Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter referred to as "data") we process for which purposes and to what extent. The privacy policy applies to all data processing activities carried out by us, both within the scope of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offer").

The terms used are not gender-specific.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the data processing, as well as the varying likelihood of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the relevant access, entry, transmission, availability, and separation of data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and procedures, following the principles of data protection through technology design and data protection-friendly default settings.

SSL Encryption (https): To protect the data you transmit via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in our data processing make this necessary. We will inform you when changes require your participation (e.g., consent) or other individual notifications become necessary.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time and we ask you to verify the details before contacting them.

Payment Service Providers

As part of contractual and other legal relationships, due to legal obligations, or based on our legitimate interests, we offer affected individuals efficient and secure payment options and use additional payment service providers alongside banks and credit institutions (collectively referred to as "Payment Service Providers").

The data processed by the payment service providers include inventory data, such as names and addresses, banking information, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, summary, and recipient-related information. These details are necessary to carry out the transactions. However, the data entered is processed only by the payment service providers and stored by them. That is, we do not receive any account- or credit card-related information, but only information confirming or denying the payment. In certain circumstances, the payment service providers may transfer the data to credit agencies for identity and credit checks. In this regard, we refer to the payment service providers' terms and conditions and privacy policies.

For payment transactions, the terms and conditions and privacy policies of the respective payment service providers apply, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and for asserting revocation, information, and other data subject rights.

  • Processed Data Types: Inventory data (e.g., names, addresses), payment data (e.g., banking information, invoices, payment history), contract data (e.g., contract subject, duration, customer category), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Customers, interested parties.
  • Purposes of Processing: Contractual services and customer support.
  • Legal Bases: Performance of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).

Services and Providers Used:

Provision of the Online Offer and Web Hosting

To provide our online offer securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all user information of our online offer, which arises during usage and communication. This regularly includes the IP address necessary to deliver the contents of the online offers to browsers and all entries made within our online offer or from websites.

Collection of Access Data and Logfiles: We (or our web hosting provider) collect data about every access to the server (so-called server log files). The server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, messages about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider.

The server log files may be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, such as DDoS attacks) and to ensure the stability and performance of the servers.

  • Processed Data Types: Content data (e.g., text entries, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Legal Bases: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).

Newsletter and Electronic Notifications

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletter") with the consent of the recipients or legal permission. If the contents of the newsletter are specifically described during registration, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter or other information if it is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter generally takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's email addresses. Newsletter registrations are logged to be able to prove the registration process according to legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "blacklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Notes on legal bases: The newsletter is sent on the basis of the recipients' consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, insofar as and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been conducted in accordance with the law.

Contents: Information about us, our services, promotions, and offers.

Analysis and performance measurement: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server or, if we use a shipping service provider, from their server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected.

This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, it is neither our aim nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purposes of using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or postal).
  • Legal bases: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
  • Opt-out option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Online Marketing

We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the context of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure, analyzed for the purposes of displaying content, and supplemented with additional data and stored on the server of the online marketing procedure provider.

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing procedure we use and the network links the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by consent in the context of registration.

In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services), interested parties.
  • Purposes of processing: Tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioral marketing, profiling (creating user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 p. 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Services used and service providers:

-

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce the rights of users.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the usage behavior and interests of the users are stored. Furthermore, data can be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective processing forms and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

  • Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal bases: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Services used and service providers:

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is thus required for the presentation of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our online offer, as well as being linked with such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of displaying or user-friendliness of our online offer). Here, the respective providers collect the IP address of the users and can process it for the purpose of transmitting the software to the users' browser as well as for security purposes, as well as for the evaluation and optimization of their offer.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, online service users).
  • Purposes of Processing: Provision of our online offer and user-friendliness.

Services and Service Providers Used: