The Mystery of Banksy - A Genius Mind

Privacy Policy

Introduction and overview

We have written this Data Protection Declaration (version 22.11.2022-122341587) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (abbreviated data) we as data controllers - and the data processors we have commissioned (e.g. suppliers) - process, will process in the future and what legal options you have. The terms used should be understood as gender-neutral.
In short: we will inform you in detail about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This Privacy Policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it contributes to transparency , technical terms are explained in a reader-friendly way, links to further information are provided and graphics are used. We thus inform you in clear and simple language that we only process personal data in the context of our business activities if there is a corresponding legal basis. This is certainly not possible with the most concise, unclear and legalistic explanations, as they are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information that you did not know yet. If you still have questions, please contact the responsible body mentioned below or in the imprint, follow the existing links and see additional information on third party websites. Of course, you can also find our contact details in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (data processors). By personal data we mean information within the meaning of Article 4(1) GDPR such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online stores) that we operate
Appearances on social media and email communication
mobile apps for smartphones and other devices

In short, the data protection declaration applies to all areas where personal data is processed in the company in a structured way through the mentioned channels. If we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal grounds

In the following data protection declaration, we provide you with transparent information about the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read the EU General Data Protection Regulation online at EUR-Lex, access to EU law, under
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We will only process your data if at least one of the following conditions applies:

Consent (Article 6(1)(a) of the GDPR): you have given us your consent to process data for a specific purpose. An example would be the storage of your data entered in a contact form.
Contract (Article 6(1)(b) GDPR): in order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a sales contract with you, we need personal information in advance.
Legal obligation (Article 6(1)(c) GDPR): if we are subject to a legal obligation, we will process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6(1)(f) GDPR): where legitimate interests do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically. This processing is therefore a legitimate interest.

Other conditions, such as the perception of recordings in the public interest and the exercise of official authority, as well as the protection of vital interests, do not usually apply to us. To the extent that such a legal basis should nevertheless be relevant, it will be indicated in the appropriate place.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or body below:

Imprint: https://mystery-banksy.se/impressum/

Storage period

The fact that we only store personal data for as long as it is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to keep certain data even after the original purpose has ceased to apply, for example for accounting purposes.

If you want your data to be deleted or withdraw your consent to data processing, the data will be deleted as soon as possible and to the extent that there is no obligation to store it.

We will inform you below about the specific duration of the respective data processing, if we have further information.

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:

According to Article 15 GDPR, you have the right to be informed about whether we are processing your data. If so, you have the right to obtain a copy of the data and to receive the following information:
- the purpose for which we carry out the processing;
- the categories, i.e. the types of data processed,
- who receives these data and, if the data are transferred to third countries, how security can be ensured;
- how long the data is stored
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can complain to a supervisory authority (links to these authorities are provided below);
- the origin of the data, unless we have collected it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated to obtain a personal profile of you.
According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
Under Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you can request the deletion of your data.
Under Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but no longer use it.
Under Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
According to Article 21 GDPR, you have the right to object, which means a change in the processing after enforcement.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
- If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing purposes.
- If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling.
Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
Under Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data is in breach of the GDPR.

In short, you have rights - don't hesitate to contact the responsible body listed above!

If you believe that the processing of your data is in breach of data protection legislation or if your data protection claims have been otherwise violated, you can complain to the supervisory authority. This is the data protection authority for Austria, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Security in data processing

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to draw conclusions about personal information from our data.

Article 25 GDPR talks here about "data protection by design and by default" and implies that both software (e.g. forms) and hardware (e.g. access to the server room) are always considered and appropriate measures are taken. In the following, we will discuss concrete measures where necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transmission protocol") to transmit data tap-proof on the Internet. This means that the complete transmission of all data from your browser to our web server is secured - no one can "eavesdrop".

We have thus put in place an additional security layer and comply with data protection by design(Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transfer protection by the small lock symbol in the upper left corner of your browser, to the left of the internet address (e.g. beispielseite.de) and the use of the https (instead of http) scheme as part of our internet address.If you want to know more about encryption, we recommend Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Contract for the processing of orders (AVV)

In this section, we want to explain what a fulfillment agreement is and why it is needed. Since the word "order processing contract" is quite a mouthful, we often just use the abbreviation GCU in the text. Like most companies, we do not work alone but also use the services of other companies or individuals ourselves. Due to the involvement of different companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we enter into a contract, known as a Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by GCU.

Who are the processors?

As a company and website owner, we are responsible for all data we process about you. In addition to data controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, public authority, agency or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as customer or data subject) → controller (we as company and customer) → processor (service providers such as hosting or cloud providers)

Content of an order management agreement

As mentioned above, we have entered into a DPA with our partners who act as data processors. In particular, it states that the data processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context the electronic conclusion of the contract is also considered to be "in writing". Only on the basis of the contract does the processing of personal data take place. The contract must contain:

Commitment to us as a data controller
Obligations and rights of the controller
Categories of data subjects
Type of personal data
Type and purpose of data processing
Purpose and duration of data processing
Place of data processing

In addition, the contract contains all the obligations of the processor. The main obligations are:

Ensure data security measures
take any technical and organisational measures to protect the rights of the data subject
to maintain a data processing directory
cooperate with the data protection supervisory authority at the request of the latter
carry out a risk analysis in relation to the personal data received
Subcontractors may only be used with the written consent of the controller

You can see what such a DPA looks like in concrete terms, for example at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A model contract is presented here.

Cookies

Cookies Summary
👥 Registered: website visitors
🤝 Purpose: depending on the respective cookie. More information is available below or from the manufacturer of the software that sets the cookie.
📓 Data processed: depending on the cookie used. More information is available below or from the manufacturer of the software that sets the cookie.
📅 Retention period: depending on the respective cookie, may vary
⚖️ from hours to years Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

When surfing the Internet, use a web browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are indeed useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When you define a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page preferences. When you visit our site again, your browser transfers the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following image shows a possible interaction between a browser like Chrome and the web server. The browser requests a web page and receives a cookie from the server, which the browser uses again whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information from your computer.

For example, cookie data may look like this:

Name: _ga
Value: GA1.2.1326744211.152122341587-9
Purpose: Differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the Privacy Policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Necessary cookies
These cookies are necessary to ensure basic functionality of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing other pages and later goes to checkout. These cookies do not delete the shopping cart, even if the user closes their browser window.

Useful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behaviour of the website with different browsers.

Targeted cookies
These cookies provide a better user experience. For example, specified locations, font sizes or form data are saved.

Advertising cookies These cookies are also called targeted cookies. They serve to provide the user with individually tailored advertising. This can be very useful, but also very annoying.

Usually, when you visit a website for the first time, you will be asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the request for comments from the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the cookie. More information is available below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small tools for many different tasks. Unfortunately, it is not possible to generalise what data is stored in cookies, but we will inform you about the data processed or stored in the following data protection declaration.

Retention time for cookies

The retention period depends on the respective cookie and is further specified under . Some cookies are deleted after less than an hour, others may be stored on a computer for several years.

They also have an influence on the storage period. You can delete all cookies manually at any time via your browser (see also "Right to object" below). In addition, cookies based on consent will be deleted at the latest after withdrawal of your consent, with the legality of the storage remaining unaffected until then.

Right to object - how can I delete cookies?

How and if you want to use cookies is up to you. Regardless of which service or website cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies are stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: manage cookies and website data with Safari

Firefox: delete cookies to remove data that websites have placed on your computer

Internet Explorer: deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you don't want cookies, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide on a cookie-by-cookie basis whether or not to allow the cookie. The procedure varies depending on the browser. It is best to search the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, the so-called "cookie policy" exists. It states that the storage of cookies requires your consent (Article 6(1)(a) of the GDPR). However, within EU countries, there are still very different reactions to these directives. In Austria, however, the Directive has been transposed by 96 § 3 of the Telecommunications Act (TKG). In Germany, the Cookie Policy has not been transposed as national law. Instead, this Directive was largely implemented in § 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and some cookies are often absolutely necessary for this.

Unless absolutely necessary cookies are used, this will only be done with your consent. The legal basis in this regard is Article 6(1)(a) of the GDPR.

In the following sections you will be informed in more detail about the use of cookies if the software used uses cookies.

Web Hosting Introduction

Web Hosting Summary
👥 Registered: visitors to the site
Purpose: professional hosting of the website and protection of the business📓 Processed data: IP address, time of website visit
🤝, browser used and other data. More information is available below or from the respective hosting provider.
📅 Retention period: depending on the provider, but usually 2 weeks
⚖️ Legal basis: article 6 paragraph 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites today, certain information - including personal data - is automatically created and stored, including on this website. This data should be treated as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the home page to the very last subpage (like this one). By domain we mean, for example, beispiel.de or musterbeispiel.com.

If you want to view a website on a computer, tablet or smartphone, use a program called a web browser. You probably know a few browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We say web browser or web browser for short.

In order to view the website, the browser must connect to another computer where the website's code is stored: the web server. Running a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. They offer web hosting services, ensuring reliable and error-free storage of website data. A lot of technical terms, but keep your eyes open, it gets even better!

When you connect the browser to your computer (desktop, laptop, tablet or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following picture shows the interaction between the browser, the Internet and the host provider.

Why do we process personal data?

The purpose of the data processing is:

Professional hosting of the website and protection of the business
to maintain operational and IT security
Anonymous evaluation of access behaviour to improve our offer and, if necessary, to prosecute or pursue claims

What data is processed?

Even when you visit our website right now, our web server, which is the computer on which this website is hosted, usually automatically stores data such as

the full Internet address (URL) of the website visited
Browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referring URL) (e.g. https://www. beispielquellsite.de/vondabinichgekommen/)
the host name and IP address of the device from which the access is made (e.g. COMPUTERNAME and 194.23.43.121)
Date and time
in files, the so-called web server log files

How long is the data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not forward this data, but we cannot exclude that this data will be seen by authorities in case of illegal behaviour.

In short: your visit is logged by our provider (the company that runs our website on special computers (servers), but we do not pass on your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting follows from Article 6(1)(f) of the GDPR (protection of legitimate interests), as the use of professional hosting by a provider is necessary to present the company on the Internet in a secure and user-friendly manner and, if necessary, to be able to pursue attacks and claims from them.

As a rule, there is an agreement between us and the host provider for order processing in accordance with Article 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Website Modular Systems Introduction

Modular system of the website Data protection declaration Summary
👥 Registered: visitors to the website
🤝 Purpose: Optimisation of our service
📓 Processed data: data such as technical usage information like browser activity, clickstream activities, session heat maps as well as contact details, IP address or your geographical location. For more information, see this Privacy Policy and the providers' privacy policies below.
📅 Retention period: depends on the provider Legal
⚖️ basis: article 6 paragraph 1 lit. f GDPR (legitimate interests), article 6 paragraph 1 lit. a GDPR (consent)

What are modular systems for websites?

We use a website builder system for our website. Modular systems are special forms of a content management system (CMS). With a modular system, website operators can create a website very easily and without programming knowledge. In many cases, web hosts also offer modular systems. By using a modular system, personal data can also be collected, stored and processed by you. This data protection notice provides you with general information on data processing by modular systems. More information can be found in the data protection declarations of the providers.

Why do we use website builders for our website?

The main advantage of a modular system is its ease of use. We want to offer you a clear, simple and concise website that we can easily operate and maintain ourselves - without external support. A modular system now offers many useful features that we can also use without programming knowledge. This allows us to design our website according to our wishes and offer you an informative and enjoyable time on our site.

What data is stored by a modular system?

Of course, the exact information stored depends on the website building system used. Each provider processes and collects different data about the website visitor. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit is usually collected. In addition, tracking data (e.g. browser activity, clickstream activity, session heat maps, etc.) may also be processed. In addition, personal data may also be collected and stored. This is usually contact information such as email address, telephone number (if you have provided them), IP address and geographical location data. You can find out exactly what data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of the data processing below in connection with the website building system used, if we have further information. You will find detailed information on this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data about you according to its own specifications, over which we have no influence.

Right to object

You always have the right to information, rectification and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website builder system used at any time. Contact details can be found either in our privacy policy or on the respective provider's website.

Cookies that providers use for their functions can be deleted, disabled or managed in your browser. Depending on the browser you use, this works in different ways. However, please note that not all features may work as usual.

Legal basis

We have a legitimate interest in using a website builder to optimise our online service and present it to you in an efficient and user-friendly manner. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use the module system if you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this regard is Article 6(1)(a) of the GDPR.

With this data protection declaration we have brought you closer to the most important general information about data processing. If you want to know more about this, you can find further information - if available - in the following sections or in the provider's privacy policy.

WordPress.com Privacy Policy

We use WordPress.com, a website building system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress processes your data in the United States and elsewhere. We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the United States. This may entail various risks for the legality and security of data processing.

WordPress uses so-called standard contractual clauses (= Article 46 para. 2 and 3 GDPR) as a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (e.g. USA) and stored there. Through these clauses, WordPress commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and handled in the US. These clauses are based on an implementing decision of the European Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing agreements, which correspond to the standard contractual clauses, are available at https://wordpress.com/support/data-processing-agreements/.

You can read more about the data processed by using WordPress.com in the privacy policy at https://automattic.com/de/privacy/.

Contract for the processing of personal data (AVV) WordPress.com

We have entered into a Data Processing Agreement (DPA) with WordPress.com within the meaning of Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Order Processing Agreement (DPA)".

This agreement is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process the data you receive from us in accordance with our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found at https://wordpress.com/support/data-processing-agreements/.

Introduction to web analytics

Web Analytics Privacy Policy Summary
👥 Registered: visitors to the website
Purpose: Evaluation of visitor information to optimize the website. 🤝
📓 Data processed: access statistics containing data such as access locations, device data, access time and duration, navigation behavior, click behavior and IP addresses. More information is available on the web analytics tool used.
📅 Retention period: depending on the web analytics tool
⚖️ used Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to evaluate the behaviour of website visitors, or web analytics for short. This collects data that the respective analytics tool provider (also called tracking tool) stores, manages and processes. This data is used to create and make available to us as the website operator analyses of user behaviour on our website. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytical procedures, user profiles may also be created and data stored in cookies.

Why do we do web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand and make sure you feel completely comfortable on our website on the other. Using web analytics tools, we can take a closer look at the behaviour of our website visitors and then improve our website for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our site is most visited or what content or products are particularly popular. All this information helps us to optimise the website and so tailor it to your needs, interests and preferences.

What data is processed?

Of course, the exact data stored depends on the analysis tools used. But as a rule, it is usually stored, for example, what content you view on our site, what buttons or links you click, when you visit a page, what browser you use, with what device (PC, tablet, smartphone, etc.) you visit the site or what computer system you use. If you have agreed that location data may also be collected, these may also be processed by the provider of the web analytics tool.

In addition, your IP address is stored. Under the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymised (i.e. in an unrecognisable and abbreviated form). For testing, web analytics and web optimisation purposes, no direct data such as your name, age, address or email address is stored. All these data, if collected, are stored pseudonymously. So you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with Java script code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the site, others can store data for years.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. If, as in the case of accounting, it is required by law, for example, this retention period may also be exceeded.

Right to object

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offer technically and financially. Web analytics helps us detect website errors, identify attacks and improve profitability. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

As web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policy of the respective tool.

Information on specific web analytics tools can be found in the following sections, if available.

API for Facebook Conversions Privacy Policy

We use the Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for Europe.

Facebook processes your data in the USA and elsewhere. We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the US. This may entail various risks for the lawfulness and security of data processing.

Facebook uses so-called standard contractual clauses (= Article 46 para. 2 and 3 GDPR) as a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (e.g. USA) and stored there. Through these clauses, Facebook commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and handled in the US. These clauses are based on an implementing decision of the European Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Facebook's data processing conditions, which correspond to the standard contractual clauses, are available at https://www.facebook.com/legal/terms/dataprocessing.

You can read more about the data processed using the Facebook Conversions API in the privacy policy of https://www.facebook.com/about/privacy.

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary
👥 Registrants: website visitors
Purpose: Evaluation of visitor information to optimize the website. 🤝
📓 Data processed: access statistics that include data such as access locations, device data, access time and duration, navigation behavior, click behavior, and IP addresses. More information is available below and in the Google Analytics Privacy Policy.
📅 Retention period: depending on the properties
⚖️ used Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Site Kit allows us to quickly and easily view statistics from various Google products such as Google Analytics directly in our WordPress dashboard. Among other things, the tool or tools integrated with Google Site Kit also collect personal data from you. In this privacy policy we explain why we use Google Site Kit, how long and where data is stored and what other data protection texts are relevant to you in this context.

Google Site Kit is a plugin for the WordPress content management system. This plugin allows us to see important statistics for website analysis directly in our dashboard. These are statistics collected by other Google products. First and foremost from Google Analytics. In addition to Google Analytics, the Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager services can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our job to provide you with the best possible experience on our website. We want you to enjoy our website and find exactly what you're looking for quickly and easily. Statistical evaluations help us to get to know you better and to tailor our offer to your preferences and interests. We use various Google tools for these evaluations. Site Kit makes our work much easier in this respect as we can view and analyse the statistics of Google products directly in the dashboard. So we no longer need to register for each tool. Site Kit thus always offers a good overview of the most important analysis data.

What data does Google Site Kit store?

If you have actively consented to tracking tools in the cookie message (also called script or banner), Google products such as Google Analytics set cookies and send data about your user behaviour, such as your user behaviour, to Google, where it is stored and processed. This also includes personal data such as your IP address.

For more detailed information on the individual services, we have separate text sections in this Privacy Policy. See, for example, our Google Analytics Privacy Policy. Here we go into detail about the data collected. You will learn how long Google Analytics stores, handles and processes data, which cookies can be used and how to prevent data retention. We also have our own privacy policies with extensive information for other Google services such as Google Tag Manager or Google AdSense.

In the following, we show you examples of Google Analytics cookies that can be set in your browser, provided that you have consented in principle to data processing by Google. Please note that these cookies are only a sample:

Name: _ga value:2.1326744211.152122341587-2
Purpose:
By default, .js Analytics uses cookie-_ga to store the user ID. Basically, it serves to distinguish the website visitors.
Expiration date: after 2 years

Name: _gid
Värde: 2.1687193234.152122341587-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration date: after 24 hours

Namn: _gat_gtag_UA_<property-id>
Värde: 1
Syfte: Denna cookie används för att sänka begärandefrekvensen.
Utgångsdatum: efter 1 minut

How long and where is the data stored?

Google stores collected data on its own Google servers, which are distributed worldwide. Most of the servers are located in the United States, so it's quite possible that your data is also stored there. At https://www.google.com/about /datacenters/locations/?hl=de you can see exactly where the company deploys servers.

Data collected by Google Analytics is stored for 26 months. Your user data will then be deleted. The retention period applies to all data associated with cookies, user identification and advertising IDs.

How can I erase my data or prevent data retention?

You always have the right to obtain information about your data, to have your data deleted, corrected or restricted. You can also disable, delete or manage cookies in your browser at any time.

In principle, if you want to disable, delete or manage cookies, you will find the corresponding links to the respective instructions from the most popular browsers under the "Cookies" section.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie pop-up. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offer technically and financially. Google Site Kit helps us detect website errors, identify attacks and improve profitability. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use Google Site Kit if you have given your consent.

Google processes your data, including in the USA. We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the US. This may entail various risks for the lawfulness and security of data processing.

Google uses so-called standard contractual clauses (= Article 46 para. 2 and 3 GDPR) as a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or for data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even if transferred to third countries (e.g. USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and handled in the United States. These clauses are based on an implementing decision of the European Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads data processing terms, which refer to the standard terms and conditions, are available at https://business.safety.google/intl/de/adsprocessorterms/

If you would like to know more about Google's data processing, we recommend Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

Introduction to email marketing

Email Marketing Summary
👥 Registered: newsletter subscribers
🤝 Purpose: Direct mail, notification of system-relevant events
📓 Data processed: data provided at registration, but at least the e-mail address. More information can be found in the email marketing tool used.
📅 Retention period: subscription period.
⚖️ duration Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)

What is email marketing?

To keep you updated, we also use the possibility of e-mail marketing. If you have consented to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a subset of online marketing. It involves sending news or general information about a company, products or services by email to a specific group of people who are interested.

If you want to participate in our email marketing (usually via newsletter), you usually only need to register with your email address. To do this, fill in an online form and submit it. However, we may also ask for your greeting and name so that we can also write to you personally.

Basically, subscribing to newsletters works by means of the so-called "double opt-in" procedure. Once you have registered for our newsletter on our website, you will receive an email confirming your registration for the newsletter. This ensures that the email address belongs to you and that no one has registered with a foreign email address. We or a messaging tool we use logs each individual login. This is necessary for us to prove the legality of the registration process. As a rule, the registration time, the time of the registration confirmation and your IP address are stored. In addition, it is also logged when you make changes to your stored data.

Why do we use email marketing?

Of course, we want to keep in touch with you and always present the most important news about our company. To this end, we use email marketing - often called "newsletters" - as an essential part of our online marketing. If you consent or if permitted by law, we will send newsletters, system messages or other communications by email. When we use the term "newsletter" in the following text, we mainly mean regularly sent e-mails. Of course, we do not want to bother you with our newsletter in any way. Therefore, we always strive to offer only relevant and interesting content. For example, you can find out more about our company, services or products. As we are always improving our offers, you will always find out via our newsletter when there is news or when we are currently offering special, lucrative promotions. If we use a service provider that offers a professional mailing tool for our email marketing, we do so in order to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.

What data is processed?

If you subscribe to our newsletter via our website, you confirm your membership in a mailing list via email. In addition to your IP address and email address, your title, name, address and telephone number may also be stored. But only if you consent to this data storage. The data marked as such is necessary for you to participate in the offered service. The information is voluntary, but failure to provide it will result in you being unable to use the service. In addition, information about your device or your preferred content may also be stored on our website. You can read more about the storage of data when you visit a website in the section "Automatic data storage". We record your consent so that we can always prove that it complies with our laws.

Duration of treatment

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual request for deletion at any time. If you object to your consent permanently, we reserve the right to store your email address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also retain your e-mail address.

Right to object

You have the option to unsubscribe from the newsletter at any time. All you have to do is withdraw your consent to subscribe to the newsletter. This usually only takes a few seconds or one or two clicks. In most cases, you will find a link to unsubscribe from the newsletter directly at the end of each email. If the link in the newsletter really cannot be found, please contact us by e-mail and we will unsubscribe you from the newsletter immediately.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6(1)(a) of the GDPR). This means that we may only send you a newsletter if you have actively registered for it in advance. If necessary, we may also send advertising messages on the basis of § 7 Abs. 3 UWG, provided that you have become our customer and have not objected to the use of your e-mail address for direct advertising.

Information about specific email marketing services and how they process personal data can be found in the following sections, where available.

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary
👥 of data subjects: website visitors
🤝 Purpose: Contact requests and general communication between us and you
📓 Data processed: data such as name, address, email address, phone number, general content data, IP address if applicableMore information can be found in the tools used in each case.
📅 Retention period: depending on the messenger and communication features.
⚖️ used Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests), article 6 paragraph 1 sentence 1 lit. b. GDPR (contractual obligations or pre-contractual obligations)

What are Messenger & Communication features?

We offer various options on our website (e.g. messenger and chat functions, online or contact forms, e-mail, telephone) to communicate with us. Your data will also be processed and stored to the extent necessary to respond to your request and our subsequent actions.

In addition to classic means of communication such as e-mail, contact forms or telephone, we also use chats or messengers. The most common messenger feature at the moment is WhatsApp, but of course there are many different providers offering messenger features specifically for websites. If the content is end-to-end encrypted, this is indicated in the individual data protection texts or in the respective provider's data protection declaration. End-to-end encryption means nothing more than that the content of a message is not visible even to the provider. However, information about your device, location settings and other technical data may still be processed and stored.

Why do we use messenger & communication features?

Communication with you is of great importance to us. After all, we want to talk to you and answer all kinds of questions about our service in the best possible way. Good communication is an essential part of our service. With the convenient messenger and communication features, you can always choose the ones that are most dear to you. However, in exceptional cases, we may not be able to answer certain questions via chat or messenger. This is the case, for example, with internal contractual issues. Here we recommend other communication options such as email or telephone.

As a general rule, we assume that we remain responsible under data protection law, even if we use the Services on a social media platform. However, the European Court of Justice has ruled that the operator of the social media platform together with us may in certain cases be jointly liable within the meaning of Article 26 of the GDPR. To the extent that this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is described below on the relevant platform.

Please note that when you use our embedded elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are US companies. As a result, you may not be able to easily claim or enforce your rights in relation to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the messenger and communication functions. Basically, this is data such as name, address, phone number, email address and content data such as any information you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the provider's servers.

If you want to know exactly what data is stored and processed by each provider and how you can object to data processing, you should read the respective company's data protection declaration carefully.

How long is the data stored?

How long the data is processed and stored depends mainly on the tools we use. You can read more about the data processing of each tool below. Suppliers' data protection declarations usually specify exactly what data is stored and processed for how long. In principle, personal data is only processed for as long as it is necessary for the provision of our services. When data is stored in cookies, the retention time varies considerably. The data may be deleted immediately after leaving a website, but it may also remain stored for several years. Therefore, you should look at each cookie in detail if you want to know more about data retention. In most cases, you will also find informative information about the individual cookies in the privacy policies of the individual providers.

Right to object

As messenger & communication features may use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policy of each tool.

Legal basis

If you have consented to your data being processed and stored via integrated messenger and communication functions, this consent shall be the legal basis for the data processing (Article 6(1)(a) GDPR). We process your request and process your data in the context of contractual or pre-contractual relationships in order to fulfil our obligations before contracts and agreements or to respond to requests. The basis for this is Article 6 paragraph 1 sentence 1 lit. b. GDPR. In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in timely and good communication with you or other customers and business partners.

Facebook Messenger Privacy Policy

We use the communication tool Facebook Messenger on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for Europe.

Facebook's data processing terms, which correspond to the standard contractual clauses, are available at https://www.facebook.com/legal/terms/dataprocessing.

You can read more about the data processed by using Facebook in the privacy policy at https://www.facebook.com/about/privacy.

Contract for the processing of personal data (AVV) Facebook Messenger

We have entered into a Data Processing Agreement (DPA) with Facebook within the meaning of Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA in our general section "Order Processing Agreement (DPA)".

This agreement is required by law because Facebook processes personal data on our behalf. It clarifies that Facebook may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found at https://www.facebook.com/legal/terms/dataprocessing.

Introduction to social media

Summary of privacy policy for
👥 social media Registered: website visitors
🤝 Purpose: Presentation and optimization of our service, contact with visitors, interested parties, etc., advertising
📓 Processed data: data such as phone numbers, email addresses, contact details, user behavior data, information about your device and your IP address.
📅 Retention period: depending on the social media platforms
⚖️ used Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically address users who are interested in us via social networks. In addition, parts of a social media platform may also be embedded directly on our website. This is the case, for example, if you click on a so-called social button on our website and are forwarded directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, exchange content openly or in certain groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our presence on social media, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you switch to our social media content quickly and without complications.

The data stored and processed through your use of a social media channel is primarily intended to perform web analytics. The purpose of these analyses is to be able to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, with the help of the evaluated data, appropriate conclusions can be drawn about your interests and so-called user profiles can be created. This also allows the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behaviour.

Please note that when you use the social media platforms or our embedded elements, data from you may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are US companies. As a result, you may not be able to easily claim or enforce your rights in relation to your personal data.

What data is processed?

Exactly what data is stored and processed depends on the respective social media platform provider. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the visited social media channel and are logged in, data can be linked to your profile.

Any data collected via a social media platform is also stored on the providers' servers. Thus, only the providers have access to the data and can provide you with appropriate information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should read the respective company's data protection declaration carefully. Also, if you have questions about data storage and processing or want to assert the corresponding rights, we recommend that you contact the provider directly.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is compared to your own user data will be deleted within two days. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. If, as in the case of accounting, it is required by law, for example, this retention period may also be exceeded.

Right to object

You also have the right and ability to withdraw your consent to the use of cookies or third party applications, such as social media embeds, at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

As social media tools may use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policy of each tool.

Legal basis

If you have consented to your data being processed and stored through integrated elements of social media, this consent shall be considered the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in timely and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies on your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

Information on specific social media platforms is provided in the following sections, where available.

Facebook privacy policy

Facebook Privacy Policy Summary
👥 Registered: website visitors
🤝 Purpose: Optimization of our service
📓 Data processed: data such as customer data, user behavior data, information about your device and your IP address.More information is available below in the Privacy Policy.
📅 Retention period: until the data is no longer
⚖️ useful for Facebook's purposes Legal basis: article 6.1 lit. a GDPR (consent), article 6.1 f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network of the company Meta Platforms Inc., or for the European territory of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to provide you and people interested in our products and services with the best possible offer.

If data is collected and passed on from you via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint commitments have also been written into a publicly available agreement at https://www.facebook.com/legal/controller_addendum. For example, it states that we must clearly inform you about the use of Facebook tools on our website. In addition, we are also responsible for ensuring that the tools are securely integrated on our website in accordance with data protection legislation. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you ask us the question, we are obliged to pass it on to Facebook.

Below we provide an overview of the different Facebook tools, what data is sent to Facebook and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools". This is the official name of Facebook. But since the term is hardly known, we decided to call them just Facebook tools. These include:

Facebook Pixel
social plugins (e.g. "Like" or "Share" button)
Facebook login
Account Kit
APIs (application programming interfaces)
SDKs (collection of programming tools)
Platform integrations
Plugin program
Codes
Specifications
Documentation
Technology and services

Through these tools, Facebook extends services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. With the help of ads (Facebook ads) we can reach exactly these people. However, in order to show users appropriate advertising, Facebook needs information about people's wants and needs. In this way, the company gets information about user behaviour (and contact details) on our website. As a result, Facebook collects better user data and can show interested people appropriate advertising about our products or services. The tools thus enable tailored advertising campaigns on Facebook.

Facebook calls data about your behaviour on our website "event data". It is also used for measurement and analytics services. Facebook can thus create "campaign reports" on our behalf about the impact of our advertising campaigns. In addition, analytics give us better insight into how you use our services, our website or our products. As a result, we use some of these tools to optimize your user experience on our website. For example, you can use the social plugins to share content on our website directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address may be sent.

Facebook uses this information to compare the data with the data it has about you (if you are a Facebook member). Before customer data is transferred to Facebook, a so-called "hashing" takes place. This means that an arbitrarily large amount of data is transformed into a string. This also serves to encrypt the data.

In addition to contact data, "event data" is also transmitted. "Event data" means the information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (e.g. advertisers) unless the company has explicit permission or is legally required to do so. "Event data" may also be linked to contact information. This allows Facebook to offer better personalised advertising. After the above matching process, Facebook deletes the contact data again.

In order to deliver ads in an optimized way, Facebook only uses event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, safety, development and research purposes. Much of this data is transmitted to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about individual Facebook cookies. General information on the use of Facebook cookies is also available at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

Essentially, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. However, customer data will be deleted within 48 hours after it has been compared to your own user data.

How can I erase my data or prevent data retention?

In accordance with the General Data Protection Regulation, you have the right to information, correction, portability and deletion of your data.

A complete deletion of the data will only take place if you completely delete your Facebook account. How to delete your Facebook account:

1) On the right side of Facebook, click on Settings.

2) Then click on "Your Facebook information" in the left column.

3) Now click on "Deactivation and deletion".

4) Now select "Delete account" and then click on "Next and delete account"

5) Now enter your password, click on "Next" and then on "Delete account"

The data that Facebook receives via our website is stored, among other things, via cookies (e.g. social plugins). You can deactivate, delete or manage individual or all cookies in your browser. Depending on the browser you use, this works in different ways. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.

If you don't want cookies, you can set your browser to always inform you when a cookie is about to be set. So you can decide for each individual cookie whether or not to allow it.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent is the legal basis for data processing (Article 6(1)(a) GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Article 6(1)(f) GDPR) in timely and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies on your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at Facebook's privacy policy or cookie policy.

Facebook's data processing conditions, which correspond to the standard contractual clauses, are available at https://www.facebook.com/legal/terms/dataprocessing.

We hope that we have brought you closer to the most important information about the use and data processing of the Facebook tools. If you would like to know more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/about/privacy/update.

Facebook Fanpage Privacy Policy

We also have a Facebook fan page for our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for Europe.

Facebook's data processing terms, which correspond to the standard contractual clauses, are available at https://www.facebook.com/legal/terms/dataprocessing.

You can read more about the data processed by using Facebook in the privacy policy at https://www.facebook.com/about/privacy.

Instagram Privacy Policy

Instagram Privacy Policy Summary
👥 Registered: website visitors
🤝 Purpose: Optimization of our service
📓 Processed data: data such as user behavior data, information about your device and your IP address.More information is available below in the privacy policy.
📅 Retention period: until Instagram no longer needs it.
⚖️ the data for its purposes Legal basis: article 6, paragraph 1 lit. a GDPR (consent), article 6.1 f of GDPR (legitimate interests)

What is Instagram?

We have integrated features on Instagram on our website. Instagram is a social media platform of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc since 2012 and is part of the Facebook product line. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. If you visit pages on our website that have integrated an Instagram feature, data will be transferred, stored and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data will therefore be processed in all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is and how you can largely control data processing. Since Instagram is part of Meta Platforms Inc., we get our information from the Instagram policy, but also from the Meta privacy policy itself.

Instagram is one of the most famous social media networks worldwide. Instagram combines the benefits of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and even distribute them on other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really gone through the roof in recent years. And of course we reacted to this boom too. We want you to feel as comfortable as possible on our website. Therefore, a varied preparation of our content is a matter of course for us. Through the embedded Instagram features, we can enrich our content with useful, funny or exciting content from the Instagram world. As Instagram is a subsidiary of Facebook, the data collected may also be useful for personalised advertising on Facebook. So our ads only reach people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We get aggregated statistics and thus more insight into your preferences and interests. It is important to note that these reports do not identify you personally.

What data is stored by Instagram?

If you come across one of our pages that has built-in Instagram features (such as Instagram images or plug-ins), your browser will automatically connect to Instagram's servers. Data is sent, stored and processed to Instagram. Whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about ads you see and how you use our offer. In addition, the date and time of your interaction with Instagram is stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume this is exactly the case with Instagram. Customer data includes, for example, name, address, phone number and IP address. This customer data will not be transferred to Instagram until it has been "hashed" in advance. Hashing means that a record is transformed into a string. This allows you to encrypt contact data. In addition, the aforementioned "event data" will also be transmitted. Through "event data", Facebook - and thus Instagram - understands data about your user behaviour. It may also happen that contact data is combined with event data. The collected contact data will be compared with the data Instagram already has about you.

The data collected is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on which Instagram features are used and whether you have an Instagram account, different amounts of data are stored.

We assume that data processing works in the same way on Instagram as on Facebook. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has at least set a cookie. If this is the case, your browser will send information to Instagram via the cookie as soon as you come into contact with an Instagram feature. At the latest after 90 days (after comparison), this data will be deleted or anonymised. Although we have dealt intensively with Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

In the following, we will show you the cookies that are set in your browser at least when you click on an Instagram feature (e.g. a button or an Insta-picture). For our test, we assume that you do not have an Instagram account. Of course, if you are logged in to Instagram, many more cookies are set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: ""
Purpose: This cookie is probably set for security reasons to prevent forgery of requests. But we could not find out more exactly.
Expiration date: after one year

Name: mid
Value: ""
Purpose: Instagram sets this cookie to optimize its own services and offers on and off Instagram. The cookie defines a unique user ID.
Expiration date: after the end of the session

Name: fbsr_122341587124024
Value: no information
Purpose: This cookie stores login requests for users of the Instagram app.
Expiration date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after the end of the session

Namn: urlgen
Värde: „{„194.96.75.33″: 1901}:1iEtYv:Y833k2_UjKvXgYe122341587“
Syfte: Denna cookie används för marknadsföringsändamål på Instagram.
Utgångsdatum: efter sessionens slut

Note: We cannot claim to be exhaustive here. Which cookies are set in each case depends on the embedded features and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies with external partners and with people you connect with around the world. Data processing is carried out in accordance with its own data policy. Your data is distributed on Facebook's servers around the world, including for security reasons. Most of these servers are located in the United States.

How can I erase my data or prevent data retention?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction and deletion of your data. You can manage your data in Instagram settings. If you want to delete your data completely on Instagram, you need to delete your Instagram account permanently.

How to delete your Instagram account:

First, open the Instagram app. Go down to your profile page and click on "Help Center". This will take you to the company homepage. Click on Manage your account on the webpage and then click on Delete your account.

If you delete your account altogether, Instagram will delete posts such as your photos and status updates. Information that others have shared about you is not part of your account and will not be deleted.

As mentioned above, Instagram stores your data mainly via cookies. You can manage, disable or delete these cookies in your browser. Depending on your browser, the handling always works a little differently. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.

You can also set your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored through integrated elements of social media, this consent shall be considered the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in timely and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

Instagram or Facebook also process data in the United States and elsewhere. We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the US. This may entail various risks for the lawfulness and security of data processing.

Facebook uses standard contractual clauses approved by the European Commission (= Article 46 para. 2 and 3 GDPR) as a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige Facebook to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the European Commission. You can find the decision and the clauses here: https://germany.representation.ec.europa.eu/index_de.

We have tried to give you the most important information about data processing by Instagram. På https://help.instagram.com/519522125107875
you can take a closer look at Instagram's data policy.

Introduction to online marketing

Online marketing Data protection declaration Summary
👥 of data subjects: visitors to the website
Purpose: Evaluation of visitor information to optimize the website. 🤝
📓 Data processed: access statistics containing data such as access locations, device data, access time and duration, navigation behavior, click behavior and IP addresses. Personal data such as name or email address may also be processed. More information is available on the online marketing tool used.
📅 Retention period: depending on the marketing tools
⚖️ online used Legal basis: article 6.1 lit. a GDPR (consent), article 6.1 f of GDPR (legitimate interests)

What is online marketing?

Online marketing refers to any action taken online to achieve marketing objectives such as raising brand awareness or closing a deal. In addition, our online marketing actions aim to draw people's attention to our website. In order to show our offer to many interested people, we do online marketing. Usually this is online advertising, content marketing or search engine optimisation. In order for us to use online marketing effectively and efficiently, personal data is also stored and processed. On the one hand, the data helps us to display our content only to those who are interested in it and, on the other hand, it allows us to measure the advertising success of our online marketing activities.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in our offer. We are aware that this is not possible without deliberate action. That is why we do online marketing. There are various tools that make it easier for us to work on our online marketing activities and also to make suggestions for improvement via data. This allows us to target our campaigns more accurately to our audience. The purpose of these online marketing tools is therefore ultimately to optimise our offer.

What data is processed?

In order to make our online marketing work and to measure the success of the actions we take, user profiles are created and data is stored, for example, in cookies (small text files). This data allows us not only to place advertising in classic terms but also directly on our website, presenting our content as you prefer it. There are various third-party tools that offer these functions and collect and store data from you accordingly. The named cookies store, for example, which web pages you have visited on our website, how long you have looked at these pages, which links or buttons you clicked or from which website you came to us. In addition, technical information may also be stored. For example, your IP address, which browser you are using, from which device you are visiting our website or the time when you opened our website and when you left it again. If you have consented to us also determining your location, we may also store and process this.

Your IP address is stored in pseudonymised form (i.e. abbreviated). Unique information that directly identifies you as an individual, such as your name, address or email address, is only stored in pseudonymised form as part of the online advertising and marketing procedures. We cannot identify you as an individual, but we have only stored the pseudonymised, stored information in the user profiles.

Cookies may also be used, analysed and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the providers of the advertising tools.

In exceptional cases, unique data (name, e-mail address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing activities and the network links previously received data with the user profile.

For any advertising tools we use that store data about you on their servers, we only receive aggregate information and never data that identifies you as an individual. The data only shows how well set advertising measures worked. For example, we see which actions led you or other users to come to our site and purchase a service or product there. Based on these analyses, we can improve our advertising offer in the future and tailor it even more precisely to the needs and preferences of interested parties.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is kept for different periods of time. Some cookies are deleted after leaving the website, others may be stored in your browser for a few years. In the respective data protection declarations of the individual providers, you can usually find detailed information about the individual cookies used by the provider.

Right to object

As online marketing tools can usually use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policy of the respective tool.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when it is collected by online marketing tools.

We also have a legitimate interest in measuring online marketing activities in an anonymous form in order to optimise our offer and actions using the data obtained. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent.

Information on specific online marketing tools is provided in the following sections, where available.

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for Europe.

Facebook's data processing conditions, which correspond to the standard contractual clauses, are available at https://www.facebook.com/legal/terms/dataprocessing.

You can read more about the data processed using Facebook's custom audiences in the privacy policy at https://www.facebook.com/about/privacy.

Introduction to affiliate programs

Affiliate Program Privacy Policy Summary
👥 Registered: visitors to the site
🤝 Purpose: financial success and optimization of our service.
📓 Data processed: access statistics containing data such as access locations, device data, access time and duration, navigation behavior, click behavior and IP addresses. Personal data such as name or email address may also be processed.
📅 Retention period: personal data is usually stored by partner applications until they
⚖️ no longer needed Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What are affiliate programs?

We use affiliate programs from various providers on our website. By using an affiliate program, data from you may be transferred, stored and processed by the respective affiliate program provider. In this data protection text, we give you a general overview of data processing by affiliate programs and show you how you can also prevent or revoke data transfer. Each affiliate program (also called affiliate program) is based on the principle of referral fee. A link or an advertisement including a link is placed on our website and if you are interested in it and click on it and buy a product or service in this way, we receive a commission (compensation for advertising costs)

Why do we use affiliate programs on our website?

Our goal is to give you a good time with lots of useful content. We put a lot of work and time into the development of our website. With the help of affiliate programs, we are able to get paid a little for our work. Of course, every affiliate link always has to do with our topic and shows offers that might interest you.

What data is processed?

In order to track whether you have clicked on a link used by us, the affiliate program provider needs to know that it was you who followed the link through our website. There must therefore be a correct attribution of the affiliate program links used to the following actions (deal, purchase, conversion, display, etc.). Only then can the settlement of commissions work.

For this mapping to work, a value can be added to a link (in the URL) or information can be stored in cookies. For example, it stores which page you came from (referrer), when you clicked on the link, an identifier of our website, what offer it is and a user ID.

This means that as soon as you interact with the products and services of an affiliate program, that provider also collects data from you. Exactly what data is stored depends on the individual providers. For example, Amazon Affiliate Program distinguishes between active and automatic information. Active items include name, email address, phone number, age, payment information or location information. In this case, automatically stored information includes user behavior, IP address, device information, and URL.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. In general, personal data will only be processed for as long as it is necessary for the provision of services and products. Data stored in cookies will be kept for different periods of time. Some cookies are deleted after leaving the website, others may be stored in your browser for a few years if they are not actively deleted. The exact duration of the data processing depends on the provider used, in most cases you should be prepared for a storage period of several years. The respective data protection declarations of the individual providers usually provide you with precise information on the duration of the data processing.

Right to object

You always have the right to information, rectification and deletion of your personal data. If you have any questions, you can also contact the responsible person of the partner software provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant provider.

Cookies that providers use for their functions can be deleted, disabled or managed in your browser. Depending on the browser you use, this works in different ways.

Legal basis

If you have consented to the use of affiliate programs, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by an affiliate program.

We also have a legitimate interest in using an affiliate program to optimize our online service and marketing efforts. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use the affiliate program if you have given your consent.

Information about special affiliate programs is available in the following sections, if available.

Cookie consent management platform Einleitung

Cookie Consent Management Platform Summary Registered
👥: Website visitors
🤝 Purpose: To obtain and manage consent for certain cookies and thus the use of certain tools
📓 Processed data: data to manage the cookie settings such as IP address, time of consent, type of consent, individual consents. More information can be found on the tool used.
📅 Retention period: depending on the tool used, you need to be prepared
⚖️ for periods of several years Legal basis: article 6 paragraph 1 lit. a GDPR ( consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is a consent cookie management platform?

We use a Consent Management Platform (CMP) software on our website, which makes it easier for us and you to manage scripts and cookies properly and securely. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with a cookie consent as required by data protection legislation and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorise all existing cookies. As a website visitor, you then decide whether and which scripts and cookies you allow or disallow. The following picture shows the relationship between the browser, the web server and the CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the field of data protection. Moreover, we are also legally obliged to do so. We want to inform you as much as possible about all tools and cookies that may store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. To give you this right, we first need to know exactly which cookies have landed on our website in the first place. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information. You can then accept or reject cookies via the consent system.

What data is processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The statement of your consent is stored so that we don't have to ask you every time you visit our site and we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the retention period of your cookie consent varies. In most cases, this data (e.g. pseudonymous user ID, date of consent, detailed information on cookie categories or tools, browser, device information) is stored for up to two years.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is kept for different periods of time. Some cookies are deleted after leaving the website, others may be stored in your browser for a few years. The exact duration of data processing depends on the tool used, in most cases you should be prepared for a storage period of several years. The respective data protection declarations of the individual providers usually provide you with precise information on the duration of the data processing.

Right to object

You also have the right and opportunity to withdraw your consent to the use of cookies at any time. This is done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Information on specific cookie management tools is provided in the following sections, where available.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are allowed to use cookies with your consent (Article 6(1)(a) of the GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to manage the consent to cookies and to enable you to give your consent, a cookie management software is used for consent management. The use of this software enables us to operate the website in an effective lawful manner, which represents a legitimate interest (Art. 6 para. 1 lit. f GDPR).

Privacy Policy for BorlabsCookie

We use Borlabs Cookie on our website, which is, among other things, a tool for storing your consent to cookies. The service provider is the German company Borlabs - Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can read more about the data processed by using BorlabsCookie in the privacy policy at https://de.borlabs.io/datenschutz/.

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary
👥 Registered: visitors to the website
🤝 Purpose: Cybersecurity
📓 Data processed: data such as your IP address, name or technical data such as browser versionMore information can be found below and the individual data protection texts.
📅 Retention period: in most cases the data is stored until
⚖️ no longer needed to fulfil the service Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is security and anti-spam software?

With so-called security & anti-spam software you and we can protect ourselves against various spam or phishing emails and any other cyber attacks. Spam refers to advertising messages from a mass mailing that you did not request yourself. Such emails are also called data garbage and can also cause costs. Phishing emails, on the other hand, are messages that aim to build trust through fake messages or websites to gain access to personal data. Anti-spam software usually protects against unwanted spam or malicious emails that can introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We attach great importance to the security of our website. After all, it's not just about our safety, but above all about yours. Unfortunately, cyber threats are now part of everyday life in the IT and Internet world. Hackers often try to steal personal data from an IT system by means of a cyber-attack. And that's why a good defence system is absolutely essential. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyber attacks, we use other external security services in addition to the standard security systems on our computer. This better prevents unauthorised traffic of data and protects us from cybercrime.

What data is processed by security and anti-spam software?

Exactly what data is collected and stored depends, of course, on the service. However, we always strive to use only programs that collect data very sparingly or only store data that is necessary to fulfill the service offered. In principle, the service may store data such as name, address, IP address, e-mail address and technical data such as browser type or browser version. In addition, all performance and log data can be collected to detect possible incoming threats in time. This data is processed as part of the Services and in accordance with applicable laws. This also includes GDPR for US providers (via the standard contract clauses). In some cases, these security services also work with third party providers who may store and/or process data as instructed and in accordance with privacy policies and other security measures. Data is typically stored via cookies.

Duration of treatment

We will inform you about the duration of the data processing below, if we have further information. For example, security software stores data until you or we revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of the Services. Unfortunately, in many cases we do not have precise information from the providers about the retention period.

Right to object

You also have the right and opportunity to withdraw your consent to the use of cookies or third party security software at any time. This is done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

As cookies may also be used in such security services, we recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policy of the respective tool.

Legal basis

We use the security services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in a good security system against various cyber attacks.

Some processing, in particular the use of cookies and the use of security features, requires your consent. If you have consented to your data being processed and stored by integrated security services, this consent shall be the legal basis for the data processing (Article 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

Information on specific tools is provided in the following sections, if available.

Audio and video introduction

Audio and Video Privacy Policy Summary
👥 Registered: website visitors
🤝 Purpose: Optimisation of our service
📓 Processed data: data such as contact details, user behaviour data, information about your device and your IP address may be stored. More information can be found below in the corresponding data protection texts.
📅 Storage period.
⚖️ necessary for the purpose of the service Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What are audio and video elements?

We have integrated audio or video elements on our website so that you can watch videos or listen to music/podcasts directly through our website. The content is provided by service providers. All content is therefore also obtained from the providers' corresponding servers.

These are integrated functional elements of platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free, but paid content can also be published. Using these integrated elements, you can listen to or view the respective content via our website.

If you use audio or video elements on our website, your personal data may also be transmitted, processed and stored by the service providers.

Why do we use audio and video elements on our website?

Of course, we want to give you the best offer on our site. And we are aware that content is no longer conveyed only in text and static images. Instead of just giving you a link to a video, we offer audio and video formats directly on our site that are entertaining or informative, and preferably both. This extends our service and makes it easier for you to access interesting content. In addition to our texts and images, we therefore also offer video and/or audio content.

What data is stored by audio and video elements?

When you visit a page on our website that has an embedded video, for example, your server connects to the service provider's server. Your data will also be transferred to the third-party provider and stored there. Some data is collected and stored whether or not you have an account with the third party. This typically includes your IP address, browser type, operating system and other general information about your device. In addition, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked or through which website you accessed the service. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymised data is usually stored in cookies in your browser. You can always find out exactly what data is stored and processed in the data protection declaration of each provider.

Duration of treatment

The length of time the data is stored on the servers of third-party providers can be found either below in the data protection text of the respective tool or in the provider's privacy policy. In principle, personal data will only be processed for as long as it is absolutely necessary for the provision of our services or products. In most cases, you can assume that some data will be stored on the servers of third-party providers for several years. Data may be stored for different lengths of time, particularly in cookies. Some cookies are deleted after leaving the website, others may be stored in your browser for a few years.

Right to object

As cookies are also commonly used by the integrated audio and video features of our website, you should also read our general privacy policy on cookies. You will learn more about the handling and storage of your data in the privacy statements of the respective third-party providers.

Legal basis

If you have consented to your data being processed and stored using integrated audio and video elements, this consent shall be deemed to be the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in timely and good communication with you or other customers and business partners. Nevertheless, we only use the integrated audio and video elements if you have given your consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary
👥 Registered: visitors to the site
🤝 Purpose: Optimization of our service
📓 Data processed: data such as contact details, user behaviour data, information about your device and your IP address may be stored. For more information, please refer to this privacy policy below.
📅 Storage period.
⚖️ necessary for the purpose of the service Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is YouTube?

We have included YouTube videos on our website. So we can present interesting videos directly on our website. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Depending on your settings, different data will be transferred. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

YouTube allows users to watch, rate, comment and upload videos for free. In recent years, YouTube has become one of the most important social media channels worldwide. In order for us to display videos on our website, YouTube provides a code section that we have included on our website.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to give you the best possible user experience on our website. And of course, interesting videos should not be missing. With our embedded videos, we give you additional useful content on top of our texts and images. In addition, our site is easier to find on Google's search engine because of the embedded videos. Although we place ads via Google Ads, Google - thanks to the information collected - can actually only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet service provider. Other data may include contact details, any reviews, sharing content via social media or adding it to your favourites on YouTube.

If you're not signed in to a Google Account or YouTube Account, Google stores data with a unique identifier associated with your device, browser or app. For example, your preferred language setting is retained. But much interaction data cannot be stored because fewer cookies are set.

The following list shows cookies set in a browser test. On the one hand, we show cookies set without a registered YouTube account. On the other hand, we show cookies set with a registered account. The list cannot claim to be complete, as user data always depends on the interactions on YouTube.

Name: YSC value
: b9-CV6ojI5Y122341587-1
Purpose: This cookie records a unique ID to store statistics about the video viewed.
Expiration date: after the session

Name: PREF value:
f1=50000000Purpose:
This cookie also records your unique ID. Google receives statistics via PREF about how you use YouTube videos on our website.
Expiration date: after 8 months

Name: GPS value:
1Purpose:
This cookie records your unique ID on mobile devices to track GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

Other cookies set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7122341587-Purpose
: This cookie is used to create a profile of your interests. The data is used for personalised advertisements.
Expiry date: after 2 years

Name: COUNTER VALUE
: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT also serves security to control users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID value
: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalised advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL ...
Purpose: This cookie stores information about your login details.
Expiration date: after 2 years

Name: SAPISID value
: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiry date: after 2 years

Name: SID value:
oQfNKjAsI122341587-Purpose: This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.

Expiration date: after 2 years

Name: SIDCC value
: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the site and what advertisements you may have seen before visiting our site.
Expiration date: after 3 months

How long and where is the data stored?

The data that YouTube receives and processes from you is stored on Google's servers. Most of these servers are located in America. You can see exactly where Google's data centres are located at https://www.google.com/about/datacenters/locations/?hl=de. Your data is distributed on the servers. As a result, data can be retrieved faster and is better protected against manipulation.

Google stores the collected information for different periods of time. Some data can be deleted at any time, others are automatically deleted after a limited time and others are stored by Google for a longer period of time. Some data (e.g. My Activity items, photos or documents, products) stored in your Google Account will be kept until you delete it. Even if you're not signed in to a Google Account, you can delete certain data associated with your device, browser or app.

How can I erase my data or prevent data retention?

Basically, you can delete the data in your Google Account manually. With the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your decision - and then deleted.

Whether you have a Google account or not, you can configure your browser to remove or disable cookies from Google. Depending on the browser you use, this works in different ways. In the "Cookies" section, you will find the corresponding links to the respective instructions from the most popular browsers.

If you don't want cookies, you can set your browser to always inform you when a cookie is about to be set. So you can decide for each individual cookie whether or not to allow it.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent shall be considered the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in timely and good communication with you or other customers and business partners. Nevertheless, we only use the integrated YouTube elements if you have given your consent. YouTube also places cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and look at the privacy policy or cookie policy of the respective service provider.

YouTube also processes data in the US and elsewhere. We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the US. This may entail various risks for the lawfulness and security of data processing.

YouTube uses standard contractual clauses approved by the European Commission (= Article 46(2) and (3) of the GDPR) as a basis for data processing for recipients based in third countries (outside the EU, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige YouTube to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the European Commission. You can find the decision and the clauses here: https://germany.representation.ec.europa.eu/index_de.

Since YouTube is a subsidiary of Google, there is a shared privacy policy. If you would like to know more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.

Subscribe to the YouTube Button Privacy Policy

We have installed the YouTube subscription button on our website. You can usually recognise the button by the classic YouTube logo. The logo shows the words "Subscribe" or "YouTube" in white font against a red background and the white "Play" icon on the left. The button may also appear in a different design.

Our YouTube channel always offers you funny, interesting or exciting videos. With the built-in "Subscribe" button, you can subscribe to our channel directly from our website and don't need to visit the YouTube site itself. We want to make it as easy as possible for you to access our extensive content. Please note that YouTube may store and process data about you.

If you see a built-in subscribe button on our website, YouTube - according to Google - sets at least one cookie. This cookie stores your IP address and our URL. YouTube may also learn information about your browser, your approximate location and your default language. In our test, the following four cookies were set without being logged into YouTube:

Name: YSC value
: b9-CV6ojI5122341587Y
Purpose: This cookie records a unique ID to store statistics about the video viewed.
Expiration date: after the session

Name: GPS value:
1Purpose:
This cookie records your unique ID on mobile devices to track GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 12234158795Chz8bagyU
Purpose: This cookie tries to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

These cookies were set after a test and cannot claim to be complete.

If you are logged into your YouTube account, YouTube may store many of your actions/interactions on our website using cookies and link them to your YouTube account. For example, YouTube receives information about how long you browse our site, what type of browser you use, your preferred screen resolution or what actions you take.

YouTube uses this data to improve its own services and offerings, on the one hand, and to provide analytics and statistics to advertisers (who use Google Ads), on the other.

Introduction to web design

Webdesign Privacy Policy Summary
👥 Registrants: website visitors Purpose: To improve
🤝 the user experience
📓 Data processed: the data processed depends heavily on the services used. In most cases this includes IP address, technical data, language settings, browser version, screen resolution and browser name. More information can be found in the web design tools used.
📅 Retention period: depending on the tools
⚖️ used Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is web design?

We use various tools on our website that serve our web design. Web design is not, as is often assumed, just about making our site look beautiful, but also about functionality and performance. But of course, the right look of a website is also one of the major goals of professional web design. Web design is part of media design and is about the visual as well as the structural and functional design of a website. The aim is to improve your experience on our website with the help of web design. In web design jargon, this is called user experience (UX) and usability. User experience refers to all the impressions and experiences that a website visitor has on a website. A subset of user experience is usability. It is about the ease of use of a website. In particular, it is important that content, sub-pages or products are clearly structured and that you can find what you are looking for easily and quickly. To give you the best possible experience on our website, we also use so-called third-party web design tools. The category "web design" in this privacy statement therefore includes all services that enhance the design of our website. These can be, for example, fonts, various plugins or other integrated web design features.

Why do we use web design tools?

How you take in information on a website depends very much on its structure, functionality and visual perception. That's why a good and professional web design became more and more important to us. We are constantly working on improving our website and also see this as an extended service for you as a website visitor. In addition, a beautiful and functioning website also has financial benefits for us. After all, you will only visit us and take advantage of our offers if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages, which may also process data. Of course, the exact data depends heavily on the tools used. Below you can see exactly which tools we use for our website. For more information on data processing, we recommend that you also read the respective data protection declarations of the tools used. In most cases, you will find out what data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution and browser name to Google's servers.

Duration of treatment

How long data is processed is highly individual and depends on the web design elements used. For example, if cookies are used, the retention period can be as short as one minute, but it can also last for a few years. Be careful with this. On the one hand, we recommend our general text section on cookies and the data protection declarations of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only stored for as long as it is necessary for the provision of the service. In the case of legal requirements, data may also be stored longer.

Right to object

You also have the right and opportunity to withdraw your consent to the use of cookies or third parties at any time. This works either through our cookie management tool or through other opt-out functions. You can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser. However, under web design elements (mostly fonts) there is also data that cannot be deleted so easily. This is the case when data is automatically collected directly when a page is opened and transferred to a third party provider (e.g. Google). Please contact the respective provider's support. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as it may occur when collected by web design tools. We also have a legitimate interest in improving the web design of our website. After all, only then can we provide you with a beautiful and professional website. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use web design tools if you have given your consent. In any case, we would like to stress this again.

Information on specific web design tools, if available, is provided in the following sections.

Font Awesome Privacy Policy

Font Awesome Privacy Policy Summary
👥 Registered: website visitors
🤝 Purpose: Optimization of our service
📓 Processed data: such as IP address and which icon files are loadedMore information can be found below in this privacy statement.
📅 Storage period: files in identifiable form are stored.
⚖️ for a few weeks Legal basis: article 6 paragraph 1 lit . a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

Where is Font Awesome?

On our website we use Font Awesome from the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). When you visit one of our websites, the Font Awesome web font (in particular icons) is loaded via the Font Awesome Content Delivery Network (CDN). In this way, the texts or fonts and icons are displayed appropriately on each end device. This Privacy Policy goes into more detail about data storage and processing through this service.

Icons play an increasingly important role for websites. Font Awesome is a web font designed specifically for web designers and web developers. With Font Awesome, for example, icons can be scaled and coloured as desired using the CSS style sheet language. They replace old image icons. Font Awesome CDN is the easiest way to load the icons or fonts on your website. All we had to do was include a small line of code on our site.

Why do we use Font Awesome on our website?

Font Awesome makes it easier to prepare content on our site. This allows you to better navigate our site and better understand the content. The icons even allow you to sometimes replace whole words and save space. This is particularly useful when we are optimising content specifically for smartphones. These icons are inserted as an HMTL code instead of an image. This allows us to edit the icons with CSS just the way we want. At the same time, Font Awesome also improves our loading speed, since it's just HTML elements and not icon images. All these benefits help us make the site even clearer, fresher and faster for you.

What data does Font Awesome store?

Font Awesome Content Delivery Network (CDN) is used to load icons and icons. CDNs are networks of servers that are distributed worldwide and allow files to be loaded quickly in close proximity. Thus, as soon as you visit one of our pages, the corresponding icons are provided by Font Awesome.

In order for the web fonts to load, your browser must connect to the servers of Fonticons, Inc. Your IP address will be recognized. Font Awesome also collects data about which icon files are downloaded and when. In addition, technical data such as your browser version, screen resolution or the time of the page being called out is transmitted.

This data is collected and stored for the following reasons:

to optimize content delivery networks
to detect and correct technical errors
to protect CDNs from abuse and attacks
to be able to charge Font Awesome Pro customers
to learn the popularity of icons
to know which computer and software you are using

If your browser does not allow web fonts, a default font will automatically be used on your computer. According to the current state of our knowledge, no cookies are set. We are in contact with Font Awesome's privacy department and will let you know as soon as we find out more.

How long and where is the data stored?

Font Awesome stores data about the use of the Content Delivery Network on servers also in the United States. However, the CDN servers are located all over the world and store user data wherever you are. In identifiable form, the data is usually only stored for a few weeks. Aggregate statistics on CDN usage may also be stored for longer. Personal data is not included here.

How can I erase my data or prevent data retention?

Font Awesome does not store any personal data via the content delivery networks to the current state of knowledge. If you do not want the data about the icons used to be stored, you will unfortunately not be able to visit our website. If your browser does not allow web fonts, no data will be transmitted or stored. In this case, your computer's default font will simply be used.

Legal basis

If you have consented to the use of Font Awesome, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur during the collection by Font Awesome.

We also have a legitimate interest in using Font Awesome to optimize our online service. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use Font Awesome if you have given your consent.

We would like to point out that the European Court of Justice considers that there is currently no adequate level of protection for the transfer of data to the US. The data processing is mainly carried out by Font Awesome. This may result in data not being processed and stored anonymously. In addition, US authorities may have access to individual data. It is also possible that this data is linked to data from possible other services of Font Awesome where you have a user account.

If you want to learn more about Font Awesome and how it handles data, we recommend the privacy policy at https://fontawesome.com/privacy and the help page at https://fontawesome.com/support.

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary
👥 Registered: visitors to the site
🤝 Purpose: Optimization of our service
📓 Data processed: Data such as IP address and CSS and font requestsMore information can be found below in this privacy policy.
📅 Retention period: font files are stored.
⚖️ by Google for one year Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is Google Font?

We use Google Fonts on our website. These are "Google Fonts" for the company Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You don't need to sign in or enter a password to use Google Fonts. In addition, no cookies are stored in your browser. The files (CSS, fonts) are fonts.googleapis.com and fonts.gstatic.com requested via Google's domains. According to Google, the CSS and font requests are completely separate from all other Google services. If you have a Google Account, you don't need to worry that your Google Account data will be transferred to Google when you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We'll take a closer look at exactly what that data storage looks like.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to your users for free.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache license. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website and don't have to upload them to our own server. Google Fonts is an important building block to keep the quality of our website high. All Google Fonts are automatically optimised for the web and this saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures a fast loading time. In addition, Google Fonts are secure web fonts. Different image synthesis (rendering) systems in different browsers, operating systems and mobile devices can lead to errors. Such errors may partially distort texts or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no platform issues with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. Through this external call, data is transferred to Google's servers. In this way, Google also recognises that you or your IP address are visiting our website. The Google Fonts API is designed to reduce the use, storage and collection of end-user data to what is necessary for the proper delivery of fonts. The API, by the way, stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely with Google and is therefore protected. The usage figures collected allow Google to determine how well individual fonts are received. Google publishes the results on internal analytics pages, such as Google Analytics. In addition, Google also uses data from its own search engine to determine which websites use Google fonts. This data is published in the BigQuery database with Google Fonts. Entrepreneurs and developers use Google's BigQuery web service to explore and move large amounts of data.

However, it should be remembered that with each Google Font request, information such as language settings, IP address, browser version, browser screen resolution and browser name is automatically transmitted to Google's servers. Whether this data is also stored is not clearly ascertainable or clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use the fonts with a Google style sheet. A style sheet is a template that can be used to easily and quickly change the design or fonts of a website, for example.

The font files are stored by Google for one year. Google thus aims to fundamentally improve the loading time of websites. If millions of web pages link to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase speech coverage and improve design.

How can I erase my data or prevent data retention?

Data that Google stores for a day or a year can't just be deleted. The data is automatically transferred to Google when the page is opened. If you want to delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=122341587. In this case, you can only prevent data storage if you do not visit our website.

Unlike other web fonts, Google gives us unlimited access to all fonts. So we can access an unlimited sea of fonts and get the most out of our site. You can read more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=122341587 Although Google handles data protection issues there, it doesn't really include detailed information about data retention. It's relatively difficult to get really accurate information about stored data from Google.

Legal basis

If you have consented to the use of Google fonts, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as it may occur during the collection of Google Fonts.

We also have a legitimate interest in using Google Font to optimise our online service. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use Google Font if you have given your consent.

The Google Ads data processing terms, which also correspond to the standard Google font terms, can be found at https://business.safety.google/adsprocessorterms/.

You can also find out what data is typically collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Google Fonts Local Privacy Policy

On our website we use Google Fonts from Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European region. We have integrated Google Fonts locally, i.e. on our web server - not on Google's servers. As a result, there is no connection to Google's servers and therefore no data transfer or storage.

What is Google Font?

Previously, Google Fonts was also called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides free of charge. Google Fonts allows you to use fonts without uploading them to your own server. However, to prevent the transfer of information to Google's servers, we have downloaded the fonts to our server. In this way, we act in accordance with data protection regulations and do not pass on any data to Google Fonts.

Online Booking System Introduction

Online booking system Data protection declaration Summary
👥 of data subjects: visitors to the website
🤝 Purpose: To improve the user experience and organisation
📓 Data processed: the data processed depends heavily on the services used. In most cases, this involves IP address, contact and payment details and/or technical data. More information can be found under the tools used.
📅 Retention period: depending on the tools
⚖️ used Legal basis: article 6 paragraph 1 lit. a GDPR (consent), article 6 paragraph 1 lit. f GDPR (legitimate interests)

What is an online booking system?

To enable you to make bookings via our website, we use one or more booking systems. For example, meetings can be easily created online. A booking system is a software integrated into our website that displays available resources (e.g. free dates) and through which you can book directly online and usually also pay. You are probably already familiar with such booking systems from the restaurant or hotel industry. In the meantime, however, such systems are used in a variety of industries. Depending on the tools and settings, booking systems can be used both internally for us and for customers like you. As a rule, personal data is also collected and stored by you.

For the most part, the booking process works as follows: you can find the booking system on our website, where you can book an appointment for a service directly with the click of a mouse, entering your details and usually paying immediately. You may be able to enter various details about yourself via a form. Keep in mind that any data you enter may be stored and managed in a database.

Why do we use an online booking system?

In a way, we also see our website as a free service to you. You should get useful information and feel completely comfortable on our site. This also includes an online service that makes it as easy as possible for you to book appointments or services. Gone are the days when you had to wait days by phone or email for a booking confirmation. With an online booking system, you can have everything done in a few clicks and get on with other things. For us too, the system makes it easier to manage all bookings and appointments. That's why we think such a booking system makes perfect sense for both you and us.

What data is processed?

Of course, we cannot say exactly what data is processed in this general information text on the reservation system. This always depends on the tool used and the functions and possibilities it contains. Many reservation systems offer a number of other functions in addition to the conventional booking function. For example, many systems also integrate an external online payment system (e.g. from Stripe, Klarna or PayPal) and a calendar synchronisation function. Depending on the functions, different and varying amounts of data can therefore be processed. Typically, data such as IP address, name and contact details, technical information about your device and booking time are processed. If you also make a payment in the system, banking data such as account number, credit card number, password, TAN, etc. are also stored and forwarded to the respective payment provider. We recommend that you read the respective data protection declaration of the tool used carefully so that you know which of your data is actually processed.

Duration of treatment

Each reservation system stores data for a different length of time. Therefore, we cannot yet give any concrete information on the duration of data processing here. In principle, however, personal data is only stored for as long as it is absolutely necessary to provide the services. Booking systems also usually use cookies that store information for different periods of time. Some cookies are deleted immediately after leaving the site, others may be stored for a few years. You can read more about this in the "Cookies" section. Also take a look at the respective data protection declarations of the providers. It should explain how long your data will be stored in that specific case.

Right to object

If you have consented to the processing of data by a reservation system, you always have the possibility and the right to withdraw this consent. So always be aware that you have rights with respect to your personal data and can make these rights effective at any time. If you do not want personal data to be processed, no personal data may be processed. It's as simple as that. The easiest way to withdraw data processing is via a cookie consent tool or other opt-out functions offered. For example, you can also manage data retention via cookies directly in your browser. Until your withdrawal, the lawfulness of the data processing remains unaffected.

Legal basis

If you have consented to the use of booking systems, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (consent), it constitutes the legal basis for the processing of personal data as it may be carried out through booking systems.

In addition, we also have a legitimate interest in using reservation systems, as we are on the one hand enhancing our customer service and on the other hand optimising our internal booking organisation. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). Nevertheless, we only use the tools if you have given your consent. We absolutely want to have this recorded again at this time.

Information on specific booking systems is available in the following sections, if available.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal issues. It often makes sense to use legal terms (e.g. personal data) or certain technical terms (e.g. cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have covered sufficiently in the previous data protection declaration. If these terms have been taken from the GDPR and they are definitions, we will also list the GDPR text here and add our own explanations where necessary.

Processor

Definition under Article 4 of the GDPR

For the purposes of this Regulation

processor: a natural or legal person, public authority, institution or other body which processes personal data on behalf of the controller.

Explanation: as a company and website owner, we are responsible for all information we process about you. In addition to data controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Therefore, in addition to service providers such as tax consultants, processors can also be hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Consent

Definition under Article 4 of the GDPR

For the purposes of this Regulation

the 'data subject's consent' means any freely given, specific, informed and unambiguous expression of his or her wishes by which he or she, by a statement or by an unambiguous act of confirmation, consents to the processing of personal data relating to him or her.

Explanation: as a rule, such consent is given via a cookie consent tool for websites. I'm sure you know that. When you visit a website for the first time, you will usually be asked by a banner if you agree or consent to data processing. In most cases, you can also make individual settings and thus decide which data processing you allow and which you do not. If you do not consent, no personal data may be processed about you. In principle, consent can of course also be given in writing, i.e. not via a tool.

Personal data

Definition under Article 4 of the GDPR

For the purposes of this Regulation

'personal data' means any information relating to an identified or identifiable natural person (An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the natural person, the physiological, genetic, mental, economic, cultural or social identity of that natural person,

Explanation: personal data is therefore any information that can identify you as an individual. This is usually data that:

Name
Address
E-mail address
Postal address
Telephone number
Date of birth
Identification number such as social security number, tax identification number, ID card number or student number
Bank data such as account numbers, credit information, account balances and much more.

According to the European Court of Justice, your IP address also counts as personal data. IT professionals can use your IP address to determine at least the approximate location of your device and then you as the connection owner. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called "special categories" of personal data, which also require special protection. These include:

racial and ethnic origin
political views
religious or ideological beliefs
Trade union membership
genetic data, such as data taken from blood or saliva samples
biometric data (this is information about mental, physical or behavioural characteristics that can identify a person). Health
Data on sexual orientation or sex life

Profiling

Definition under Article 4 of the GDPR

For the purposes of this Regulation

profiling: any form of automatic processing of personal data which consists in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements.

Explanation: profiling collects various data about a person to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. For example, web or advertising analytics software collects data about your behaviour and interests on a website. This results in a particular user profile, which can be used to play advertisements specifically for a target audience.

Responsible person

Definition under Article 4 of the GDPR

For the purposes of this Regulation

controller: the the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union or Member State law, the controller or may determine the specific criteria for designating the processing in accordance with Union or Member State law is provided;

Explanation: in our case, we are responsible for the processing of your personal data and therefore "data controller". When we share collected data with other service providers for processing, they are "data processors". For this, a "Data Processing Agreement (DPA)" must be signed.

Final comments

Congratulations! If you're reading these lines, you've really "struggled" through our entire privacy policy, or at least scrolled down to here. As you can see from the scope of our privacy policy, we take the protection of your personal data anything but lightly.It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we do not only want to tell you what data is processed, but also explain the reasons why you use various applications. As a rule, data protection declarations sound very technical and legal. But since most of you are not web developers or lawyers, we also wanted to take a different approach linguistically and explain the facts in a simple and clear language. Of course, this is not always possible because of the subject matter. Therefore, the most important terms are explained in more detail at the end of the Privacy Policy. If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to welcome you back to our site soon.