Privacy Policy

Privacy Policy

Table of Contents

• Introduction and overview
• Scope of application
• Legal bases
• Contact details of the controller
• Storage period
• Rights under the General Data Protection Regulation
• Data transfer to third countries
• Data processing security
• Communication
• Order Processing Agreement (AVV / DPA)
• Cookies
• Website Builder Introduction
• Web Analytics Introduction
• Messenger & Communication Introduction
• Social Media Introduction
• Blogs and Publication Media Introduction
• Affiliate Programs Introduction
• Content Delivery Networks Introduction
• External content
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Payment providers Introduction
• Audio & Video Introduction
• Explanation of terms used
• Closing remarks

Introduction and overview

We have drafted this privacy policy (version 04/10/2025-313064178) to provide you with information in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as data) we, as the controller, and the processors commissioned by us (e.g., providers) process and will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical Terms explained in a reader-friendly way, links to further information are provided and graphics We use this to inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if you provide explanations that are as concise, unclear, and legally technical as possible, as is often the standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you did not know before.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the links provided, and view further information on third-party websites. You will also find our contact details in the legal notice.

Scope of application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy covers:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, view this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex32016R0679 read up on.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the perception of recordings in the public interest and the exercise of public authority, as well as the protection of vital interests, do not generally apply in our case. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (data protection law), in short DSG.
• In Germany applies the Federal Data Protection Act, in short BDSG.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, you will find the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
Easy Tec Solutions
Benedikt Lackmann
In der Huth 13
96158 Frensdorf
Germany

Email: [email protected]

Imprint: https://easytec.tech/en/imprint

Storage period

It is our general policy to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we hereby inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to know whether we process your data. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
  • the purpose for which we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data, if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to have your data corrected, which means that we must correct any data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure (‘right to be forgotten’), which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but may not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 of the GDPR, you have a right to object, which, once enforced, will result in a change in the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing purposes.
  • If data is used for profiling purposes, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling purposes.
• Under Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
• You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible department listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ find. In Germany, each federal state has a data protection officer. For further information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) For our company, the following local data protection authority is responsible:

Bavarian Data Protection Authority

State Commissioner for Data Protection: Prof. Dr. Thomas Petri
Address: Wagmüller Street 18, 80538 Munich
Telephone number: 089/21 26 72-0
Email adress: [email protected]
Website: https://www.datenschutz-bayern.de/index.html.en

Data transfer to third countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is other legal permission to do so. This applies in particular if the processing is required by law or necessary for the fulfilment of a contractual relationship and, in any case, only to the extent that this is generally permitted. In most cases, your consent is the most important reason for us to have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the United States currently only exists if a US company that processes personal data of EU citizens in the United States is an active participant in the EU-US Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will provide you with more detailed information on data transfers to third countries in the relevant sections of this privacy policy, where applicable.

Data processing security

We have implemented both technical and organisational measures to protect personal data. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to derive personal information from our data.

Article 25 GDPR refers to ‘data protection through technology design and data protection-friendly default settings’ and means that security must always be considered and appropriate measures taken for both software (e.g. forms) and hardware (e.g. access to the server room). In the following, we will discuss specific measures where necessary.

TLS encryption with https

TLS, encryption and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transfer of all data from your browser to our web server is secure – no one can ‘eavesdrop’.

This means we have introduced an additional layer of security and comply with data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission security feature by the small padlock symbol. at the top left of the browser, to the left of the internet address (e.g. examplepage.co.uk) and the use of the https scheme (instead of http) as part of our internet address.
If you would like to learn more about encryption, we recommend searching Google for ‘Hypertext Transfer Protocol Secure wiki’ to find useful links to further information.

Communication

Communication Summary 👥 Affected: Anyone who communicates with us by telephone, email or online form Processed data: e.g. telephone number, name, email address, form data entered. You can find more details on this under the respective contact type used. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage period: Duration of the business case and legal requirements ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us and communicate by telephone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your enquiry and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Affected persons

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

Telephone

When you call us, the call data is stored in pseudonymised form on the respective end device and by the telecommunications provider used. In addition, data such as your name and telephone number may be sent by email and stored for the purpose of responding to your enquiry. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Email

When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

When you communicate with us using the online form, data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal bases

The processing of data is based on the following legal grounds:

• Art. 6(1)(a) GDPR (consent): You give us your consent to store your data and use it for purposes related to the business transaction.
• Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the performance of a contract with you or a processor, such as a telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6(1)(f) GDPR (legitimate interests): We want to handle customer enquiries and business communications in a professional manner. This requires certain technical equipment, such as email programmes, exchange servers and mobile phone operators, in order to communicate efficiently.

WPForms Privacy Policy

WPForms Privacy Policy Summary 👥 Persons affected: Persons who use contact forms 🤝 Purpose: Processing contact enquiries and communication 📓 Processed data: Email address, name, IP address, message content 📅 Storage period: Until the request has been processed and statutory deadlines have expired ⚖️ Legal basis: Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interests)

What is WPForms?

We use WPForms Lite to receive enquiries from visitors via contact forms. The data entered is used exclusively for processing and responding to the enquiry. It is not passed on to third parties.

Legal basis

The data is processed for the purpose of implementing pre-contractual measures or fulfilling the contract in accordance with Art. 6(1)(b) GDPR. Our legitimate interest in efficient communication also justifies this. Art. 6(1)(f) GDPR.

WP Mail SMTP Privacy Policy

WP Mail SMTP Privacy Policy Summary 👥 Persons affected: Persons who send us emails via forms or contact functions 🤝 Purpose: Sending emails via a secure SMTP server 📓 Processed data: Email address, IP address, communication content, technical metadata 📅 Storage period: In accordance with statutory retention periods or internal deletion guidelines ⚖️ Legal basis: Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interests)

What is WP Mail SMTP?

We use the WP Mail SMTP plugin to ensure that emails are sent via a secure SMTP server. This ensures that emails are sent reliably and authentically. Depending on the configuration, an external email service provider may be integrated (e.g. Gmail, Brevo, SendGrid).

Legal basis

The data is processed for the purpose of fulfilling the contract in accordance with Art. 6(1)(b) GDPR and on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, to ensure effective communication.

Sending and receiving emails via Gmail: We use the ‘Gmail’ service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to send and receive emails. The data you transmit (e.g. email address, message content) is stored on Google's servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Website: https://mail.google.com; Privacy Policy: https://policies.google.com/privacy; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – efficient and secure communication. Basis for third-country transfers: Data Privacy Framework (DPF).

Order Processing Agreement (AVV / DPA)

In this section, we would like to explain what a data processing agreement is and why it is necessary. Because the term ‘data processing agreement’ is quite a tongue twister, we will often use the acronym DPA in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, known as a data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the DPA.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to the responsible parties, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely, and according to the GDPR definition, any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Affected person (You as a customer or prospective customer) → Responsible person (we as a company and client) → processor (Service providers such as web hosts or cloud providers)

Contents of a data processing agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. First and foremost, this stipulates that the processor shall process the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context, electronic conclusion of the contract is also considered ‘in writing’. Personal data may only be processed on the basis of the contract. The contract must contain the following:

• Commitment to us as the responsible party
• Obligations and rights of the controller
• Categories of data subjects
• Type of personal data
• Nature and purpose of data processing
• Purpose and duration of data processing
• Place of data processing

Furthermore, the contract contains all the obligations of the processor. The most important obligations are:

• Measures to ensure data security
• take all possible technical and organisational measures to protect the rights of the data subject
• to maintain a data processing register
• to cooperate with the data protection supervisory authority upon request
• to carry out a risk assessment in relation to the personal data received
• Sub-processors may only be engaged with the written authorisation of the controller.

You can see what such an AVV looks like in concrete terms at, for example https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html view. A sample contract is presented here.

Cookies

Cookies Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie. Processed data: Depends on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie. 📅 Storage duration: depending on the cookie, can vary from hours to years ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they use HTTP cookies, as there are other types of cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is essentially the ‘brain’ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the ‘user-related’ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other ‘malware’. Cookies cannot access information on your PC.

Cookie data may look like this, for example:

Name: _ga
Value: GA1.2.1326744211.152313064178-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3,000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user adds a product to their shopping basket, then continues browsing other pages and only proceeds to checkout later. These cookies ensure that the shopping basket is not deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and behaviour of the website in different browsers.

Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalised advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which types of cookies you would like to allow. And, of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments der Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise about what data is stored in cookies, but we will inform you about the data processed or stored in the following privacy policy.

Cookie storage period

The storage period depends on the cookie in question and is specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over how long cookies are stored. You can manually delete all cookies at any time via your browser (see also ‘Right to object’ below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, whereby the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether to accept or reject each individual cookie. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term ‘delete cookies Chrome’ or ‘disable cookies Chrome’ if you are using the Chrome browser.

Legal basis

The so-called ‘cookie guidelines’ have been in place since 2009. These stipulate that the storage of cookies is a Consent (Article 6(1)(a) GDPR) requires you to do so. However, there are still very different responses to these guidelines within EU countries. In Austria, however, this guideline was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines have not been implemented as national law. Instead, this directive has largely been implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for this.

If cookies that are not absolutely necessary are used, this will only happen with your consent. The legal basis for this is Art. 6(1)(a) GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software used employs cookies.

Website Builder Introduction

Website construction kit systems Privacy policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimisation of our services Processed data: Data such as technical usage information, including browser activity, clickstream activity, session heat maps, contact details, IP address, or your geographical location. More details can be found further down in this privacy policy and in the providers' privacy policies. 📅 Storage period: depends on the provider ⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests), Art. 6(1)(a) GDPR (consent)

What are website builder systems?

We use a website construction kit system for our website. Construction kit systems are special forms of content management systems (CMS). With a construction kit system, website operators can create a website very easily and without any programming knowledge. In many cases, web hosts also offer modular systems. By using a modular system, your personal data may also be collected, stored and processed. In this privacy policy, we provide you with general information about data processing by modular systems. For more detailed information, please refer to the provider's privacy policy.

Why do we use website builder systems for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple and well-structured website that we can easily operate and maintain ourselves, without external support. Modular systems now offer many helpful functions that we can use even without programming knowledge. This allows us to design our website according to our wishes and offer you an informative and enjoyable experience on our website.

What data is stored by a modular system?

Exactly which data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit is usually collected. Tracking data (e.g. browser activity, clickstream activities, session heat maps, etc.) may also be processed. In addition, personal data may also be collected and stored. This usually includes contact details such as your email address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly what data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website construction system used, provided we have further information on this. You will find detailed information on this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own criteria, over which we have no influence.

Right of objection

You always have the right to access, correct and delete your personal data. If you have any questions, you can also contact the responsible party for the website template system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal basis

We have a legitimate interest in using a website construction kit system to optimise our online service and present it to you in an efficient and user-friendly manner. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use the construction kit if you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis for this is Art. 6(1)(a) GDPR.

This privacy policy provides you with the most important general information about data processing. If you would like more detailed information on this subject, you will find further information – if available – in the following section or in the provider's privacy policy.

Elementor Privacy Policy

Elementor Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Presentation, design, and management of website content 📓 Verarbeitete Daten: IP-Adresse, technische Geräteinformationen, Nutzungsdaten (z. B. Zeitpunkt und Dauer des Zugriffs), ggf. Inhaltsdaten bei Formularnutzung 📅 Storage period: Until the purpose has been fulfilled or in accordance with statutory retention obligations ⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests), where applicable Art. 6(1)(a) GDPR (consent)

What is Elementor?

We use the plugin on our website Elementor, a website builder system for WordPress. The provider is Elementor Ltd., 8 THE GRN STE A, Dover, DE 19901, USA. With the help of Elementor, we can design, customize, and visually display content on our website without having to program it manually. Elementor also allows us to integrate specific design features, forms, and interactive elements.

Why do we use Elementor on our website?

We use Elementor to make our website technically and visually appealing. The plugin is used to efficiently manage and customize our content and present it in a user-friendly way. Certain features of Elementor may load external resources (e.g., Google Fonts, YouTube videos, or map content) to optimize the display. In doing so, your IP address may be transmitted to the respective external servers.

What data is processed?

Elementor itself does not process any personal data from website visitors as long as no widgets or integrations with external resources are used. Depending on the configuration and functions used, the following data may be processed:

• IP address of the website visitor
• Date and time of page view
• Device information (e.g., browser type, operating system, screen resolution)
• Content data, if applicable (e.g., for forms or interactive elements)

If external resources (e.g., Google Fonts, YouTube, Maps) are used, the privacy policy of the respective provider also applies.

Legal basis

The use of Elementor is based on our legitimate interests in accordance with Art. 6(1)(f) GDPR a modern, functional, and user-friendly website. If consent is required for individual functions (e.g., loading external content), data processing is based on your consent in accordance with Art. 6(1)(a) GDPR.

Data transfer to third countries

Elementor Ltd. is based in the United States. Personal data may be transferred to the United States when using Elementor Cloud features or services. The data transfer is based on the EU–US Data Privacy Framework (DPF) and, in addition, the Standard contractual clauses (Art. 46(2) and (3) GDPR).

Service provider and privacy policy

Service provider: Elementor Ltd., 8 THE GRN STE A, Dover, DE 19901, USA
Website: https://elementor.com
Privacy Policy: https://elementor.com/about/privacy/

Order Processing Agreement (AVV / DPA)

Where necessary, we have concluded a data processing agreement (DPA) with Elementor in accordance with Art. 28 GDPR. This ensures that Elementor processes personal data exclusively in accordance with our instructions and guarantees the protection of your data in accordance with the GDPR.

Elementor Essential Addons Privacy Policy

Elementor Essential Addons Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Design and functional enhancement of the website using Elementor widgets 📓 Verarbeitete Daten: IP-Adresse, technische Geräteinformationen, ggf. Daten zu eingebetteten Inhalten (z. B. Google Maps, YouTube, Lottie-Dateien) 📅 Storage period: Until the purpose is fulfilled (display and provision of content) ⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests), where applicable Art. 6(1)(a) GDPR (consent)

What is Essential Addons for Elementor?

We use the WordPress plugin “Essential Addons for Elementor” on our website. This is an extension of the Elementor page builder, developed by WPDeveloper, House 152, Road 11, Block E, Banani, Dhaka, Bangladesh. This plugin allows additional design elements and functions (widgets) to be integrated into the website.

Why do we use Essential Addons?

We use Essential Addons to enhance the functionality of our website and make it more visually appealing. Some widgets may load external resources (e.g., Google Fonts, YouTube videos, Google Maps, or animations). In these cases, technical information such as your IP address is transmitted to the respective third-party provider so that the content can be displayed in your browser.

What data is processed?

Depending on the widget used, the following data may be processed:

• Visitor's IP address
• Date and time of page view
• Technical information (e.g., browser type, operating system)
• If applicable, information about interactions with embedded content

If you activate external content (e.g., YouTube, Google Maps, Lottie), the privacy policy of the respective third-party provider also applies.

Legal basis

The use of Essential Addons for Elementor is based on our legitimate interests in accordance with Art. 6(1)(f) GDPRas we have a legitimate interest in a modern, technically optimized, and user-friendly website. If external content is loaded via widgets, this will only take place with your consent in accordance with Art. 6(1)(a) GDPR.

Service provider and privacy policy

Service provider: WPDeveloper, House 152, Road 11, Block E, Banani, Dhaka, Bangladesch
Website: https://wpdeveloper.com
Privacy Policy: https://wpdeveloper.com/privacy-policy/

WordPress.com Privacy Policy

WordPress.com Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimisation of our services Processed data: Data such as technical usage information, including browser activity, clickstream activity, session heat maps, contact details, IP address, or your geographical location. More details can be found further down in this privacy policy. 📅 Storage period: This depends primarily on the type of data stored and the specific settings. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was founded in 2003 and quickly became one of the best-known content management systems (CMS) worldwide. A CMS is a piece of software that helps us design our website and present content in an attractive and organised way. The content can be text, audio or video.
By using WordPress, your personal data may also be collected, stored and processed. As a rule, mainly technical data such as operating system, browser, screen resolution or hosting provider is stored. However, personal data such as IP address, geographical data or contact details may also be processed.

Why do we use WordPress on our website?

We have many strengths, but real programming is simply not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. With a website builder or content management system such as WordPress, this is exactly what we can do. With WordPress, we don't need to be programming experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily, even without any prior technical knowledge. If technical problems arise or we have special requests for our website, we still have our specialists who are at home with HTML, PHP, CSS and the like.

Thanks to WordPress's ease of use and comprehensive features, we can design our website according to our preferences and offer you a user-friendly experience.

What data is processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activity, session heat maps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet service provider, and date of page visit.

In addition, personal data is also collected. This primarily includes contact details (e-mail address or telephone number, if you provide them), IP address or your geographical location.

WordPress may also use cookies to collect data. These often collect data about your behaviour on our website. For example, it may record which subpages you particularly like to view, how long you stay on individual pages, when you leave a page (bounce rate) or which preferences (e.g. language selection) you have set. Based on this data, WordPress can also better tailor its own marketing measures to your interests and user behaviour. The next time you visit our website, it will therefore be displayed to you as you have previously set it up.

WordPress may also use technologies such as pixel tags (web beacons) to clearly identify you as a user and potentially offer interest-based advertising.

How long and where is the data stored?

How long the data is stored depends on various factors. It depends primarily on the type of data stored and the specific settings of the website. In principle, WordPress deletes data when it is no longer needed for its own purposes. There are, of course, exceptions, especially if legal obligations require the data to be stored for longer. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyse traffic on its own websites (e.g. all WordPress sites) and to resolve any issues. Deleted content on WordPress websites is also stored in the recycle bin for 30 days to allow for recovery, after which it may remain in backups and caches until they are deleted. The data is stored on Automattic's American servers.

How can I delete my data or prevent data storage?

You have the right and the opportunity to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a state supervisory authority at any time.

You also have the option of managing, deleting or deactivating cookies individually in your browser. Please note, however, that deactivated or deleted cookies may have a negative impact on the functionality of our WordPress site. Depending on which browser you use, managing cookies works slightly differently. Under the ‘Cookies’ section, you will find the relevant links to the respective instructions for the most popular browsers.

Legal basis

If you have consented to the use of WordPress, this consent forms the legal basis for the corresponding data processing. According to Art. 6(1)(a) GDPR (consent), this consent forms the legal basis for the processing of personal data as may occur during collection by WordPress.

We also have a legitimate interest in using WordPress to optimise our online service and present it to you in an attractive way. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use WordPress if you have given your consent.

WordPress and Automattic also process your data in the United States, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the United States. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Automattic also uses standard contractual clauses (SCCs) (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the standard contractual clauses, Automattic undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

For more details on the privacy policy and what data is processed by WordPress and how, please visit https://automattic.com/privacy/.

Data processing agreement (DPA) WordPress.com

We have concluded a data processing agreement (DPA) with WordPress.com in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section ‘Data Processing Agreement (DPA)’.

This contract is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data received from us in accordance with our instructions and must comply with the GDPR. The link to the data processing agreement (DPA) can be found at https://wordpress.com/support/data-processing-agreements/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimise the website. Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. More details can be found in the respective web analytics tool used. 📅 Storage period: depending on the web analytics tool used ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are web analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website and made available to us as the website operator. In addition, most tools offer various testing options. This allows us to test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content while also ensuring that you feel completely at home on our website. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our website for you and us accordingly. For example, we can see the average age of our visitors, where they come from, when our website is most visited, and which content or products are particularly popular. All this information helps us to optimize the website and thus tailor it to your needs, interests, and wishes.

What data is processed?

Exactly which data is stored depends, of course, on the analysis tools used. However, as a rule, the following information is stored: what content you view on our website, which buttons or links you click on, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you use. If you have agreed to the collection of location data, this data may also be processed by the web analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymized form (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored in pseudonymized form. This means that you cannot be identified as an individual.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, as in the case of accounting, for example, this storage period may be exceeded.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as may occur when it is collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering both technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Matomo: Matomo is software used for web analysis and reach measurement purposes. When Matomo is used, cookies are generated and stored on the user's device. The user data collected when Matomo is used is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6(1)(a) GDPR). Deletion of data: The cookies have a maximum storage period of 13 months.

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Contact requests and general communication between us and you Processed data: Data such as name, address, email address, phone number, general content data, IP address if applicable You can find more details on this in the respective tools used. 📅 Storage period: depends on the messenger and communication functions used ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests), Art. 6(1)(b) GDPR (contractual or pre-contractual obligations)

What are messenger and communication functions?

We offer various options on our website (such as messenger and chat functions, online or contact forms, email, telephone) for communicating with us. Your data will also be processed and stored to the extent necessary to respond to your inquiry and take any subsequent action.

In addition to traditional means of communication such as email, contact forms, and telephone, we also use chat and messenger services. The most commonly used messenger service at present is WhatsApp, but there are of course many different providers offering messenger services specifically for websites. If content is end-to-end encrypted, this will be indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Why do we use messenger and communication functions?

Communication channels with you are very important to us. After all, we want to talk to you and answer any questions you may have about our service in the best possible way. Effective communication is an important part of our service. With our practical messenger and communication functions, you can choose your preferred method at any time. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In such cases, we recommend other communication options such as email or telephone.

We generally assume that we remain responsible for data protection even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will indicate this separately and work on the basis of a relevant agreement. The essence of the agreement is reproduced below for the platform concerned.

Please note that when using our built-in elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may mean that you are no longer able to assert or enforce your rights with regard to your personal data as easily.

What data is processed?

The exact data that is stored and processed depends on the respective provider of the messenger and communication functions. Generally, this includes data such as your name, address, telephone number, email address, and content data such as all information you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger and communication function is also stored on the providers' servers.

If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.

How long is data stored?

How long the data is processed and stored depends primarily on the tools we use. You can find out more about data processing for each tool below. The providers' privacy policies usually specify exactly which data is stored and processed and for how long. As a rule, personal data is only processed for as long as is necessary to provide our services. When data is stored in cookies, the storage period varies greatly. The data may be deleted immediately after leaving a website, but it may also remain stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the privacy policies of the individual providers.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. For further information, please refer to the section on consent.

Since cookies may be used for messenger and communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated messenger and communication functions, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). We process your request and manage your data within the scope of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to respond to inquiries. The basis for this is Art. 6(1)(b) GDPR. In principle, your data will also be processed on the basis of our legitimate interest if you have given your consent. (Art. 6 para. 1 lit. f GDPR) stored and processed for the purpose of fast and effective communication with you or other customers and business partners.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising 📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address. You can find more details on this in the respective social media tool. 📅 Storage period: depends on the social media platforms used ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a social button on our website and are redirected directly to our social media presence. Social media refers to websites and apps through which registered members can produce content, exchange content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to bring our products and services closer to potential customers. The social media elements integrated into our website help you switch to our social media content quickly and easily.

The data stored and processed through your use of a social media channel is primarily used for the purpose of performing web analytics. The aim of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customized advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible for data protection even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will indicate this separately and work on the basis of a relevant agreement. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may mean that you are no longer able to assert or enforce your rights with regard to your personal data as easily.

What data is processed?

The exact data that is stored and processed depends on the respective provider of the social media platform. However, it usually includes data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the company's privacy policy. If you have any questions about data storage and data processing or want to assert your rights in this regard, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. If required by law, as in the case of accounting, for example, this storage period may be exceeded.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest if you have given your consent. (Art. 6 para. 1 lit. f GDPR) stored and processed for the purpose of fast and effective communication with you or other customers and business partners. However, we only use these tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information on specific social media platforms can be found in the following sections, where available.

Instagram privacy policy

Instagram privacy policy summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimisation of our services 📓 Processed data: Data such as user behavior data, information about your device, and your IP address. You can find more details on this below in the privacy policy. 📅 Storage period: until Instagram no longer needs the data for its purposes ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram features into our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos, or videos from Instagram directly on our website. When you visit pages on our website that have an Instagram feature integrated, data is transmitted to Instagram, stored, and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

Below, we will give you a more detailed insight into why Instagram collects data, what data it collects, and how you can largely control data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information from the Instagram guidelines on the one hand, but also from the Meta privacy policy itself on the other.

Instagram is one of the most popular social media networks worldwide. Instagram combines the advantages of a blog with those of audiovisual platforms such as YouTube or Vimeo. On “Insta” (as many users casually refer to the platform), you can upload photos and short videos, edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And, of course, we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why it goes without saying that we want to present our content in a varied way. The embedded Instagram features allow us to enrich our content with helpful, funny, or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be used for personalized advertising on Facebook. This ensures that our ads only reach people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarized statistics, which give us more insight into your preferences and interests. It is important to note that these reports do not identify you personally.

What data does Instagram store?

When you visit one of our pages that has Instagram features (such as Instagram images or plug-ins), your browser automatically connects to Instagram's servers. Data is sent to Instagram, stored, and processed, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see, and how you use our services. The date and time of your interaction with Instagram is also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is also the case with Instagram. Customer data includes, for example, name, address, telephone number, and IP address. This customer data will only be transmitted to Instagram once it has been “hashed.” Hashing means that a data record is converted into a character string. This allows the contact details to be encrypted. In addition, the above-mentioned “event data” is also transmitted. Facebook—and consequently Instagram—understands “event data” to mean data about your user behavior. It is also possible that contact data may be combined with event data. The contact data collected is compared with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram features you use and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing on Instagram works the same way as on Facebook. This means that if you have an Instagram account or www.instagram.com have visited, Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. After 90 days at the latest (after reconciliation), this data is deleted or anonymized. Although we have dealt extensively with Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

Below, we show you the cookies that are set in your browser at a minimum when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent requests from being forged. However, we were unable to find out any more details.
Expiry date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers both on and off Instagram. The cookie assigns a unique user ID.
Expiry date: after the meeting

Name: fbsr_313064178124024
Value: no information
Purpose: This cookie stores the log-in request for users of the Instagram app.
Expiry date: after the meeting

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the meeting

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe313064178”
Purpose: This cookie is used for Instagram's marketing purposes.
Expiry date: after the meeting

Notice: We cannot claim to be exhaustive here. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with around the world. Data processing is carried out in accordance with its own data policy. For security reasons, among other things, your data is distributed across Facebook servers around the world. Most of these servers are located in the US.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, transfer, correct, and delete your data. You can manage your data in your Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

Here's how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on “Help Center.” You will now be taken to the company's website. On the website, click on “Manage your account” and then on “Delete your account.”

If you delete your account completely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate, or delete these cookies in your browser. Depending on your browser, the management process works slightly differently. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

You can also set your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) stored and processed for the purpose of fast and effective communication with you or other customers and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Instagram also processes your data in the USA, among other places. Instagram and Meta Platforms are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the US) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Instagram undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

We have tried to provide you with the most important information about data processing by Instagram. On https://privacycenter.instagram.com/policy/ you can take a closer look at Instagram's data policies.

Blogs and Publication Media Introduction

Blogs and Publication Media Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Presentation and optimization of our services, communication between website visitors, security measures, and administration 📓 Processed data: Data such as contact details, IP address, and published content. You can find more details on this under the tools used. 📅 Storage period: depends on the tools used ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests), Art. 6(1)(b) GDPR (contract)

What are blogs and publication media?

We use blogs and other means of communication on our website to communicate with you and for you to communicate with us. In doing so, we may also store and process data about you. This may be necessary in order to display content appropriately, ensure communication works properly, and increase security. Our privacy policy provides general information about which of your data may be processed. Exact details of data processing always depend on the tools and functions used. You can find detailed information about data processing in the privacy policies of the individual providers.

Why do we use blogs and publication media?

Our main goal with our website is to offer you interesting and exciting content, and at the same time, your opinions and content are also important to us. That's why we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. For example, you can write comments on our content, comment on other comments, or in some cases even write your own posts.

What data is processed?

The exact data processed always depends on the communication functions we use. Very often, the IP address, user name, and published content are stored. This is primarily done to ensure security, prevent spam, and take action against illegal content. Cookies may also be used for data storage. These are small text files that are stored in your browser with information. You can find more details about the data collected and stored in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, post and comment functions store data until you revoke your consent to data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may also be used in publication media, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

We use the means of communication primarily on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers, business partners, and visitors. Insofar as the use serves the purpose of processing contractual relationships or initiating them, the legal basis is also Art. 6 (1) (b) GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or message functions, require your consent. If and to the extent that you have consented to your data being processed and stored by integrated publication media, this consent shall serve as the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the communication functions we use set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information about special tools can be found in the following sections, if available.

Blog posts and comment functions Privacy policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or write posts. If you use this function, your IP address may be stored for security reasons. This protects us from illegal content such as insults, unauthorized advertising, or prohibited political propaganda. In order to identify whether comments are spam, we may also store and process user information on the basis of our legitimate interest. If we launch a survey, we also store your IP address for the duration of the survey so that we can ensure that all participants only vote once. Cookies may also be used for storage purposes. All data that we store about you (such as content or information about you) will remain stored until you object.

Affiliate Programs Introduction

Affiliate Programs Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: economic success and optimization of our services. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage period: personal data is usually stored by partner programs until it is no longer needed. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are affiliate programs?

We use affiliate programs from various providers on our website. When you use an affiliate program, your data may be transferred to, stored, and processed by the respective affiliate program provider. In this privacy policy, we provide you with a general overview of data processing by affiliate programs and show you how you can prevent or revoke data transfer. Every affiliate program is based on the principle of commission. A link or advertisement with a link is placed on our website, and if you are interested and click on it and purchase a product or service in this way, we receive a commission (advertising cost reimbursement).

Why do we use affiliate programs on our website?

Our goal is to provide you with an enjoyable experience and lots of helpful content. To achieve this, we invest a great deal of time and effort into developing our website. Partner programs enable us to earn a small amount of money for our work. Every partner link is, of course, always related to our topic and shows offers that may be of interest to you.

What data is processed?

In order to track whether you have clicked on a link provided by us, the affiliate program provider must know that it was you who followed the link via our website. This means that the affiliate program links used must be correctly assigned to the following actions (business transaction, purchase, conversion, impression, etc.). Only then can the commissions be calculated correctly.

To ensure that this assignment works, a value can be attached to a link (in the URL) or information can be stored in cookies. This stores information such as which page you came from (referrer), when you clicked on the link, an identifier for our website, which offer is involved, and a user ID.

This means that as soon as you interact with the products and services of an affiliate program, that provider also collects data from you. Exactly what data is stored depends on the individual providers. For example, the Amazon affiliate program distinguishes between active and automatic information. Active information includes your name, email address, phone number, age, payment information, and location information. In this case, automatically stored information includes user behavior, IP address, device information, and URL.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, personal data is only processed for as long as is necessary to provide the services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years unless they are actively deleted. The exact duration of data processing depends on the provider used, but in most cases you should expect a storage period of several years. You can usually find detailed information about the duration of data processing in the respective privacy policies of the individual providers.

Right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party at the affiliate program provider at any time. You can find contact details either in our specific privacy policy or on the website of the relevant provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways.

Legal basis

If you have consented to the use of partner programs, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by an affiliate program.

We also have a legitimate interest in using an affiliate program to optimize our online service and marketing activities. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we will only use the partner program if you have given your consent.

Information on special partner programs, if available, can be found in the following sections.

Meetergo affiliate program: We participate in the partner program of meetergo GmbH, through which commissions can be earned for qualified actions or leads. Meetergo may use cookies or similar technologies for tracking purposes. Service provider: meetergo GmbH, Im Mediapark 5, 50670 Cologne, Germany; Website: https://www.meetergo.com; Privacy Policy: https://meetergo.com/en/data-privacy; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Amazon Partner Program Privacy Policy

Amazon Affiliate Program Privacy Policy Summary 👥 Affected parties: Visitors to the website and YouTube 🤝 Purpose: economic success and optimization of our services. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage period: personal data is stored by Amazon until it is no longer needed. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is the Amazon Affiliate Program?

We use the Amazon affiliate program from Amazon.com, Inc. on our website. The responsible parties in terms of the privacy policy are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Services Europe S.à.r.l., and Amazon Media EU S.à.r.l., all four located at 5, Rue Plaetis, L-2338 Luxembourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, acts as the data processor. By using this Amazon affiliate program, your data may be transferred to Amazon, stored, and processed.

In this privacy policy, we inform you about what data is involved, why we use the program, and how you can manage or prevent data transmission.

The Amazon Partner Program is an affiliate marketing program run by the online mail order company. Amazon.comLike any affiliate program, the Amazon affiliate program is based on the principle of referral commission. Amazon or we place advertisements or affiliate links on our website, and if you click on them and purchase a product through Amazon, we receive a marketing reimbursement (commission).

Why do we use the Amazon affiliate program on our website?

Our goal is to provide you with an enjoyable experience and lots of helpful content. To achieve this, we put a lot of work and energy into developing our website. With the help of the Amazon affiliate program, we are able to earn a little money for our work. Every affiliate link to Amazon is, of course, always related to our topic and shows offers that may be of interest to you.

What data is stored by the Amazon affiliate program?

As soon as you interact with Amazon's products and services, Amazon collects data from you. Amazon distinguishes between information that you actively provide to the company and information that is automatically collected and stored. “Active information” includes, for example, your name, email address, telephone number, age, payment information, and location information. So-called “automatic information” is primarily stored via cookies. This includes information about user behavior, IP address, device information (browser type, location, operating systems), and the URL. Amazon also stores the clickstream. This refers to the path (sequence of pages) that you, as a user, take to get to a product. Amazon also stores cookies in your browser to track the origin of an order. This allows the company to recognize that you clicked on an Amazon advertisement or affiliate link via our website.

If you have an Amazon account and are logged in while browsing our website, the data collected may be assigned to your account. You can prevent this by logging out of Amazon before browsing our website.

Here we show you examples of cookies that are set in your browser when you click on an Amazon link on our website.

Name: uid
Value: 3230928052675285215313064178-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiry date: after two months

Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com and is used by the company for various advertising purposes.
Expiry date: after eight months

Name: uuid2
Value: 8965834524520213028313064178-2
Purpose: This cookie enables targeted and interest-based advertising via the AppNexus platform. The cookie collects and stores anonymous data via the IP address, such as which advertisements you have clicked on and which pages you have visited.
Expiry date: after three months

Name: session-id
Value: 262-0272718-2582202313064178-1
Purpose: This cookie stores a unique user ID that the server assigns to you for the duration of a website visit (session). If you visit the same page again, the information stored in it will be retrieved.
Expiry date: after 15 years

Name: APID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information about how you use a website and which advertisements you viewed before visiting the website.
Expiry date: after one year

Name: session-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie tracks the time you spend on a website using a unique cookie ID.
Expiry date: after 2 years

Name: csm-hit
Value: 2082754801l
Purpose: We were unable to obtain precise information about this cookie.
Expiry date: after 15 years

Notice: Please note that this list only shows examples of cookies and is not exhaustive.

Amazon uses this information to tailor advertisements more precisely to users' interests.

How long and where is the data stored?

Personal data is stored by Amazon for as long as it is necessary for Amazon's business services or for legal reasons. Since Amazon is headquartered in the US, the data collected is also stored on American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have an Amazon account, you can manage or delete much of the data collected in your account.

Your browser offers another option for managing data processing and storage by Amazon according to your preferences. There you can manage, deactivate, or delete cookies. This works a little differently for each browser. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

Legal basis

If you have consented to the use of the Amazon affiliate program, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as may occur when it is collected by the Amazon affiliate program.

We also have a legitimate interest in using the Amazon affiliate program to optimize our online service and marketing activities. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests)However, we only use the Amazon affiliate program if you have given your consent.

Amazon also processes your data in the US, among other places. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the US. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Amazon uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the US) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Amazon undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

The Amazon data processing terms (AWS GDPR DATA PROCESSING), which comply with the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have provided you with the most important information about data transfer through the use of the Amazon affiliate program. For more information, please visit https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010.

Content Delivery Networks Introduction

Content Delivery Networks Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimizing our service (to enable the website to load faster) 📓 Processed data: Data such as your IP address You can find more details below and in the individual data protection texts. 📅 Storage period: In most cases, data is stored until it is no longer needed to fulfill the service. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is a content delivery network?

We use a content delivery network on our website. Such networks are usually referred to as CDNs. A CDN helps us to load our website quickly and smoothly, regardless of your location. In doing so, your personal data is also stored, managed, and processed on the servers of the CDN provider used. Below, we provide more general information about the service and its data processing. You can find detailed information about how your data is handled in the provider's privacy policy.

Every content delivery network (CDN) is a network of regionally distributed servers that are all connected to each other via the Internet. This network allows website content (especially very large files) to be delivered quickly and smoothly, even during peak load times. The CDN creates a copy of our website on your servers for this purpose. Since these servers are distributed worldwide, the website can be delivered quickly. Data transfer to your browser is therefore significantly reduced by the CDN.

Why do we use a content delivery network for our website?

A fast-loading website is part of our service. We know how annoying it is when a website loads at a snail's pace. Most of the time, you lose patience and leave before the website has finished loading. Of course, we want to avoid that. That's why a fast-loading website is a natural part of our website offering. With a content delivery network, our website loads much faster in your browser. The use of CDNs is particularly helpful when you are abroad, because the website is delivered from a server near you.

What data is processed?

When you request a website or website content that is cached in a CDN, the CDN forwards the request to the server closest to you, which then delivers the content. Content delivery networks are designed so that JavaScript libraries can be downloaded and hosted on npm and Github servers. Alternatively, most CDNs also allow WordPress plugins to be loaded if they are hosted on WordPress.org Your browser may send personal data to the content delivery network we use. This includes data such as your IP address, browser type, browser version, which website is being loaded, or the time and date of your visit to the site. This data is collected and stored by the CDN. Whether cookies are used for data storage depends on the network used. Please read the privacy policy of the respective service for more information.

Right of objection

If you want to completely prevent this data transfer, you can use a JavaScript blocker (see, for example, https://noscript.net/) on your PC. Of course, our website will then no longer be able to offer the usual service (such as fast loading speeds).

Legal basis

If you have consented to the use of a content delivery network, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by a content delivery network.

We also have a legitimate interest in using a content delivery network to optimize our online service and make it more secure. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the tool if you have given your consent.

Information on specific content delivery networks can be found in the following sections, if available.

Cloudflare Privacy Policy

Cloudflare Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimizing our service (to enable the website to load faster) 📓 Processed data: Data such as IP address, contact and log information, security fingerprints, and performance data for websites You can find more details on this further down in this privacy policy. 📅 Storage period: in most cases, the data is stored for less than 24 hours. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Cloudflare?

We use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that offers a content delivery network and various security services. These services are located between the user and our hosting provider. We will try to explain exactly what this means in more detail below.

A content delivery network (CDN), such as the one provided by Cloudflare, is nothing more than a network of connected servers. Cloudflare has distributed such servers around the world to bring websites to your screen faster. Simply put, Cloudflare creates copies of our website and places them on its own servers. When you visit our website, a load balancing system ensures that the largest parts of our website are delivered from the server that can display our website to you the fastest. The distance of data transmission to your browser is significantly shortened by a CDN. This means that the content of our website is not only delivered to you by Cloudflare from our hosting server, but from servers all over the world. The use of Cloudflare is particularly helpful for users from abroad, as the page can be delivered from a nearby server. In addition to fast website delivery, Cloudflare also offers various security services, such as DDoS protection and a web application firewall.

Why do we use Cloudflare on our website?

Of course, we want to offer you the best possible service with our website. Cloudflare helps us make our website faster and more secure. Cloudflare provides us with both web optimizations and security services, such as DDoS protection and web firewall. This also includes a Reverse-Proxy and the content delivery network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centers and blocking spam software, Cloudflare enables us to reduce our bandwidth usage by about 60%. Delivering content via a data center near you and performing some web optimizations there reduces the average loading time of a website by about half. According to Cloudflare, the “I'm Under Attack Mode” setting can mitigate further attacks by displaying a JavaScript calculation task that must be solved before a user can access a website. Overall, this makes our website significantly more powerful and less vulnerable to spam or other attacks.

What data does Cloudflare process?

Cloudflare generally only forwards data that is controlled by website operators. This means that the content is not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data that we send or for which Cloudflare has received corresponding instructions. In most cases, Cloudflare receives data such as IP addresses, contact and log information, security fingerprints, and performance data for websites. Log data helps Cloudflare identify new threats, for example. This enables Cloudflare to ensure a high level of security for our website. Cloudflare processes this data in accordance with applicable laws as part of its services. This naturally includes the General Data Protection Regulation (GDPR). Cloudflare also works with third-party providers. These providers may only process personal data on the instructions of Cloudflare and in accordance with data protection guidelines and other confidentiality and security measures. Cloudflare does not disclose any personal data without our explicit consent.

How long and where is the data stored?

Cloudflare stores your information primarily in the United States and the European Economic Area. Cloudflare may transfer and access the information described above from anywhere in the world. In general, Cloudflare stores user-level data for Free, Pro, and Business domains for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data may be stored for up to 7 days. However, if IP addresses trigger security alerts at Cloudflare, there may be exceptions to the storage period listed above.

How can I delete my data or prevent data storage?

Cloudflare only retains data logs for as long as necessary, and in most cases, this data is deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is some information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and identify any security risks. You can see exactly which permanent logs are stored at https://www.cloudflare.com/application/privacypolicy/ All data collected by Cloudflare (temporary or permanent) is purged of all personal information. All permanent logs are also anonymized by Cloudflare.

Cloudflare states in its privacy policy that it is not responsible for the content it receives. For example, if you ask Cloudflare to update or delete your content, Cloudflare will always refer you to us as the website operator. You can also completely prevent Cloudflare from collecting and processing your data by disabling the execution of script code in your browser or by integrating a script blocker into your browser.

Legal basis

If you have consented to the use of Cloudflare, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as may occur when collected by Cloudflare.

We also have a legitimate interest in using Cloudflare to optimize our online service and make it more secure. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use Cloudflare if you have given your consent.

Cloudflare also processes your data in the United States, among other places. Cloudflare is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the United States. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Cloudflare also uses standard contractual clauses (SCCs) (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Cloudflare undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us.

For more information about the standard contractual clauses and data processed through the use of Cloudflare, please refer to the privacy policy at https://www.cloudflare.com/privacypolicy/.

Data Processing Agreement (DPA) Cloudflare

We have concluded a data processing agreement (DPA) with Cloudflare in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section “Data Processing Agreement (DPA)”.

This agreement is required by law because Cloudflare processes personal data on our behalf. It clarifies that Amazon Web Cloudflare may only process data received from us in accordance with our instructions and must comply with the GDPR. The link to the data processing agreement (DPA) can be found at https://www.cloudflare.com/cloudflare-customer-dpa/.

External content

Status page integration Privacy policy

Status page Privacy policy Summary 👥 Persons affected: Visitors to our website 🤝 Purpose: Display of system status information 📓 Processed data: IP address, browser information, operating system, referrer URL, timestamp 📅 Storage period: In accordance with the service provider's guidelines ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Statuspage integration?

We embed a JavaScript snippet to display the current system status of our services. This service is provided by Atlassian Pty Ltd, Level 6, 341 George Street, Sydney, NSW 2000, Australia. When the status page is loaded, technical information such as IP address and browser data is transmitted to Atlassian.

Legal basis

Use is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR, to inform our users about system availability.

More information

For more information, please refer to Atlassian's privacy policy at: https://www.atlassian.com/legal/privacy-policy.

WordPress Emojis Privacy Policy

WordPress Emojis Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Displaying emojis and symbols on different devices 📓 Verarbeitete Daten: Technische Daten wie IP-Adresse und Browser-Informationen, die zum Abrufen der Emoji-Dateien erforderlich sind 📅 Storage period: Not specified by WordPress.org, usually until the purpose is fulfilled ⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

What are WordPress emojis?

Our website uses emojis (small symbols or pictograms) to make content more visually appealing. These emojis are provided by WordPress, an open-source content management system from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

To ensure that emojis are displayed correctly on all devices, WordPress loads a small JavaScript file from the servers under the domain s.w.org (WordPress.org server). This call may transmit your IP address to WordPress.org.

Why do we use WordPress emojis?

We use emojis to make our website more user-friendly and visually appealing. Data is transferred to WordPress.org solely for the technical purpose of displaying emoji graphics. No other personal data is stored or linked to other services.

What data is processed?

When the emoji files are retrieved, the following data is transmitted:

• Visitor's IP address
• Date and time of retrieval
• URL of the retrieved file
• Browser type and version
• Visitor's operating system

This data is used exclusively for the provision of emojis and is not processed further.

Legal basis

The use of the WordPress emoji function is based on our legitimate interests in accordance with Art. 6(1)(f) GDPRas we have a legitimate interest in ensuring that our website functions properly and is presented in an appealing manner.

More information

For more information on data processing by WordPress, please refer to Automattic's privacy policy: https://automattic.com/privacy/

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Processed data: Data for managing cookie settings, such as IP address, time of consent, type of consent, individual consents. More details can be found in the respective tool used. 📅 Storage period: Depends on the tool used; you should expect storage periods of several years. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is a cookie consent management platform?

We use consent management platform (CMP) software on our website, which makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with the cookie consent required by data protection law, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as clearly as possible about all tools and cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with information about them in accordance with the GDPR. You can then accept or reject cookies via the consent system.

What data is processed?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we do not have to ask you for it every time you visit our website and so that we can prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (such as pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years. The exact duration of data processing depends on the tool used, but in most cases you should expect a storage period of several years. The respective privacy policies of the individual providers usually provide detailed information about the duration of data processing.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

We use CookieYesto manage all cookies. If you wish to change your decision, you can do so here: [cookieyes]
Types of data processed: Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, persons involved).
Affected persons: Users (e.g., website visitors, users of online services).
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Legal basis

If you agree to cookies, personal data about you will be processed and stored via these cookies. If we Consent (Article 6(1)(a) GDPR) Cookies may be used, this consent also constitutes the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which is a legitimate interest (Article 6(1)(f) GDPR).

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Cybersecurity Processed data: Data such as your IP address, name, or technical data such as browser version You can find more details below and in the individual data protection texts. 📅 Storage period: In most cases, data is stored until it is no longer needed to fulfill the service. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is security and anti-spam software?

With security and anti-spam software, you and we can protect ourselves from various spam or phishing emails and other possible cyberattacks. Spam refers to unsolicited advertising emails sent in bulk. Such emails are also known as junk mail and can incur costs. Phishing emails, on the other hand, are messages that aim to build trust through fake messages or websites in order to obtain personal data. Anti-spam software usually protects against unwanted spam messages or malicious emails that could introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We place particular emphasis on security on our website. After all, it's not just about our security, but above all about yours. Unfortunately, cyber threats have become part of everyday life in the world of IT and the internet. Hackers often use cyber attacks to try to steal personal data from IT systems. That's why a good defense system is absolutely essential. A security system monitors all incoming and outgoing connections to our network and computers. In order to achieve even greater security against cyber attacks, we use additional external security services in addition to the standardized security systems on our computers. This better prevents unauthorized data traffic and protects us from cybercrime.

What data is processed by security and anti-spam software?

The exact data collected and stored depends, of course, on the service in question. However, we always endeavor to use only programs that collect data very sparingly or only store data that is necessary for the performance of the service offered. In principle, the service may store data such as name, address, IP address, email address, and technical data such as browser type or browser version. Performance and log data may also be collected in order to detect potential threats in a timely manner. This data is processed within the scope of the services and in compliance with applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). In some cases, these security services also work with third-party providers who may store and/or process data under instruction and in accordance with data protection guidelines and other security measures. Data storage is usually done via cookies.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, security programs store data until you or we revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of services. In many cases, unfortunately, we do not have precise information from the providers about the length of storage.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party security software at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may also be used in such security services, we recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

We use security services primarily on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in a good security system against various cyber attacks.

Certain processing operations, in particular the use of cookies and security functions, require your consent. If you have consented to your data being processed and stored by integrated security services, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information about special tools can be found in the following sections, if available.

Cloudflare Turnstile Privacy Policy

Cloudflare Turnstile Privacy Policy Summary 👥 Persons affected: Visitors to the website who submit forms 🤝 Purpose: Protecting our website and forms from spam and misuse 📓 Processed data: IP address, referrer URL, browser information, operating system, time zone, language settings, screen resolution 📅 Storage period: Data is usually deleted within 24 hours. ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest), Art. 6 para. 1 lit. a GDPR (consent, if requested)

What is Cloudflare Turnstile?

We use Cloudflare Turnstile, a service provided by Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA), to protect our forms from spam and automated attacks. Unlike traditional CAPTCHAs, Turnstile analyzes visitor behavior in the background to distinguish between real users and bots without actively burdening the user.

What data is processed?

Cloudflare Turnstile collects technical information about your device and user behavior, including IP address, browser data, referrer URL, time zone, and language settings. This information is used solely to detect suspicious activity and is not used to identify individuals.

Legal basis

The use of Cloudflare Turnstile is based on our legitimate interests in accordance with Art. 6(1)(f) GDPRto protect our website from misuse. If active consent is required, processing is additionally based on Art. 6(1)(a) GDPR.

More information

For more information, please refer to Cloudflare's privacy policy at: https://www.cloudflare.com/privacypolicy/.

WP Armour Privacy Policy

WP Armour Privacy Policy Summary 👥 Persons affected: Visitors who fill out forms 🤝 Purpose: Protection against spam through invisible verification mechanisms (honeypot) 📓 Processed data: No personal data, only technical validation within the form 📅 Storage period: No storage of personal data ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is WP Armour?

We use the WordPress plugin WP Armour to protect our forms from spam entries. The plugin works with a so-called honeypot technique, which uses invisible form fields to detect bots. No data is transmitted to external servers.

Legal basis

Use is based on our legitimate interest in accordance with Art. 6(1)(f) GDPRto ensure the security and functionality of our website.

Wordfence Privacy Policy

We use Wordfence, a WordPress security plug-in, for our website. The service provider is the American company Defiant, Inc., 1700 Westlake Ave N Ste 200, Seattle, WA 98109, USA.

Wordfence processes your data in the US, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the US. This may entail various risks for the legality and security of data processing.

Wordfence uses standard contractual clauses (SCC) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for data transfers to such countries (Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through these clauses, Wordfence undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

The data processing conditions (Data Protection Regulation), which correspond to the standard contractual clauses, can be found at https://www.wordfence.com/help/general-data-protection-regulation/.

For more information about the data processed through the use of Wordfence, please refer to the privacy policy at https://www.wordfence.com/privacy-policy/.

Payment providers Introduction

Payment provider privacy policy summary 👥 Affected persons: Visitors to the website 🤝 Purpose: To enable and optimize the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract details You can find more details on this in the respective payment provider tool. 📅 Storage period: depends on the payment provider used Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make secure and smooth payments. This may involve personal data being sent to the respective payment provider, stored, and processed there. Payment providers are online payment systems that enable you to place an order via online banking. The payment is processed by the payment provider you have selected. We then receive information about the payment made. Any user who has an active online banking account with a PIN and TAN can use this method. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and take advantage of our offers. We know that your time is precious and that payment transactions in particular must be quick and smooth. For these reasons, we offer you a variety of payment providers. You can choose your preferred payment provider and pay in the usual manner.

What data is processed?

The exact data processed depends, of course, on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary in order to carry out a transaction. In addition, any contract data and user data, such as when you visit our website, what content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is usually stored and processed on the servers of the payment providers. We, as the website operator, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authority. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the general terms and conditions and privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, as in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are incurred.

Right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party at the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, deactivate, or manage cookies used by payment providers for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer the following services for the handling of contractual and legal relationships (Art. 6 para. 1 lit. b GDPR)  in addition to traditional banks/credit institutions, other payment service providers. In the privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provides you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible persons if you have any questions about data protection issues.

Information about specific payment providers can be found in the following sections, where available.

PayPal Privacy Policy

PayPal Privacy Policy Summary 👥 Affected parties: Website visitors and customers 🤝 Purpose: Optimization of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data may be processed. You can find more details on this further down in this privacy policy. 📅 Storage period: Data is generally stored until the collaboration with PayPal is terminated. ⚖️ Legal basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(a) GDPR (consent)

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and now has over 325 million active customers, making it one of the best-known and largest online payment service providers worldwide.

Why do we use PayPal for our website?

There are several reasons why we use PayPal and offer it on our website. As PayPal is one of the best-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data as best as possible. We also appreciate PayPal's ease of use and the option of making international payments in different currencies. Transactions are usually completed very quickly, which is another advantage for both us and you as a customer.

What data does PayPal process?

In its privacy policy, PayPal distinguishes between different categories of personal data that may be processed when using the service. These include registration and contact details, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. This refers to information that can be derived from transactions or other data. This can include purchasing habits, behavior patterns, creditworthiness, or personal preferences.

Then there is also personal data collected by third parties (such as identity verifiers, fraud detection providers, or your bank). This data includes information from credit agencies, transaction data, information on legal requirements, technical usage data, location data, and also derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and perform analytics for interest-based advertising.

How long and where is the data stored?

PayPal generally stores data for as long as necessary to fulfill its obligations and for the purposes for which it was collected. Personal data that is necessary for the customer relationship is retained for up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g., insolvency law). PayPal also stores personal data for as long as necessary if storage is advisable in view of legal disputes.

Since PayPal is a global company, the service also has data centers around the world where your data can be stored. This means that your data may also be stored on PayPal servers outside your country and outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to access, correct, delete, or restrict the processing of your personal data at any time. You can also revoke your consent to the processing of your data at any time.

If you wish to disable, delete, or manage cookies, you will find the relevant links to the respective instructions for the most popular browsers in the “Cookies” section.

Legal basis

We have a legitimate interest in integrating an external payment service with PayPal in order to make our offering more attractive and improve it both technically and economically. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. This may require you to provide further data protection and contractual declarations (e.g., consent).

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses standard contractual clauses (SCC) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for data transfers to such countries (Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

For more information on the standard contractual clauses and the data processed when using PayPal, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Audio & Video Introduction

Audio & Video Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimisation of our services 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored. You can find more details on this below in the relevant data protection texts. 📅 Storage period: Data will generally remain stored for as long as it is necessary for the purpose of the service. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are audio and video elements?

We have integrated audio and video elements into our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the providers' respective servers.

These are integrated functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is generally free of charge, but paid content may also be published. With the help of these integrated elements, you can listen to or view the respective content via our website.

If you use audio or video elements on our website, your personal data may also be transmitted to the service providers, processed, and stored.

Why do we use audio and video elements on our website?

Of course, we want to provide you with the best possible service on our website. And we are aware that content is no longer conveyed solely through text and static images. Instead of simply providing you with a link to a video, we offer audio and video formats directly on our website that are entertaining or informative, and ideally even both. This expands our service and makes it easier for you to access interesting content. In addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio and video elements?

When you visit a page on our website that has an embedded video, for example, your server connects to the service provider's server. In doing so, data about you is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which buttons you clicked on, or which website you used to access the service. All this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of third-party providers either further down in the privacy policy for the respective tool or in the provider's privacy policy. As a matter of principle, personal data is only ever processed for as long as is absolutely necessary for the provision of our services or products. This also applies to third-party providers as a rule. In most cases, you can assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored for varying lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The legality of the processing until revocation remains unaffected.

Since cookies are usually also used by the integrated audio and video functions on our website, you should also read our general privacy policy on cookies. You can find out more about how your data is handled and stored in the privacy policies of the respective third-party providers.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent shall serve as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) stored and processed for the purpose of fast and effective communication with you or other customers and business partners. However, we only use the integrated audio and video elements if you have given your consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimisation of our services 📓 Processed data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored. You can find more details on this further down in this privacy policy. 📅 Storage period: Data will generally remain stored for as long as it is necessary for the purpose of the service. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has a YouTube video embedded in it, your browser automatically connects to the YouTube or Google servers. Various data is transferred during this process (depending on your settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European Union.

Below, we would like to explain in more detail what data is processed, why we have integrated YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos free of charge. Over the past few years, YouTube has become one of the most important social media channels worldwide. YouTube provides a code snippet that we have incorporated into our website so that we can display videos on our website.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And, of course, interesting videos are a must. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. In addition, our website is easier to find on the Google search engine thanks to the embedded videos. Even though we place ads via Google Ads, Google can only show these ads to people who are interested in our offers, thanks to the data it collects.

What data does YouTube store?

As soon as you visit one of our pages that has a YouTube video embedded in it, YouTube will set at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your Internet service provider. Other data may include contact details, any ratings, sharing content via social media, or adding to your favorites on YouTube.

If you are not signed in to a Google account or YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. This allows your preferred language setting to be retained, for example. However, much interaction data cannot be stored because fewer cookies are set.

The following list shows cookies that were set in a browser test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because user data always depends on interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y313064178-1
Purpose: This cookie registers a unique ID to store statistics about the video viewed.
Expiry date: after the meeting end

Name: PREF
Value: f1=50000000
Purpose: This cookie also records your unique ID. Google receives statistics via PREF about how you use YouTube videos on our website.
Expiry date: after eight months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track your GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube videos).
Expiry date: after eight months

Additional cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7313064178-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertising.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT also serves security purposes by verifying users and protecting user data from unauthorized attacks.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login details.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiry date: after 2 years

Name: SID
Value: oQfNKjAsI313064178-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiry date: after three months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. Under https://datacenters.google/ You can see exactly where Google's data centers are located. Your data is distributed across the servers. This means that data can be accessed more quickly and is better protected against manipulation.

Google stores the collected data for varying lengths of time. Some data can be deleted at any time, some is automatically deleted after a limited period of time, and some is stored by Google for a longer period of time. Some data (such as items from “My Activity,” photos or documents, products) stored in your Google Account will remain stored until you delete it. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google Account. With the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether to accept or reject each individual cookie.

Legal basis

If you have consented to your data being processed and stored by integrated YouTube elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) stored and processed for the purpose of fast and effective communication with you or other customers and business partners. However, we only use the integrated YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

YouTube also processes your data in the USA, among other places. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the US) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=us

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to learn more about how your data is handled, we recommend reading the privacy policy at https://policies.google.com/privacy?hl=en.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal issues. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have covered sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations where necessary.

Supervisory authority

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“supervisory authority” an independent public body established by a Member State in accordance with Article 51;

Explanation: “Supervisory authorities” are always independent government agencies that also have the authority to issue instructions in certain cases. They are responsible for carrying out what is known as state supervision and are located in ministries, special departments, or other authorities. For data protection in Austria, there is an Austrian data protection authority, in Germany, each federal state has its own data protection authority.

processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Processor” a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the responsible parties, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be service providers such as tax advisors, but also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Relevant supervisory authority

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“relevant supervisory authority” a supervisory authority concerned by the processing of personal data because

a)

the controller or processor is established in the territory of the Member State of that supervisory authority,

b)

this processing has or may have a significant impact on data subjects residing in the Member State of that supervisory authority, or

c)

a complaint has been lodged with this supervisory authority;

Explanation: In Germany, each federal state has its own supervisory authority for data protection. If your company headquarters (main office) is located in Germany, the respective supervisory authority of the federal state is generally your point of contact. In Austria, there is only one authority for the entire country. Data protection supervisory authority.

 

Information society service

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Information society service" a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);

Explanation: Basically, the term “information society” refers to a society that relies on information and communication technologies. As a website visitor, you are familiar with a wide variety of online services, and most online services are considered “information society services.” A classic example of this is online transactions, such as purchasing goods over the Internet.

Restriction of processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Restriction of processing" marking stored personal data with the aim of restricting its future processing;

Explanation: It is your right to request that processors restrict the further processing of your personal data at any time. To do this, specific personal data such as your name, date of birth, or address will be marked so that further processing is no longer possible. For example, you could restrict processing so that your data can no longer be used for personalized advertising.

Genetic data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"genetic data" personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or health of that natural person, in particular which result from an analysis of a biological sample from the natural person in question;

Explanation: With a certain amount of effort, individuals can be identified using genetic data. This is why genetic data also falls into the category of personal data. Genetic data is obtained, for example, from blood or saliva samples.

Cross-border processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"cross-border processing" either

a)

processing of personal data that takes place in the context of the activities of establishments of a controller or processor in the Union in more than one Member State, where the controller or processor has establishments in more than one Member State; or

b)

processing of personal data that takes place within the framework of the activities of a single establishment of a controller or processor in the Union, but which has or may have a significant impact on data subjects in more than one Member State;

Explanation: For example, if a company or other organization has branches in Spain and Croatia and personal data is processed in connection with the activities of the branches, this constitutes “cross-border processing” of personal data. Even if the data is only processed in one country (as in this example in Spain), but the effects on the data subject are also noticeable in another country, this is also referred to as “cross-border processing.”

Significant and justified objection

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“substantive and justified objection” object to a draft decision on whether there has been an infringement of this Regulation or whether intended measures against the controller or processor are in accordance with this Regulation, clearly stating the implications of the draft decision in terms of the risks to the fundamental rights and freedoms of data subjects and, where applicable, the free movement of personal data within the Union;

Explanation: If certain measures taken by us as controllers or our processors are not in accordance with the GDPR, you may lodge a so-called “substantive and justified objection.” In doing so, you must explain the scope of the risks in relation to your fundamental rights and freedoms and, where applicable, the free movement of your personal data within the EU.

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Profiling" any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about them. In the web sector, profiling is often used for advertising purposes or for credit checks. Web and advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a specific audience.

 

Pseudonymization

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"pseudonymization" the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person;

Explanation: Our privacy policy often refers to pseudonymized data. Pseudonymized data means that you can no longer be identified as a person unless other information is added. However, pseudonymization should not be confused with anonymization. Anonymization removes all personal references so that they can only be reconstructed with a disproportionate amount of technical effort.

 

Closing remarks

Congratulations! If you are reading this, you have really “fought your way through” our entire privacy policy, or at least scrolled down to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we do not only want to tell you what data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the nature of the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Privacy Policy created with the data protection generator for Germany from AdSimple

Privacy policy last updated on: November 8, 2025, 10:13 a.m.