Data protection

Introduction and Overview

We have written this privacy policy (version 05.09.2025-122970637) to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as data) we as controllers – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, is intended to describe the most important things to you as simply and transparently as possible. Where it serves transparency, technical terms are explained in a reader-friendly way, links to further information are provided and graphics put into use. We thus inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the shortest, most unclear, and legally-technical explanations, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information you did not know yet.
If you still have questions, we kindly ask you to contact the responsible office mentioned below or in the legal notice, to follow the available links, and to view further information on third-party sites. Of course, you will also find our contact details in the legal notice.

Scope of Application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. Of course, you can read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 read.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information from you in advance.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of tasks carried out in the public interest and the exercise of official authority as well as the protection of vital interests generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany applies the Federal Data Protection Act, abbreviated BDSG.

If additional regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible party in accordance with Article 4 Paragraph 7 of the EU General Data Protection Regulation (GDPR):

Imprint: https://www.testfirma.at/impressum/

Storage duration

The general criterion for us is that we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you further below about the specific duration of each data processing, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled, to ensure fair and transparent processing of data:

• According to Article 15 GDPR, you have the right to know whether we process data about you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e., the types of data being processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile about you.
• According to Article 16 GDPR, you have the right to rectification of the data, which means that we must correct data if you find any errors.
• According to Article 17 GDPR, you have the right to erasure ('right to be forgotten'), which specifically means that you may request the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 GDPR, you have the right to data portability, which means that upon request we will provide your data to you in a commonly used format.
• According to Article 21 GDPR, you have the right to object, which, once enforced, results in a change to the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with your objection.
  • If data is used for direct marketing, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling, you may object to this type of data processing at any time. We may then no longer use your data for profiling.
• According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 GDPR, you have the right to lodge a complaint. This means you can contact the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible office listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/ In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) For our company, the following local data protection authority is responsible:

Data Processing Agreement (DPA)

In this section, we would like to explain what a data processing agreement is and why it is needed. Because the term “data processing agreement” is quite a tongue-twister, we will often use the acronym DPA in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving various companies or service providers, it may happen that we pass on personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to the controllers, there can also be so-called data processors. This includes any company or person who processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (You as a customer or interested party) → Controller (we as the company and client) → Processor (Service providers such as web hosts or cloud providers)

Content of a data processing agreement

As already mentioned above, we have concluded a DPA with our partners who act as processors. This primarily stipulates that the processor processes the data to be handled exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context, electronic contract conclusion is also considered "in writing." Only on the basis of the contract does the processing of personal data take place. The contract must include the following:

• Obligation to us as the controller
• Duties and rights of the controller
• Categories of data subjects
• Type of personal data
• Type and purpose of data processing
• Subject and duration of data processing
• Place of data processing

The contract also contains all obligations of the data processor. The most important obligations are:

• To ensure measures for data security
• To take possible technical and organizational measures to protect the rights of the data subject
• To maintain a data processing register
• To cooperate with the data protection supervisory authority upon request
• To conduct a risk analysis regarding the received personal data
• Sub-processors may only be commissioned with the written approval of the controller

For example, you can see what such a data processing agreement actually looks like at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html Here, a sample contract is presented.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal site settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152122970637-9
Purpose: Distinguishing website visitors
Expiration date: after 2 years

A browser should be able to support at least these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are used to measure the loading time and the behavior of the website in different browsers.

Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

Which data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data as part of the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is specified in more detail below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also below 'Right to Object'). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of storage up to that point remains unaffected.

Right to Object – how can I delete cookies?

You decide yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies are stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is about to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It is best to search for the instructions on Google with the keyword 'delete cookies Chrome' or 'disable cookies Chrome' in the case of a Chrome browser.

Legal basis

Since 2009, there have been the so-called 'cookie guidelines.' These state that the storage of cookies requires Consent (Article 6 para. 1 lit. a GDPR) from you. However, there are still very different responses to these guidelines within EU countries. In Austria, the implementation of this directive took place in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this directive largely took place in § 15 para. 3 of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6 para. 1 lit. f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

If non-essential cookies are used, this only happens with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Customer data

What is customer data?

In order to offer our service or our contractual services, we also process data from our customers and business partners. These data always include personal data. Customer data refers to all information processed on the basis of a contractual or pre-contractual cooperation in order to provide the offered services. Customer data therefore includes all information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes your email address is sufficient, but if you purchase a product or service, we also need data such as your name, address, bank details or contract data. We also use the data for marketing and sales optimization in order to improve our service for our customers overall. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers, and for that we at least need your email address.

Which data is processed?

Exactly which data is stored can only be indicated here in terms of categories. This always depends on which services you receive from us. In some cases, you only provide us with your email address so that we can contact you, for example, or answer your questions. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment data, and contract data.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• Email address
• Phone number
• Date of birth
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (duration, content)
• Usage data (visited websites, access data, etc.)
• Metadata (IP address, device information)

How long are the data stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and purposes, and the data are also not required for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent.

Legal basis

The legal bases for processing your data are Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (legitimate interests), and in special cases (e.g., for medical services) Art. 9 para. 2 lit. a GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c GDPR. For purposes of health care, occupational medicine, medical diagnosis, provision or treatment in the health or social sector, or for the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h GDPR. If you voluntarily provide data of special categories, the processing is based on Art. 9 para. 2 lit. a GDPR.

Registration

If you register with us, personal data may be processed if you enter personal data or if data such as the IP address is collected during processing. You can read below what we mean by the rather unwieldy term 'personal data'.

Please only enter data that we need for registration and for which you have the authorization of a third party if you are registering on behalf of a third party. If possible, use a secure password that you do not use anywhere else and an email address that you check regularly.

Below we inform you about the exact nature of data processing, because we want you to feel comfortable with us!

What is a registration?

When you register, we receive certain data from you and enable you to easily log in online later and use your account with us. Having an account with us has the advantage that you do not have to enter everything again each time. Saves time, effort, and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us.
If we didn't do this, you would have to enter all your data every time, wait for our approval, and enter everything again. We and many, many customers wouldn't like that very much. How would you feel about that?

Which data is processed?

All the data you provided during registration, enter when logging in, or enter as part of managing your data in the account.

During registration, we process the following types of data: 

• First name
• Last name
• Email address
• Company name
• Street + house number
• Place of residence
• Postal code
• Country

When you register, we process the data you enter during registration, such as username and password, as well as data collected in the background, such as device information and IP addresses.

When using the account, we process data that you enter during account usage and which is generated in the course of using our services.

Storage duration

We store the entered data at least for as long as the account associated with the data exists and is used, as long as contractual obligations exist between us, and, when the contract ends, until the respective claims arising from it have expired. In addition, we store your data as long as and to the extent that we are subject to legal storage obligations. After that, we retain booking documents related to the contract (invoices, contract documents, account statements, etc.) as well as other relevant business documents for the legally prescribed period (usually several years).

Right to object

You have registered, entered data, and want to revoke the processing? No problem. As you can read above, the rights under the General Data Protection Regulation also apply during and after registration, login, or your account with us. Contact the data protection officer listed above to exercise your rights. If you already have an account with us, you can easily view or manage your data and texts in your account.

Legal basis

By completing the registration process, you are approaching us pre-contractually in order to conclude a user agreement for our platform (even if this does not automatically create a payment obligation).You invest time to enter data and register, and we offer you our services after you register in our system and access to your customer account. We also fulfill our contractual obligations. Finally, we must keep registered users informed by email of important changes. Thus, Art. 6 para. 1 lit. b GDPR (performance of pre-contractual measures, fulfillment of a contract) applies.

If necessary, we also obtain your consent, e.g., if you voluntarily provide more than the absolutely necessary data or if we are allowed to send you advertising. Art. 6 para. 1 lit. a GDPR (consent) thus applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in certain cases. In addition, we need to know who is using our services and whether they are being used as stipulated in our terms of use, so Art. 6 para. 1 lit. f GDPR (Legitimate Interests) applies.

Note: the following sections are to be checked by users (as needed):

Registration with real names

Since we need to know who we are dealing with in business operations, registration is only possible with your real name (real name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms can be used during registration, meaning you do not have to register with your real name. This ensures that your name cannot be processed by us. 

Storage of the IP address

During registration, login, and account usage, we store the IP address in the background for security reasons in order to determine lawful use.

Public profile

User profiles are publicly visible, i.e., parts of the profile can be viewed on the internet without providing a username and password.

2-factor authentication (2FA)

Two-factor authentication (2FA) provides additional security during login, as it prevents, for example, logging in without a smartphone. This technical measure to secure your account protects you from data loss or unauthorized access even if your username and password are known. Which 2FA is used will be communicated to you during registration, login, and within your account.

Web hosting introduction

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, and this also applies to this website. These data should be processed as sparingly as possible and only with justification. By website, we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and demanding task, which is why it is usually handled by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. Quite a lot of technical terms, but please stay tuned, it gets even better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during the data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a certain period to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation
2. to maintain operational and IT security
3. Anonymous analysis of access behavior to improve our services and, if necessary, for prosecution or the assertion of claims

Which data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed website
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files, so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out that this data may be viewed by authorities in the event of unlawful behavior.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting arises from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the Internet and, if necessary, to pursue attacks and claims arising from this.

There is usually a contract for order processing between us and the hosting provider in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.

Web Hosting Provider External Privacy Policy

Below you will find the contact details of our external hosting provider, where you can learn more about data processing in addition to the information above:

Cloudways Ltd., 52 Springvale, Pope Pius XII Street, Mosta MST2653, Malta
Server location: Frankfurt

You can find out more about data processing at this provider in the Privacy Policy.

Web Analytics Introduction

What is web analytics?

We use software on our website to analyze the behavior of website visitors, known as web analytics or web analysis. Data is collected, which is stored, managed, and processed by the respective analytics tool provider (also called tracking tool). With the help of this data, analyses of user behavior on our website are created and made available to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and the data can be stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content on the one hand, and on the other hand, ensure that you feel completely comfortable on our website. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and for us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us optimize the website and thus tailor it perfectly to your needs, interests, and wishes.

Which data is processed?

Exactly which data is stored depends, of course, on the analytics tools used. However, as a rule, it is stored, for example, which content you view on our website, which buttons or links you click, when you access a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you have agreed that location data may also be collected, this data can also be processed by the web analytics tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in a pseudonymized form (i.e., in an unrecognizable and shortened form). For the purpose of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is generally stored. All this data, if collected, is stored in a pseudonymized form. This means you cannot be identified as a person.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have more information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the opportunity at any time to revoke your consent to the use of cookies or third-party providers. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent constitutes according to Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. With the help of web analytics, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.

Since cookies are used in web analytics tools, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Information about specific web analytics tools can be found—if available—in the following sections.

Google Analytics Privacy Policy

What is Google Analytics?

We use the analytics tracking tool Google Analytics in the version Google Analytics 4 (GA4) from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your needs. Below, we take a closer look at the tracking tool and inform you in particular about what data is processed and how you can prevent this.

Google Analytics is a tracking tool used for analyzing the traffic on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but serves to assign events to a device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. In addition, GA4 has integrated various machine learning functions to better understand user behavior and certain trends. GA4 relies on modeling with the help of machine learning functions. This means that based on the collected data, missing data can also be extrapolated to optimize the analysis and to be able to make forecasts.

For Google Analytics to work in principle, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define and track specific events to obtain analyses of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events can be, for example, submitting a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These can include, among others, the following reports:

• Audience reports: Through audience reports, we get to know our users better and know more precisely who is interested in our service.
• Advertising reports: Advertising reports make it easier for us to analyze and improve our online advertising.
• Acquisition reports: Acquisition reports provide us with helpful information on how we can inspire more people for our service.
• Behavior reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click.
• Conversion reports: A conversion is a process in which you perform a desired action as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. In this way, we aim to increase our conversion rate.
• Real-time reports: Here we always find out immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features, among others:

• Event-based data model: This model captures very specific events that can occur on our website. For example, playing a video, purchasing a product, or signing up for our newsletter.
• Advanced analysis features: With these features, we can better understand your behavior on our website or certain general trends. For example, we can segment user groups, perform comparative analyses of target audiences, or track your journey or path on our website.
• Predictive modeling: Based on collected data, machine learning can extrapolate missing data to predict future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: Data collection and analysis are possible from both websites and apps. This gives us the opportunity to analyze user behavior across platforms, provided you have, of course, consented to data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is more easily found by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know very precisely what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics creates a random, unique ID using a tracking code, which is linked to your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. The next time you visit our site, you are recognized as a 'returning' user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles in the first place.

To be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is set by default. Depending on the property used, data is stored for different lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked with third-party cookies. Google does not share any Google Analytics data unless we as website operators approve it. Exceptions may occur if required by law.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152122970637-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152122970637-1
Purpose: The cookie also serves to distinguish website visitors
Expiration date: after 24 hours

Name: _gat_gtag_UA_
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_.
Expiration date: after 1 minute

Note: This list cannot claim to be complete, as Google repeatedly changes its choice of cookies. The goal of GA4 is also to improve data protection. Therefore, the tool offers several options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we give you an overview of the most important types of data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly which areas you click on. This gives us information about where you are “moving” on our site.

Session duration: Google refers to session duration as the time you spend on our site without leaving it. If you are inactive for 20 minutes, the session ends automatically.

Bounce rate (English: Bounce rate): A bounce occurs when you view only one page on our website and then leave our website again.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, before the IP address is deleted, derivations are used for location data.

Technical information: Technical information includes, among other things, your browser type, your internet provider, or your screen resolution.

Source: Google Analytics and we are of course also interested in which website or which advertisement brought you to our site.

Other data include contact details, any reviews, media playback (e.g., if you play a video via our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has distributed its servers all over the world. Here you can read exactly where the Google data centers are located: https://datacenters.google/

Your data is distributed across various physical storage devices. This has the advantage that the data can be accessed more quickly and is better protected against tampering. Each Google data center has appropriate emergency programs for your data. For example, if Google's hardware fails or natural disasters paralyze servers, the risk of service interruption at Google remains low.

The retention period of the data depends on the properties used. The storage duration is always determined individually for each property. Google Analytics offers us four options to control the storage duration:

• 2 months: this is the shortest storage duration.
• 14 months: by default, data is stored in GA4 for 14 months.
• 26 months: you can also store the data for 26 months.
• Data is only deleted when we delete it manually

Additionally, there is also the option that data is only deleted if you no longer visit our website within the period we have chosen. In this case, the retention period is reset each time you visit our website again within the specified period.

When the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user identification, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete, or restrict your data. With the browser add-on for deactivating Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de Please note that this add-on only disables data collection by Google Analytics.

If you generally want to disable, delete, or manage cookies, you will find the relevant links to the instructions for the most popular browsers in the 'Cookies' section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. With the help of Google Analytics, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use Google Analytics if you have given your consent.

Google also processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we were able to provide you with the most important information about Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about data processing, use the Google Privacy Policy at https://policies.google.com/privacy?hl=de.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with Google. You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section 'Data Processing Agreement (DPA)'.

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the data processing terms at https://business.safety.google/intl/de/adsprocessorterms/

Google Analytics reports on demographic characteristics and interests

We have enabled advertising reporting features in Google Analytics. The reports on demographic characteristics and interests contain information about age, gender, and interests. This allows us to get a better picture of our users—without being able to assign this data to individual persons. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can end the use of activities and information from your Google account under 'Ad Settings' at https://adssettings.google.com/authenticated by checkbox.

Google Analytics e-commerce measurement

We also use the e-commerce measurement of the web analysis tool Google Analytics for our website. This allows us to analyze very precisely how you and all our other customers interact on our website. E-commerce measurement is mainly about purchasing behavior. Based on the data obtained, we can adapt and optimize our service to your wishes and expectations. We can also use our online advertising measures more specifically so that our advertising is only seen by people who are interested in our products or services. E-commerce measurement records, for example, which orders were placed, how long it took you to purchase the product, what the average order value is, or how high the shipping costs are. All this data can be recorded and stored under a specific ID.

Google Analytics Google Signals Privacy Policy

We have activated Google Signals in Google Analytics. This updates the existing Google Analytics features (advertising reports, remarketing, cross-device reports, and reports on interests and demographic characteristics) to receive aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account.

The special thing about this is that it is cross-device tracking. This means your data can be analyzed across devices. By activating Google Signals, data is collected and linked to the Google account. For example, Google can recognize if you view a product on our website via a smartphone and only later purchase the product via a laptop. Thanks to the activation of Google Signals, we can launch cross-device remarketing campaigns that would not otherwise be possible in this form. Remarketing means that we can show you our offer on other websites as well.

In Google Analytics, additional visitor data such as location, search history, YouTube history, and data about your actions on our website are also collected through Google Signals. As a result, we receive better advertising reports from Google and more useful information about your interests and demographic characteristics. These include your age, the language you speak, where you live, or your gender. In addition, social criteria such as your occupation, marital status, or income are also included. All these characteristics help Google Analytics define groups of people or target audiences.

The reports also help us better assess your behavior, wishes, and interests. This allows us to optimize and adapt our services and products for you. These data expire by default after 26 months. Please note that this data collection only takes place if you have allowed personalized advertising in your Google account. This always involves aggregated and anonymous data and never data of individual persons. You can manage or delete this data in your Google account.

Google Analytics in Consent Mode

Depending on your consent, so-called Consent Mode, personal data about you is processed by Google Analytics. You can choose whether to agree to Google Analytics cookies or not. This also determines which data Google Analytics is allowed to process from you. The collected data is mainly used to measure user behavior on the website, deliver targeted advertising, and provide us with web analysis reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be assigned to individual users and thus no user profile is created for you. You can also agree only to statistical measurement. In this case, no personal data is processed and therefore not used for advertising or advertising measurement purposes.

Google Analytics IP Anonymization

We have implemented IP address anonymization from Google Analytics on this website. This function was developed by Google so that this website can comply with applicable data protection regulations and recommendations of local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

You can find more information about IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics without cookies

We do use Google Analytics (GA for short) on our website, but without setting cookies in your browser. We have already explained what cookies are above, hopefully you still remember the explanation. Briefly and specifically regarding GA: Cookies store data in your browser on your device that is useful for GA. By not using cookies, no personal data is stored in such cookies that would establish a user profile. Google Analytics can still perform various measurements and web analyses, but the data collected for this purpose is only stored on Google servers and your privacy is significantly more respected and protected.

Google Tag Manager Privacy Policy

What is the Google Tag Manager?

We use the Google Tag Manager from Google Inc. for our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. With the Google Tag Manager, we can centrally integrate and manage code snippets from various tracking tools that we use on our website.

In this privacy policy, we want to explain to you in more detail what the Google Tag Manager does, why we use it, and in what form data is processed.

The Google Tag Manager is an organizational tool that allows us to centrally integrate and manage website tags via a user interface. Tags are small code snippets that, for example, record (track) your activities on our website. For this purpose, JavaScript code snippets are inserted into the source code of our site. The tags often come from Google internal products such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies, and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

As the saying goes: organization is half the battle! And of course, this also applies to maintaining our website. In order to make our website as good as possible for you and everyone interested in our products and services, we need various tracking tools such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services, and which people we should show our offers to. And for this tracking to work, we need to integrate the corresponding JavaScript codes into our website. In principle, we could add each code snippet of the individual tracking tools separately into our source code. However, this requires quite a lot of time and it's easy to lose track. That's why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. In addition, Google Tag Manager offers an easy-to-use user interface and no programming knowledge is required. This way, we manage to keep order in our tag jungle.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set cookies and does not store any data. It acts merely as a 'manager' of the implemented tags. The data is collected by the individual tags of the different web analytics tools. The data is basically passed through the Google Tag Manager to the individual tracking tools and not stored.

However, it is quite different with the embedded tags of the various web analytics tools, such as Google Analytics. Depending on the analytics tool, various data about your web behavior is usually collected, stored, and processed with the help of cookies. For this, please read our privacy texts for the individual analysis and tracking tools that we use on our website.

In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this only concerns the use and operation of our Tag Manager and not your data that is stored via the code snippets. We allow Google and others to receive selected data in anonymized form. We thus agree to the anonymous transfer of our website data. Exactly which aggregated and anonymous data is forwarded, we could not find out – despite extensive research. In any case, Google deletes all information that could identify our website. Google aggregates the data with hundreds of other anonymous website data and, as part of benchmarking measures, creates user trends. In benchmarking, your own results are compared with those of competitors. Based on the collected information, processes can be optimized.

How long and where is the data stored?

When Google stores data, this data is stored on Google's own servers. The servers are distributed all over the world. Most are located in America. At https://datacenters.google/ you can read exactly where the Google servers are located.

How long the individual tracking tools store data about you can be found in our individual privacy texts for the respective tools.

How can I delete my data or prevent data storage?

Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy texts for the individual tracking tools, you will find detailed information on how you can delete or manage your data.

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Data may therefore not simply be transferred to, stored and processed in unsafe third countries unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

The use of the Google Tag Manager requires your consent, which we have obtained via our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. With the help of the Google Tag Manager, we can improve our efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use the Google Tag Manager if you have given your consent.

Google also processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about the Google Tag Manager, we recommend the FAQs at https://support.google.com/tagmanager/?hl=de#topic=3441530.

You can find out which data Google generally collects and what they use this data for at https://policies.google.com/privacy?hl=de read.

Data Processing Agreement (DPA) Google Tag Manager

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with Google. You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section 'Data Processing Agreement (DPA)'.

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://business.safety.google/adsprocessorterms/.

Pinterest Web Analytics Privacy Policy

What is Pinterest Web Analytics?

We use the web analytics program Pinterest Web Analytics for our website, which is part of the social media network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related aspects.

Pinterest is a social network that specializes in graphic representations or photographs. The name is made up of the two words "pin" and "interest." Users can exchange information about various hobbies and interests on Pinterest and view the respective profiles with images either publicly or in defined groups. The web analytics program Pinterest Web Analytics refers to data analysis regarding the interaction between our website and our Pinterest page. When Pinterest visitors come to our website, we can use Pinterest Web Analytics to analyze the user behavior of Pinterest users on our website.

Why do we use Pinterest Web Analytics?

Pinterest has been around for several years now and is still one of the most visited and valued social media platforms. Pinterest is particularly suitable for our industry because the platform is primarily known for beautiful and interesting images. That is why we are also represented on Pinterest and want to showcase our content beyond our website. With the help of Pinterest's analytics tool, we gain useful insights into the performance of our content and can thus better optimize our offerings. The collected data can also be used for advertising purposes, so we can show advertising messages precisely to those people who are interested in our services or products.

What data is processed by Pinterest Web Analytics ?

So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (for example, when you click the Save or Pin button), search histories, date and time of the request, and cookie and device data. If you interact with a Pinterest feature, cookies that store various data may also be set in your browser. Usually, the aforementioned log data, preset language settings, and clickstream data are stored in cookies. By clickstream data, Pinterest means information about your website behavior.

If you have your own Pinterest account and are logged in, the data collected via our site can be added to your account and used for advertising purposes. Here you can see a sample selection of cookies that may be set in your browser.

Name: _auth
Value: 0
Purpose: The cookie is used for authentication. For example, a value such as your "username" can be stored in it. 
Expiration date: after one year

Name: _pinterest_referrer
Value: 1
Purpose: The cookie stores that you reached Pinterest via our website. Thus, the URL of our website is stored.
Expiration date: after session end

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: The cookie is used for logging in to Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiration date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065122970637-8”
Purpose: The cookie contains an assigned value that is used to identify a specific routing target.
Expiration date: after one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and the timestamp.
Expiration date: after one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165122970637-1
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we could not find out more precisely.
Expiration date: after one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to obtain more detailed information about this cookie.
Expiration date: after one day

How long and where is the data stored?

Pinterest generally stores the collected data as long as it is needed for the purposes of the company. As soon as data retention is no longer necessary, for example to comply with legal requirements, the data is either deleted or anonymized so that you can no longer be identified as a person. The data may also be stored on American servers.

Right to object

You also have the right and the possibility at any time to revoke your consent to the use of cookies or third-party providers such as Pinterest. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since embedded Pinterest elements may use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by Pinterest Web Analytics, this consent is considered the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. However, we only use the tool if you have given your consent. Most web analytics tools also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Pinterest processes data from you, among other things, also in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there, Pinterest uses so-called Standard Contractual Clauses (= Art. 46. Sec. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about the Standard Contractual Clauses at Pinterest at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest Web Analytics. At https://policy.pinterest.com/de/privacy-policy you can learn more about Pinterest's data policies.

Rank Math Privacy Policy

We use the SEO plugin Rank Math. The service provider is the Indian company One.com India Private Limited, Office No. 2, Floor 5, Tower A, Building. 9 DLF Cyber City Complex, Phase III, Haryana, Gurgaon, India.

The service may transfer data to India. We would like to point out that India is a third country not subject to the scope of the GDPR. This may result in restrictions on data protection and data security.

You can find out more about the data processed through the use of Rank Math in the privacy policy at https://rankmath.com/privacy-policy/.

Yithemes Privacy Policy

We also use WooCommerce plugins from Yithemes on our website. The service provider is the Spanish company Your Inspiration Solutions S.L.U., Calle San Francisco 63, Santa Cruz De Tenerife, Tenerife, 38001, Spain.

You can find out more about the data processed through the use of Yithemes in the privacy policy at https://www.iubenda.com/privacy-policy/534690/legal.

YouTube Analytics and Reporting API Privacy Policy

We use the web analytics tool YouTube Analytics and Reporting API on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data, among other things, in the USA. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information about the standard contractual clauses at Google at https://business.safety.google/intl/de/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

Email Marketing Introduction

What is email marketing?

To keep you up to date, we also use the option of email marketing. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. News or general information about a company, products, or services is sent by email to a specific group of people who are interested in it.

If you want to participate in our email marketing (usually via newsletter), you usually only need to register with your email address. To do this, you fill out an online form and submit it. However, it may also happen that we ask you for your salutation and name so that we can address you personally.

In principle, subscribing to newsletters works with the so-called 'double opt-in procedure.' After you have registered for our newsletter on our website, you will receive an email through which you confirm your newsletter subscription. This ensures that the email address belongs to you and that no one has registered with someone else's email address. We or a notification tool we use log each individual registration. This is necessary so that we can also prove the legally correct registration process. Usually, the time of registration, the time of confirmation, and your IP address are stored. Additionally, it is also logged if you make changes to your stored data.

Why do we use email marketing?

Of course, we want to stay in contact with you and always present you with the most important news about our company. For this purpose, we use, among other things, email marketing—often simply called 'newsletter'—as an essential part of our online marketing. If you agree or if it is legally permitted, we will send you newsletters, system emails, or other notifications by email. When we use the term 'newsletter' in the following text, we mainly mean regularly sent emails. Of course, we do not want to bother you with our newsletter in any way. Therefore, we always strive to provide only relevant and interesting content. For example, you will learn more about our company, our services, or products. Since we are always improving our offers, you will also find out about news or special, lucrative promotions through our newsletter. If we commission a service provider that offers a professional delivery tool for our email marketing, we do so to provide you with fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and to get closer to our business goals.

Which data is processed?

If you become a subscriber to our newsletter via our website, you confirm your membership in an email list by email. In addition to IP address and email address, your salutation, name, address, and telephone number can also be stored. However, only if you consent to this data storage. The data marked as such are necessary for you to participate in the offered service. Providing this information is voluntary, but not providing it means you cannot use the service. Additionally, information about your device or your preferred content on our website may also be stored. For more information on data storage when you visit a website, see the section 'Automatic Data Storage.' We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of data processing

If you remove your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against possible claims.

However, if you confirm that you have given us consent to subscribe to the newsletter, you can request deletion at any time. If you permanently object to the consent, we reserve the right to store your email address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also retain your email address.

Right to object

You have the option to cancel your newsletter subscription at any time. To do this, you simply need to revoke your consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks. Most of the time, you will find a link at the end of each email to cancel the newsletter subscription. If the link really cannot be found in the newsletter, please contact us by email and we will immediately cancel your newsletter subscription.

Legal basis

The sending of our newsletter is based on your consent (Article 6 (1) (a) GDPR). This means we may only send you a newsletter if you have actively registered for it beforehand. If applicable, we may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct advertising.

Information about specific email marketing services and how they process personal data can be found—if available—in the following sections.

MailChimp Privacy Policy

What is MailChimp?

Like many other websites, we also use the services of the newsletter company MailChimp on our website. The operator of MailChimp is Intuit Inc., 2700 Coast Ave, Mountain View, California 94043, USA. Thanks to MailChimp, we can easily send you interesting news via newsletter. With MailChimp, we don't have to install anything and can still draw from a pool of truly useful features. Below, we take a closer look at this email marketing service and inform you about the most important data protection aspects.

MailChimp is a cloud-based newsletter management service. "Cloud-based" means that we do not have to install MailChimp on our own computer or server. Instead, we use the service via an IT infrastructure—available over the Internet—on an external server. This way of using software is also called SaaS (Software as a Service). The following graphic schematically shows how MailChimp distributes emails to newsletter recipients.

With MailChimp, we can choose from a wide range of different email types. Depending on what we want to achieve with our newsletter, we can run single campaigns, regular campaigns, autoresponders (automatic emails), A/B tests, RSS campaigns (sending at predefined times and frequencies), and follow-up campaigns.

Why do we use MailChimp on our website?

Basically, we use a newsletter service so that we can stay in contact with you. We want to tell you what's new with us or what attractive offers we currently have in our program. For our marketing activities, we are always looking for the simplest and best solutions. And for this reason, we have chosen the newsletter management service from MailChimp. Although the software is very easy to use, it offers a large number of helpful features. This allows us to create interesting and beautiful newsletters in a very short time. With the provided design templates, we can design each newsletter individually, and thanks to the "responsive design," our content is displayed clearly and beautifully on your smartphone (or any other mobile device).

With tools such as the A/B test or the extensive analysis options, we can very quickly see how our newsletters are received by you. This allows us to react if necessary and improve our offer or services.

Another advantage is MailChimp's "cloud system." The data is not stored and processed directly on our server. We can retrieve the data from external servers, thus saving our storage space. In addition, the maintenance effort is significantly reduced.

What data is stored by MailChimp?

MailChimp operates online platforms that enable us to get in touch with you (if you have subscribed to our newsletter). If you become a subscriber to our newsletter via our website, you confirm your membership in a MailChimp email list by email. In order for MailChimp to prove that you have registered with the 'list provider,' the date of registration and your IP address are stored. MailChimp also stores your email address, your name, your physical address, and demographic information such as language or location.

This information is used to send you emails and to enable certain other MailChimp features (such as newsletter analytics).

MailChimp also shares information with third-party providers to deliver better services. MailChimp also shares some data with third-party advertising partners to better understand the interests and concerns of its customers, so that more relevant content and targeted advertising can be provided.

Through so-called 'web beacons' (these are small graphics in HTML emails), MailChimp can determine whether the email has arrived, whether it has been opened, and whether links have been clicked. All this information is stored on MailChimp's servers. This provides us with statistical analyses and allows us to see exactly how well our newsletter was received by you. In this way, we can tailor our offerings much better to your wishes and improve our service.

MailChimp may also use this data to improve its own service. For example, this can technically optimize delivery or determine the location (the country) of recipients.

The following cookies may be set by MailChimp. This is not a complete list of cookies, but rather a representative selection:

Name: AVESTA_ENVIRONMENT
Value: Prod
Purpose: This cookie is necessary to provide the Mailchimp services. It is always set when a user registers for a newsletter mailing list.
Expiration date: after session end

Name: ak_bmsc
Value: F1766FA98C9BB9DE4A39F70A9E5EEAB55F6517348A7000001122970637-3
Purpose: The cookie is used to distinguish a human from a bot. This allows secure reports on the use of a website to be created.
Expiration date: after 2 hours

Name: bm_sv
Value: A5A322305B4401C2451FC22FFF547486~FEsKGvX8eovCwTeFTzb8//I3ak2Au…
Purpose: The cookie is from MasterPass Digital Wallet (a MasterCard service) and is used to securely and easily offer a visitor a virtual payment transaction. For this purpose, the user is anonymously identified on the website.
Expiration date: after 2 hours

Name: _abck
Value: 8D545C8CCA4C3A50579014C449B045122970637-9
Purpose: We were unable to obtain more detailed information about the purpose of this cookie.
Expiration date: after one year

Sometimes it may happen that you open our newsletter via a provided link for better display. This is the case, for example, if your email program is not working or the newsletter is not displayed properly. The newsletter is then displayed via a MailChimp website. MailChimp also uses cookies (small text files that store data on your browser) on its own websites. In doing so, personal data may be processed by MailChimp and its partners (e.g., Google Analytics). This data collection is the responsibility of MailChimp and we have no influence over it. In the “Cookie Statement” of MailChimp (at: https://mailchimp.com/legal/cookies/) you can find out exactly how and why the company uses cookies.

How long and where is the data stored?

Since MailChimp is an American company, all collected data is also stored on American servers.

In principle, the data remains permanently stored on MailChimp's servers and is only deleted when you request it. You can have your contact deleted by us. This will permanently remove all your personal data for us and anonymize you in the MailChimp reports. However, you can also request the deletion of your data directly from MailChimp. In that case, all your data will be removed there and we will receive a notification from MailChimp. After we receive the email, we have 30 days to delete your contact from all connected integrations.

How can I delete my data or prevent data storage?

You can withdraw your consent to receive our newsletter at any time within the received email by clicking the link at the bottom. If you unsubscribe by clicking the unsubscribe link, your data will be deleted from MailChimp.

If you access a MailChimp website via a link in our newsletter and cookies are set in your browser, you can delete or disable and manage these cookies at any time. Under the section “Cookies” you will find the corresponding links to the instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

The sending of our newsletter by MailChimp is based on your Consent (Article 6 para. 1 lit. a GDPR). This means we may only send you a newsletter if you have actively signed up for it beforehand. If consent is not required, the newsletter is sent on the basis of legitimate interest in direct marketing (Article 6 para. 1 lit. f), provided this is legally permitted. We record your registration process so that we can always prove that it complies with our laws.

MailChimp processes your data, among other things, in the USA. MailChimp or Inuit is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, MailChimp uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, MailChimp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Mailchimp's Data Processing Terms (Data Processing Addendum), which correspond to the Standard Contractual Clauses, can be found at https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

You can learn more about the use of cookies at MailChimp at https://mailchimp.com/legal/cookies/, information about privacy at MailChimp (Privacy) can be found at https://www.intuit.com/privacy/statement/ read.

Data Processing Agreement (DPA) MailChimp

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with MailChimp. You can read what exactly a DPA is and, above all, what must be included in a DPA in our general section “Data Processing Agreement (DPA)”.

This contract is legally required because MailChimp processes personal data on our behalf. It clarifies that MailChimp may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://mailchimp.com/de/legal/data-processing-addendum/.

Social Media Introduction

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically target users interested in us via social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This is the case, for example, when you click a so-called social button on our website and are redirected directly to our social media presence. Websites and apps where registered members can produce content, exchange content openly or in certain groups, and network with other members are referred to as social media.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presences, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you quickly and easily switch to our social media content.

The data stored and processed through your use of a social media channel primarily serves the purpose of conducting web analyses. The aim of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This enables the platforms to present you with tailored advertisements. Most often, cookies are set in your browser for this purpose, which store data about your usage behavior.

As a rule, we assume that we remain responsible under data protection law, even when we use services of a social media platform. However, the European Court of Justice has decided that in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will point this out separately and work on the basis of a corresponding agreement. The essentials of the agreement are then reproduced further below for the affected platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to assert or enforce your rights regarding your personal data as easily.

Which data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. But usually, it involves data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have your own profile with the visited social media channel and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. Thus, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to data processing, you should carefully read the respective company's privacy policy. Even if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with its own user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If, as in the case of accounting, it is required by law, this storage period may also be exceeded.

Right to object

You also have the right and the opportunity at any time to revoke your consent to the use of cookies or third-party providers such as embedded social media elements. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may be used with social media tools, we also recommend our general privacy policy on cookies. To find out exactly which data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

You can find information about specific social media platforms – if available – in the following sections.

Facebook Privacy Policy

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc. or, for the European region, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people interested in our products and services the best possible experience.

If data about you is collected and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone is responsible for the further processing of this data. Our joint obligations have also been set out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum anchored. It states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a way that complies with data protection laws. Facebook, on the other hand, is responsible, for example, for the data security of Facebook products. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called 'Facebook Business Tools.' This is Facebook's official term. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include, among others:

• Facebook Pixel
• social plug-ins (such as the 'Like' or 'Share' button)
• Facebook Login
• Account Kit
• APIs (programming interface)
• SDKs (collection of programming tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentations
• Technologies and services

Through these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are truly interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, in order to show users relevant ads, Facebook needs information about people's wishes and needs. This way, the company is provided with information about user behavior (and contact data) on our website. As a result, Facebook collects better user data and can show interested people the right ads about our products or services. The tools thus enable tailored advertising campaigns on Facebook.

Data about your behavior on our website is called 'event data' by Facebook. This data is also used for measurement and analysis services. In this way, Facebook can create 'campaign reports' on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analyses, we gain better insight into how you use our services, website, or products. As a result, we optimize your user experience on our website with some of these tools. For example, with social plugins, you can share content from our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address may be transmitted.

Facebook uses this information to match the data with the data it already has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, a process called 'hashing' takes place. This means that any size data set is transformed into a string of characters. This also serves to encrypt data.

In addition to contact data, 'event data' is also transmitted. 'Event data' refers to information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers), unless the company has explicit permission or is legally required to do so. 'Event data' can also be linked to contact data. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.

To be able to deliver ads in an optimized way, Facebook only uses the event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Many of this data is transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, a different number of cookies will be set in your browser. In the descriptions of the individual Facebook tools, we go into more detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent data storage?

According to the General Data Protection Regulation, you have the right to access, rectify, transfer, and delete your data.

A complete deletion of the data only occurs if you delete your Facebook account entirely. Here’s how to delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Then click on “Your Facebook Information” in the left column.

3) Now click on “Deactivation and Deletion.”

4) Now select “Delete Account” and then click on “Continue to Account Deletion.”

5) Now enter your password, click on “Continue,” and then on “Delete Account.”

The storage of data that Facebook receives through our page also occurs via cookies (e.g., with social plugins). In your browser, you can disable, delete, or manage individual or all cookies. Depending on which browser you use, this works in different ways. In the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review Facebook's privacy policy or cookie guidelines.

Facebook processes your data, among other things, in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data processing by the Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the data policy at https://www.facebook.com/privacy/policy/.

Facebook Login Privacy Policy

We have integrated the convenient Facebook Login on our site. This allows you to easily log in to our site using your Facebook account without having to create another user account. If you choose to register via Facebook Login, you will be redirected to the social media network Facebook. There, the login is carried out using your Facebook user data. Through this login process, data about you or your user behavior is stored and transmitted to Facebook.

To store the data, Facebook uses various cookies. Below we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure that the social plugin on our website functions optimally.
Expiration date: after 3 months

Name: datr
Value: 4Jh7XUA2122970637SEmPsSfzCOO4JFFl
Purpose: Facebook sets the 'datr' cookie when a web browser accesses facebook.com, and the cookie helps identify login activities and protect users.
Expiration date: after 2 years

Name: _js_datr
Value: deleted
Purpose: Facebook sets this session cookie for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiration date: after session end

Note: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include _fbp, sb, or wd. A complete list is not possible, as Facebook has a large number of cookies and uses them variably.

The Facebook login offers you a fast and easy registration process on the one hand, and on the other hand, it allows us to share data with Facebook. This enables us to better tailor our offerings and promotions to your interests and needs. Data we receive from Facebook in this way includes public data such as

• Your Facebook name
• Your profile picture
• a registered email address
• Friend lists
• Button information (e.g. 'Like' button)
• Date of birth
• Language
• Place of residence

In return, we provide Facebook with information about your activities on our website. This includes information about your device, which subpages you visit on our site, or which products you have purchased from us.

By using Facebook Login, you consent to data processing. You can revoke this agreement at any time. If you want more information about data processing by Facebook, we recommend the Facebook privacy policy at https://www.facebook.com/privacy/policy/.

If you are logged in to Facebook, you can adjust your ad settings at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen change yourself.

Facebook Lookalike Audience Privacy Policy

We also use the advertising tool Facebook Lookalike Audience. The service provider is the American company Meta Platforms Inc. For the European area, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Facebook processes your data, among other things, in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Meta Platforms also uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Meta Platforms undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook Lookalike Audience in the privacy policy at https://www.facebook.com/about/privacy.

Facebook Social Plug-ins Privacy Policy

Our website includes so-called social plug-ins from the company Meta Platforms Inc. You can recognize these buttons by the classic Facebook logo, such as the “Like” button (the hand with the raised thumb) or by a clear “Facebook Plug-in” label. A social plug-in is a small part of Facebook that is integrated into our site. Each plug-in has its own function. The most commonly used functions are the well-known “Like” and “Share” buttons.

The following social plug-ins are offered by Facebook:

• “Save” button
• “Like” button, Share, Send, and Quote
• Page plug-in
• Comments
• Messenger plug-in
• Embedded posts and video player
• Group plug-in

On https://developers.facebook.com/docs/plugins you can find more information on how each plug-in is used. We use social plug-ins on the one hand to offer you a better user experience on our site, and on the other hand because Facebook can optimize our advertisements as a result.

If you have a Facebook account or https://www.facebook.com/ have visited before, Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our site or interact with social plug-ins (e.g. the 'Like' button).

The information received will be deleted or anonymized again within 90 days. According to Facebook, this data includes your IP address, which website you visited, the date, the time, and other information relating to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and linking it with Facebook data, you must log out of Facebook during your website visit.

If you are not logged into Facebook or do not have a Facebook account, your browser sends less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you visit can be transmitted to Facebook. We would like to expressly point out that we do not know the exact content of the data. However, we try to inform you about data processing as best as possible according to our current knowledge. How Facebook uses the data can also be found in the company's data policy at https://www.facebook.com/about/privacy/update read.

The following cookies are at least set in your browser when you visit a website with social plug-ins from Facebook:

Name: dpr
Value: no information
Purpose: This cookie is used to ensure that the social plug-ins on our website work.
Expiration date: after session end

Name: fr
Value: 0jieyh4122970637c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is also necessary for the plug-ins to function properly.
Expiration date:: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged in to Facebook, you can adjust your ad settings at https://www.facebook.com/adpreferences/advertisers/ change yourself. If you are not a Facebook user, you can https://www.youronlinechoices.com/de/praferenzmanagement/?tid=122970637 basically manage your usage-based online advertising. There you have the option to deactivate or activate providers.

If you want to learn more about Facebook's data protection, we recommend the company's own data policies at https://www.facebook.com/privacy/policy/.

Gravatar Privacy Policy

What is Gravatar?

We have integrated the Gravatar plug-in from Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA) on our website. Gravatar is automatically activated on all WordPress websites, among others. The function allows user images (avatars) to be displayed with published posts or comments, provided the corresponding email address is registered with www.gravatar.com is registered.

Through this function, data is sent to, stored, and processed by the company Gravatar or Automattic Inc. In this privacy policy, we want to inform you about which data is involved, how the network uses this data, and how you can manage or prevent the storage of this data.

Gravatar basically stands for 'Globally Recognized Avatar', meaning a globally available avatar (a user image) that is linked to the email address. The company Gravatar is the world's leading provider of this service. As soon as a user enters the email address on a website that is also registered with Gravatar, www.gravatar.com is registered, a previously stored image is automatically displayed together with a published post or comment.

Why do we use Gravatar on our website?

There is often talk about anonymity on the internet. Through an avatar, users get a face to the people commenting. In addition, you are generally more easily recognized on the web and can build a certain level of notoriety. Many users enjoy the advantages of such a user image and also want to appear personal and authentic on the web. Of course, we want to give you the opportunity to display your Gravatar on our website as well. We also like to see faces to our commenting users. By enabling the Gravatar function, we also expand our service on our website. After all, we want you to feel comfortable on our website and to receive a comprehensive and interesting offer.

What data is stored by Gravatar?

As soon as you, for example, publish a comment on a blog post that requires an email address, WordPress checks whether the email address is linked to an avatar at Gravatar. For this request, your email address in encrypted or hashed form, along with your IP address and our URL, is sent to the servers of Gravatar or Automattic. This checks whether this email address is registered with Gravatar.

If this is the case, the image stored there (Gravatar) is displayed together with the published comment. If you have registered an email address with Gravatar and comment on our website, further data is transmitted to, stored, and processed by Gravatar. In addition to the IP address and user behavior data, this includes, for example, browser type, unique device identifier, preferred language, date and time of page entry, operating system, and information about the mobile network. Gravatar uses this information to improve its own services and offerings and to gain better insights into the use of its own service.

The following cookies are set by Automattic when a user uses an email address registered with Gravatar for a comment:

Name: gravatar
Value: 16b3191024acc05a238209d51ffcb92bdd710bd19122970637-7
Purpose: We could not obtain exact information about the cookie.
Expiration date: after 50 years

Name: is-logged-in
Value: 1122970637-1
Purpose: This cookie stores the information that the user is logged in with the registered email address.
Expiration date: after 50 years

How long and where is the data stored?

Automattic deletes the collected data when it is no longer used for its own services and the company is not legally required to retain the data. Web server logs such as IP address, browser type, and operating system are deleted after about 30 days. Until then, Automattic uses the data to analyze traffic on its own websites (for example, all WordPress sites) and to fix possible problems. The data is also stored on Automattic's American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have registered with Gravatar using an email address, you can delete your account or the email address there at any time.

Since an image is only displayed and data is only transmitted to Gravatar when using an email address registered with Gravatar, you can also prevent the transmission of your data to Gravatar by commenting or posting on our website with an email address not registered with Gravatar.

You can manage, disable, or delete possible cookies set during commenting in your browser. Please note that certain comment functions may then no longer be fully available. Depending on which browser you use, cookie management works a little differently. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy regarding cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Gravatar also processes your data, among other things, in the USA. Gravatar or Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find out more about the Standard Contractual Clauses and the data processed through the use of Gravatar in the privacy policy at https://automattic.com/privacy/, general information about Gravatar at http://de.gravatar.com/.

Instagram Privacy Policy

What is Instagram?

We have integrated functions from Instagram on our website. Instagram is a social media platform owned by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos, or videos from Instagram directly on our website. When you access pages of our web presence that have an integrated Instagram function, data is transmitted to, stored, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

Below, we would like to give you a more detailed insight into why Instagram collects data, what data is involved, and how you can largely control data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information partly from the Instagram policies and partly from the Meta privacy policies themselves.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the benefits of audiovisual platforms like YouTube or Vimeo. On 'Insta' (as many users casually call the platform), you can upload photos and short videos, edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course, we have responded to this boom. We want you to feel as comfortable as possible on our website. That's why a varied presentation of our content is a matter of course for us. Through the embedded Instagram functions, we can enrich our content with helpful, funny, or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the collected data can also be useful to us for personalized advertising on Facebook. This way, our ads are only shown to people who are truly interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and thus gain more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.

What data is stored by Instagram?

If you come across one of our pages that has Instagram functions (such as Instagram images or plug-ins) integrated, your browser automatically connects to Instagram's servers. In the process, data is sent to, stored, and processed by Instagram. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, ads you see, and how you use our offering. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is also the case with Instagram. Customer data includes, for example, name, address, telephone number, and IP address. This customer data is only transmitted to Instagram after it has been 'hashed.' Hashing means a data record is converted into a string of characters. This allows contact data to be encrypted. In addition, the above-mentioned 'event data' is also transmitted. By 'event data,' Facebook—and consequently Instagram—means data about your user behavior. It can also happen that contact data is combined with event data. The collected contact data is compared with the data that Instagram already has about you.

Through small text files (cookies), which are usually set in your browser, the collected data is transmitted to Facebook. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing on Instagram works the same way as on Facebook. This means: if you have an Instagram account or have visited www.instagram.com Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. At the latest after 90 days (after reconciliation), this data is deleted or anonymized. Although we have dealt intensively with Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you the cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we could not find out more precisely.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers inside and outside of Instagram. The cookie sets a unique user ID.
Expiration date: after the end of the session

Name: fbsr_122970637124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe122970637”
Purpose: This cookie serves Instagram's marketing purposes.
Expiration date: after the end of the session

Note: We cannot claim to be exhaustive here. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between the Facebook companies, with external partners, and with people you connect with worldwide. Data processing is carried out in compliance with its own data policy. For security reasons, among others, your data is distributed across Facebook servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, transfer, correct, and delete your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

This is how you delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on 'Help Center.' You will now be taken to the company's website. On the website, click on 'Managing Your Account' and then on 'Delete Your Account.'

If you delete your account completely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As already mentioned above, Instagram primarily stores your data via cookies. You can manage, disable, or delete these cookies in your browser. Depending on your browser, management always works a little differently. Under the 'Cookies' section, you will find the relevant links to the instructions for the most popular browsers.

You can also generally set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy regarding cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Instagram also processes your data, among other things, in the USA. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Instagram uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. On https://privacycenter.instagram.com/policy/ you can learn more about Instagram's data policies.

Instagram Lookalike Audience Privacy Policy

We also use the advertising tool Instagram Lookalike Audience. The service provider is the American company Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Instagram or Meta also processes your data, among other things, in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Meta Platforms also uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Meta Platforms undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Instagram or Meta data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can learn more about the data processed through the use of Instagram Lookalike Audience in the privacy policy at https://privacycenter.instagram.com/policy/.

Pinterest Privacy Policy

What is Pinterest?

We use buttons and widgets from the social media network Pinterest on our site, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related matters.

Pinterest is a social network that specializes in graphic representations or photographs. The name is made up of the two words “pin” and “interest.” Users can exchange information about various hobbies and interests via Pinterest and view the respective profiles with images either publicly or in defined groups.

Why do we use Pinterest?

Pinterest has been around for several years now and is still one of the most visited and valued social media platforms. Pinterest is particularly suitable for our industry because the platform is primarily known for beautiful and interesting images. That’s why we are also represented on Pinterest and want to showcase our content outside of our website as well. The collected data can also be used for advertising purposes, so that we can show advertising messages precisely to those people who are interested in our services or products.

What data is processed by Pinterest?

So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (for example, when you click the Save or Pin button), search histories, date and time of the request, and cookie and device data. If you interact with an embedded Pinterest feature, cookies that store various data may also be set in your browser. Usually, the aforementioned log data, preset language settings, and clickstream data are stored in cookies. By clickstream data, Pinterest means information about your website behavior.

If you have your own Pinterest account and are logged in, the data collected via our site can be added to your account and used for advertising purposes. If you interact with our embedded Pinterest features, you are usually redirected to the Pinterest site. Here is a sample selection of cookies that are then set in your browser.

Name: _auth
Value: 0
Purpose: The cookie is used for authentication. For example, a value such as your "username" can be stored in it. 
Expiration date: after one year

Name: _pinterest_referrer
Value: 1
Purpose: The cookie stores that you reached Pinterest via our website. Thus, the URL of our website is stored.
Expiration date: after session end

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: The cookie is used for logging in to Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiration date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065122970637-8”
Purpose: The cookie contains an assigned value that is used to identify a specific routing target.
Expiration date: after one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and the timestamp.
Expiration date: after one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165122970637-1
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we could not find out more precisely.
Expiration date: after one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to obtain more detailed information about this cookie.
Expiration date: after one day

How long and where is the data stored?

Pinterest generally stores the collected data as long as it is needed for the purposes of the company. As soon as data retention is no longer necessary, for example to comply with legal requirements, the data is either deleted or anonymized so that you can no longer be identified as a person. The data may also be stored on American servers.

Right to object

You also have the right and the possibility at any time to revoke your consent to the use of cookies or third-party providers such as Pinterest. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since embedded Pinterest elements may use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. However, we only use the tool if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Pinterest processes data from you, among other things, also in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there, Pinterest uses so-called Standard Contractual Clauses (= Art. 46. Sec. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about the Standard Contractual Clauses at Pinterest at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest. https://policy.pinterest.com/de/privacy-policy you can learn more about Pinterest's data policies.

Online Marketing Introduction

What is online marketing?

Online marketing refers to all measures carried out online to achieve marketing goals such as increasing brand awareness or closing a business deal. Furthermore, our online marketing activities aim to draw people's attention to our website. In order to present our offer to many interested people, we engage in online marketing. Most often, this involves online advertising, content marketing, or search engine optimization. To use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us show our content only to those people who are truly interested, and on the other hand, we can measure the advertising success of our online marketing activities.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in our offer. We are aware that this is not possible without consciously implemented measures. That is why we do online marketing. There are various tools that make our work on online marketing activities easier and also constantly provide suggestions for improvement through data. This allows us to target our campaigns more precisely to our audience. The purpose of these online marketing tools is ultimately the optimization of our offer.

Which data is processed?

For our online marketing to work and for the success of the measures to be measured, user profiles are created and data is stored, for example, in cookies (these are small text files). With the help of this data, we can not only place advertisements in the traditional sense, but also display our content directly on our website in the way you prefer. There are various third-party tools that offer these functions and accordingly also collect and store data from you. For example, the cookies store which web pages you have visited on our website, how long you viewed these pages, which links or buttons you clicked, or from which website you came to us. Additionally, technical information can also be stored, such as your IP address, which browser you use, from which device you visit our website, or the time when you accessed our website and when you left it again. If you have consented to us determining your location, we can also store and process this.

Your IP address is stored in a pseudonymized form (i.e., shortened). Unique data that directly identifies you as a person, such as name, address, or email address, is also only stored in pseudonymized form within the scope of advertising and online marketing procedures. So we cannot identify you as a person; we only have the pseudonymized, stored information in the user profiles.

The cookies may also be used, analyzed, and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (names, email addresses, etc.) may also be stored in the user profiles. This occurs, for example, if you are a member of a social media channel that we use for our online marketing activities and the network links previously collected data with the user profile.

For all advertising tools we use that store your data on their servers, we only ever receive aggregated information and never data that would identify you as an individual. The data only shows how well the advertising measures worked. For example, we can see which measures prompted you or other users to come to our website and purchase a service or product. Based on the analyses, we can improve our advertising offer in the future and tailor it even more precisely to the needs and wishes of interested people.

Duration of data processing

We inform you about the duration of data processing further below, provided we have additional information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. In the respective privacy policies of the individual providers, you will usually find precise information about the specific cookies used by the provider.

Right to object

You also have the right and the opportunity at any time to withdraw your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of processing up to the point of withdrawal remains unaffected.

Since online marketing tools generally use cookies, we also recommend our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent) this consent constitutes the legal basis for the processing of personal data, as may occur when collected by online marketing tools.

On our part, there is also a legitimate interest in measuring online marketing activities in anonymized form in order to optimize our offerings and measures using the data obtained. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.

Information on specific online marketing tools can be found—if available—in the following sections.

PayPal Marketing Solutions Privacy Policy

What is PayPal Marketing Solutions?

We use the sales optimization tool PayPal Marketing Solutions on our website. The service provider is the American company PayPal Inc. For the European region, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

With PayPal Marketing Solutions, we can carry out targeted marketing campaigns to better market our services or products. The company was founded in 1998 and now, with over 325 million active customers, is one of the best-known and largest online payment service providers worldwide. PayPal Marketing Solutions is an additional service offered by the company alongside its payment services.

Why do we use PayPal Marketing Solutions for our website?

There are various reasons why we use and offer PayPal Marketing Solutions on our website. We want to provide you with the best possible service and user experience (UX) on our website. For us, this also means that you only see content and advertisements that really interest you. With PayPal Marketing Solutions, we can tailor advertisements and other content exactly to your wishes and interests. This allows us to provide you with good content and achieve our business goals more easily and quickly.

What data is processed by PayPal Marketing Solutions?

In its privacy policy, PayPal distinguishes between different categories of personal data that may be processed through the use of the service. These include login and contact details, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. This includes information that can be derived from transactions or other data. These can be purchasing habits, behavioral patterns, creditworthiness, or personal preferences.

There is also personal data collected by third parties (such as identity verifiers, fraud detection providers, or your bank). This data includes information from credit agencies, transaction data, information on legal regulations, technical usage data, location data, and again derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and conduct analytics for interest-based advertising.

How long and where is the data stored?

In principle, PayPal stores the data as long as necessary to fulfill their obligations and within the scope of the purpose. Personal data required for the customer relationship is retained up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g., insolvency law). PayPal also stores personal data as long as necessary if retention is advisable in view of legal disputes.

Since PayPal is a globally operating company, the service also has data centers worldwide where your data may be stored. This means your data may also be stored outside your country and outside the scope of the GDPR on PayPal servers.

How can I delete my data or prevent data storage?

You have the right at any time to access, correct, delete, or restrict the processing of your personal data. You can also revoke your consent to the processing of your data at any time.

If you generally want to disable, delete, or manage cookies, you will find the relevant links to the instructions for the most popular browsers in the 'Cookies' section.

Legal basis

The use of PayPal Marketing Solutions requires your consent, which we have obtained via our cookie popup. This consent constitutes, according to Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur when collected by PayPal Marketing Solutions.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use PayPal Marketing Solutions if you have given your consent.

PayPal also processes your data, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there, PayPal uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the Standard Contractual Clauses and the data processed through the use of PayPal Marketing Solutions, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Pinterest Ads Privacy Policy

We also use the advertising platform Pinterest Ads. The service provider is the American company Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA.

Pinterest processes data from you, among other things, also in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., especially in the USA) or for data transfer there, Pinterest uses so-called Standard Contractual Clauses (= Art. 46. Sec. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about the Standard Contractual Clauses at Pinterest at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about data processing by Pinterest. https://policy.pinterest.com/de/privacy-policy you can learn more about Pinterest's data policies.

Viralize Privacy Policy

We also use the advertising platform Viralize for our business. The service provider is the Italian company ShowHeroes s.r.l., Via di Santo Spirito 14, 50125 Florence, Italy.

You can find out more about the data processed through the use of Viralize in the privacy policy at https://showheroes.com/privacy-policy/.

Cookie Consent Management Platform Introduction

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides you with the legally required cookie consent, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you want to allow or not. The following graphic shows the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data about you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are informed about all cookies and can provide you with information in accordance with the GDPR. Through the consent system, you can then accept or reject cookies.

Which data is processed?

Within our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your declaration of consent is stored so that we do not have to ask you every time you visit our website and so that we can prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, time of consent, details about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing further below, if we have more information about it. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. In the respective privacy policies of the individual providers, you will usually find precise information about the duration of data processing.

Right to object

You also have the right and the possibility at any time to revoke your consent to the use of cookies. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information about specific cookie management tools, if available, can be found in the following sections.

Legal basis

If you consent to cookies, personal data about you will be processed and stored via these cookies. If we, through your Consent (Article 6 para. 1 lit. a GDPR) Cookies may be used, this consent is also simultaneously the legal basis for the use of cookies or the processing of your data. In order to be able to manage consent to cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in a legally compliant manner efficiently, which is a legitimate interest (Article 6 para. 1 lit. f GDPR).

AdSimple Consent Manager Privacy Policy

What is the AdSimple Consent Manager?

We use the AdSimple Consent Manager on our website from the software development and online marketing company AdSimple GmbH, Fabriksgasse 20, 2230 Gänserndorf. The AdSimple Consent Manager offers us, among other things, the possibility to provide you with a comprehensive and privacy-compliant cookie notice so that you can decide for yourself which cookies you allow and which you do not. By using this software, data from you is sent to and stored by AdSimple. In this privacy policy, we inform you why we use the AdSimple Consent Manager, which data is transmitted and stored, and how you can prevent this data transfer.

The AdSimple Consent Manager is a software that scans our website and identifies and categorizes all existing cookies. In addition, as a website visitor, you are informed about the use of cookies via a cookie notice script and can decide for yourself which cookies you allow and which you do not.

Why do we use the AdSimple Consent Manager on our website?

We want to offer you maximum transparency in the area of data protection. To ensure this, we first need to know exactly which cookies have ended up on our website over time. Because the Consent Manager from AdSimple regularly scans our website and identifies all cookies, we have full control over these cookies and can act in compliance with the GDPR. This allows us to inform you precisely about the use of cookies on our website. Furthermore, you always receive a current and data protection-compliant cookie notice and can decide for yourself via a checkbox system which cookies you accept or block.

What data is stored by the AdSimple Consent Manager?

If you consent to cookies on our website, the following cookie is set by the AdSimple Consent Manager:

Name: acm_status
Value: “:true,”statistics”:true,”marketing”:true,”socialmedia”:true,”settings”:true}
Purpose: Your consent status is stored in this cookie. This allows our website to read and follow the current status on future visits as well.
Expiration date: after one year

How long and where is the data stored?

All data collected by the AdSimple Consent Manager is transmitted and stored exclusively within the European Union. The collected data is stored on AdSimple's servers at Hetzner GmbH in Germany. Only AdSimple GmbH and Hetzner GmbH have access to this data.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. You can prevent data collection and storage, for example, by rejecting the use of cookies via the cookie notice script. Another way to prevent or manage data processing according to your preferences is offered by your browser. Cookie management works slightly differently depending on the browser. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

If you consent to cookies, personal data about you will be processed and stored via these cookies. If we, through your Consent (Article 6 para. 1 lit. a GDPR) If cookies may be used, this consent is also simultaneously the legal basis for the use of cookies or the processing of your data. In order to manage consent to cookies and to enable you to give your consent, the AdSimple Consent Manager is used. The use of this software enables us to operate the website in a legally compliant manner in an efficient way, which is a legitimate interest (Article 6 para. 1 lit. f GDPR).

We hope we have given you a good overview of the data traffic and data processing by the AdSimple Consent Manager. If you want to learn more about this tool, we recommend the description page at https://www.adsimple.at/consent-manager/.

Payment Provider Introduction

What is a payment provider?

We use online payment systems on our website that enable a secure and smooth payment process for both you and us. In doing so, personal data may also be sent to, stored by, and processed by the respective payment provider. Payment providers are online payment systems that allow you to place an order via online banking. The payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

Of course, we want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and can use our offers. We know that your time is valuable and that payment processing in particular must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

Which data is processed?

Exactly which data is processed depends, of course, on the respective payment provider. But generally, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data in order to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, can also be stored. Your IP address and information about the computer you use are also stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. As the website operator, we do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, it may happen that payment providers forward data to the relevant authority. For all payment transactions, the terms and privacy policies of the respective provider always apply. Therefore, please always also check the general terms and conditions and the privacy policy of the payment provider. You also have the right at any time, for example, to have data deleted or corrected. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and right to object).

Duration of data processing

We will inform you about the duration of data processing further below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. If, as in the case of accounting, it is required by law, this storage period may be exceeded. For example, we keep booking receipts related to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they arise.

Right to object

You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the respective payment provider.

You can delete, deactivate, or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR)  in addition to the usual banks/credit institutions, other payment service providers as well. In the privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) you are provided with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties with questions regarding data protection topics.

You can find information about the specific payment providers – if available – in the following sections.

Amazon Payments Privacy Policy

We use Amazon Payments on our website, a service for online payment procedures. The service provider is the American company Amazon.com Inc. For the European region, the company Amazon Payments Europe S.C.A. (38 Avenue J.F. Kennedy, L-1855 Luxembourg) is responsible.

Amazon processes your data, among other things, in the USA. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Amazon uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Amazon undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find the Amazon Data Processing Addendum (AWS GDPR DATA PROCESSING), which complies with the Standard Contractual Clauses, at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

You can learn more about the data processed through the use of Amazon Payments in the privacy policy at https://pay.amazon.de/help/201212490.

American Express Privacy Policy

We use American Express, a globally operating financial service provider, on our website. The service provider is the American company American Express Company. For the European region, the company American Express Europe S.A. (Avenida Partenón 12-14, 28042, Madrid, Spain) is responsible.

American Express also processes your data, among other things, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular in the USA) or for data transfer to such countries, American Express uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, American Express undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can learn more about the data processed through the use of American Express in the privacy policy at https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Apple Pay Privacy Policy

We use Apple Pay, a service for online payment procedures, on our website. The service provider is the American company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

Apple also processes data, among other things, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or for data transfers to such countries, Apple uses standard contractual clauses approved by the EU Commission (= Art. 46. Sec. 2 and 3 GDPR). These clauses obligate Apple to comply with the EU data protection level when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision as well as the clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can learn more about the data processed through the use of Apple Pay in the Privacy Policy at https://www.apple.com/legal/privacy/de-ww/.

Google Pay Privacy Policy

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at https://business.safety.google/adscontrollerterms/.

You can learn more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy.

Stripe Privacy Policy

What is Stripe?

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data necessary for the payment process will be forwarded to and stored by Stripe. In this privacy policy, we give you an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

The technology company Stripe offers payment solutions for online payments. With Stripe, it is possible to accept credit and debit card payments in our webshop. Stripe handles the entire payment process. A major advantage of Stripe is, for example, that you never have to leave our website or shop during the payment process and the payment processing is very fast.

Why do we use Stripe for our website?

Of course, we want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and therefore payment processing in particular must work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that ensures secure and fast payment processing.

What data is stored by Stripe?

If you choose Stripe as your payment method, personal data about you will also be transmitted to and stored by Stripe. This involves transaction data. This data includes, for example, the payment method (i.e. credit card, debit card, or account number), bank code, currency, amount, and date of payment. In a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Furthermore, Stripe may also collect, in addition to technical data about your device (such as IP address), your name, address, telephone number, and your country for fraud prevention, financial reporting, and to be able to fully offer its own services.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be forwarded to internal departments, a limited number of external Stripe partners, or to comply with legal requirements. Stripe also uses cookies to collect data. Here you will find a selection of cookies that Stripe may set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456122970637-5
Purpose: This cookie appears when you select the payment method. It stores and recognizes whether you access our website via a PC, tablet, or smartphone.
Expiration date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9122970637-1
Purpose: This cookie is required to process a credit card transaction. For this purpose, the cookie stores your session ID.
Expiration date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose: This cookie also stores your ID and is used by Stripe for the payment process on our website.
Expiration date: after the session has ended

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data is stored until we terminate our cooperation with Stripe. However, in order to fulfill legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. Since Stripe is a globally operating company, the data may also be stored in any country where Stripe offers services. Thus, data may also be stored outside your country, for example in the USA.

How can I delete my data or prevent data storage?

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Data may therefore not simply be transferred to, stored and processed in unsafe third countries unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email contact.

Cookies that Stripe uses for its functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. In the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

We therefore offer, for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) in addition to conventional banks/credit institutions, also the payment service provider Stripe. The successful use of the service also requires your consent (Art. 6 para. 1 lit. a GDPR), insofar as the use requires the approval of cookies.

Stripe processes your data, among other things, in the USA. Stripe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Stripe uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Stripe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

You can find more information about the Standard Contractual Clauses and about the data processed through the use of Stripe in the Privacy Policy at https://stripe.com/at/privacy.

Audio & Video Introduction

What are audio and video elements?

We have integrated audio and/or video elements into our website so that you can watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. All content is therefore also obtained from the respective providers' servers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is generally free of charge, but paid content may also be published. With the help of these embedded elements, you can listen to or watch the respective content via our website.

When you use audio or video elements on our website, personal data about you may also be transmitted to, processed, and stored by the service providers.

Why do we use audio & video elements on our website?

Of course, we want to offer you the best possible service on our website. And we are aware that content is no longer conveyed solely through text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative, and ideally both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio & video elements?

When you access a page on our website that, for example, has an embedded video, your server connects to the provider's server. In the process, data about you is also transmitted to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. In addition, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked, or through which website you are using the service. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of third-party providers either further down in the privacy text of the respective tool or in the provider's privacy policy. In principle, personal data is always processed only as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. You can usually assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others can be stored in your browser for several years.

Right to object

You also have the right and the opportunity at any time to withdraw your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of processing up to the point of withdrawal remains unaffected.

Since the integrated audio and video functions on our site usually also use cookies, you should also read our general privacy policy regarding cookies. In the privacy policies of the respective third-party providers, you will find more detailed information about the handling and storage of your data.

Legal basis

If you have consented to your data being processed and stored by integrated audio and video elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. We only use the integrated audio and video elements if you have given your consent.

YouTube Privacy Policy

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Various data is transmitted in the process (depending on settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European region.

Below, we would like to explain in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past years, YouTube has become one of the most important social media channels worldwide. In order for us to display videos on our website, YouTube provides a snippet of code that we have embedded on our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. In addition, our website is more easily found on the Google search engine thanks to the embedded videos. Even when we run ads via Google Ads, Google can – thanks to the collected data – really only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Other data may include contact details, any ratings, sharing content via social media, or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser, or app. For example, your preferred language setting is retained. But many interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete, because user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y122970637-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after session end

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

Other cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7122970637-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiration date: after 2 years

Name: CONSENT
Value: YES+AT.en+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT also serves security purposes, to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI122970637-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
Expiration date: after 3 months

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google's servers. Most of these servers are located in America. Under https://datacenters.google/ you can see exactly where the Google data centers are located. Your data is distributed across the servers. This makes the data faster to access and better protected against manipulation.

Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited period, and still others are stored by Google for a longer period. Some data (such as items from 'My Activity', photos or documents, products) that are stored in your Google account remain stored until you delete them. Even if you are not signed in to a Google account, you can delete some data that is linked to your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google account. With the automatic deletion function for location and activity data introduced in 2019, information is stored and then deleted depending on your decision—either 3 or 18 months.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. In the 'Cookies' section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to your data being processed and stored by embedded YouTube elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR). In principle, your data is also processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) stored and processed for fast and good communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

YouTube processes your data, among other things, in the USA. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube Subscribe Button (English: 'Subscribe Button') on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words 'Subscribe' or 'YouTube' in white letters on a red background, with the white 'Play symbol' to the left. However, the button may also appear in a different design.

Our YouTube channel regularly offers you funny, interesting, or exciting videos. With the embedded 'Subscribe Button', you can subscribe to our channel directly from our website without having to visit the YouTube website separately. We want to make access to our extensive content as easy as possible for you. Please note that YouTube may store and process data about you as a result.

If you see an embedded subscribe button on our site, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location, and your preset language. In our test, the following four cookies were set without being logged in to YouTube:

Name: YSC
Value: b9-CV6ojI5122970637Y
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after session end

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 12297063795Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

Note: These cookies were set after a test and cannot claim to be complete.

If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and associate them with your YouTube account. For example, YouTube receives information such as how long you browse our site, which browser type you use, which screen resolution you prefer, or which actions you perform.

YouTube uses this data on the one hand to improve its own services and offerings, and on the other hand to provide analyses and statistics for advertisers (who use Google Ads).

YouTube Similar Audiences Privacy Policy

We also use the advertising tool YouTube Similar Audiences. The service provider is the American company Google LLC. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible.

YouTube also processes data from you, among other things, in the USA. YouTube is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

In addition, YouTube – like Google – uses standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). These model templates provided by the EU Commission ensure that your data also complies with European data protection standards when transferred to and stored in third countries (e.g. in the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, YouTube undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. You can find the corresponding implementing decision and the standard contractual clauses, among other things, here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the data processed through the use of YouTube Similar Audiences in the privacy policy at https://policies.google.com/privacy.

YouTube IFrame Player Privacy Policy

We also use the YouTube IFrame Player to embed videos on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data, among other things, in the USA. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube IFrame Player in the Privacy Policy at https://policies.google.com/privacy?hl=de.

YouTube Video Widget Privacy Policy

We also use the YouTube video widget on our website. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data, among other things, in the USA. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube video widget in the Privacy Policy at https://policies.google.com/privacy?hl=de.

Web Design Introduction

What is web design?

We use various tools on our website that serve our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the appropriate appearance of a website is also one of the main goals of professional web design. Web design is a subfield of media design and deals with both the visual as well as the structural and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that a website visitor has on a website. A sub-point of user experience is usability. This is about the user-friendliness of a website. The main focus here is that content, subpages, or products are clearly structured and that you can easily and quickly find what you are looking for. To provide you with the best possible experience on our website, we also use so-called web design tools from third-party providers. In this privacy policy, the category “web design” therefore includes all services that visually enhance our website. These can be, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends very much on the structure, functionality, and visual perception of the website. Therefore, good and professional web design has become increasingly important to us. We are constantly working to improve our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and use our offers if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. Exactly what data is involved depends, of course, very much on the tools used. Further below you can see exactly which tools we use for our website. For more detailed information about data processing, we also recommend reading the respective privacy policy of the tools used. Usually, you will find out there which data is processed, whether cookies are used, and how long the data is stored. Through fonts such as Google Fonts, for example, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the retention period can be only one minute, but also a few years. Please inform yourself accordingly. For this, we recommend our general text section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is always stored only as long as it is necessary for the provision of the service. In the case of legal requirements, data may also be stored for longer.

Right to object

You also have the right and the opportunity at any time to revoke your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. However, with web design elements (mostly with fonts), there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web design tools. On our part, there is also a legitimate interest in improving the web design on our website. After all, we can only provide you with a beautiful and professional web offering in this way. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We definitely want to emphasize this again here.

Information about specific web design tools can be found – if available – in the following sections.

Google Fonts Privacy Policy

What are Google Fonts?

We use Google Fonts on our website. These are the “Google Fonts” from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to register or set a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others have been released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component for maintaining the quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a major advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes visually distort text or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. This external request transmits data to the Google servers. This way, Google also recognizes that you or your IP address have visited our website. The Google Fonts API was developed to reduce the use, storage, and collection of end-user data to what is necessary for the proper provision of fonts. By the way, API stands for 'Application Programming Interface' and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests at Google and is thus protected. With the collected usage numbers, Google can determine how well individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use the Google web service BigQuery to analyze and process large amounts of data.

However, it should be noted that with every Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name is automatically transmitted to the Google servers. Whether this data is also stored is not clearly ascertainable or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets on its servers for one day, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a template that allows you to easily and quickly change, for example, the design or font of a website.

The font files are stored at Google for one year. Google's goal is to generally improve the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and appear immediately on all other subsequently visited websites. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To be able to delete this data prematurely, you must contact Google support. https://support.google.com/?hl=de&tid=122970637 contact us. You can only prevent data storage in this case by not visiting our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we can access a sea of fonts without limitation and get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=122970637. There, Google does address data protection issues, but really detailed information about data storage is not included. It is relatively difficult to get really precise information from Google about stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent) this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Google Fonts.

From our side, there is also a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use Google Font if you have given your consent.

Google also processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ read.

Google Fonts Local Privacy Policy

On our website we use Google Fonts from Google Inc. For the European area, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). We have integrated the Google fonts locally, i.e. on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data transfer or storage.

What are Google Fonts?

Google Fonts used to be called Google Web Fonts. It is an interactive directory with over 800 fonts that Google are provided free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, to prevent any transfer of information to Google servers, we have downloaded the fonts to our server. In this way, we act in compliance with data protection and do not send any data to Google Fonts.

Online Map Services Introduction

What are online map services?

We also use online map services as an extended service for our website. Google Maps is probably the service you are most familiar with, but there are also other providers specializing in creating digital maps. Such services make it possible to display locations, route plans, or other geographic information directly on our website. By integrating a map service, you no longer have to leave our website to, for example, view the route to a location. In order for the online map to work on our website, map sections are embedded using HTML code. The services can then display road maps, the earth's surface, or aerial and satellite images. If you use the embedded map service, data is also transmitted to and stored by the tool used. This data may also include personal data.

Why do we use online map services on our website?

Generally speaking, our aim is to provide you with a pleasant experience on our website. And your time is, of course, only pleasant if you can easily find your way around our website and quickly and easily find all the information you need. That’s why we thought an online map system could be a significant optimization of our website service. Without leaving our website, you can easily view route descriptions, locations, or even sights with the help of the map system. It is also super practical that you can see at a glance where our company headquarters is, so you can find us quickly and safely. As you can see, there are simply many advantages, and we clearly consider online map services on our website as part of our customer service.

What data is stored by online map services?

When you open a page on our website that has an online map function integrated, personal data may be transmitted to and stored by the respective service. Most often, this involves your IP address, which can also be used to determine your approximate location. In addition to the IP address, data such as entered search terms as well as longitude and latitude coordinates are also stored. For example, if you enter an address for route planning, this data is also stored. The data is not stored with us, but on the servers of the integrated tools. You can think of it like this: you are on our website, but when you interact with a map service, this interaction actually takes place on their website. In order for the service to function properly, at least one cookie is usually set in your browser. Google Maps, for example, also uses cookies to record user behavior and thus optimize its own service and be able to display personalized advertising. You can find out more about cookies in our section 'Cookies'.

How long and where is the data stored?

Each online map service processes different user data. If we have further information, we will inform you about the duration of data processing below in the respective sections on the individual tools. In principle, personal data is always kept only as long as it is necessary for the provision of the service. Google Maps, for example, stores certain data for a specified period, other data you must delete yourself. With Mapbox, for example, the IP address is kept for 30 days and then deleted. As you can see, each tool stores data for different lengths of time. Therefore, we recommend that you take a close look at the privacy policies of the tools used.

The providers also use cookies to store data about your user behavior with the map service. You can find more general information about cookies in our section 'Cookies', but also in the privacy texts of the individual providers you can find out which cookies may be used. However, most of the time this is only an exemplary list and is not complete.

Right to object

You always have the option and the right to access your personal data and also to object to its use and processing. You can also revoke your consent that you have given us at any time. Usually, the easiest way to do this is via the cookie consent tool. But there are also other opt-out tools that you can use. Possible cookies set by the providers used can also be managed, deleted, or deactivated by yourself with just a few clicks. However, it may then happen that some functions of the service no longer work as usual. How you manage cookies in your browser also depends on the browser you use. In the 'Cookies' section, you will also find links to the instructions for the most important browsers.

Legal basis

If you have consented to the use of an online map service, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by an online map service.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only ever use an online map service if you have given your consent. We want to make this absolutely clear at this point.

Information about specific online map services can be found – if available – in the following sections.

Google Maps Privacy Policy

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations more effectively and thus tailor our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to explain in more detail what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an online map service from Google. With Google Maps, you can search online via a PC, tablet, or app for exact locations of cities, sights, accommodations, or businesses. If companies are listed on Google My Business, additional information about the company is displayed alongside the location. To show directions, map sections of a location can be embedded into a website using HTML code. Google Maps displays the earth's surface as a street map or as an aerial or satellite image. Thanks to Street View images and high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page aim to provide you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. At a glance, you can see where our company headquarters is located. The directions always show you the best or fastest way to us. You can retrieve directions for routes by car, public transport, on foot, or by bicycle. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to offer its service fully, the company must collect and store data from you. This includes, among other things, the search terms you enter, your IP address, and also the latitude and longitude coordinates. If you use the route planner function, the entered starting address is also stored. However, this data storage takes place on the websites of Google Maps. We can only inform you about this, but have no influence over it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and to provide you with individual, personalized advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ122970637-5
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google 'remembers' your most frequently entered search queries or your previous interaction with ads. This way, you always receive tailor-made ads. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration date: after 6 months

Note: We cannot guarantee completeness regarding the information of the stored data. Especially when using cookies, changes can never be ruled out. To identify the NID cookie, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

The Google servers are located in data centers all over the world. However, most servers are in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where the Google data centers are located: https://datacenters.google/

Google distributes the data across different storage devices. This makes the data faster to access and better protected against possible manipulation attempts. Each data center also has special emergency programs. For example, if there are problems with Google hardware or a natural disaster paralyzes the servers, the data is still quite securely protected.

Google stores some data for a specified period of time. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, information for location determination and web/app activity is stored for either 3 or 18 months, depending on your decision, and then deleted. In addition, you can also manually delete this data from the history at any time via your Google account. If you want to completely prevent your location tracking, you must pause the 'Web and App Activity' section in your Google account. Click 'Data and Personalization' and then the 'Activity Setting' option. Here you can turn activities on or off.

In your browser, you can also deactivate, delete, or manage individual cookies. Depending on which browser you use, this works a little differently. Under the 'Cookies' section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur when collected by Google Maps.

In addition, we have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use Google Maps if you have given your consent.

Google also processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about Google's data processing, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently explained in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also provide the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Processor" a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax consultants, also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: As a rule, such consent on websites is obtained via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to data processing or consent to it. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Health data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Health data" personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

Explanation: Health data therefore includes all stored information that concerns your own health. Often these are data that are also recorded in a patient file. This includes, for example, which medications you use, X-ray images, your entire medical history, or usually also your vaccination status.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"personal data" all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all data that can identify you as a person. These are usually data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, identity card number or matriculation number
• Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the subscriber. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data that are also particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (these are information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• data on sexual orientation or sex life

profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Profiling" any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about them. In the web sector, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a particular audience.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Controller" the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or by the law of the Member States;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "controller." If we pass collected data on to other service providers for processing, they are "processors." For this, a "data processing agreement (DPA)" must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR statement, not only the collection but also the storage and processing of data.

All texts are protected by copyright.