No Result
View All Result
No Result
View All Result
No Result
View All Result

Privacy Policy

Preamble

With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as: B. our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender specific.

As of: January 1, 2025

Table of contents

Responsible Person

D.R. Compania e.K.
Kapellenstrasse 22
82008 Unterhaching

Email address: info [at] apfelpatient [dot] de

Telephone: +49 160 946 358 80

Imprint: https://www.apfelpatient.de/impressum

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Employee data.
  • Payment details.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage Data.
  • Meta, Communication and Procedural data.
  • Contact information (Facebook).
  • Event data (Facebook).
  • Log data.

Categories of Data Subjects

  • Beneficiaries and Clients.
  • Employees.
  • Interested parties.
  • Communication partner.
  • User.
  • Business and Contractual partners.
  • Customers.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Range measurement.
  • Tracking.
  • Office and Organizational procedures.
  • Remarketing.
  • Conversion measurement.
  • Target group formation.
  • Affiliate tracking.
  • A/B testing.
  • Organizational and Administrative procedures.
  • Content Delivery Network (CDN).
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Registration procedure.
  • Provision of our online offering and user-friendliness.
  • Establishment and implementation of employment relationships.
  • Information technology infrastructure.
  • Public relations.
  • Business processes and business procedures.

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you about these in the data protection declaration.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
  • Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps prior to entering into a contract at the request of the data subject.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – the processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject which require the protection of personal data do not outweigh them.
  • Processing of special categories of personal data relating to healthcare, employment and social security (Art. 9 Para. 2 lit. h) GDPR) – The processing is based on the purposes of preventive health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, for health or social care or treatment, or for the management of health or social systems and services of Union law or the law of a Member State or pursuant to a contract with a health professional.

National Data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Relevant legal bases according to the Swiss Data Protection Act: If you are in Switzerland, we process your data on the basis of the Federal Data Protection Act (“Swiss Data Protection Act” for short). Unlike the GDPR, for example, the Swiss GDPR does not generally provide that a legal basis for the processing of personal data must be stated and that the processing of personal data is carried out in good faith, is lawful and proportionate (Article 6 Paragraphs 1 and 2 of the Swiss DSG). In addition, we only obtain personal data for a specific purpose that is recognizable to the person concerned and only process it in a way that is compatible with this purpose (Art. 6 Para. 3 of the Swiss Data Protection Act).

Note on the validity of the GDPR and Swiss GDPR: This data protection notice serves to provide information in accordance with the Swiss Data Protection Act and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader spatial application and comprehensibility. In particular, instead of the terms “processing” of “personal data”, “overriding interest” and “particularly sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories” used in the GDPR are used of data”. However, the legal meaning of the terms will continue to be determined according to the Swiss Data Protection Act within the scope of the Swiss Data Protection Act.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not necessary, the IP address is shortened (also referred to as “IP masking”). Here, the last two digits or the last part of the IP address after a period are removed or replaced with placeholders. Shortening the IP address is intended to prevent or make it significantly more difficult to identify a person based on their IP address.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by displaying HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of Personal Data

As part of our processing of personal data, it may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data can include: B. include service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or the disclosure or transfer of data If the transfer takes place to other people, bodies or companies, this will only take place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Furthermore, data transfers only take place if the level of data protection is otherwise secured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractually or legally required transfer (Art. 49 Para. 1 GDPR). . We will also inform you about the basics of third-country transfers for the individual providers from the third country, with the adequacy decisions taking precedence as the basic principles. Information on third country transfers and existing adequacy decisions can be found in the EU Commission's information offering: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of July 10, 2023. The list of certified companies and further information about the DPF can be found on the US Department of Commerce website https://www.dataprivacyframework.gov/ (in English). As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.

Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act, we only disclose personal data abroad if adequate protection of the persons concerned is guaranteed (Art. 16 Swiss Data Protection Act). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international contracts, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection regulations approved in advance by the FDPIC or a competent data protection authority of another country. According to Article 16 of the Swiss Data Protection Act, exceptions for the disclosure of data abroad can be permitted if certain conditions are met, including the consent of the data subject, execution of the contract, public interest, protection of life or physical integrity, data made public or data from a data subject register provided for by law. These announcements are always made in accordance with legal requirements. As part of the so-called “Data Privacy Framework” (DPF), the Swiss recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of June 7, 2024. The list of certified companies and further information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). As part of the data protection information, we will inform you about which service providers we use are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with the law as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection notice contains additional information on the retention and deletion of data that applies specifically to certain processing processes.

If there is multiple information about the retention period or deletion period for a date, the longest period always applies.

If a deadline does not explicitly start on a specific date and is at least one year, it starts automatically at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the deadline is the time when the termination or other termination of the legal relationship comes into effect.

We process data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons only for the reasons that justify its retention.

Further information on processing processes, procedures and services:

  • Retention and deletion of data: The following general deadlines apply to storage and archiving under German law:
    • 10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents, accounting documents and invoices required for their understanding (Section 147 Paragraph 3 in conjunction with Paragraph 1 No. 1, 4 and 4a AO, Section 14b Paragraph 1 UStG, Section 257 Paragraph 1 No. 1 u. 4, paragraph 4 HGB).
    • 6 years - Other business documents: commercial or business letters received, copies of the commercial or business letters sent, other documents insofar as they are important for taxation, e.g. B. hourly wage slips, company accounting sheets, calculation documents, price labels, but also payroll documents, provided they are not already accounting documents and cash register slips (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 No. 2 and 3, Paragraph 4 HGB).
    • 3 years - Data necessary to address potential warranty and damages claims or similar contractual claims and rights, as well as to deal with related inquiries, based on previous business experience and standard industry practices, will be retained for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
  • Retention and deletion of data: The following general deadlines apply for storage and archiving in accordance with Austrian law:
    • 10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Federal Tax Code (BAO §132), Corporate Code (UGB §§190-212)).
    • 6 years - Other business documents: Commercial or business letters received, copies of commercial or business letters sent and other documents if relevant for tax. These include, for example, hourly wage tickets, company accounting sheets, calculation documents, price labels and payroll documents, unless they are already accounting documents and cash register slips (Federal Tax Code (BAO §132), Corporate Code (UGB §§190-212)).
    • 3 years - Data necessary to address potential warranty and damages claims or similar contractual claims and rights, as well as to deal with related inquiries, based on previous business experience and standard industry practices, will be retained for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).
  • Retention and deletion of data: The following general deadlines apply to storage and archiving under Swiss law:
    • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Article 958f of the Swiss Code of Obligations (OR)).
    • 10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and standard industry practices, will be stored for the period of the statutory limitation period of ten years, unless because a shorter period of five years is decisive, which is relevant in certain cases (Art. 127, 130 OR). At the end of five years, claims for rent, lease and capital interest as well as other periodic services, from the delivery of food, for meals and for landlord debts, as well as from craft work, small sales of goods, medical care, professional work by lawyers, legal agents, procurators, expire and notaries and from the employment relationship of employees (Art. 128 OR).

Rights of Data Subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
  • Right to withdraw consent: You have the right to revoke your consent at any time.
  • Right to information: You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
  • Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to request a restriction on the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
  • Complaint to supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you usually reside, the supervisory authority of your place of work or the place of the alleged violation If you believe that the processing of your personal data violates the GDPR.

Rights of the data subjects under the Swiss DSG:

As a data subject, you are entitled to the following rights in accordance with the provisions of the Swiss Data Protection Act:

  • Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to exercise your rights under this law and to ensure transparent data processing.
  • Right to data release or transfer: You have the right to request that the personal data you have provided to us be released in a common electronic format.
  • Right to rectification: You have the right to request that incorrect personal data concerning you be corrected.
  • Right to objection, deletion and destruction: You have the right to object to the processing of your data and to request that personal data concerning you be deleted or destroyed.

Business Benefits

We process data from our contractual and business partners, e.g. B. Customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as associated measures and with regard to communication with the contractual partners (or pre-contractual), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse and jeopardy of their data, secrets, information and rights (e.g. the involvement of telecommunications companies). , transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, such as for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners which data is required for the aforementioned purposes before or as part of data collection, e.g. B. in online forms, through special markings (e.g. colors) or symbols (e.g. asterisks, etc.), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. h. generally after four years, unless the data is stored in a customer account, e.g. B. as long as they must be kept for legal archiving reasons (e.g. for tax purposes, usually ten years). We delete data that was disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact information (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, term, customer category).
  • Affected people: Service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; office and organizational procedures; Organizational and administrative procedures. Business processes and business procedures.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Publication activity: We process the data of our contact partners, interview partners and other people who are the subject of our publishing, editorial, journalistic and related activities. In this context, we refer to the validity of protective regulations for freedom of expression and freedom of the press in accordance with Art. 85 GDPR in conjunction with the respective national laws. The processing serves to fulfill our contractual activities and takes place in particular on the basis of the general public's interest in information and media offerings; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Payment Procedure

As part of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by the payment service providers includes inventory data, such as: B. the name and address, bank details, such as. B. Account numbers or credit card numbers, passwords, TANs and checksums as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the general terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert cancellation, information and other rights of those affected.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Service recipients and clients; Business and contractual partners. interested parties.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and business procedures.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/en; Data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Basis for third country transfers: Switzerland – Adequacy Decision (Luxembourg).

Provision of the Online Offering and Web Hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Protocol data (e.g. log files regarding logins or the retrieval of data or access times.). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
  • Affected people: Users (e.g. website visitors, users of online services). Business and contractual partners.
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Security measures. Content Delivery Network (CDN).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Provision of online offers on rented storage space: To provide our online offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called a “web host”); Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
  • Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the content of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Content Delivery Network: We use a “content delivery network” (CDN). A CDN is a service with which the content of an online offering, particularly large media files such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Amazon Web Services (AWS): Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/; Data protection declaration: https://aws.amazon.com/de/privacy/; Order processing contract: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • United Domains: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: united-domains AG, Gautinger Straße 10, 82319 Starnberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.united-domains.de; Data protection declaration: https://www.united-domains.de/unternehmen/datenschutz/; Order processing contract: https://www.united-domains.de/help/faq-article/wie-erhalte-ich-den-auftragsverarbeitungs-vertrag-avv-nach-dsgvo/. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).
  • WordPress.com: Hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.com; Data protection declaration: https://automattic.com/de/privacy/; Order processing contract: https://wordpress.com/support/data-processing-agreements/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Cloudflare: Content Delivery Network (CDN) – Service with which the content of an online offering, in particular large media files, such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Data protection declaration: https://www.cloudflare.com/privacypolicy/; Order processing contract: https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • WP Optimize: WP-Optimize Cache is a WordPress performance plugin that caches websites, cleans database and compresses images; Service provider: Execution on servers and/or computers under your own data protection responsibility; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Website: https://wordpress.org/plugins/wp-optimize/.
  • Amazon CloudFront: Content Delivery Network (CDN) – Service with which the content of an online offering, in particular large media files, such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/cloudfront/; Data protection declaration: https://aws.amazon.com/privacy/; Order processing contract: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (Provided by the service provider), Switzerland – Adequacy Decision (Luxembourg).
  • Lightspeed cache: Caching and loading optimization – functions that are used to store certain content of web pages so that they can load faster with repeated access. This reduces loading times and improves user experience; Service provider: Execution on servers and/or computers under your own data protection responsibility; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Website: https://wordpress.org/plugins/litespeed-cache/.
  • Rack space: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Rackspace Germany GmbH, Oberanger 44, 80331 Munich, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://rackspace.com; Data protection declaration: https://www.rackspace.com/de-de/about/responsibility. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).

Use of Cookies

The term “cookies” refers to functions that store and read information from users’ end devices. Cookies can also be used for various purposes, such as the functionality, security and convenience of online offerings and the creation of analyzes of visitor flows. We use cookies in accordance with legal regulations. If necessary, we obtain the users’ consent in advance. If consent is not necessary, we rely on our legitimate interests. This applies if storing and reading information is essential in order to be able to provide explicitly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about their scope and which cookies are used.

Information on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the relevant services and procedures.

Storage Period: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. as part of obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and can also object to the processing in accordance with legal requirements, including using the privacy settings of their browser.

Cookie settings/objection option:
  • Types of data processed: Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved). Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution in which users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution is obtained. This procedure is used to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consents are obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used becomes; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).
  • Cookie opt-out: In the footer of our website you will find a link through which you can change your cookie settings and revoke your consent.
  • BorlabsCookie: Consent management: procedures for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Execution on servers and/or computers under your own data protection responsibility; Website: https://de.borlabs.io/borlabs-cookie/. Further information: An individual user ID, language as well as types of consent and the time of their submission are stored on the server and in the cookie on the user's device.

Special Notes on Applications (Apps)

We process the data of the users of our application to the extent necessary to be able to provide the application and its functionalities to users, monitor its security and further develop it. We can also contact users in compliance with legal requirements if the communication is necessary for the purposes of administration or use of the application. Furthermore, with regard to the processing of user data, we refer to the data protection information in this data protection declaration.

Legal basis: The processing of data required to provide the functionality of the application serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. approval of device functions). If the processing of data is not necessary to provide the functionality of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is carried out on the basis of our legitimate interests interests. If users are expressly asked to consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); usage data (e.g., page views and duration, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, duration, customer category); location data (information about the geographical position of a device or person); content data (e.g., textual or visual messages and posts as well as the information related to them, such as authorship or creation time); contact data (e.g., postal and email addresses or phone numbers); contact information (Facebook) ("contact information" refers to data that clearly identifies affected individuals, such as names, email addresses, and phone numbers, which can be transmitted to Facebook, for example, via Facebook Pixel or upload for matching purposes to create Custom Audiences; after matching for audience creation, the contact information is deleted). Event data (Facebook) ("Event data" refers to information that is sent to the provider Meta via Meta Pixel (whether through apps or other channels) and pertains to individuals or their actions. These data include details such as website visits, interactions with content and features, app installations, and product purchases. The processing of event data is carried out with the aim of creating target groups for content and advertising messages (Custom Audiences). It is important to note that event data does not include actual content such as written comments, login information, or contact information like names, email addresses, or phone numbers. "Event data" is deleted by Meta after a maximum of two years, and the audiences formed from it disappear with the deletion of our Meta user accounts.
  • Affected people: Users (e.g. website visitors, users of online services); business and contractual partners; service recipients and clients; Communication partner. Customers.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); affiliate tracking; remarketing; Conversion measurement (measuring the effectiveness of marketing measures); target group formation; Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioral profiling, use of cookies); A/B testing; Marketing; Profiles with user-related information (creating user profiles); Communication. Organizational and administrative procedures.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

  • Commercial use: We process the data of the users of our application, registered users and any test users (hereinafter referred to as “users”) in order to be able to provide them with our contractual services and on the basis of legitimate interests in order to ensure the security of our application and to be able to further develop it. The required information is identified as such in the context of the conclusion of the usage, contract, order or comparable contract and may include the information required for the provision of services and any billing as well as contact information in order to be able to hold any consultations; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Storage of a pseudonymous identifier: So that we can provide the application and ensure its functionality, we use a pseudonymous identifier. The identification is a mathematical value (i.e. no plain data such as names are used) that is assigned to a device and/or the application installation installed on it. This identifier is generated when this application is installed, is stored between the start of the application and its updates, and is deleted when users remove the application from the device.
  • Device permissions to access features and data: The use of our application or its functionalities may require users to have access to certain functions of the devices used or to the data stored on the devices or accessible using the devices. By default, these permissions must be granted by users and can be revoked at any time in the settings of the respective devices. The exact method for controlling app permissions may depend on the user's device and software. If you need clarification, users can contact us. We would like to point out that the denial or revocation of the respective authorizations can affect the functionality of our application.
  • Processing of location data: When using our application, the location data collected by the device used or otherwise entered by the user is processed. The use of location data requires user authorization, which can be revoked at any time. The use of location data only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality.
  • AdMob: Platform for displaying advertising content in mobile applications; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://admob.google.com/home/; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Further information: Processing by Google as controller: https://business.safety.google/adscontrollerterms/.
  • Amazon Web Services (AWS): Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/; Data protection declaration: https://aws.amazon.com/de/privacy/; Order processing contract: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • Amazon affiliate program: Affiliate Partner Program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.amazon.de; Data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • Amazon: Marketing of advertising materials and advertising space; Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.amazon.de; Data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • Apple App Store: App and software sales platform; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.apple.com/en/app-store/. Data protection declaration: https://www.apple.com/legal/privacy/de-ww/.
  • Apple iCloud: cloud storage service; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.apple.com/en/. Data protection declaration: https://www.apple.com/legal/privacy/de-ww/.
  • Facebook Conversions API: We use the “Conversions API” from Facebook. The Conversions API is an interface that sends event data from our servers directly to Facebook. The functionality and processing of data within the context of the Conversions API corresponds to the functionality and processing within the context of using the Facebook Pixel, which is why we refer to the data protection information on the Facebook Pixel and target group formation; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).
  • Meta – target group education via data upload: Formation of target groups for marketing purposes – We transmit contact information (names, email addresses and telephone numbers) in list form to Meta for the purpose of forming target groups (so-called “custom audiences”) for displaying content and advertising information based on the presumed interests of the users . The transmission and comparison with data available at Meta does not take place in plain text, but rather as so-called “hash values”, i.e. mathematical representations of the data (this method is used, for example, when storing passwords). After matching to create target groups, the contact information is deleted; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Firebase: Google Firebase is a platform for developers of applications (“apps” for short) for mobile devices and websites. Google Firebase offers a variety of features for testing apps, monitoring their functionality, and optimizing them (which are shown on the following overview page: https://firebase.google.com/products-build). The functions include, among other things, the storage of apps including personal data of application users, such as: B. content created by you or information regarding your interaction with the apps (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between app users and other services, e.g. B. authentication using services such as Facebook, Twitter or using an email-password combination; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://firebase.google.com; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://cloud.google.com/terms/data-processing-addendum. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Firebase: Firebase is a development platform for mobile and web applications. Through a so-called software development kit, it provides tools and infrastructure that are intended to enable a developer to provide functions more easily and efficiently using programming interfaces on various platforms; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://firebase.google.com; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://firebase.google.com/terms/data-processing-terms. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Facebook pages: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services called “Page Insights” to site operators to help them understand how people engage with their Pages and interact with the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Meta pixels and target group formation (Custom Audiences): With the help of the meta pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), the company Meta is able to identify visitors to our online offering as a target group for the display of advertisements (so-called “meta ads”. “) to determine. Accordingly, we use the Meta pixel to only show the Meta ads we place to users on Meta platforms and within the services of partners cooperating with Meta (so-called “audience network”). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products, which are evident from the websites visited), which we transmit to Meta (so-called “Custom Audiences”) . With the help of the meta pixel, we also want to ensure that our meta ads correspond to the potential interest of the users and do not appear annoying. With the help of the meta pixel, we can also track the effectiveness of the meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called “conversion measurement”); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: User event data, i.e. .h. Behavioral and interest information is used for the purposes of targeted advertising and audience building based on the Shared Responsibility Agreement (“Controller Addendum”). https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers.
    Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible and are not used for any other purposes. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before passing traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google Cloud Storage: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cloud.google.com/; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://cloud.google.com/terms/data-processing-addendum; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Further information: https://cloud.google.com/privacy.
  • Google Universal Analytics: Reach measurement and web analysis – We use Universal Analytics, a version of Google Analytics, to carry out user analysis based on a pseudonymous user identification number. This identification number does not contain any clear data, such as: E.g. names or email addresses. It is used to assign analysis information to a user, e.g. B. to recognize which content users have accessed during a session or whether they access our online offering again. This involves creating pseudonymous profiles of users with information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Terms and Conditions: https://business.safety.google/adsprocessorterms/; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Contact form: When you contact us via our contact form, by email or other communication channels, we process the personal data provided to us to answer and process the respective request. This usually includes information such as name, contact information and, if necessary, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Customer account: Customers can create an account within our online offering (e.g. customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • National Data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.
  • Relevant legal bases according to the Swiss Data Protection Act: .
  • National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Law on the Protection of Natural Persons when Processing Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special regulations on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases.
  • OneSignal: Automation and personalization of content and marketing information as well as campaigns on various communication channels, remarketing, A/B testing, messaging and reach measurement; Service provider: OneSignal, Inc., 2850 S Delaware St Suite 201, San Mateo, CA 94403, USA; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://onesignal.com; Data protection declaration: https://onesignal.com/privacy_policy; Order processing contract: Provided by the service provider. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (To be provided by the service provider), Switzerland – Standard Contractual Clauses (To be provided by the service provider).
  • UpdraftPlus: backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambs., PE19 1LW, UK; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://updraftplus.com/; Data protection declaration: https://updraftplus.com/data-protection-and-privacy-centre/. Basis for third country transfers: EU/EEA – Adequacy Decision (GB), Switzerland – Adequacy Decision (GB).
  • United Domains: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: united-domains AG, Gautinger Straße 10, 82319 Starnberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.united-domains.de; Data protection declaration: https://www.united-domains.de/unternehmen/datenschutz/; Order processing contract: https://www.united-domains.de/help/faq-article/wie-erhalte-ich-den-auftragsverarbeitungs-vertrag-avv-nach-dsgvo/. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).

Obtaining Applications Via App Stores

Our application is obtained via special online platforms operated by other service providers (so-called “app stores”). In this context, in addition to our data protection information, the data protection information of the respective app stores applies. This applies in particular with regard to the procedures used on the platforms for reach measurement and interest-based marketing as well as any possible costs.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact information (e.g. postal and email addresses or telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Beneficiaries and clients. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Marketing. Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

Registration, Login and User Account

Users can create a user account. As part of registration, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment. The data processed includes, in particular, login information (username, password and an email address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can access processes that are relevant to their user account, such as: B. technical changes, will be informed by email.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Protocol data (e.g. log files regarding logins or the retrieval of data or access times.).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; Organizational and administrative procedures. Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Deletion after termination.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Registration with real name: Due to the nature of our community, we ask users to only use our services using their real names. I.e. the use of pseudonyms is not permitted; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Two-factor authentication: Two-factor authentication provides an additional layer of security for your user account and ensures that only you can access your account, even if someone else knows your password. To do this, you will need to perform another authentication measure in addition to your password (e.g. enter a code sent to a mobile device). We will inform you about the process we use; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Community Functions

The community functions we provide allow users to engage in conversations or other exchanges with one another. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our conditions and guidelines as well as the rights of other users and third parties.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.). Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures. Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Protection of your own data: Users decide for themselves what data they disclose about themselves within our online offering. For example, when users provide personal information or participate in conversations. We ask users to protect their data and only publish personal data carefully and only to the extent necessary. In particular, we ask users to note that they must particularly protect their access data and use secure passwords (i.e., above all, as long and random character combinations as possible); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Single Sign-On Login

“Single sign-on” or “single sign-on registration” or “authentication” are procedures that allow users to use a user account to log in to a provider of single sign-on procedures (e.g . B. a social network), also to register with our online offer. The prerequisite for single sign-on authentication is that the user is registered with the respective single sign-on provider and enters the required access data in the online form provided, or is already registered with the single sign-on provider and confirm the single sign-on login via button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we cannot use for other purposes (so-called “user handle "). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected as part of the authentication and also on what data users provide in the privacy or other settings of the user account during single sign-on. On providers have released. Depending on the single sign-on provider and the user's choice, there can be different data, usually the email address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are asked to note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. Change e.g. B. the users' email addresses, they must change them manually in their user account with us.

If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, if the users have been asked to do so, process it as part of their consent and otherwise use it on the basis of our legitimate interests and the Users' interests in an effective and secure registration system.

Should users decide that they no longer want to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must delete this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; registration procedures. Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Deletion after termination.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Apple Single-Sign-On: User login authentication services, providing single sign-on functionality, identity information management and application integrations; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.apple.com/en/. Data protection declaration: https://www.apple.com/legal/privacy/de-ww/.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers' data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form); Provision of our online offering and user-friendliness; security measures; Organizational and administrative procedures. Provision of contractual services and fulfillment of contractual obligations.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Comments and posts: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

    We also reserve the right to process user information for spam detection based on our legitimate interests.

    On the same legal basis, in the case of surveys, we reserve the right to store users' IP addresses for their duration and to use cookies to avoid multiple voting.

    The personal information provided in the comments and posts, any contact and website information as well as the content information will be permanently stored by us until the user objects; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Getting WordPress emojis and smilies: Retrieval of WordPress emojis and smilies – Within our WordPress blog, graphic emojis (or smilies), i.e., are used for the efficient integration of content elements. i.e., small graphic files that express feelings are used, obtained from external servers. The server providers collect the IP addresses of the users. This is necessary so that the emoji files can be delivered to users' browsers; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://automattic.com; Data protection declaration: https://automattic.com/privacy. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Gravatar profile pictures: Profile pictures – We use the Gravatar service within our online offering and especially in the blog.

    Gravatar is a service where users can register and store profile pictures and their email addresses. If users leave posts or comments with the respective email address on other online presences (especially in blogs), their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by the user is sent to Gravatar in encrypted form to check whether a profile has been saved for it. This is the sole purpose of transmitting the email address. It will not be used for other purposes but will be deleted afterwards.

    The use of Gravatar is based on our legitimate interests, as we use Gravatar to offer post and comment authors the opportunity to personalize their posts with a profile picture.

    By displaying the images, Gravatar learns the user's IP address, as this is necessary for communication between a browser and an online service.

    If users do not want a user image linked to their Gravatar email address to appear in the comments, they should use an email address that is not stored with Gravatar to comment. We would also like to point out that it is also possible to use an anonymous email address or no email address at all if users do not want their own email address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://automattic.com; Data protection declaration: https://automattic.com/privacy. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • ManageWP: WordPress website management; Service provider: ManageWP, LLC, 14455 N. Hayden Rd, Ste. 219, Scottsdale, AZ 85260, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://managewp.com/; Data protection declaration: https://managewp.com/privacy; Order processing contract: https://managewp.com/data-processing-addendum. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (https://managewp.com/data-processing-addendum), Switzerland – Standard Contractual Clauses (https://managewp.com/data-processing-addendum).
  • UpdraftPlus: backup software and backup storage; Service provider: Simba Hosting Ltd., 11, Barringer Way, St. Neots, Cambs., PE19 1LW, UK; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://updraftplus.com/; Data protection declaration: https://updraftplus.com/data-protection-and-privacy-centre/. Basis for third country transfers: EU/EEA – Adequacy Decision (GB), Switzerland – Adequacy Decision (GB).

Contact and Inquiry Management

When you contact us (e.g. by post, contact form, e-mail, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that this is necessary to answer contact inquiries and any enquiries measures are required.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Communication partner.
  • Purposes of processing: Communication; organizational and administrative procedures; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

  • Contact form: When you contact us via our contact form, by email or other communication channels, we process the personal data provided to us to answer and process the respective request. This usually includes information such as name, contact information and, if necessary, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Communication Via Messenger

We use messengers for communication purposes and therefore ask that you please note the following information on the functionality of messengers, encryption, the use of communication metadata and your options for objection.

You can also contact us via alternative means, e.g. B. via telephone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end be encrypted at the end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption activated to ensure that the message content is encrypted.

However, we also point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us as well as technical information about the device used by the communication partner and, depending on the settings of their device, location information ( so-called metadata) are processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Furthermore, if we do not ask for your consent and you do so, for example. For example, if you contact us on your own initiative, we use Messenger in relation to our contractual partners and as part of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and fulfillment of our needs Communication partner for communication via messenger. We would also like to point out that we will not transmit the contact details provided to us to Messenger for the first time without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise, as soon as we can assume this, any information from the communication partners to have answered if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.

Reservation of reference to other communication channels: To ensure your safety, we ask for your understanding that for certain reasons we may not be able to respond to requests via Messenger. This applies to situations in which contract details must be treated particularly confidentially or in which a response via messenger does not meet the formal requirements. In these cases, we recommend that you use more suitable communication channels.

  • Types of data processed: Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Communication partner.
  • Purposes of processing: Communication. Direct marketing (e.g. via email or postal mail).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Instagram: Sending messages via the social network Instagram; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Data protection declaration: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Switzerland – Adequacy Decision (Ireland).
  • Facebook Messenger: Send and receive text messages, make voice and video calls, create group chats, share files and media, transmit location information, sync contacts, encrypt messages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Telegram: Send and receive messages, voice calls and video calls; creating groups and channels; sharing files and media; Using bots for automation; End-to-end encryption for secret chats; Synchronization across multiple devices; Service provider: Representative in the European Union: European Data Protection Office (EDPO), Avenue Huart Hamoir 71, 1030 Brussels, Belgium; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://telegram.org/; Data protection declaration: https://telegram.org/privacy/de. Basis for third country transfers: Switzerland – Adequacy Decision (Belgium).
  • WhatsApp: Text messaging, voice and video calls, sending pictures, videos and documents, group chat function, end-to-end encryption for increased security; Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.whatsapp.com/; Data protection declaration: https://www.whatsapp.com/legal. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

Push Notifications

With the consent of the users, we can send the users so-called “push notifications”. These are messages that are displayed on users' screens, devices or browsers, even if our online service is not being actively used.

In order to register for push notifications, users must confirm that their browser or device asks them to receive push notifications. This consent process is documented and saved. Storage is necessary to determine whether users have agreed to receive push notifications and to be able to prove their consent. For these purposes, a pseudonymous browser identifier (so-called “push token”) or the device ID of a terminal device is stored.

The push messages may be necessary for the fulfillment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offering) and are otherwise sent on the basis of the user's consent, unless specifically mentioned below. Users can change the receipt of push notifications at any time using the notification settings of their respective browsers or devices.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Location data (information about the geographical position of a device or person). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
  • Affected people: Communication partner. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; Provision of our online offering and user-friendliness; Reach measurement (e.g. access statistics, recognition of returning visitors); direct marketing (e.g. via email or postal mail); Conversion measurement (measuring the effectiveness of marketing measures); target group formation; Marketing; Tracking (e.g. interest/behavioral profiling, use of cookies); A/B testing. Profiles with user-related information (creating user profiles).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Deletion after termination.
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Analysis and measurement of success: We evaluate push messages statistically and can therefore determine whether and when push messages were displayed and clicked on. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or retrieval times. This analysis also includes determining whether the push messages are opened, when they are opened and whether users interact with their content or buttons. For technical reasons, this information can be assigned to the individual push message recipients. However, it is neither our intention nor, if used, that of the push notification service provider to monitor individual users. Rather, the evaluations serve us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users.

    The evaluation of the push messages and the measurement of success are based on the express consent of the user, which occurs with the consent to receive the push messages. Users can object to the analysis and performance measurement by unsubscribing from push notifications. Unfortunately, a separate revocation of the analysis and performance measurement is not possible; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).
  • CleverPush: Sending and managing push notifications; Service provider: CleverPush GmbH, Nagelsweg 22, 20097 Hamburg, Germany; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://cleverpush.com/en/; Data protection declaration: https://cleverpush.com/de/privacy/; Order processing contract: Provided by the service provider. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).
  • OneSignal: Automation and personalization of content and marketing information as well as campaigns on various communication channels, remarketing, A/B testing, messaging and reach measurement; Service provider: OneSignal, Inc., 2850 S Delaware St Suite 201, San Mateo, CA 94403, USA; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://onesignal.com; Data protection declaration: https://onesignal.com/privacy_policy; Order processing contract: Provided by the service provider. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (To be provided by the service provider), Switzerland – Standard Contractual Clauses (To be provided by the service provider).
  • Firebase: Firebase is a development platform for mobile and web applications. Through a so-called software development kit, it provides tools and infrastructure that are intended to enable a developer to provide functions more easily and efficiently using programming interfaces on various platforms; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://firebase.google.com; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://firebase.google.com/terms/data-processing-terms. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

Cloud Services

We use software services accessible via the Internet and running on their providers' servers (so-called "cloud services", also referred to as "software as a service") for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

Within this framework, personal data can be processed and stored on the providers' servers, provided that they are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and to optimize services.

If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may set cookies on the users' devices for the purposes of web analysis or to remember the user's settings (e.g. in the case of Media control) to remember and save.

  • Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected people: interested parties; Communication partner. Business and contractual partners.
  • Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

Web Analysis, Monitoring and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently, or invite them to reuse it. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized into a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information, such as the browser used, the computer system used and information about times of use. If users have agreed to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

In addition, the users' IP addresses are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A/B testing and optimization, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Provision of our online offering and user-friendliness; Remarketing. Tracking (e.g. interest/behavioral profiling, use of cookies).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Firebase: Google Firebase is a platform for developers of applications (“apps” for short) for mobile devices and websites. Google Firebase offers a variety of features for testing apps, monitoring their functionality, and optimizing them (which are shown on the following overview page: https://firebase.google.com/products-build). The functions include, among other things, the storage of apps including personal data of application users, such as: B. content created by you or information regarding your interaction with the apps (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between app users and other services, e.g. B. authentication using services such as Facebook, Twitter or using an email-password combination; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://firebase.google.com; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://cloud.google.com/terms/data-processing-addendum. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers.
    Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible and are not used for any other purposes. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before passing traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google as recipient of consent: The consent given by users as part of a consent dialogue (also known as “cookie opt-in/consent”, “cookie banner”, etc.) serves several purposes. On the one hand, it helps us fulfill our obligation to obtain consent to store and read information on and from the user's device (according to ePrivacy guidelines). On the other hand, it covers the processing of users' personal data in accordance with data protection regulations. In addition, this consent also applies to Google, as the company is obliged under the Digital Markets Act to obtain consent for personalized services. Therefore, we share the status of the consents given by users with Google. Our consent management software informs Google whether consent has been given or not. The aim is to ensure that users' consent, whether given or not, is taken into account when using Google Analytics and when integrating functions and external services. This means that user consent and its revocation can be adjusted dynamically and depending on user selection within the framework of Google Analytics and other Google services in our online offering; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://support.google.com/analytics/answer/9976101?hl=de; Data protection declaration: https://policies.google.com/privacy. Basis for third country transfers: Switzerland – Adequacy Decision (Ireland).
  • Google Signals (Google Analytics function): Google signals are session data from websites and apps that Google associates with users who have signed in to their Google accounts and turned on ad personalization. This mapping of data to these logged in users is used to enable cross-device reporting, cross-device remarketing, and cross-device conversion measurement. These include: Cross-platform reporting – linking data across devices and activity from different sessions using your User ID or Google Signals data, enabling an understanding of user behavior at every step of the conversion process, from initial contact to conversion and beyond; Remarketing with Google Analytics – creating remarketing audiences from Google Analytics data and sharing those audiences with linked advertising accounts; Demographics and Interests - Google Analytics collects additional information about demographics and interests from users who are logged into their Google accounts and have ad personalization enabled; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://support.google.com/analytics/answer/7532985?hl=de; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google Tag Manager: We use Google Tag Manager, software from Google that allows us to manage so-called website tags centrally via a user interface. Tags are small pieces of code on our website that are used to record and analyze visitor activity. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying and making more efficient the integration and management of tools and services that we use on our website. Nevertheless, when using the Google Tag Manager, the user's IP address is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies can also be set. However, this data processing only takes place if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, we refer to the further sections of this data protection declaration; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Order processing contract:
    https://business.safety.google/adsprocessorterms. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Jetpack (WordPress Stats): Jetpack offers analytics features for WordPress software; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://automattic.com; Data protection declaration: https://automattic.com/privacy. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Matomo (without cookies): Matomo is a data protection-friendly web analysis software that is used without cookies and in which returning users are identified using a so-called “digital fingerprint”, which is stored anonymously and changed every 24 hours; With “digital fingerprinting”, user movements within our online offering are recorded using pseudonymized IP addresses in combination with user browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected when using Matomo is only processed by us and is not shared with third parties; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Website: https://matomo.org/.
  • Matomo: Matomo is software that is used for web analysis and reach measurement purposes. When using Matomo, cookies are generated and stored on the user's device. The user data collected when using Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Deletion of data: The cookies have a storage period of a maximum of 13 months.
  • Google Analytics without cookies: We use Google Analytics without cookies. I.e. No files used to create profiles are stored on the users' end devices. The information required for measurement and analysis is only stored and processed on Google's server. Here, pseudonymous profiles of users are created; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google Universal Analytics: Reach measurement and web analysis – We use Universal Analytics, a version of Google Analytics, to carry out user analysis based on a pseudonymous user identification number. This identification number does not contain any clear data, such as: E.g. names or email addresses. It is used to assign analysis information to a user, e.g. B. to recognize which content users have accessed during a session or whether they access our online offering again. This involves creating pseudonymous profiles of users with information from the use of various devices; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Terms and Conditions: https://business.safety.google/adsprocessorterms/; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible and are not used for any other purposes. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before passing traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  • Matomo Cloud: Hosting the range measurement and web analysis software Matomo; Service provider: InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand; Website: https://matomo.org/matomo-cloud/; Data protection declaration: https://matomo.org/matomo-cloud-privacy-policy/; Order processing contract: https://matomo.org/matomo-cloud-dpa/. Basis for third country transfers: EU/EEA – adequacy decision (New Zealand), Switzerland – adequacy decision (New Zealand).
  • Microsoft Clarity: Web analysis, reach measurement and analysis of user behavior in relation to use and interests regarding functions and content as well as their duration of use on the basis of a pseudonymous user identification number and profile creation; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://clarity.microsoft.com; Data protection declaration: https://privacy.microsoft.com/de-de/privacystatement; Order processing contract: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).

Online Marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on users' potential interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used, by means of which the user information relevant to the display of the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information about times of use and functions used. If users have consented to the collection of their location data, this can also be processed.

The users’ IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of the online marketing process, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we as well as the providers of online marketing processes do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or using similar methods. These cookies can later generally be read on other websites that use the same online marketing process and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, it is possible to assign clear data to the profiles, especially if the users are, for example, members of a social network whose online marketing processes we use and the network connects the user profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, for example by giving consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e. h. for example, to conclude a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Information on revocation and objection:

We refer to the data protection information of the respective providers and the objection options specified for the providers (so-called “opt-out”). If no explicit opt-out option has been provided, you have the option of turning off cookies in your browser settings. However, this may limit the functions of our online offering. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-territorial: https://optout.aboutads.info.

  • Types of data processed: Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Event data (Facebook) (“Event data” is information that is sent, for example, via meta pixels (be it via apps or other channels) to the provider Meta and relates to people or their actions. This data includes, for example Details about website visits, interactions with content and functions, app installations and product purchases. The event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). Event data does not include actual content such as written comments, no login information and no contact information such as names, email addresses or telephone numbers. “Event data” will be deleted by Meta after a maximum of two years and the target groups formed from it will disappear the deletion of our meta user accounts.); Contact information (Facebook) (“Contact information” is data that (clearly) identifies data subjects, such as names, email addresses and telephone numbers, which is sent to Facebook, e.g. via Facebook pixel or upload for matching purposes to form custom audiences, the contact information will be deleted.
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioral profiling, use of cookies); Conversion measurement (measuring the effectiveness of marketing measures); target group formation; Marketing; Profiles with user-related information (creating user profiles); Provision of our online offering and user-friendliness. Remarketing.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Amazon: Marketing of advertising materials and advertising space; Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.amazon.de; Data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • Meta pixels and target group formation (Custom Audiences): With the help of the meta pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), the company Meta is able to identify visitors to our online offering as a target group for the display of advertisements (so-called “meta ads”. “) to determine. Accordingly, we use the Meta pixel to only show the Meta ads we place to users on Meta platforms and within the services of partners cooperating with Meta (so-called “audience network”). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products, which are evident from the websites visited), which we transmit to Meta (so-called “Custom Audiences”) . With the help of the meta pixel, we also want to ensure that our meta ads correspond to the potential interest of the users and do not appear annoying. With the help of the meta pixel, we can also track the effectiveness of the meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called “conversion measurement”); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: User event data, i.e. .h. Behavioral and interest information is used for the purposes of targeted advertising and audience building based on the Shared Responsibility Agreement (“Controller Addendum”). https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
  • Meta – target group education via data upload: Formation of target groups for marketing purposes – We transmit contact information (names, email addresses and telephone numbers) in list form to Meta for the purpose of forming target groups (so-called “custom audiences”) for displaying content and advertising information based on the presumed interests of the users . The transmission and comparison with data available at Meta does not take place in plain text, but rather as so-called “hash values”, i.e. mathematical representations of the data (this method is used, for example, when storing passwords). After matching to create target groups, the contact information is deleted; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Facebook Ads: Placement of advertisements within the Facebook platform and evaluation of the ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): We refer to the data protection and advertising settings in the user profile on the Facebook platforms as well as to Facebook's consent process and contact options for exercising information and other data subject rights, as described in Facebook's data protection declaration; Further information: User event data, i.e. .h. Behavioral and interest information is used for the purposes of targeted advertising and audience building based on the Shared Responsibility Agreement (“Controller Addendum”). https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
  • Google Ad Manager: We use the “Google Ad Manager” service to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.). Google Ad Manager is characterized by the fact that ads are displayed in real time based on users' presumed interests. This allows us to show advertisements for our online offering to users who may have a potential interest in our offering or have previously been interested in it, and to measure the success of the advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms. if Google acts as a processor, data processing conditions for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms.
  • AdMob: Platform for displaying advertising content in mobile applications; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://admob.google.com/home/; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Further information: Processing by Google as controller: https://business.safety.google/adscontrollerterms/.
  • Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology with which users who use an online service are included in a pseudonymous remarketing list so that users can be shown ads on other online offers based on their visit to the online service can become; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.
  • Google Adsense with personalized ads: We integrate the Google Adsense service, which makes it possible to place personalized advertisements within our online offering. Google Adsense analyzes user behavior and uses this data to deliver targeted advertising that is tailored to the interests of our visitors. We receive financial compensation for each advertisement placement or other type of use of these advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.
  • Google Adsense with non-personalized ads: We use the Google Adsense service to display non-personalized advertisements in our online offering. These ads are not based on individual user behavior, but are selected based on general characteristics such as the content of the page or your approximate geographical location. We receive compensation for displaying or otherwise using these advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.
  • Instagram ads: Placement of advertisements within the Instagram platform and evaluation of the ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.instagram.com; Data protection declaration: https://privacycenter.instagram.com/policy/; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland); Option to object (opt-out): We refer to the data protection and advertising settings in the user profile on the Instagram platform as well as within the framework of Instagram's consent process and Instagram's contact options for exercising information and other data subject rights in Instagram's data protection declaration; Further information: User event data, i.e. .h. Behavioral and interest information is used for the purposes of targeted advertising and audience building based on the Shared Responsibility Agreement (“Controller Addendum”). https://www.facebook.com/legal/controller_addendum) processed. The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
  • Amazon Ads and Amazon Pixel: Code that is loaded when a user visits our online offering and tracks the user's behavior and conversions and stores them in a profile (possible uses: measuring campaign performance, optimizing ad delivery, building custom and similar target groups) and providing functions for Display personalized advertising based on interest and behavior-based information, including users' demographics, interests and browsing history, stored in user profiles; Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://advertising.amazon.com/; Data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg). Further information: https://advertising.amazon.com/resources/ad-policy/eu-data-protection-and-privacy.

Affiliate Programs and Affiliate Links

In our online offering we include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third-party providers (collectively referred to as “affiliate links”). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties (collectively referred to as “commission”).

In order to be able to track whether users have taken advantage of the offers of an affiliate link we use, it is necessary for the respective third-party providers to find out that the users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g. purchases) serves the sole purpose of commission accounting and will be canceled as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented with certain values ​​that are part of the link or otherwise, e.g. B. can be stored in a cookie. The values ​​may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed based on our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of data processed: Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: interested parties. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Affiliate tracking.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Amazon affiliate program: Affiliate Partner Program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates); Service provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.amazon.de; Data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Luxembourg).
  • AWIN partner program (formerly Zanox and Affilinet): Affiliate marketing partner program; Service provider: AWIN AG, Eichhornstr. 3, 10785 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.awin.com/en; Data protection declaration: https://www.awin.com/de/rechtliches/privacy-policy-DACH. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).
  • Belboon affiliate program: Affiliate marketing partner program; Service provider: belboon GmbH, Weinmeisterstr. 12-14, 10178 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: www.belboon.de; Data protection declaration: https://www.belboon.com/de/ueber-uns/datenschutz/. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).
  • Tradedoubler affiliate program: Affiliate marketing partner program; Service provider: Tradedoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.tradedoubler.com/de; Data protection declaration: https://www.tradedoubler.com/de/privacy-policy. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with active users there or to offer information about us.

We would like to point out that user data can be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The latter may in turn be used to place advertisements inside and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on the users' computers in which the usage behavior and interests of the users are stored. In addition, data can also be stored in the usage profiles regardless of the devices used by the users (especially if they are members of the respective platforms and logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of the rights of those affected, we would also like to point out that these can most effectively be asserted with the providers. Only the latter have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  • Types of data processed: Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Inventory data (e.g. full name, home address, contact information, customer number, etc.). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g. collecting feedback via online form); public relations; Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Instagram: Social network, allows you to share photos and videos, comment and favorite posts, send messages, subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Data protection declaration: https://privacycenter.instagram.com/policy/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Facebook pages: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services called “Page Insights” to site operators to help them understand how people engage with their Pages and interact with the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Facebook groups: We use the “Groups” function of the Facebook platform to create interest groups within which Facebook users can contact each other or with us and exchange information. We process personal data of the users of our groups to the extent that this is necessary for the purpose of group use and its moderation. Our guidelines within the groups may contain further guidelines and information about the use of the respective group. This data includes information on first and last names, as well as published or privately communicated content, as well as values ​​on the status of group membership or group-related activities, such as. B. entry or exit as well as the times for the aforementioned dates. We also refer to the processing of user data by Facebook itself. This data includes information about the types of content that users view or interact with, or the actions they take (see under “Those taken by you and others and Things Provided” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “insights,” to group operators to provide them with insights into how people are engaging with their groups and with interact with the content associated with them; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Threads: social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.threads.net/; Data protection declaration: https://help.instagram.com/515230437301944. Basis for third country transfers: Switzerland – Adequacy Decision (Ireland).
  • X: social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://x.com; Data protection declaration: https://x.com/de/privacy. Basis for third country transfers: Switzerland – Adequacy Decision (Ireland).
  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Option to object (opt-out): https://myadcenter.google.com/personalizationoff.

Plug-ins and Embedded Functions and Content

We include functional and content elements in our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This can be, for example, graphics, videos or city maps (hereinafter referred to as “content”).

The integration always requires that the third party providers of this content process the users' IP address, as without an IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but also linked to such information from other sources become.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Event data (Facebook) (“Event data” is information that is sent, for example, via meta pixels (be it via apps or other channels) to the provider Meta and relates to people or their actions. This data includes, for example Details about website visits, interactions with content and functions, app installations and product purchases. The event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). Event data does not include actual content such as written comments, no login information and no contact information such as names, email addresses or telephone numbers. “Event data” will be deleted by Meta after a maximum of two years and the target groups formed from it will disappear the deletion of our meta user accounts.); Contact information (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g. interest/behavioral profiling, use of cookies); target group formation; Marketing; Provision of contractual services and fulfillment of contractual obligations; Profiles with user-related information (creating user profiles). Feedback (e.g. collecting feedback via online form).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the user and can process it for the purpose of transmitting the software to the user's browser as well as for security purposes and to evaluate and optimize their offer. – We integrate software into our online offering that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offering). The respective providers collect the IP address of the user and can process it for the purpose of transmitting the software to the user's browser as well as for security purposes as well as to evaluate and optimize their offer; Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Facebook plugins and content: Facebook social plugins and content – ​​This can be done, for example: This includes, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – We are responsible, together with Meta Platforms Ireland Limited, for the collection or receipt as part of a transfer (but not further processing) of “event data” that Facebook uses using the Facebook social plugins (and content embedding functions) on our online offering, collects or receives as part of a transmission for the following purposes: a) displaying content and advertising information that correspond to the presumed interests of the users; b) Delivering commercial and transactional messages (e.g. contacting users via Facebook Messenger); c) Improve ad delivery and personalization of features and content (e.g., improving identification of which content or advertising information is likely to match users' interests). We have concluded a special agreement with Facebook (“Addition for Controllers”, https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. do not contain information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but rather on the basis of an order processing contract ( “Data processing conditions”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland).
  • Instagram plugins and content: Instagram plugins and content – ​​This can be done, for example: This includes, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Instagram. – We are responsible, together with Meta Platforms Ireland Limited, for the collection or receipt as part of a transfer (but not further processing) of “event data” that Facebook uses Instagram functions (e.g. content embedding functions). on our online offering, collects or receives as part of a transmission for the following purposes: a) displaying content and advertising information that correspond to the presumed interests of the users; b) Delivering commercial and transactional messages (e.g. contacting users via Facebook Messenger); c) Improve ad delivery and personalization of features and content (e.g., improving identification of which content or advertising information is likely to match users' interests). We have concluded a special agreement with Facebook (“Addition for Controllers”, https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. do not contain information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but rather on the basis of an order processing contract ( “Data processing conditions”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU Data Transfer Addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Data protection declaration: https://privacycenter.instagram.com/policy/. Basis for third country transfers: Switzerland – Adequacy Decision (Ireland).
  • reCAPTCHA: We include the “reCAPTCHA” function in order to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called “bots”). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes ( e.g. answering questions or selecting objects in pictures). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.
  • Shariff: We use the privacy-safe “Shariff” buttons. “Shariff” was developed to enable more privacy online and to replace the usual “share” buttons on social networks. It is not the user's browser, but rather the server on which this online offer is located, that establishes a connection with the server of the respective social media platform and asks, for example: B. the number of likes. The user remains anonymous. You can find more information about the Shariff project from the developers of c’t magazine: https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html; Service provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Data protection declaration: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html. Basis for third country transfers: Switzerland – Adequacy Decision (Germany).
  • X plugins and content: Plugins and buttons from the “X” platform – This can be done, for example: This includes, for example, content such as images, videos or texts and buttons with which users can share content from this online offering within X; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://x.com/de; Data protection declaration: https://x.com/de/privacy, (Settings: https://x.com/personalization); Order processing contract: https://privacy.x.com/en/for-our-partners/global-dpa. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (https://privacy.x.com/en/for-our-partners/global-dpa), Switzerland – adequacy decision (Ireland).
  • YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR); Website: https://www.youtube.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Adequacy Decision (Ireland). Option to object (opt-out): Opt out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.
  • Vimeo video player: Integration of a video player; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vimeo.com; Data protection declaration: https://vimeo.com/privacy; Order processing contract: https://vimeo.com/enterpriseterms/dpa. Basis for third country transfers: EU/EEA – Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa), Switzerland – Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).
  • All in One SEO Pack: Tool to optimize your website's content, generating an XML sitemap and providing an all-in-one SEO package for WordPress; Service provider: Execution on servers and/or computers under your own data protection responsibility; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://wordpress.org/plugins/all-in-one-seo-pack/. Data protection declaration: https://wordpress.org/about/privacy/.

Management, Organization and Support Tools

We use services, platforms and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the third-party servers. This may affect various data, which we process in accordance with this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content.

If users are referred to third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers.

  • Types of data processed: Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
  • Affected people: Communication partner; Users (e.g. website visitors, users of online services). Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Asanas: Project management – ​​organizing and managing teams, groups, workflows, projects and processes; Service provider: Asana, Inc, 1550 Bryant Street, Suite 200, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://asana.com; Data protection declaration: https://asana.com/de/terms#privacy-policy; Order processing contract: https://asana.com/de/terms#data-processing. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • Bitly: URL shortening service and link management platform; Service provider: Bitly, Inc., 139 Fifth Avenue, 5th Floor, New York, NY 10010, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://bitly.com; Data protection declaration: https://bitly.com/pages/privacy. Basis for third country transfers: EU/EEA – Data Privacy Framework (DPF), Switzerland – Data Privacy Framework (DPF).
  • GitHub: Platform for version control of software projects. Developers can upload their code to repositories and track changes, as well as use project management tools in software development; Service provider: GitHub BV, Netherlands, https://support.github.com/contact/privacy; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://github.com. Data protection declaration: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement.

Processing of Data in the Context of Employment Relationships

As part of employment relationships, personal data is processed with the aim of effectively establishing, implementing and terminating such relationships. This data processing supports various operational and administrative functions necessary for the management of employee relations.

Data processing includes various aspects, ranging from the initiation of the contract to the termination of the contract. This includes the organization and management of daily working hours, the management of access rights and authorizations as well as the handling of personnel development measures and employee discussions. The processing also serves the billing and administration of wage and salary payments, which represent critical aspects of the execution of the contract.

In addition, data processing takes into account the legitimate interests of the responsible employer, such as ensuring safety in the workplace or collecting performance data to evaluate and optimize operational processes. Data processing also includes the disclosure of employee data as part of external communication and publication processes, where this is necessary for operational or legal purposes.

This data is always processed in compliance with the applicable legal framework, with the aim always being to create and maintain a fair and efficient working environment. This also includes taking into account the data protection of the affected employees, the anonymization or deletion of data after the processing purpose has been fulfilled or in accordance with legal retention periods.

  • Types of data processed: Employee data (information about employees and other people in an employment relationship).
  • Affected people: Employees (e.g. employees, applicants, temporary workers and other employees).
  • Purposes of processing: Establishment and implementation of employment relationships (processing of employee data as part of the establishment and implementation of employment relationships). Business processes and business procedures.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Processing of special categories of personal data relating to healthcare, employment and social security (Art. 9 Para. 2 lit. h) GDPR).

Further information on processing processes, procedures and services:

  • Deletion of employee data: According to Austrian law, employee data will be deleted if it is not necessary for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or the interests of the employer. The following retention and archiving obligations are observed:
    • Data regarding income tax and duty obligations in accordance with Section 132 Paragraph 1 BAO – 7 years. Start of deadline – From the end of the calendar year relevant to the data.
    • Limitation of the obligation to pay social security contributions in accordance with Section 68 ASVG (limitation of determination) – 3 or 5 years. Beginning of the deadline - In principle, on the day the contributions are due, or if the report is not reported, from the day of the report.
    • Retention periods in social insurance – 7 years according to UGB.
    • Entitlement to vacation according to Section 4 Paragraph 5 UrlG - 2 years from the end of the vacation year in which the vacation arose. Start of the period – 2 years after the end of the holiday year in which the holiday arose.
    • Entitlement to vacation compensation according to Section 1486 Z 5 ABGB – 3 years. Start of deadline – From the time the final billing claims are due, as the last working day.
    • Records and reports on work accidents in accordance with Section 16 ASchG – at least 5 years. Start of the period – from the day of the accident at work.
    • Record of hiring out workers in accordance with Section 13 Paragraph 3 AÜG – 5 years. Start of deadline – The day on which the last remuneration claim of the hired worker is due.
    • Directory of young people in accordance with Section 26 Paragraph 2 KJBG – 2 years. Start of deadline – when creating a new directory, two years after the last entry.
    • Claims for compensation due to discriminatory termination of the employment relationship according to Sections 15 Paragraph 1a and 29 Paragraph 1a GlBG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 3 BEinstG – 6 months. Start of period – From the time of receipt of the termination.
    • Claims for compensation by the employer or employee from premature termination of the employment relationship in accordance with Section 34 AngG or Section 1162d ABGB – 6 months. Start of deadline – From the time the claims are due, usually from the day the declaration of dissolution is received.
    • Entitlement to the issuance of a certificate of service in accordance with Section 1478 ABGB – 30 years. Start of deadline – At the end of the employment relationship.
    • Claims for compensation due to discriminatory rejection of an application according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG – 6 months. Start of the deadline - from the day on which the rejection was received or 7 months from receipt of the application.
    • Claims for reimbursement of any performance costs in accordance with Section 1486 Z 5 ABGB – 3 years. Deadline Start – The day on which the costs were incurred.
    • Liability for severance pay claims and company pensions after the transfer of the business in accordance with Section 6 Paragraph 2 AVRAG – 5 years. Start of deadline – time of transfer of operations.
    • Claims for compensation due to discriminatory refusal of transport according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG – 6 months. Start of the period - from the day on which the rejection of transport was received.
    • Claims for compensation due to discriminatory disadvantage in terms of pay, voluntary social benefits, training and further education measures or other working conditions in accordance with Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 5 BEinstG - 3 years. Start of deadline – The point in time at which the right could first have been exercised and the objective opportunity to sue is given.
    • Claims for compensation for discriminatory harassment according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 4 BEinstG – 1 year. Start of deadline – From the time of knowledge of the discrimination.
    • Claims for compensation due to discriminatory rejection of an application according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG – 6 months. Start of the deadline - from the day on which the rejection was received or 7 months from receipt of the application.
    • Claims for compensation for sexual harassment according to Section 15 Paragraph 1 GlbG – 3 years. Start of deadline – From the time of knowledge of the discrimination.
    • Claims for reimbursement of any performance costs in accordance with Section 1486 Z 5 ABGB – 3 years. Deadline Start – The day on which the costs were incurred.
    • Claims of the employee for remuneration or reimbursement of expenses as well as of the employer for advances granted in accordance with Section 1486 Z 5 ABGB - 3 years. Start of deadline – from the due date of the respective claims.
    • Limitation of action for prosecution due to underpayment according to Section 31 Paragraph 1 VStG in conjunction with Section 29 Paragraph 4 LSD-BG – 3 years. Start of the period – from the due date of the fee.
    • Claims for damages by the employer against the employee arising from employee liability in the event of slight negligence in accordance with Section 6 DHG – 6 months. Start of deadline – from the day on which they can be claimed.
    • Claims for damages by the employer against the employee arising from employee liability in the event of gross negligence or intent as well as other claims for damages by the employer in accordance with Section 1489 ABGB - 3 years or 30 years. Beginning of the deadline - in the case of a short deadline, from knowledge of the damage and the person causing the damage, in the case of a long deadline, from the occurrence of the damage.
  • Deletion of employee data: Employee data in Switzerland will be deleted when it is no longer necessary for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or the interests of the employer. The following retention and archiving obligations are observed:
    • 10 years – retention period for books and records, annual financial statements, inventories, business reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Article 958f of the Swiss Code of Obligations (OR)).
    • 10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and usual industry practices, will be stored for the statutory limitation period of ten years, unless: a shorter period of five years is applicable, which is relevant in certain cases (Articles 127, 130 OR). Claims expire after five years for rent, lease and capital interest payments as well as other periodic services, for the delivery of food, for catering and restaurant debts as well as for craft services, retail sales of goods, medical care, professional work of lawyers, legal agents, lawyers and notaries and from the employment relationship of employees (Art. 128 OR).

Change and Update

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.

Definitions of Terms

This section provides an overview of the terms used in this data protection declaration. To the extent that the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are intended primarily to provide understanding.

  • A/B testing: A/B tests are used to improve the user-friendliness and performance of online offers. Users are given e.g. For example, different versions of a website or its elements, such as input forms, are shown, on which the placement of the content or the labels of the navigation elements may differ. You can then use the behavior of the user, e.g. B. longer stay on the website or more frequent interaction with the elements, it can be determined which of these websites or elements better meet the needs of the users.
  • Affiliate tracking: As part of affiliate tracking, links that the linking websites use to direct users to websites with product or other offers are logged. The operators of the linked websites may receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g. purchase goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, for affiliate links to work, it is necessary that they be supplemented with certain values ​​that become part of the link or otherwise, e.g. B. stored in a cookie. The values ​​include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user and tracking-specific values , like, e.g. B. Advertising material ID, partner ID and categorizations
  • Employees: Employees are people who are employed, be it as employees, employees or in similar positions. An employment relationship is a legal relationship between an employer and an employee established by an employment contract or agreement. It involves the employer's obligation to pay remuneration to the employee while the employee performs his or her work. The employment relationship includes various phases, including the justification in which the employment contract is concluded, the implementation in which the employee carries out his work activity and the termination, when the employment relationship ends, whether by notice, termination agreement or otherwise. Employee data is all information that relates to these people and is in the context of their employment. This includes aspects such as personal identification information, identification numbers, salary and banking information, working hours, vacation entitlements, health information and performance reviews.
  • Inventory data: Inventory data includes essential information that is necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This information may include, but is not limited to, personal and demographic information such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between people and services, facilities or systems by enabling clear attribution and communication.
  • Content Delivery Network (CDN): A “Content Delivery Network” (CDN) is a service that can be used to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet.
  • Content data: Content data includes information that is generated in the course of creating, editing and publishing all types of content. This category of data may include text, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not only limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates
  • Contact details: Contact details are essential information that enables communication with people or organizations. They include, among other things, telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
  • Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then accessed again on the target website. For example, we can understand whether the advertisements we placed on other websites were successful.
  • Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about the way data is processed, transmitted and managed. Metadata, also known as data about data, includes information that describes the context, provenance, and structure of other data. They can include information about file size, creation date, author of a document and change histories. Communication data records the exchange of information between users across various channels, such as email traffic, call logs, social network messages and chat histories, including the people involved, timestamps and transmission routes. Procedural data describes the processes and operations within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs used to track and review operations.
  • Usage data: Usage data refers to information that captures how users interact with digital products, services or platforms. This data includes a wide range of information that shows how users use applications, what features they prefer, how long they spend on certain pages, and the paths they take to navigate through an application. Usage data may also include frequency of use, timestamps of activities, IP addresses, device information and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences and potential problem areas within digital offerings
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she identifies directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data, which consists in the use of these personal data to determine certain personal aspects relating to a natural person (depending on Depending on the type of profile creation, different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) can be analyzed, evaluated or predicted (e.g. interests in certain content or products, click behavior on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
  • Log data: Log data is information about events or activities logged on a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages and other details about the use or operation of a system. Log data is often used to analyze system problems, monitor security, or create performance reports.
  • Range measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can determine the behavior or interests of visitors in certain information, such as: B. content of websites. With the help of reach analysis, operators of online offers can e.g. B. recognize at what time users visit your websites and what content they are interested in. This allows you, for example, B. adapt the content of the websites better to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
  • Remarketing: We speak of “remarketing” or “retargeting” when, for example, B. for advertising purposes it is noted which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. B. in advertisements to remember.
  • Location data: Location data is created when a mobile device (or another device with the technical requirements for location determination) connects to a radio cell, a WLAN or similar technical means and functions for location determination. Location data is used to indicate at which geographically determinable position on earth the respective device is located. Location data can e.g. B. can be used to display map functions or other information dependent on a location.
  • Tracking: “Tracking” is when the behavior of users can be tracked across multiple online offerings. As a rule, behavioral and interest information is stored in cookies or on the servers of the tracking technology providers with regard to the online offers used (so-called profiling). This information can then be used e.g. B. can be used to show users advertisements that are likely to match their interests.
  • Responsible person: The “controller” is the natural or legal person, public authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or series of operations relating to personal data, carried out with or without the aid of automated procedures. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.
  • Contract data: Contract data is specific information related to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, exchanged or sold. This category of data is essential for the management and fulfillment of contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include start and end dates of the contract, the type of services or products agreed, price agreements, payment terms, termination rights, extension options and special terms or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims and resolving disputes.
  • Payment details: Payment data includes all information needed to process payment transactions between buyers and sellers. This data is crucial for electronic commerce, online banking and any other form of financial transaction. They include details such as credit card numbers, bank details, payment amounts, transaction details, verification numbers and billing information. Payment data may also include information about payment status, chargebacks, authorizations and fees.
  • Target group formation: We speak of target group formation (“Custom Audiences”) when target groups are used for advertising purposes, e.g. B. Display of advertisements can be determined. So can e.g. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. “Lookalike audiences” (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of forming custom audiences and lookalike audiences.
en_US
de_DE en_US
No Result
View All Result

© 2025 Apfelpatient. All rights reserved. | Page Directory