

🤝 Purpose: Provision of the contractually or pre-contractually agreed services including related communication.

📓 Processed data: Name, address, contact details, email address, phone number, payment information (such as invoices and bank details), contract data (such as duration and subject of the contract), IP address, order data

📅 Retention period: the data will be deleted as soon as they are no longer necessary for the fulfillment of our business purposes and there is no legal retention obligation.

⚖️ Legal Basis: Legitimate Interest (Art. 6 para. 1 lit. f GDPR), Contract (Art. 6 para. 1 lit. b GDPR)

What are customer data?

"In order to provide our services or contractual obligations, we also process data from our customers and business partners. Among these data, there are always personal data. Customer data refers to all information that is processed based on a contractual or pre-contractual collaboration in order to deliver the offered services. Customer data is therefore all collected information that we gather and process about our customers."

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes, just your email address is enough, but if you purchase a product or service, we also need data such as your name, address, bank details, or contract information. We also use the data for marketing and sales optimizations, so that we can improve our service for our customers overall. Another important point is our customer service, which is always very dear to us. We want you to be able to come to us with questions about our offers at any time, and for that, we need at least your email address.

What data is being processed?

The exact data that is stored can only be represented here by categories. This always depends on what services you obtain from us. In some cases, you only provide us with your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us, and for that, we need significantly more information, such as your contact details, payment information, and contract details.

Here is a list of possible data that we will receive and process from you:

• name

• Contact address

• E-mail address

• Telephone number

• birth date

• Payment data (invoices, bank details, payment history, etc.)

• Contract data (duration, content)

• Usage data (visited websites, access data, etc.)

• Metadata (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also not required for possible warranty and liability obligations, we will delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods may be possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent.

Legal basis

The legal bases for processing your data are Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract or pre-contractual measures), Article 6(1)(f) GDPR (legitimate interests), and in specific cases (e.g., in the case of medical services) Article 9(2)(a) GDPR (processing of special categories).

In the case of protecting vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c. GDPR. For the purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h. GDPR. If you voluntarily provide data of special categories, the processing is based on Art. 9 para. 2 lit. a. GDPR.

Web Hosting Introduction

Web Hosting Summary

👥 Affected: Visitors of the website

🤝 Purpose: professional hosting of the website and securing of operations

📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found further down or with the respective web hosting provider.

📅 Storage duration: depending on the respective provider, but usually 2 weeks

⚖️ Legal Basis: Art. 6 para. 1 lit.f GDPR (Legitimate Interests)

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, as is the case on this website. This data should be processed as sparingly as possible and only with justification. By "website," we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean, for example, beispiel.de or musterbeispiel.com.

"If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We briefly refer to it as a browser or web browser."

"To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and elaborate task, which is why it is usually handled by professional providers, the providers. They offer web hosting and ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it will get even better!"

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during the data transfer to and from the web server, there may be processing of personal data. On one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

"A picture is worth a thousand words, therefore the following graphic illustrates the interplay between the browser, the internet, and the hosting provider."

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing of operations

2. for the maintenance of operational and IT security

3. Anonymous evaluation of access behavior to improve our offerings and, if necessary, for prosecution or enforcement of claims.

What data is being processed?

"Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as"

• the complete internet address (URL) of the accessed webpage

• Browser and browser version (e.g. Chrome 87)

• the operating system used (e.g. Windows 10)

• the address (URL) of the previously visited page (Referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)

• the hostname and the IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)

• Date and time

• in files, the so-called web server log files

How long will data be stored?

"In general, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but cannot exclude the possibility that this data may be accessed by authorities in the event of illegal behavior."

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without consent!

Legal basis

The legality of processing personal data in the context of web hosting arises from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from this if necessary.

"There is usually a contract between us and the hosting provider regarding data processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security."

raidboxes Privacy Policy

"We use the web hosting provider raidboxes for our website. The service provider is the German company Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany."

Learn more about the data processed through the use of raidboxes in the privacy policy at https://raidboxes.io/legal/privacy/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Evaluation of visitor information to optimize the web offering.

📓 Processed Data: Access statistics that include data such as access locations, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used.

📅 Storage duration: dependent on the web analytics tool used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is web analytics?

We use software on our website to evaluate the behavior of website visitors, referred to as web analytics. Data is collected that is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). With the help of the data, analyses of user behavior on our website are created and made available to us as the website operator. Additionally, most tools offer various testing options. For example, we can test which offers or content resonate best with our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics methods, user profiles can also be created and the data can be stored in cookies.

Why do we conduct web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to provide the best and most interesting offerings on one hand, and on the other hand, ensure that you feel completely comfortable on our website. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offering accordingly for you and us. For example, we can determine the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us optimize the website and thus tailor it perfectly to your needs, interests, and wishes.

What data is being processed?

"The exact data that is stored depends, of course, on the analysis tools used. However, in general, for example, it is stored which content you view on our website, which buttons or links you click, when you access a page, which browser you are using, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you are using. If you agreed that location data may also be collected, this can also be processed by the web analytics tool provider."

Furthermore, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized form (i.e., in an unrecognizable and shortened format). For the purposes of testing, web analysis, and web optimization, no direct data, such as your name, age, address, or email address, is generally stored. All this data, if collected, is stored in a pseudonymized manner. Thus, you cannot be identified as a person.

The following example schematically shows the functionality of Google Analytics as an example of client-based web tracking with JavaScript code.

"How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies can store data for several years."

Duration of data processing

"We will inform you about the duration of data processing further down, provided we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage duration may also be exceeded."

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third parties at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (consent) .

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to technically and economically improve our offerings. With the help of web analytics, we can identify errors on the website, detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will only use the tools to the extent that consent has been granted.

'Since cookies are used in web analytics tools, we also recommend reading our general privacy policy regarding cookies. To find out exactly what data is stored and processed from you, you should read the privacy policies of the respective tools.'

Information on specific web analytics tools, if available, can be found in the following sections.

Matomo Cloud Privacy Policy

Matomo Cloud Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Evaluation of visitor information to optimize the web offering.

📓 Processed data: Access statistics that include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses.

📅 Retention period: until the data for the service is no longer required.

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Matomo Cloud?

"We use the web analytics software Matomo Cloud on our website. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand."

Matomo is a web analytics platform that takes data protection very seriously while still providing us as website operators with accurate statistics about your behavior on our website. We have access to a Matomo dashboard and can utilize various features for web analytics. Matomo also offers different ways to anonymize the IP addresses of our website visitors and to disable cookies.

Why do we use Matomo Cloud?

Many of the usual analysis tools collect vast amounts of personal data and can also share this with third parties. This means that control over your data is very difficult to maintain. Data protection is a major concern for us, which is why we have chosen Matomo and thus a significantly more privacy-friendly alternative. However, we also do not want to completely forgo web analysis. After all, with the help of statistics about website behavior, we can optimize our service and tailor it to your individual needs.

What data is stored by Matomo Cloud?

"In addition to personal data such as your IP address or information about yourself (e.g., name, address, date of birth) that you actively provide to us, information about your visitor behavior is primarily stored. This usually does not involve personal data, but rather information such as the number of visitors to the website, page views, duration of stay, or search terms used. Furthermore, technical data such as browser type, your operating system, and your screen resolution may also be stored. Matomo can also collect information about which website you came from to reach us. The collected data is never shared or sold to third parties."

How long and where will the data be stored?

Matomo offers a hosted version with "Matomo Cloud," where the data is stored on its own Matomo servers. All data is stored in Europe, although the company's headquarters is in New Zealand.

In principle, data is stored in Matomo Cloud for as long as business purposes require. Unfortunately, we cannot provide exact retention periods at this point, as they depend heavily on individual configurations.

How can I delete my data or prevent data storage?

You have the right and the possibility to access your personal data at any time and to object to its use and processing. You can also file a complaint with a governmental supervisory authority at any time.

In your browser, you also have the option to manage, delete, or disable cookies individually. However, please note that disabled or deleted cookies may have negative effects on the functions of our website. Depending on which browser you are using, managing cookies works slightly differently. In the "Cookies" section, you will find the relevant links to the respective instructions for the most popular browsers. If you would like to request data deletion, please feel free to contact us.

Legal basis

The use of Matomo Cloud requires your consent, which we have obtained with our consent management tool (popup). This consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (consent).

"In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to technically and economically improve our offerings. With the help of Matomo Cloud, we identify optimization potential for our website and can improve its profitability. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We will only use Matomo Cloud to the extent that you have given consent."

Learn more about the data processed through the use of Matomo Cloud in the Privacy Policy at https://matomo.org/matomo-cloud-privacy-policy/. Questions regarding data protection can be sent via email to privacy@matomo.org to aim.

Chatbots Introduction

Chatbots Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Contact inquiries and general communication between us and you

📓 Processed Data: Data such as name, address, email address, phone number, general content data, possibly IP address

You can find more details about this in the respective tools used.

📅 Storage duration: dependent on the chatbots and chat functions used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 sentence 1 lit. b GDPR (Contractual or pre-contractual obligations)

What are chatbots?

You can also communicate with us via chatbots or similar chat functions. A chat offers the opportunity to write or speak to each other with very little time delay. A chatbot is software that attempts to answer your question and may inform you about news. By using these communication tools, your personal data may also be processed and stored.

Why do we use chatbots?

"Communication options with you are important to us. After all, we want to talk to you and answer all possible questions about our service as best as we can. Well-functioning communication is an important part of our service. Chatbots have the great advantage that we can automate answers to frequently asked questions using this software. This saves us time, and you still receive detailed and helpful answers. If the chatbot cannot assist further, you always have the option to contact us personally."

Please note that when using our built-in elements, data about you may also be processed outside the European Union, as many providers are American companies. As a result, you may find it more difficult to assert or enforce your rights regarding your personal data.

What data is being processed?

It may happen that you use the chat services on other websites/platforms as well. In this case, your user ID will also be stored on the servers of that website. We may also be informed about which user used the chat at what time. The contents will also be stored. The exact data that is stored depends on the respective service. However, it usually involves contact data such as email address or phone number, IP address, and various usage data.

"If you have consented to the use of the chat function, this consent along with any possible registration will also be stored or logged. We do this so that we can provide evidence of the registration or consent if required by law."

The provider of a chat platform can also learn when you chat and receives technical information about the device you are using. The exact information that is stored and processed also depends on your PC settings. In many cases, data about your approximate location can be collected. This is done on one hand to optimize the chat services and on the other hand to ensure more security. Furthermore, the information can also be used to implement personalized advertising and marketing measures.

"If you have consented to receive messages from a chatbot, you can of course deactivate this activation at any time. The chatbot also serves as assistance and shows you how to unsubscribe from this function. All your related data will then be deleted from the recipient directory."

"We use the above-mentioned data to be able to address you personally via chat, to answer your questions and requests, or to send you possible content. Additionally, we can also use it to fundamentally improve our chat services."

How long will data be stored?

How long the data is processed and stored primarily depends on the tools we use. Further down, you will learn more about the data processing of each tool. The privacy policies of the providers usually specify exactly which data is stored and processed for how long. In principle, personal data is only processed as long as necessary for the provision of our services. When data is stored in cookies, the storage duration varies greatly. The data can be deleted immediately after leaving a website, but it can also be stored for several years. Therefore, you should take a detailed look at each individual cookie if you want to know more about data storage. Most of the time, you will also find informative information about the individual cookies in the privacy policies of the respective providers.

Right of objection

'Since cookies may be used in chat services, we also recommend our general privacy policy regarding cookies. To find out which data about you is specifically stored and processed, you should read the privacy policies of the respective tools.'

Legal basis

We ask for your permission via a popup window to process data from you in the context of the chat services. If you consent, this consent also serves as a legal basis (Art. 6 Abs. 1 lit. a GDPR) for data processing. Additionally, we process your inquiries and manage your data in the context of contractual or pre-contractual relationships to fulfill our pre-contractual and contractual obligations or to respond to inquiries. The basis for this is Art. 6 Abs. 1 S. 1 lit. b. GDPR. In principle, your data is also stored and processed based on our legitimate interest (Art. 6 Abs. 1 lit. f GDPR) in having quick and good communication with you or other customers and business partners. We only use the tools to the extent that you have given consent.

LiveChat Privacy Policy

"We use the chat software LiveChat for our website. The service provider is the American company LiveChat Inc., 101 Arch Street, 8th Floor, Boston MA 02110, USA."

What is LiveChat?

"Through this tool, we can communicate with you via a chat interface. LiveChat can be used on both websites and mobile applications, providing you and us with a user-friendly platform for marketing activities, customer support, and sales. Additionally, many other platforms and tools, such as project management or CRM systems, can be integrated. According to the company's information, great importance is also placed on security and data protection."

Why do we use LiveChat?

"We have chosen LiveChat because we care about the protection of personal data. Through LiveChat, you can quickly and easily ask us questions, solve problems, or obtain general information about our services or products. The user interface is easy to use, and the support team is readily available to assist us with any questions."

How secure is the data transfer in LiveChat?

LiveChat processes data from you, among other things, in the USA. LiveChat is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, LiveChat uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, LiveChat commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on the standard contractual clauses for LiveChat, please visit https://www.livechat.com/legal/gdpr-faq/.

Learn more about the data processed through the use of LiveChat in the Privacy Policy at https://www.livechat.com/legal/privacy-policy/.

Social Media Introduction

Social Media Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Presentation and optimization of our service, contact with visitors, interested parties, etc., advertising

📓 Processed Data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address.

You can find more details in the respective social media tool used.

📅 Storage duration: dependent on the social media platforms used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically address users who are interested in us through social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. Websites and apps that allow registered members to produce content, exchange content openly or in specific groups, and connect with other members are referred to as social media.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel primarily serves the purpose of conducting web analytics. The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, suitable conclusions about your interests can be drawn from the evaluated data, and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. Usually, cookies are set in your browser for this purpose, which store data about your usage behavior.

"As a rule, we assume that we remain data protection law responsible, even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us in the sense of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of a corresponding agreement. The essential part of the agreement is then reproduced further down at the affected platform."

Please note that when using social media platforms or our embedded elements, data about you may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may find it more difficult to assert or enforce your rights regarding your personal data.

What data is being processed?

The exact data that is stored and processed depends on the respective provider of the social media platform. But usually, it involves data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have your own profile on the visited social media channel and are logged in, data can be linked to your profile.

All data collected through a social media platform is also stored on the servers of the providers. Thus, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Even if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

"We will inform you about the duration of data processing further down, provided we have more information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with its own user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage duration may also be exceeded."

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

'Since social media tools may use cookies, we also recommend our general privacy policy regarding cookies. To find out which data about you is specifically stored and processed, you should read the privacy policies of the respective tools.'

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having quick and effective communication with you or other customers and business partners, provided that consent is given. We will only use the tools to the extent that you have granted consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

You can find information about specific social media platforms – if available – in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as customer data, user behavior data, information about your device, and your IP address.

You can find more details about this further down in the privacy policy.

📅 Storage duration: until the data is no longer useful for Facebook's purposes

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Facebook tools?

"We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc. or for the European area of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people interested in our products and services the best possible offer."

"If data about you is collected and forwarded through our embedded Facebook elements or through our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for it. Facebook alone is responsible for the further processing of this data. Our joint obligations have also been outlined in a publicly accessible agreement under" https://www.facebook.com/legal/controller_addendum anchored. It is stated therein that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in compliance with data protection laws. Facebook, on the other hand, is responsible for the data security of the Facebook products. If you have any questions regarding data collection and data processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.

"Below we provide an overview of the various Facebook tools, which data is sent to Facebook, and how you can delete this data."

"In addition to many other products, Facebook also offers the so-called 'Facebook Business Tools'. This is the official designation from Facebook. However, since the term is hardly known, we have decided to simply call them Facebook Tools. Among them are, among other things:"

• Facebook-Pixel

• social plug-ins (such as the "Like" or "Share" button)

• Facebook Login

• Account Kit

• APIs (Application Programming Interface)

• SDKs (Collection of programming tools)

• Platform Integrations

• Plugins

• Codes

• Specifications

• The documentation

• Technologies and Services

Through these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

"We want to show our services and products only to people who are genuinely interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, for users to be shown relevant ads, Facebook needs information about people's wishes and needs. This way, the company is provided with information about user behavior (and contact details) on our website. As a result, Facebook collects better user data and can display relevant ads about our products or services to interested people. The tools thus enable tailored advertising campaigns on Facebook."

Data about your behavior on our website is referred to by Facebook as "event data." This data is also used for measurement and analysis services. Facebook can create "campaign reports" on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analyses, we gain better insights into how you use our services, website, or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can directly share content from our site on Facebook using social plug-ins.

What data is stored by Facebook tools?

"By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted."

"Facebook uses this information to match the data it has about you (if you are a Facebook member) with the data. Before customer data is transmitted to Facebook, a process called 'hashing' takes place. This means that a dataset of any size is transformed into a string of characters. This also serves to encrypt data."

"In addition to the contact details, 'event data' is also transmitted. 'Event data' refers to the information we receive about you on our website. For example, which subpages you visit or which products you purchase from us. Facebook does not share the received information with third parties (such as advertisers), unless the company has explicit permission or is legally required to do so. 'Event data' can also be linked to contact details. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact details again."

In order to optimize the delivery of advertisements, Facebook only uses event data when it has been aggregated with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Many of these data are transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where will the data be stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed around the world where its data is stored. Customer data, however, is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to access, rectification, portability, and deletion of your data.

A complete deletion of the data only occurs if you completely delete your Facebook account. And this is how deleting your Facebook account works:

1) Click on Settings on the right side of Facebook.

2) Then click on "Your Facebook Information" in the left column.

3) Now click on "Deactivation and Deletion."

4) Now select "Delete account" and then click on "Next and delete account"

5) Now enter your password, click on "Continue" and then on "Delete Account"

The storage of data that Facebook receives through our site is done, among other things, via cookies (e.g., with social plugins). In your browser, you can disable, delete, or manage individual or all cookies. Depending on which browser you are using, this works in different ways. In the "Cookies" section, you will find the corresponding links to the respective instructions for the most well-known browsers.

If you generally do not want cookies, you can configure your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to the processing and storage of your data by integrated Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having fast and effective communication with you or other customers and business partners. We only use the tools to the extent that you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review Facebook's privacy policy or cookie guidelines.

"Facebook processes data about you, among other things, in the USA. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on" https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Facebook uses so-called Standard Contractual Clauses (= Art. 46. Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

"We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the data policies on" https://www.facebook.com/privacy/policy/.

Facebook Login Privacy Policy

"We have integrated the practical Facebook Login on our site. This allows you to easily log in with your Facebook account without having to create another user account. If you choose to register via the Facebook Login, you will be redirected to the social media network Facebook. There, the login will occur using your Facebook user data. Through this login procedure, data about you and your user behavior will be stored and transmitted to Facebook."

"To store data, Facebook uses various cookies. Below we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook Login:"

Name: fr

Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j

Purpose: This cookie is used to ensure that the social plugin on our website functions optimally.

Expiration date: after 3 months

Name: datr

Value: 4Jh7XUA2112820537SEmPsSfzCOO4JFFl

Purpose: Facebook sets the "datr" cookie when a web browser accesses facebook.com, and the cookie helps identify login activities and protect users.

Expiration date: after 2 years

Name: _js_datr

Value: deleted

Purpose: This session cookie is set by Facebook for tracking purposes, even if you do not have a Facebook account or are logged out.

Expiration date: after the end of the session

Note: The listed cookies are just a small selection of the cookies available to Facebook. Other cookies include _fbp, sb, or wd, for example. A complete enumeration is not possible, as Facebook has a variety of cookies and uses them variably.

The Facebook login offers you a quick and easy registration process on one hand, and on the other hand, it gives us the opportunity to share data with Facebook. This allows us to better tailor our offerings and promotions to your interests and needs. The data we receive from Facebook in this way is public data such as

• Your Facebook name

• Your profile picture

• a registered email address

• Friends lists

• Button information (e.g. "Like" button)

• Birthday date

• Language

• Place of residence

"In return, we provide Facebook with information about your activities on our website. This includes information about the device you are using, which subpages you visit on our site, or which products you have purchased from us."

By using Facebook Login, you consent to the processing of data. You can revoke this agreement at any time. If you want to learn more about data processing by Facebook, we recommend the Facebook Privacy Policy at https://www.facebook.com/privacy/policy/.

If you are logged in to Facebook, you can adjust your ad settings at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen change yourself.

Facebook Social Plugins Privacy Policy

"Our website has integrated so-called social plug-ins from the company Meta Platforms Inc. You can recognize these buttons by the classic Facebook logo, such as the "Like" button (the hand with the raised thumb) or by a distinct "Facebook plug-in" label. A social plug-in is a small part of Facebook that is integrated into our page. Each plug-in has its own function. The most commonly used functions are the well-known "Like" and "Share" buttons."

The following social plug-ins are offered by Facebook:

• “Save” button

• "Like" button, Share, Send, and Quote

• Page plug-in

• Comments

• Messenger-Plug-in

• Embedded posts and video players

• Group plug-in

On https://developers.facebook.com/docs/plugins "get more information on how the individual plug-ins are used. We use the social plug-ins on one hand to provide you with a better user experience on our site, and on the other hand because Facebook can optimize our advertisements through this."

If you have a Facebook account or https://www.facebook.com/ If you have visited before, Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our page or interact with social plug-ins (e.g., the "Like" button).

The information received will be deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, the website you visited, the date, the time, and other information related to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and linking it with Facebook data, you need to log out of Facebook while visiting the website.

If you are not logged into Facebook or do not have a Facebook account, your browser sends less information to Facebook because you have fewer Facebook cookies. However, data such as your IP address or which website you visit may still be transmitted to Facebook. We would like to explicitly point out that we do not have exact knowledge of the specific contents of the data. However, we try to inform you as well as possible about data processing based on our current knowledge. You can also find out how Facebook uses the data in the company's data policy at https://www.facebook.com/about/privacy/update read more.

The following cookies are at least set in your browser when you visit a webpage with social plug-ins from Facebook:

Name: dpr

Value: not specified

Purpose: This cookie is used to ensure that the social plug-ins on our website function.

Expiration date: after the end of the session

Name: fr

Value: 0jieyh4112820537c2GnlufEJ9..Bde09j…1.0.Bde09j

Purpose: The cookie is also necessary for the plugins to function properly.

Expiration date:: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged in to Facebook, you can adjust your ad settings at https://www.facebook.com/adpreferences/advertisers/ change yourself. If you are not a Facebook user, you can go to https://www.youronlinechoices.com/de/praferenzmanagement/?tid=112820537 Basically manage your usage-based online advertising. There you have the option to deactivate or activate providers.

If you want to learn more about Facebook's data protection, we recommend you check the company's own data policies at https://www.facebook.com/privacy/policy/.

Facebook Fanpage Privacy Policy

"We also have a Facebook fan page for our website. The service provider is the American company Meta Platforms Inc. For the European region, the company responsible is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)."

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

Learn more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy.

Blogs and Publication Media Introduction

Blogs and Publication Media Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Presentation and optimization of our service performance as well as communication between website visitors, security measures, and administration.

📓 Processed data: Data such as contact details, IP address, and published content.

You can find more details about this in the tools used.

📅 Storage duration: dependent on the tools used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 sentence 1 lit. b GDPR (Contract)

What are blogs and publication media?

"We use blogs or other communication tools on our website, with which we can communicate with you on one hand and you can also communicate with us on the other hand. In this process, data from you may also be stored and processed by us. This may be necessary so that we can present content accordingly, ensure communication works, and increase security. In our privacy text, we generally address which data from you may be processed. Exact details regarding data processing always depend on the tools and functions used. In the privacy notices of the individual providers, you will find precise information about data processing."

Why do we use blogs and publication media?

"Our main concern with our website is to provide you with interesting and exciting content, while also valuing your opinions and contributions. Therefore, we want to create a good interactive exchange between us and you. With various blogs and publication opportunities, we can achieve just that. For example, you can write comments on our content, comment on other comments, or in some cases, even write your own contributions."

What data is being processed?

The exact data processed always depends on the communication functions we use. Very often, IP address, username, and the published content are stored. This primarily happens to ensure security protection, prevent spam, and to take action against illegal content. Cookies may also be used for data storage. These are small text files that are saved with information in your browser. More details about the collected and stored data can be found in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

"We will inform you about the duration of data processing further down, provided we have more information on this. For example, contribution and comment functions store data until you revoke the data storage. In general, personal data is only stored as long as it is absolutely necessary for the provision of our services."

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party communication tools at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

"Since cookies may also be used in publication media, we recommend that you also read our general privacy policy regarding cookies. To find out which data about you is specifically stored and processed, you should read the privacy policies of the respective tools."

Legal basis

"We primarily use communication tools based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in having quick and good communication with you or other customers, business partners, and visitors. To the extent that the use serves the processing of contractual relationships or their initiation, the legal basis is also Art. 6 para. 1 sentence 1 lit. b GDPR."

Certain processes, especially the use of cookies as well as the use of comment or messaging functions, require your consent. If and to the extent that you have consented to your data being processed and stored by integrated publication media, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

You can find information about specific tools – if available – in the following sections.

Blog posts and comment functions privacy policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or to create posts. If you use this function, your IP address may be stored for security reasons. This helps us protect ourselves from illegal content such as insults, unauthorized advertising, or prohibited political propaganda. To identify whether comments are spam, we may also store and process user information based on our legitimate interest. If we conduct a survey, we will also store your IP address for the duration of the survey to ensure that all participants can only vote once. Cookies may also be used for the purpose of storage. All data that we store from you (such as content or information about you) will remain stored until you object.

Wordpress Emojis Privacy Policy

"We also use so-called emojis and smileys in our blog. We probably don't need to explain what emojis are in more detail here. You know these laughing, angry, or sad faces. They are graphic elements or files that we provide and are loaded from another server. The service provider for retrieving WordPress emojis and smileys is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address in order to transmit the emoji files to your browser."

Automattic processes data from you, among other things, in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Automattic uses so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The data processing conditions (Data Processing Agreements), which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

Learn more about the data processed through the use of WordPress emojis in the Privacy Policy at https://automattic.com/privacy/.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary

👥 Affected: Website Visitors

🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools.

📓 Processed Data: Data for managing the configured cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found in the respective tool used.

📅 Storage duration: Depends on the tool used, one must prepare for periods of several years.

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that facilitates the correct and secure handling of scripts and cookies for both us and you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to provide you with the best possible transparency in the area of data protection. Additionally, we are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and all cookies that can store and process data from you. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies.

What data is being processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The record of your consent will be stored so that we do not have to ask you again on each new visit to our website, and we can also prove your consent if legally required. This will be stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Usually, this data (such as pseudonymous user ID, consent timestamp, details about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

"We will inform you about the duration of data processing further down, provided we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted immediately after leaving the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a retention period of several years. In the respective privacy policies of the individual providers, you will usually find precise information about the duration of data processing."

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information about special cookie management tools, if available, can be found in the following sections.

Legal basis

If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6 para. 1 lit. a GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. To manage consent to cookies and to enable you to give consent, a cookie consent management platform software is used. The use of this software allows us to operate the website in a legally compliant manner efficiently, which constitutes a legitimate interest (Article 6 para. 1 lit. f GDPR).

BorlabsCookie Privacy Policy

"We use BorlabsCookie on our website, which is among other things a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany."

Learn more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.

Payment Provider Introduction

Payment Provider Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Enabling and optimizing the payment process on our website

📓 Processed Data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data.

You can find more details in the respective payment provider tool used.

📅 Storage duration: dependent on the payment provider used

⚖️ Legal Basis: Art. 6 para. 1 lit. b GDPR (Fulfillment of a Contract)

What is a payment provider?

We use online payment systems on our website that enable a secure and smooth payment process for both us and you. This may involve sending, storing, and processing personal data to the respective payment provider. Payment providers are online payment systems that allow you to place an order via online banking. The payment processing is carried out by the payment provider you choose. We then receive information about the completed payment. This method can be used by any user who has an active online banking account with a PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

"Of course, we want to provide the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is precious and that payment processing must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual manner."

What data is being processed?

The specific data processed depends on the respective payment provider. However, in principle, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. Additionally, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, can also be stored. Your IP address and information about your used computer are also stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. We as the website operators do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, it may happen that payment providers forward data to the appropriate authority. For all payment transactions, the terms and conditions and data protection principles of the respective provider always apply. Therefore, please also take a look at the General Terms and Conditions and the privacy policy of the payment provider. You also have the right at any time to have data deleted or corrected, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right of access, and right to be affected).

Duration of data processing

"We will inform you about the duration of data processing further down if we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage duration may also be exceeded. Thus, we retain booking documents related to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they arise."

Right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party of the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the respective payment provider.

Cookies that payment providers use for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this works in different ways. However, please note that the payment process may not work anymore.

Legal basis

We therefore offer, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) in addition to traditional banks/credit institutions, other payment service providers. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a detailed overview of data processing and data storage. Additionally, you can always contact the responsible parties with questions regarding data protection-related topics.

You can find information about the specific payment providers – if available – in the following sections.

PayPal Check-Out Privacy Policy

"We also use the payment services of PayPal Check-Out for our business transactions. The service provider is the American company PayPal Inc. For the European region, the responsible entity is the Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg."

Learn more about the data processed through the use of PayPal Check-Out in the privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

PayPal Privacy Policy

PayPal Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Optimization of the payment process on our website

📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data may be processed.

"You can find more details further down in this privacy policy."

📅 Storage Duration: Data is generally stored until the collaboration with PayPal is terminated.

⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (Contract execution), Art. 6 para. 1 lit. a GDPR (Consent)

What is PayPal?

"We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For the European region, the company responsible is PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg)."

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and now counts over 325 million active customers, making it one of the most well-known and largest online payment service providers in the world.

Why do we use PayPal for our website?

There are various reasons why we use PayPal and offer it on our website. Since PayPal is one of the most well-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to best protect your personal data. We also appreciate the ease of use of PayPal and the ability to make international payments in different currencies. Generally, transactions are processed very quickly, which is another advantage for both us and you as a customer.

What data is processed by PayPal?

PayPal distinguishes between different categories of personal data in its privacy policy that may be processed through the use of the service. These include registration and contact details, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. This refers to information that can be derived from transactions or other data. This may include purchasing habits, behavioral patterns, creditworthiness, or personal preferences.

"Then there are also personal data collected by third parties (such as identity verifiers, fraud detection providers, or your bank). This data includes information from credit agencies, transaction data, information on legal regulations, technical usage data, location data, and also derived data."

"PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and conduct analytics for interest-based advertising."

How long and where will the data be stored?

In principle, PayPal retains data for as long as necessary to fulfill its obligations and within the scope of the purpose. Personal data that is necessary for the customer relationship is kept for up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g., insolvency law). PayPal also retains personal data for as long as necessary when retention is advisable in light of legal disputes.

Since PayPal is a globally operating company, the service also has data centers worldwide where your data can be stored. This means that your data can also be stored on PayPal servers outside of your country and also outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to access, rectify, or delete your personal data, as well as to restrict the processing of your personal data at any time. You can also withdraw your consent to the processing of your data at any time.

"If you want to generally disable, delete, or manage cookies, you can find the corresponding links to the respective instructions for the most popular browsers in the 'Cookies' section."

Legal basis

We have a legitimate interest in integrating an external payment service with PayPal in order to make our offering more attractive and to improve it technically and economically. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We would like to point out that you can only use PayPal if you enter into a contractual relationship with PayPal. It may be necessary to provide further data protection and contractual declarations (e.g., consent).

PayPal processes data from you, among other things, in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfers to such countries, PayPal uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about the standard contractual clauses and the data processed through the use of PayPal can be found in the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

PayPal Express Privacy Policy

"We also use the payment services of PayPal Express for our transactions. The service provider is the American company PayPal, Inc. For the European area, the responsible entity is the Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg."

Learn more about the data processed through the use of PayPal Express in the privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

PayPal Plus Privacy Policy

"We also use the payment services of PayPal Plus for our business transactions. The service provider is the American company PayPal, Inc. For the European region, the responsible entity is the Luxembourg company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg."

Learn more about the data processed through the use of PayPal Plus in the privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Stripe Privacy Policy

Stripe Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Optimization of the payment process on our website

📓 Processed Data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data.

You can find more details further down in this privacy policy.

📅 Storage Duration: Data will be stored until the collaboration with Stripe is terminated.

⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (Contract execution), Art. 6 para. 1 lit. a GDPR (Consent)

What is Stripe?

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed through Stripe Payments. In this process, data necessary for the payment transaction will be forwarded to and stored by Stripe. In this privacy policy, we provide you with an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

The technology company Stripe offers payment solutions for online payments. With Stripe, it is possible to accept credit and debit card payments in our webshop. Stripe handles the entire payment process. A major advantage of Stripe is that you never have to leave our website or the shop during the payment process, and the payment processing is very fast.

Why do we use Stripe for our website?

"Of course, we want to provide the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is precious, and therefore payment processing must work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that ensures secure and fast payment processing."

What data is stored by Stripe?

If you choose Stripe as your payment method, personal data will also be transmitted to Stripe and stored there. This includes transaction data. This data includes the payment method (such as credit cards, debit cards, or account number), bank code, currency, amount, and date of payment. In a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Furthermore, Stripe may also collect, in addition to technical data about your device (such as IP address), your name, address, phone number, and your country for fraud prevention, financial reporting, and to fully provide its services.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be shared with internal departments, a limited number of external Stripe partners, or to comply with legal regulations. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:

Name: m

Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456112820537-5

Purpose: This cookie appears when you select the payment method. It stores and recognizes whether you are accessing our website via a PC, tablet, or smartphone.

Expiration date: after 2 years

Name: __stripe_mid

Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9112820537-1

Purpose: This cookie is required to perform a credit card transaction. The cookie stores your session ID.

Expiration date: after one year

Name: __stripe_sid

Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe

Purpose: This cookie also stores your ID and is used for the payment process on our website through Stripe.

Expiration date: after the session ends

How long and where will the data be stored?

Personal data is generally stored for the duration of the service provision. This means that the data will be stored as long as we maintain our collaboration with Stripe. However, in order to fulfill legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. Since Stripe is a globally operating company, the data may also be stored in any country where Stripe offers services. Thus, data may also be stored outside your country, for example in the USA.

How can I delete my data or prevent data storage?

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

"You always have the right to access, rectify, and delete your personal data. If you have any questions, you can also contact the Stripe team at any time through" https://support.stripe.com/contact/email contact.

Cookies that Stripe uses for its functions can be deleted, disabled, or managed in your browser. Depending on which browser you are using, this works in different ways. In the "Cookies" section, you will find the relevant links to the respective instructions for the most popular browsers.

Legal basis

"We therefore offer, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) , in addition to traditional banks/credit institutions, the payment service provider Stripe. The successful use of the service also requires your consent (Art. 6 para. 1 lit. a GDPR), insofar as the use requires the acceptance of cookies."

'Stripe processes data from you, among other things, in the USA. Stripe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on' https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Stripe uses so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Stripe commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

More information about the standard contractual clauses and the data processed through the use of Stripe can be found in the Privacy Policy at https://stripe.com/at/privacy.

Audio & Video Introduction

Audio & Video Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored.

You can find more details about this further down in the corresponding privacy texts.

📅 Storage Duration: Data is generally retained as long as it is necessary for the purpose of the service.

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are audio and video elements?

"We have integrated audio and video elements on our website so that you can watch videos or listen to music/podcasts directly through our website. The content is provided by service providers. All content is therefore also sourced from the respective servers of the providers."

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is generally free, but paid content can also be published. With the help of these embedded elements, you can listen to or watch the respective content on our website.

"If you use audio or video elements on our website, personal data about you may also be transmitted, processed, and stored by the service providers."

Why do we use audio and video elements on our website?

Of course, we want to provide you with the best offer on our website. And we are aware that content is no longer just conveyed in text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative, and ideally even both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio and video elements?

When you access a page on our website that has an embedded video, your server connects to the service provider's server. In the process, data from you is also transmitted to the third party and stored there. Some data is collected and stored regardless of whether you have an account with the third party or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked on, or which website you used to access the service. All this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymized data is typically stored in cookies in your browser. You can always find out which data is specifically stored and processed in the privacy policy of the respective provider.

Duration of data processing

How long the data is stored on the servers of third-party providers can be found either further down in the privacy text of the respective tool or in the privacy policy of the provider. In principle, personal data is only processed for as long as it is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. You can usually assume that certain data is stored on the servers of third-party providers for several years. Data can be stored for varying lengths of time in cookies. Some cookies are deleted immediately after leaving the website, while others may be stored in your browser for several years.

Right of objection

Since cookies are usually used through the integrated audio and video functions on our site, you should also read our general privacy policy regarding cookies. In the privacy policies of the respective third-party providers, you will find more detailed information about the handling and storage of your data.

Legal basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having fast and effective communication with you or other customers and business partners. We only use the embedded audio and video elements to the extent that you have given consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Optimization of our service performance

📓 Processed Data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored.

You can find more details about this further down in this privacy policy.

📅 Storage Duration: Data is generally retained as long as it is necessary for the purpose of the service.

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our page. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Depending on your settings, various data is transmitted. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.

In the following, we would like to explain to you in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. In order to display videos on our website, YouTube provides a code snippet that we have embedded on our page.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to provide you with the best possible user experience on our website. And of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. Furthermore, our website is easier to find on the Google search engine thanks to the embedded videos. Even when we run ads through Google Ads, Google – thanks to the collected data – can really only show these ads to people who are interested in our offerings.

What data is stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube at least sets a cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet service provider. Additional data may include contact information, any ratings, sharing content via social media, or adding to your favorites on YouTube.

"If you are not signed in to a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. However, many interaction data cannot be stored because fewer cookies are set."

In the following list, we show cookies that were set in a test in the browser. On one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim completeness, as user data always depends on interactions on YouTube.

Name: YSC

Value: b9-CV6ojI5Y112820537-1

Purpose: This cookie records a unique ID to store statistics of the viewed video.

Expiration date: after the end of the session

Name: PREF

Value: f1=50000000

Purpose: This cookie also registers your unique ID. Google receives statistics through PREF on how you use YouTube videos on our website.

Expiration date: after 8 months

Name: GPS

Value: 1

Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.

Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE

Value: 95Chz8bagyU

Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).

Expiration date: after 8 months

Additional cookies that are set when you are logged in with your YouTube account:

Name: APISID

Value: zILlvClZSkqGsSwI/AU1aZI6HY7112820537-

Purpose: This cookie is used to create a profile based on your interests. The data is used for personalized advertisements.

Expiration date: after 2 years

Name: CONSENT

Value: YES+AT.de+20150628-20-0

Purpose: The cookie stores the status of a user's consent to the use of various services from Google. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.

Expiration date: after 19 years

Name: HSID

Value: AcRwpgUik9Dveht0I

Purpose: This cookie is used to create a profile about your interests. This data helps to display personalized advertising.

Expiration date: after 2 years

Name: LOGIN_INFO

Value: AFmmF2swRQIhALl6aL…

Purpose: This cookie stores information about your login data.

Expiration date: after 2 years

Name: SAPISID

Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM

Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.

Expiration date: after 2 years

Name: SID

Value: oQfNKjAsI112820537-

Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.

Expiration date: after 2 years

Name: SIDCC

Value: AN0-TYuqub2JOcDTyL

Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.

Expiration date: after 3 months

How long and where will the data be stored?

The data that YouTube receives and processes from you is stored on Google servers. Most of these servers are located in America. Under https://www.google.com/about/datacenters/locations/?hl=de "See exactly where the Google data centers are located. Your data is distributed across the servers. This makes the data faster to access and better protected against manipulation."

The collected data is stored by Google for varying lengths of time. Some data can be deleted at any time, others are automatically deleted after a limited period, and still others are stored by Google for a longer duration. Some data (such as items from "My Activity", photos or documents, products) that are stored in your Google Account will remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data linked to your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google account. With the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your choice, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you are using, this works in different ways. In the "Cookies" section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally do not want cookies, you can configure your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to the processing and storage of your data by embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having fast and good communication with you or other customers and business partners. We only use the embedded YouTube elements to the extent that you have given consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

'Youtube processes data from you, among other things, in the USA. Youtube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on' https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

'Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at' https://policies.google.com/privacy?hl=de.

YouTube Subscribe Button Privacy Policy

"We have integrated the YouTube Subscribe button on our website. You can usually recognize the button by the classic YouTube logo. The logo displays the words "Subscribe" or "YouTube" in white text against a red background, with the white "Play symbol" to the left. However, the button may also be presented in a different design."

Our YouTube channel consistently offers you funny, interesting, or exciting videos. With the built-in "Subscribe button," you can subscribe to our channel directly from our website without having to visit the YouTube website separately. We want to make access to our extensive content as easy as possible for you. Please note that YouTube may store and process data from you as a result.

"If you see a built-in subscription button on our page, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location, and your default language. In our test, the following four cookies were set without being logged into YouTube:"

Name: YSC

Value: b9-CV6ojI5112820537Y

Purpose: This cookie records a unique ID to store statistics of the viewed video.

Expiration date: after the end of the session

Name: PREF

Value: f1=50000000

Purpose: This cookie also registers your unique ID. Google receives statistics through PREF on how you use YouTube videos on our website.

Expiration date: after 8 months

Name: GPS

Value: 1

Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.

Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE

Value: 11282053795Chz8bagyU

Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).

Expiration date: after 8 months

Note: These cookies were set after a test and cannot claim to be complete.

"When you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and associate them with your YouTube account. This allows YouTube to obtain information such as how long you browse our site, what type of browser you are using, what screen resolution you prefer, or what actions you take."

"YouTube uses this data both to improve its own services and offerings, and to provide analyses and statistics for advertisers (who use Google Ads)."

YouTube IFrame Player Privacy Policy

"We also use the YouTube IFrame Player to embed videos on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services."

'Google processes data from you, among other things, in the USA. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at' https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Learn more about the data processed through the use of the YouTube IFrame Player in the Privacy Policy at https://policies.google.com/privacy?hl=de.

Single Sign-On Logins Introduction

Single Sign-On Login Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Simplification of the authentication process

📓 Processed data: Is largely dependent on the respective provider, usually the email address and username can be stored.

You can find more details about this in the respective tool used.

📅 Storage duration: dependent on the tools used

⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Article 6 paragraph 1 lit. b GDPR (Contract Fulfillment), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are single sign-on logins?

On our website, you have the option to quickly and easily register for our online service using a user account from another provider (e.g., via Facebook). This authentication method is also known as "Single Sign-On registration." This registration process only works if you are registered with the other provider or have a user account and enter the corresponding access data into the online form. In many cases, you may already be logged in, and the access data will be automatically filled into the form, requiring you only to confirm the Single Sign-On registration via a button. As part of this registration, personal data about you may also be processed and stored. In this privacy text, we generally address data processing through Single Sign-On registrations. You can find more information in the privacy policies of the respective providers.

Why do we use single sign-on logins?

"We want to make your experience on our website as easy and pleasant as possible. Therefore, we also offer single sign-on logins. This saves you valuable time, as you only need one authentication. Since you only have to remember one password and it is transmitted only once, security is also increased. In many cases, you have already automatically saved your password using cookies, so the login process on our website only takes a few seconds."

What data is stored through single sign-on logins?

Although you register for this specific sign-up process on our website, the actual authentication takes place with the corresponding Single Sign-On provider. As the website operator, we receive a user ID during the authentication process. This ID indicates that you are registered with the corresponding provider under this ID. This ID cannot be used for any other purposes. Other data may also be transmitted to us, but this depends on the Single Sign-On providers used. It also depends on which data you voluntarily provide during the authentication process and which data you generally share in your settings with the provider. Most often, this includes data such as your email address and your username. We do not know your password, which is necessary for registration, and it is not stored with us. It is also important for you to know that data stored with us can be automatically matched with the data of the respective user account through the sign-up process.

Duration of data processing

Right of objection

You also have the right and the option to withdraw your consent for the use of Single Sign-On logins at any time. This usually works through the provider's opt-out functions. If available, you will also find links to the corresponding opt-out functions in our privacy texts for the individual tools.

Legal basis

"If it has been agreed with you and this is done within the framework of contract fulfillment (Article 6 paragraph 1 lit. b GDPR) and consent (Article 6 paragraph 1 lit. a GDPR), we can use the single sign-on procedure based on these legal grounds."

"In addition to your consent, we have a legitimate interest in providing you with a quick and easy registration process. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We will only use the Single Sign-On registration to the extent that you have given your consent."

If you no longer want this link to the provider with the Single Sign-On login, please dissolve it in your user account with the respective provider. If you also want to delete data with us, it is necessary to cancel your registration.

Stripe OAuth Privacy Policy

"We also use the authentication tool Stripe OAuth. The service provider is the American company Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA."

More information about the standard contractual clauses and the data processed through the use of Stripe OAuth can be found in the Privacy Policy at https://stripe.com/at/privacy.

Miscellaneous Introduction

Other Privacy Policy Summary

👥 Affected: Visitors of the website

🤝 Purpose: Improvement of the user experience

📓 Processed Data: The data processed depends heavily on the services used. It usually involves IP address and/or technical data. More details can be found with the respective tools used.

📅 Storage duration: dependent on the tools used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What falls under "Other"?

The category "Miscellaneous" includes those services that do not fit into any of the categories mentioned above. These usually consist of various plugins and embedded elements that enhance our website. Typically, these functions are sourced from third parties and integrated into our website. For example, these include web search services like Algolia Place, Giphy, Programmable Search Engine, or online services for weather data such as OpenWeather.

Why do we use additional third-party providers?

"We want to offer you the best web service in our industry with our website. For a long time, a website has not just been a mere business card for companies. Rather, it is a place that is meant to help you find what you are looking for. In order to make our website even more interesting and helpful for you, we use various services from third parties."

What data is being processed?

Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored, and processed there. This is necessary because otherwise the content cannot be sent to your browser and consequently cannot be displayed accordingly. It may also happen that service providers use pixel tags or web beacons. These are small graphics on websites that can log a file and also create analyses of this file. With the information obtained, the providers can improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you access which page) can also be stored in cookies. These can store not only analytical data about your web behavior but also technical information such as your browser type or your operating system. Some providers may also link the data obtained with other internal services or with third-party providers. Each provider has a different approach to your data. Therefore, we recommend that you carefully read the privacy policies of the respective services. We are generally committed to using only services that handle data protection very cautiously.

Duration of data processing

"We will inform you further below about the duration of data processing, provided we have more information on this. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products."

Legal basis

"If we ask for your consent and you also agree that we may use the service, this serves as the legal basis for processing your data (Art. 6 para. 1 lit. a GDPR). In addition to the consent, we have a legitimate interest in analyzing the behavior of website visitors in order to technically and economically improve our offering. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will only use the tools to the extent that you have given consent."

Information about the special tools will be provided – if available – in the following sections.

Shopify Privacy Policy Summary

👥 Data subjects: Visitors of this website and users of our online store

🤝 Purpose: Operation and optimization of our online store

📓 Processed data: IP address, browser information, device data, order information, payment details, location data (if shared)

📅 Data retention period: Depends on the service used; legal retention periods apply

⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), lit. b GDPR (contract), lit. f GDPR (legitimate interest)

________________________________________

What is Shopify?

We use the e-commerce platform Shopify, a service provided by Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada.

Shopify enables us to operate our online store and provides all technical functions required for running it – from product display to checkout and payment processing. Shopify processes data on our behalf and according to our instructions as the store owner.

________________________________________

Why do we use Shopify?

We use Shopify to provide you with a secure, professional, and user-friendly shopping experience. The platform includes everything we need to sell our products and services online, including order processing, customer communication, analytics, and more.

________________________________________

What data is processed by Shopify?

When you use our online store, Shopify may collect and process the following personal data:

• Information you actively provide (e.g., name, address, payment information, email)

• Device and connection information (e.g., IP address, browser type, time zone, location)

• Usage data such as visited pages, shopping cart actions, and click behavior

Shopify also uses cookies to store session data, language preferences, and to recognize returning visitors.

________________________________________

How long and where is the data stored?

Shopify stores your data on servers located in the USA, Canada, and other countries. Data that is necessary for contract performance or due to legal obligations will be retained accordingly.

Shopify is part of the EU-US Data Privacy Framework, which ensures secure data transfer. Additionally, Shopify uses Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR to ensure a high level of data protection.

For more details, see Shopify’s privacy policy:

🔗 https://www.shopify.com/legal/privacy

________________________________________

How can I delete or manage my data?

You have the right to access, correct, delete, or restrict the processing of your personal data at any time. Please contact us using the information provided in our website's legal notice.

You can also manage or disable cookies in your browser settings. Please note that this may affect the functionality of our online store.

________________________________________

Legal basis

We process your data based on the following legal grounds:

• Art. 6 para. 1 lit. a GDPR – Consent (e.g., newsletter signup, cookie use)

• Art. 6 para. 1 lit. b GDPR – Contract performance (e.g., placing and delivering an order)

• Art. 6 para. 1 lit. f GDPR – Legitimate interest (e.g., analytics, security, customer support)

Legal basis

If you have consented to the use of WooCommerce, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent) , this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by WooCommerce.

"From our side, there is also a legitimate interest in using WooCommerce to optimize our online service and present it attractively for you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will only use WooCommerce to the extent that you have given consent."

More details about the privacy policy and what data is collected in what way by WooCommerce can be found at https://automattic.com/privacy/ and general information about WooCommerce on https://woocommerce.com/.

Explanation of Used Terms

We are always striving to draft our privacy policy as clearly and understandably as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also provide the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Processor" means a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the responsible parties, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Consent" of the data subject is any voluntary, informed, and unambiguous indication of their wishes, in the form of a statement or any other clear affirmative action, by which the data subject signifies their agreement to the processing of personal data concerning them;

Explanation: Typically, such consent on websites is obtained through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to the data processing or give your consent. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can also be given in writing, that is, not through a tool.

Health data

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Health data" personal data relating to the physical or mental health of a natural person, including the provision of health services, from which information about their health status can be derived;

Explanation: Health data includes all stored information that pertains to your own health. Often, these are data that are also recorded in a patient file. This includes, for example, which medications you are using, X-rays, the entire medical history, or usually also the vaccination status.

Personal data

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"personal data" all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data are therefore all those data that can identify you as a person. These are usually data such as:

• name

• address

• E-mail address

• Postal address

• Telephone number

• birth date

• Identification numbers such as social security number, tax identification number, personal identification number, or student registration number.

• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device based on your IP address and subsequently identify you as the connection holder. Therefore, storing an IP address also requires a legal basis in accordance with the GDPR. There are also so-called "special categories" of personal data that are particularly worthy of protection. These include:

• racial and ethnic origin

• political opinions

• religious or ideological beliefs

• the union membership

• genetic data such as data obtained from blood or saliva samples

• biometric data (these are information about psychological, physical, or behavioral characteristics that can identify a person).

Health data

• Data on sexual orientation or sexual life

Profiling

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Profiling" any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects regarding the performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or changes in location of this natural person;

Explanation: Profiling involves gathering various information about a person to learn more about them. In the web domain, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a specific audience.

Person responsible

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Controller" the natural or legal person, authority, institution, or other entity that alone or jointly with others determines the purposes and means of the processing of personal data; if the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their designation may be provided for by Union law or the law of the Member States;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "Controller." If we pass on collected data for processing to other service providers, they are "Processors." A "Data Processing Agreement (DPA)" must be signed for this.

processing

Definition of terms according to Article 4 of the GDPR

'For the purposes of this regulation, the term:'

"Processing" any operation performed with or without the help of automated procedures or any such series of operations in connection with personal data such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, alignment or combination, restriction, deletion or destruction;

Note: When we talk about processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR statement, not only the collection but also the storage and processing of data.

Closing words

Congratulations! If you are reading these lines, you have really "fought" through our entire privacy policy or at least scrolled down to here. As you can see from the length of our privacy policy, we take the protection of your personal data anything but lightly.

"It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we do not only want to inform you about which data is processed, but also to explain the reasons for the use of various software programs. In general, privacy policies sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language. This is not always possible due to the subject matter. Therefore, the most important terms will be explained in more detail at the end of the privacy policy."

If you have any questions regarding data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

Country/region

Language

Country/region

Language

Privacy Policy