Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process for which purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are gender-neutral.

Last updated: August 14, 202

Data Controller

Tobias Waschfeld
Eisenbahnstraße 53
97084 Würzburg

Authorized representatives:

Tobias Waschfeld

Email address:

info@trusted-heroes.com

Applicable legal bases

Applicable legal bases under the GDPR: Below you will find an overview of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in this privacy policy.

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the provisions of the GDPR, national data protection regulations also apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which aims to protect against the misuse of personal data during data processing. The BDSG contains specific provisions, especially regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfers, and automated individual decision-making including profiling. Furthermore, data protection laws of the individual federal states (Länder) may also apply.

Note on the applicability of the GDPR and the Swiss FADP: This privacy notice serves to inform under both the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). Therefore, please note that, for reasons of broader territorial scope and clarity, the terminology of the GDPR is used. Specifically, instead of the terms used in the Swiss FADP such as “processing” of “personal data”, “overriding interest”, and “particularly sensitive personal data”, the GDPR terms “processing” of “personal data”, “legitimate interest”, and “special categories of data” are used. However, the legal meaning of these terms under the scope of the Swiss FADP remains governed by Swiss law.

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of processing, and refers to the data subjects concerned.

Types of data processed

• Meta data, communication data, and procedural data.
• Event Data (Facebook).

Categories of data subjects

• Business and contractual partners

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations.
• Contact inquiries and communication.
• Security measures.
• Office and organizational procedures.
• Affiliate tracking.
• Management and response to inquiries.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• IT infrastructure.

Rights of the data subjects

Rights of the data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly as set out in Articles 15 to 21 of the GDPR.

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent given at any time.
• Right of access: You have the right to obtain confirmation as to whether or not your personal data is being processed, and, if so, to access that data and receive further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request the completion of your data or the correction of inaccurate personal data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate deletion of your personal data or, alternatively, to request the restriction of data processing.
• Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission of those data to another controller, in accordance with legal requirements.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

Use of cookies

Cookies are small text files or other memory entries that store information on end devices and read information from those devices. For example, they can store the login status of a user account, the contents of a shopping cart in an online store, accessed content, or features used in an online service.
Cookies can also be used for various purposes, such as ensuring the functionality, security, and user convenience of online offerings, as well as for analyzing visitor traffic

Notice regarding consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless such consent is not required by law. Consent is particularly not required when the storage and access of information – including cookies – is strictly necessary to provide a telemedia service explicitly requested by the users (i.e., our online offering). Strictly necessary cookies generally include cookies used for displaying and operating the online offering, load balancing, security, storing user preferences and settings, or other purposes related to the core and ancillary functions of the requested service. The revocable consent is clearly communicated to users and includes information on the specific use of cookies.

Notes on the legal basis under data protection law: The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and its usability) or, if necessary, for the performance of our contractual obligations. We explain the specific purposes for which cookies are used further in this privacy policy or as part of our consent and processing procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest once a user has left the online offering and closed their end device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device has been closed. For example, the login status can be saved or preferred content displayed directly when the user revisits a website. Data collected via cookies can also be used for reach measurement.
  Unless we explicitly inform users about the type and duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and may be stored for up to two years.

General information on withdrawal and objection (so-called ‘opt-out’): Users can withdraw their previously given consents at any time and object to data processing in accordance with legal requirements. Among other options, users can limit the use of cookies via their browser settings (which may, however, restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures, and services:

• Processing of cookie data based on consent: We use a cookie consent management procedure in which users’ consents for the use of cookies – and for the processing operations and providers specified within the procedure – are obtained, managed, and can be revoked. The consent declaration is stored in order to avoid repeated prompts and to provide proof of consent in accordance with legal obligations. Storage may occur on the server and/or in a cookie (so-called opt-in cookie, or comparable technology) to assign consent to a user or their device. Unless otherwise specified for individual cookie management providers, the following applies: the consent may be stored for up to two years. A pseudonymous user ID is generated along with the time of consent, scope of consent (e.g., which categories of cookies and/or providers), and information on browser, system, and device used. Legal basis: Consent (Art. 6(1)(a) GDPR).

Business services

We process data of our contractual and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), within the context of contractual or similar legal relationships, as well as related measures and communication with the contractual partners (including pre-contractual), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the provision of agreed services, any update obligations, and remedies in the event of warranty or performance issues. Furthermore, we process the data to protect our rights, for administrative tasks associated with these obligations, and for corporate organization purposes. In addition, we process the data on the basis of our legitimate interests in proper and economically sound business management and in security measures to protect our contractual partners and our business from misuse, risks to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only share contract partners’ data with third parties where necessary for the aforementioned purposes or to comply with legal obligations. Further forms of processing, such as for marketing purposes, are explained to the contract partners within this privacy policy.

Which data is required for the aforementioned purposes is communicated to the contractual partners prior to or during data collection, e.g., via online forms, through special markings (such as colors) or symbols (such as asterisks), or personally.

We delete the data after the expiry of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account, for example, if it must be retained for legal archiving purposes. The statutory retention period is ten years for documents relevant under tax law, as well as for commercial books, inventories, opening balances, annual financial statements, the related work instructions and organizational records, and accounting documents; and six years for received and sent commercial and business correspondence. The period begins at the end of the calendar year in which the last entry was made, the inventory, opening balance, financial statement or management report was created, the commercial or business letter was received or sent, or the document or record was generated.

If we use third-party providers or platforms to deliver our services, the terms and privacy policies of the respective third-party providers or platforms apply between the users and those providers.

• Types of data processed: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. email, phone numbers); Contract data (e.g. subject of contract, duration, customer category); Usage data (e.g. visited websites, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status)
• Data subjects: Customers; Interested parties. Business and contractual partners.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact requests and communication; Office and organizational procedures. Management and response to inquiries.
• Legal bases: Fulfillment of contracts and pre-contractual requests (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Customer account: Customers can create an account within our online offering (e.g., customer or user account, hereinafter “customer account”). If the creation of a customer account is required, customers are informed of this, as well as of the necessary information for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration, subsequent logins, and use of the customer account, we store the customers’ IP addresses along with access times in order to prove the registration and prevent misuse of the customer account. If the customer account has been terminated, its data will be deleted after the termination date, unless it must be retained for purposes other than account availability or for legal reasons (e.g., internal storage of customer data, orders or invoices). It is the responsibility of customers to back up their data when the customer account is cancelled; Legal bases: Fulfillment of contracts and pre-contractual requests (Art. 6(1)(b) GDPR).
• Shop and e-commerce: We process our customers’ data to enable them to select, purchase or order the chosen products, goods, and related services, as well as to make payment and arrange delivery or execution. Where necessary for order fulfillment, we use service providers, especially postal, freight, and shipping companies, to carry out delivery or execution for our customers. For processing payment transactions, we use the services of banks and payment service providers. The required information is marked as such during the ordering or similar purchasing process and includes the data needed for delivery or provision and billing, as well as contact information to enable any necessary communication; Legal bases: Fulfillment of contracts and pre-contractual requests (Art. 6(1)(b) GDPR).

Providers and services used in the course of business activities

In the course of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (hereinafter referred to as “services”) in compliance with legal requirements. Types of data processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms). Contract data (e.g., subject matter of the contract, duration, customer category).

Data subjects: Customers; Interested parties; Users (e.g., website visitors, business and contractual partners)

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Payment methods

In the context of contractual and other legal relationships, due to legal obligations or based on our legitimate interests, we offer data subjects efficient and secure payment options and use, in addition to banks and credit institutions, other service providers (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes master data, such as name and address, banking details such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contractual, amount-related and recipient-related information. This information is required to carry out the transactions. However, the data entered is processed and stored solely by the payment service providers. This means we do not receive any account or credit card information, only information confirming or rejecting the payment. In some cases, the payment service providers may transmit the data to credit agencies. This transmission is intended for identity and creditworthiness checks. For further details, please refer to the terms and privacy policies of the respective payment service providers.

The terms and privacy policies of the respective payment service providers apply to payment transactions and can be accessed via their respective websites or transaction applications. We also refer to these for further information and for the exercise of rights of withdrawal, access, and other data subject rights.

• Types of data processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., websites visited, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Interested parties.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations.
• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing operations, procedures and services:

• PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.paypal.com/de. Privacy Policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
• Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://stripe.com Privacy Policy: https://stripe.com/privacy Legal basis for third-country transfer: EU-US Data Privacy Framework (DPF).

Provision of the online offering and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

• Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Content data (e.g., entries in online forms).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Provision of the online offering on rented storage space: To provide our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from an appropriate server provider (also referred to as a “web host”); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. These may include the address and name of the accessed websites and files, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of misuse attacks, such as DDoS attacks), and to ensure server load and stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidence purposes is excluded from deletion until the incident is fully clarified.
• Email transmission and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of recipients and senders, as well as other information related to email transmission (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent encrypted. Emails are typically encrypted during transmission, but (unless so-called end-to-end encryption is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the email transmission path between the sender and our receiving server; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
• Content Delivery Network: We use a so-called “Content Delivery Network” (CDN). A CDN is a service that allows content from an online offering, especially large media files such as graphics or scripts, to be delivered more quickly and securely via regionally distributed servers connected via the Internet; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Registration, login and user account

Users can create a user account. During registration, the required mandatory information is communicated to the users and processed for the purpose of providing the user account based on contractual obligations. The processed data includes in particular login information (username, password, and an email address).

As part of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to assert our claims or there is a legal obligation to do so.

Users may be informed by email about actions relevant to their user account, such as technical changes.

• Categories of processed data: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Fulfilment of contractual services and obligations; Security measures; Management and response to inquiries. Provision of our online services and user-friendliness.
• Legal bases: Fulfilment of contractual obligations and pre-contractual requests (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Registration with real names: Due to the nature of our community, we ask users to use our service only under their real names. This means the use of pseudonyms is not permitted; Legal bases: Fulfilment of contractual obligations and pre-contractual requests (Art. 6(1)(b) GDPR).
• User profiles are not public: The user profiles are not publicly visible and not accessible.
• Two-factor authentication: Two-factor authentication provides an additional layer of security for your user account and ensures that only you can access your account, even if someone else knows your password. For this purpose, you must perform an additional authentication step (e.g., enter a code sent to a mobile device) in addition to your password. We will inform you about the procedure we use; Legal bases: Fulfilment of contractual obligations and pre-contractual requests (Art. 6(1)(b) GDPR).

Blogs and publishing media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Reader data is only processed to the extent necessary for the presentation and communication between authors and readers or for security reasons. For further details, we refer to the information regarding the processing of visitors to our publication medium as outlined in this privacy notice.

• Types of data processed: Master data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., websites visited, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures. Administration and response to inquiries.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments or contributions (e.g., insults, prohibited political propaganda). In such cases, we may be held responsible for the comment or contribution and therefore have an interest in the author’s identity. Furthermore, we reserve the right to process user data to detect spam based on our legitimate interests. On the same legal basis, we may store users’ IP addresses for the duration of surveys and use cookies to prevent multiple voting. The information provided in the context of comments and contributions, such as personal details, contact and website information, and content, will be stored permanently by us until users object; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Contact and inquiry management

When contacting us (e.g., by post, contact form, email, telephone or via social media) and within the context of existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.

• Types of data processed: Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects:
• Purposes of processing: Contact inquiries and communication; Management and response to inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing operations, procedures, and services:

• Contact form: When users contact us via our contact form, email or other means of communication, we process the data provided to us in this context in order to handle the submitted request; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Communication via messenger

We use messengers for communication purposes and therefore ask you to take note of the following information regarding the functionality of messengers, encryption, the use of communication metadata, and your options to object.

You can also contact us via alternative means, e.g., by telephone or email. Please use the contact options provided to you or the contact details listed within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages is not accessible, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the security of message content.

However, we also inform our communication partners that messenger providers cannot view the content but can find out if and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on their device settings, location information (so-called metadata) is also processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not ask for consent and they, for example, contact us on their own initiative, we use messengers in relation to our contractual partners and in the context of contract negotiations as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners via messenger. Furthermore, we point out that we do not initially transmit the contact details provided to us to the messengers without your consent.

• Types of data processed: Contact data (e.g., email, telephone numbers); Usage data (e.g., visited websites, interest in content, meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers).
• Data subjects:
• Purposes of processing: Contact inquiries and communication. Direct marketing (e.g., by email or post).
• Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described during subscription, it is decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter or additional information if required for the purposes of the newsletter.

Double-opt-in procedure: Registration for our newsletter generally takes place via a so-called double-opt-in procedure. That means you will receive an email after registration asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with someone else’s email address. Newsletter registrations are logged to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed simultaneously. In cases of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose on a suppression list (so-called “blocklist”).

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. To the extent that we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure sending system.

Contents:

Information about us, our services, promotions, and offers.

• Types of data processed: Master data (e.g., names, addresses); contact data (e.g., email, telephone numbers); meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status). Usage data (e.g., visited websites, interest in content, access times).
• Data subjects:
• Purposes of processing: Direct marketing (e.g., by email or post).
• Legal bases: Consent (Art. 6(1)(a) GDPR).
• Right to object (opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe from the newsletter can be found at the end of each newsletter or you can use one of the contact options mentioned above, preferably email.

Further information on processing operations, procedures, and services:

• Measurement of open and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, from their server when the newsletter is opened. During this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, are first collected. This information is used to technically improve our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations help us recognize our users’ reading habits and adapt our content or send different content according to our users’ interests. The measurement of open and click rates and the storage of measurement results in users’ profiles – Legal bases: Consent (Art. 6(1)(a) GDPR).

Promotional communication via email, post, fax, or telephone

We process personal data for the purposes of promotional communication, which may take place via various channels such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to withdraw given consents at any time or object to promotional communication at any time.

After withdrawal or objection, we store the data required to prove previous authorization for contact or dispatch for up to three years after the end of the year of withdrawal or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest of permanently respecting the users’ withdrawal or objection, we also store the data necessary to prevent renewed contact (e.g., depending on the communication channel, email address, telephone number, name).

• Types of data processed: Master data (e.g., names, addresses). Contact data (e.g., email, telephone numbers).
• Data subjects:
• Purposes of processing: Direct marketing (e.g., by email or post).
• Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Web analysis, monitoring and optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor traffic of our online offer and may include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, determine at what times our online offer or its functions or content are used most frequently or invite reuse. Likewise, we can identify which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e., data combined into a usage event, may be created for these purposes and information may be stored in a browser or on a device and read from it. The collected data include in particular visited websites and used elements as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data with us or the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear personal data of users (such as email addresses or names) are stored during web analysis, A/B testing, and optimization, but pseudonyms. That means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

• Types of data processed: Usage data (e.g., visited websites, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to a device to recognize which content users have accessed within one or several usage processes, which search terms they used, reaccessed, or interacted with our online offering. The time and duration of use are also stored, as well as the sources of users referring to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of different devices, using cookies. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP requests are conducted on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Objection option (Opt-Out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad settings: https://adssettings.google.com/authenticated.
  More information: https://privacy.google.com/businesses/adsservices (Types of processing and processed data).

Online marketing

We process personal data for the purposes of online marketing, which may include the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by which information relevant to the presentation of the aforementioned content is stored about the user. This information may include, for example, viewed content, visited websites, used online networks, but also communication partners and technical details such as the browser used, the computer system used, as well as information about usage times and used functions. If users have consented to the collection of their location data, these may also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear personal data of users (such as email addresses or names) are stored within online marketing procedures, but pseudonyms. That means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is generally stored in cookies or by similar procedures. These cookies can later generally also be read on other websites using the same online marketing procedure and analyzed for the purpose of content presentation as well as supplemented with other data and stored on the server of the online marketing procedure provider.

Exceptionally, clear personal data may be assigned to profiles. This occurs if users are members of a social network whose online marketing procedure we use and the network links the users’ profiles with the aforementioned information. Please note that users may make additional agreements with the providers, e.g., by consenting during registration.

Exceptionally, clear personal data may be assigned to profiles. This occurs if users are members of a social network whose online marketing procedure we use and the network links the users’ profiles with the aforementioned information. Please note that users may make additional agreements with the providers, e.g., by consenting during registration.

Unless otherwise stated, we assume that cookies used are stored for a period of two years.

• Types of data processed: Usage data (e.g., visited websites, interest in content, access times). Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles). Conversion measurement (measuring the effectiveness of marketing measures).
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).
• Objection option (Opt-Out): We refer to the privacy policies of the respective providers and the objection options provided by the providers (so-called “opt-out”). If no explicit opt-out option is provided, one possibility is to disable cookies in your browser settings. However, this may restrict the functionality of our online offer. We therefore also recommend the following opt-out options, which are collectively offered for respective regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region: https://optout.aboutads.info.

Further information on processing operations, procedures, and services:

• Google Ads and conversion measurement: Online marketing procedures for placing content and ads within the service provider’s advertising network (e.g., in search results, videos, websites, etc.) so that they are shown to users who presumably have an interest in the ads. Furthermore, we measure the conversion of the ads, i.e., whether users took the ads as an occasion to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1)(a) GDPR), Legitimate interests (Art. 6(1)(f) GDPR); Website: https://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF); More information: Types of processing and processed data: https://privacy.google.com/businesses/adsservices. Data processing terms between controllers and standard contractual clauses for third country data transfers: https://business.safety.google/adscontrollerterms.

Affiliate programs and affiliate links

In our online offering, we integrate so-called affiliate links or other references (which may include search fields, widgets, or discount codes) to the offers and services of third parties (collectively referred to as “affiliate links”). When users follow the affiliate links and subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties (collectively referred to as “commission”).

To be able to track whether users have taken advantage of the offers of an affiliate link we use, it is necessary that the respective third parties learn that users have followed an affiliate link used within our online offering. The assignment of affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and is deleted as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that are part of the link or otherwise, e.g., stored in a cookie. These values may include, in particular, the referring website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to the use of third parties, the legal basis for data processing is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

• Types of data processed: Contract data (e.g., contract subject, duration, customer category); usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Affiliate tracking.
• Legal bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Offer of an affiliate program

We offer an affiliate program, i.e., commissions or other benefits (collectively referred to as “commission”) for users (referred to as “affiliates”) who refer to our offers and services. The referral is made via a link assigned to the respective affiliate or other methods (e.g., discount codes) that allow us to recognize that the use of our services was based on the referral (collectively referred to as “affiliate links”).

To track whether users have used our services based on affiliate links used by affiliates, it is necessary for us to learn that users have followed an affiliate link. The assignment of affiliate links to the respective business transactions or other use of our services serves solely the purpose of commission settlement and is deleted as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that are part of the link or otherwise, e.g., stored in a cookie. These values may include, in particular, the referring website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier –

Types of data processed: Contract data (e.g., contract subject, duration, customer category) – usage data (e.g., visited websites, interest in content).

• Data subjects: Users (e.g., website visitors, business and contractual partners).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Affiliate tracking.
• Legal bases: Consent (Art. 6(1)(a) GDPR). Performance of contract and pre-contractual requests (Art. 6(1)(b) GDPR).

Presence on social networks (Social Media)

We maintain online presences within social networks and process data of users in this context to communicate with the users active there or to offer information about us.

We point out that in this process, user data may be processed outside the territory of the European Union. This can result in risks for users because, for example, the enforcement of users’ rights might be more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on usage behavior and the resulting interests of users. These user profiles can then be used to display advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on users’ computers in which the usage behavior and interests of users are saved. Furthermore, data may also be stored in user profiles independent of the devices used by users (especially if users are members of the respective platforms and logged in).

For a detailed presentation of the respective processing forms and the objection possibilities (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users’ data and can directly take appropriate measures and provide information. Should you still need help, you can contact us.

• Types of data processed: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contact requests and communication; feedback (e.g., collecting feedback via online form). Marketing.
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Instagram: Social network; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6(1)(f) GDPR); website: https://www.instagram.com. Privacy policy: https://instagram.com/about/legal/privacy.
• Facebook Pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page (so-called “fanpage”). These data include information about the types of content users view or interact with, or actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights,” to page operators to help them understand how people interact with their pages and the associated content. We have concluded a special agreement with Facebook (“Information on Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates the security measures Facebook must observe and in which Facebook has committed to comply with data subject rights (i.e., users can, for example, address requests for information or deletion directly to Facebook). Users’ rights (especially to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: Joint responsibility agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of data is the sole responsibility of Meta Platforms Ireland Limited, in particular regarding the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6(1)(f) GDPR); website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; data processing agreement: https://legal.linkedin.com/dpa; basis for third-country transfer: standard contractual clauses (https://legal.linkedin.com/dpa). Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Xing: Social network; service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; legal bases: legitimate interests (Art. 6(1)(f) GDPR); website: https://www.xing.de. Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as “third parties”). These can include, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration always assumes that the third parties providing this content process the IP address of the users, as without the IP address they could not send the content to the users’ browsers. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for delivering the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and other data about the use of our online offering, as well as being linked with such information from other sources.

• Types of data processed: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); location data (information about the geographic location of a device or person); event data (Facebook) (“event data” are data that can be transmitted by us to Facebook via Facebook pixel (via apps or other means) and relate to persons or their actions; data include, e.g., information about website visits, interactions with content, features, app installations, product purchases, etc.; event data are processed for the purpose of creating target groups for content and advertising information (custom audiences). Event data do not include the actual content (such as written comments), login information, or contact information (thus no names, email addresses, or phone numbers). Event data are deleted by Facebook after a maximum of two years, and the target groups formed from them are deleted with the deletion of our Facebook account).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; marketing. Profiles with user-related information (creation of user profiles).
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures, and services:

• Integration of third-party software, scripts or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., function libraries used for the display or user-friendliness of our online offering). The respective providers collect the IP address of the users and may process it for the purposes of delivering the software to the users’ browsers, for security purposes, as well as for the evaluation and optimization of their offering; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
• Facebook Plugins and Content: Facebook Social Plugins and content – This can include content such as images, videos, texts, and buttons with which users can share content from this online offering within Facebook. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt within the scope of a transfer (but not further processing) of “event data” that Facebook collects or receives via the Facebook Social Plugins (and embedding functions for content) executed on our online offering for the following purposes: a) Display of content and advertising information likely to correspond to the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of functions and content (e.g., improving recognition of which content or advertising is likely to correspond to user interests). We have concluded a special agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum) which regulates in particular the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has committed to comply with data subject rights (i.e., users can address Facebook directly for information or deletion requests). Note: If Facebook provides us with measurements, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not take place within the scope of joint responsibility but on the basis of a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA based on standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal bases: Consent (Art. 6(1)(a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
• Google Fonts (retrieval from Google server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to currency and loading times, their uniform display, and consideration of possible licensing restrictions. The font provider is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for the provision of the fonts depending on the devices used and the technical environment. These data may be processed on a server of the font provider in the USA – When visiting our online offer, the users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the User-Agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, User-Agent, and referring URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. These data are logged so that Google can determine how often a particular font family is requested. For the Google Fonts Web API, the User-Agent must adapt the font generated for the respective browser type. The User-Agent is primarily logged and used for debugging and generating aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referring URL is logged so that the data can be used for maintenance of production and an aggregated report of the top integrations based on the number of font requests can be generated. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to serve targeted advertising; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF). More information: https://developers.google.com/fonts/faq/privacy?hl=de.
• Font Awesome (provided on own server): Display of fonts and icons; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
• Google Maps: We embed the maps of the “Google Maps” service provided by Google. The data processed may particularly include IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
• Instagram Plugins and Content: Instagram plugins and content – this can include content such as images, videos, or texts and buttons that allow users to share content of this online offering within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt within the scope of a transfer (but not the further processing) of “event data” that Facebook collects or receives via Instagram functions (e.g., embedding functions for content) executed on our online offering for the following purposes: a) Display of content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of functions and content (e.g., improving recognition of which content or advertising information presumably matches the interests of users). We have concluded a special agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum), which regulates in particular the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has committed to fulfilling data subject rights (i.e., users can, for example, directly submit information or deletion requests to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., contain no data about individual users and are anonymous to us), this processing does not occur within the scope of joint responsibility but on the basis of a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and regarding processing in the USA on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially access, deletion, objection, and complaint with the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
• LinkedIn Plugins and Content: LinkedIn plugins and content – this can include content such as images, videos, or texts and buttons that allow users to share content of this online offering within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third-country transfer: Standard contractual clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Possibility of objection (Opt-out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Ad display settings: https://adssettings.google.com/authenticated.

Management, organization and tools

We use services, platforms, and software from other providers (hereinafter referred to as “third parties”) for purposes of organization, management, planning, and delivery of our services. When selecting third parties and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third parties. Various data may be affected, which we process in accordance with this privacy policy. These data may particularly include master data and contact details of users, data relating to transactions, contracts, other processes, and their content.

If users are referred to third parties or their software or platforms in the context of communication, business or other relationships with us, the third parties may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to observe the privacy notices of the respective third parties.

• Processed data types: Content data (e.g. entries in online forms); usage data (e.g. visited websites, interest in content, access times). Meta-, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Users (e.g. website visitors, users of online services).
• Purposes of processing: Contact requests and communication; provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• WeTransfer: Transfer of files over the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://wetransfer.com. Privacy Policy: https://wetransfer.com/legal/privacy.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g. consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to verify the information before making contact.

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke