Privacy Policy

Introduction and Overview

We have written this privacy policy (version 21.07.2024-112837297) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we process as data controllers—and which data processors (e.g., providers) we have commissioned to process data now and in the future, as well as the lawful options you have. The terms used are meant to be understood as gender-neutral. In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy aims to describe the most important things to you as simply and transparently as possible. Where it enhances transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and legally technical explanations, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information that you did not know yet.

If there are still questions, we ask you to contact the responsible party mentioned below or in the imprint, follow the available links, and view further information on third-party websites. You can of course also find our contact details in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Article 4(1) GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• All online presences (websites, online shops) that we operate
• Social media presences and email communication
• Mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is structured and processed within the company through the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation (GDPR), which enable us to process personal data. Regarding EU Law we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation (GDPR) online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

• Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you enter into a contact form.
• Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we enter into a purchase contract with you, we need personal information beforehand.
• Legal Obligation (Article 6(1)(c) GDPR): We process your data when we are legally obliged to do so. For instance, we are required by law to retain invoices for accounting purposes, which usually contain personal data.
• Legitimate Interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing constitutes a legitimate interest.

Other Conditions such as recording in the public interest, exercising public authority, and protecting vital interests generally do not apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection of Personal Data (Data Protection Act), abbreviated as DSG.
• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Retention Period

A general criterion for us is that we only store personal data for as long as is absolutely necessary for providing our services and products. This means we delete personal data once the reason for data processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose no longer applies, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of the respective data processing further below if we have more information on this.

Rights According to the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to ensure fair and transparent data processing:

• Right to Access (Article 15 GDPR): You have the right to know whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
• The purpose for which we carry out the processing;
• The categories, i.e., the types of data being processed;
• The recipients of this data and, if the data is transferred to third countries, how security is ensured;
• The duration of data storage;
• The existence of the right to rectify, delete, or restrict processing and the right to object to the processing;
• That you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
• The source of the data, if we did not collect it from you;
• Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• Right to Rectification (Article 16 GDPR): You have the right to correct your data, which means we must rectify data if you find errors.
• Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR): You have the right to request the deletion of your data.
• Right to Restriction of Processing (Article 18 GDPR): You have the right to restrict the processing, meaning we may only store the data but not use it further.
• Right to Data Portability (Article 20 GDPR): You have the right to have your data provided to you in a commonly used format upon request.
• Right to Object (Article 21 GDPR): You have the right to object, which will lead to a change in the processing.
• If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
• If data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer use your data for direct marketing.
• If data is used for profiling, you can object to this type of data processing at any time. We will then no longer use your data for profiling.
• Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR): Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
• Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates the GDPR.

In Short: You have rights—do not hesitate to contact the responsible party listed above at our company!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can file a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority

• Head: Dr. Matthias Schmidl
• Address: Barichgasse 40-42, 1030 Vienna
• Phone number: +43 1 52 152-0
• Email address: dsb@dsb.gv.at
• Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or there is another legal permission. This applies especially when the processing is legally required or necessary to fulfill a contractual relationship and in any case only as far as it is generally allowed. Your consent is, in most cases, the main reason we process data in third countries. Processing personal data in third countries like the USA, where many software providers offer services and have server locations, can mean that personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the European Court of Justice, an adequate level of protection for data transfer to the USA currently exists only if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information on this at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Data processing by US services that are not active participants in the EU-US Data Privacy Framework can result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may have access to certain data. Additionally, data collected may be linked with data from other services of the same provider if you have a corresponding user account. Whenever possible, we try to use server locations within the EU, if offered.

We will inform you in more detail at the appropriate points in this privacy policy about data transfer to third countries if it applies.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to deduce personal information from our data.

Article 25 of the GDPR refers to “data protection by design and by default,” meaning that security measures should always be considered for both software (e.g., forms) and hardware (e.g., access to the server room). Below, we will elaborate on specific measures, if necessary.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secured—no one can “listen in.”

This adds an extra layer of security and complies with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser, to the left of the internet address (e.g., examplepage.com) and the use of the scheme https (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend searching “Hypertext Transfer Protocol Secure wiki” on Google to find good links to further information.

Communication

Communication Summary 👥 Affected Individuals: Everyone who communicates with us via phone, email, or online form 📓 Processed Data: For example, phone number, name, email address, entered form data. More details can be found for the respective contact method used🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage Duration: Duration of the business case and legal requirements ⚖️ Legal Bases: Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract), Article 6(1)(f) GDPR (legitimate interests)

If you contact us and communicate via phone, email, or online form, it may involve the processing of personal data.

The data is processed for handling and processing your inquiry and the related business transaction. The data is stored for as long as necessary to complete the business transaction and as long as required by law.

Affected Individuals

All individuals who contact us via the communication methods we provide are affected by the aforementioned processes.

Phone

When you call us, the call data is pseudonymously stored on the respective device and by the telecommunications provider used. Additionally, data such as name and phone number may be sent via email and stored for the purpose of responding to the inquiry. The data is deleted once the business transaction is completed and legal requirements allow.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted once the business transaction is completed and legal requirements allow.

Online Forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business transaction is completed and legal requirements allow.

Legal Bases

The processing of data is based on the following legal bases:

• Article 6(1)(a) GDPR (Consent): You give us consent to store your data and continue to use it for purposes related to the business transaction;
• Article 6(1)(b) GDPR (Contract): It is necessary to fulfill a contract with you or a processor such as the phone provider, or we need to process the data for pre-contractual activities, such as preparing a quote;
• Article 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional manner. This requires certain technical facilities such as email programs, Exchange servers, and mobile operators to operate communication efficiently.

Cookies

Cookies Summary 👥 Affected Individuals: Website visitors 🤝 Purpose: Depends on the respective cookie. More details can be found below or from the software manufacturer who sets the cookie. 📓 Processed Data: Depends on the respective cookie. More details can be found below or from the software manufacturer who sets the cookie. 📅 Storage Duration: Depends on the respective cookie, can vary from hours to years ⚖️ Legal Bases: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand this privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser, known as cookies.

One thing is undeniable: cookies are very useful. Almost all websites use cookies. More specifically, they use HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal site settings. When you revisit our site, your browser sends the “user-specific” information back to our site. Thanks to cookies, our website knows who you are and provides you with your usual settings. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser then uses again when requesting another page.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie needs to be evaluated individually as each cookie stores different data. The lifespan of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

Here is an example of what cookie data might look like:

• Name: _ga
• Value: GA1.2.1326744211.152112837297-9
• Purpose: Distinguishing website visitors
• Expiration date: after 2 years

Minimum sizes that a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services employed and will be detailed in the following sections of the privacy policy. Here, we briefly describe the different types of HTTP cookies.

There are four types of cookies:

1. Essential Cookies: These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user adds a product to the cart, continues browsing other pages, and later proceeds to checkout. These cookies ensure that the cart is not deleted even if the user closes the browser window.
2. Functional Cookies: These cookies collect information about user behavior and any error messages the user may receive. Additionally, these cookies measure the website’s load time and performance across different browsers.
3. Targeted Cookies: These cookies enhance user experience by storing locations entered, font sizes, or form data.
4. Advertising Cookies: Also known as targeting cookies, these cookies are used to deliver personalized advertising to users. This can be very useful but also very annoying.

Typically, when you first visit a website, you are asked which types of cookies you want to allow. Naturally, this decision is also saved in a cookie.

If you want to learn more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) titled “HTTP State Management Mechanism.”

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the software manufacturer that sets the cookie.

What Data is Processed?

Cookies serve as little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the context of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted in less than an hour, while others can remain on a computer for several years.

You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser settings (see also below “Right to Object”). Furthermore, cookies based on consent are deleted no later than after you withdraw your consent, without affecting the legality of storage until that point.

Right to Object – How Can I Delete Cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to see which cookies have been stored in your browser, change cookie settings, or delete them, you can find this information in your browser settings:

• Google Chrome: Open Chrome, click on the three dots in the top right corner, go to “Settings” > “Privacy and security” > “Cookies and other site data.”
• Mozilla Firefox: Open Firefox, click on the three lines in the top right corner, go to “Settings” > “Privacy & Security” > “Cookies and Site Data.”
• Safari: Open Safari, go to “Preferences” > “Privacy” > “Manage Website Data.”
• Microsoft Edge: Open Edge, click on the three dots in the top right corner, go to “Settings” > “Cookies and site permissions.”

Please refer to the official help documentation of your browser for more detailed instructions.

• Chrome: Delete, enable, and manage cookies in Chrome
• Safari: Manage cookies and website data with Safari
• Firefox: Delete cookies to remove data websites have stored on your computer
• Internet Explorer: Delete and manage cookies
• Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can configure your browser to notify you each time a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not. The procedure varies depending on the browser. It’s best to search Google for instructions using terms like “Delete cookies Chrome” or “Disable cookies Chrome” if you are using Chrome.

Legal Basis

Since 2009, there have been so-called “Cookie Regulations” which stipulate that storing cookies requires your consent (Article 6(1)(a) GDPR). However, the responses to these regulations vary across EU countries. In Austria, this regulation was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the cookie regulations were not implemented as national law. Instead, the implementation of this regulation largely took place in § 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For cookies that are strictly necessary, even in the absence of consent, there are legitimate interests (Article 6(1)(f) GDPR), which are usually of an economic nature. We aim to provide visitors to our website with a pleasant user experience, and certain cookies are often essential for this purpose.

Where non-essential cookies are used, this only occurs with your consent. The legal basis for this is Article 6(1)(a) GDPR.

In the following sections, you will be given more detailed information about the use of cookies if the software used employs cookies.

Web Hosting Introduction

Web Hosting Summary 👥 Affected Parties: Visitors to the website 🤝 Purpose: Professional hosting of the website and securing operations 📓 Processed Data: IP address, time of website visit, browser used, and additional data. More details can be found below or with the respective web hosting provider. 📅 Storage Duration: Dependent on the provider, but typically 2 weeks ⚖️ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites nowadays, certain information— including personal data— is automatically generated and stored, as is the case with this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all webpages under a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean something like example.de or sampleexample.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You might be familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. For simplicity, we refer to these as browsers or web browsers.

To display the website, the browser needs to connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and labor-intensive task, which is why it is typically handled by professional providers. These providers offer web hosting services and ensure reliable and error-free storage of website data. It’s a lot of technical terms, but bear with us, it gets better!

During the connection between the browser on your computer (desktop, laptop, tablet, or smartphone) and the data transfer to and from the web server, personal data may be processed. On one hand, your computer stores data, and on the other hand, the web server also needs to store data temporarily to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

• Professional hosting of the website and securing its operation
• Maintaining operational and IT security
• Anonymous evaluation of access behavior to improve our services and, if necessary, for criminal prosecution or pursuing claims

What data is processed?

Even while you are visiting our website right now, our web server—the computer where this website is stored—typically automatically saves data such as:

• The full internet address (URL) of the visited webpage
• Browser and browser version (e.g., Chrome 87)
• The operating system used (e.g., Windows 10)
• The address (URL) of the previously visited page (Referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time

This information is stored in files known as web server log files.

How long is data stored?

Typically, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but cannot exclude the possibility that it may be reviewed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (the company that runs our website on specialized computers (servers)), but we do not share your data without your consent!

Legal Basis

The legality of processing personal data in the context of web hosting is based on Article 6(1)(f) of the GDPR (legitimate interests), as using professional hosting services from a provider is necessary to present the company safely and user-friendly on the internet and to be able to pursue potential attacks and claims.

Typically, there is a processing agreement between us and the hosting provider in accordance with Article 28 of the GDPR, which ensures compliance with data protection and guarantees data security.

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary 👥 Affected Parties: Visitors to the website 🤝 Purpose: Optimization of our service performance 📓 Processed Data: Data such as technical usage information including browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this privacy policy and in the privacy policies of the providers. 📅 Storage Duration: Depends on the provider ⚖️ Legal Bases: Article 6(1)(f) GDPR (Legitimate Interests), Article 6(1)(a) GDPR (Consent)

What Are Website Builder Systems?

We use a website builder system for our website. Website builder systems are specialized forms of a Content Management System (CMS). With a website builder system, website operators can easily create a website without programming knowledge. Many web hosts also offer website builder systems. Using a website builder system may involve the collection, storage, and processing of your personal data. This privacy notice provides general information about data processing through website builder systems. For more detailed information, please refer to the privacy policies of the respective providers.

Why Do We Use Website Builder Systems for Our Website?

The main advantage of a website builder system is its ease of use. We want to provide you with a clear, simple, and well-organized website that we can manage and maintain ourselves without external support. A website builder system now offers many useful features that we can use even without programming skills. This allows us to design our web presence according to our preferences and provide you with an informative and enjoyable experience on our website.

What Data Is Stored by a Website Builder System?

The exact data stored depends on the website builder system used. Each provider processes and collects different data about website visitors. However, technical usage information is generally collected, such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit. Additionally, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. Personal data such as contact details (email address, phone number, if provided), IP address, and geographic location data can also be collected and stored. For specific information on what data is stored, please refer to the privacy policy of the provider.

How Long and Where Is the Data Stored?

We will inform you about the duration of data processing in relation to the website builder system used, if we have further information on this. Detailed information can be found in the provider’s privacy policy. In general, we process personal data only as long as necessary for the provision of our services and products. The provider may store your data according to its own guidelines, which we have no control over.

Right to Object

You always have the right to request information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the respective provider.

Cookies used by providers for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this process may vary. However, please note that some functions may not work as expected if you do this.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and attractively to you. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We will use the website builder system only to the extent that you have given consent.

To the extent that data processing for the operation of the website is not absolutely necessary, the data will be processed only based on your consent. This particularly applies to tracking activities. The legal basis in this case is Article 6(1)(a) of the GDPR.

With this privacy notice, we have provided you with the most important general information regarding data processing. If you wish to obtain more detailed information on this matter, you can find further details—if available—in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

WordPress.com Privacy Policy Summary 👥 Affected Parties: Visitors to the website 🤝 Purpose: Optimization of our service 📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this privacy policy. 📅 Storage Duration: This primarily depends on the type of data stored and the specific settings. ⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Founded in 2003, the company quickly developed into one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content in a clean and organized manner. The content can include text, audio, and video.

By using WordPress, personal data may also be collected, stored, and processed. Typically, primarily technical data such as operating system, browser, screen resolution, or hosting provider is stored. However, personal data such as IP address, geographic location, or contact details may also be processed.

Why do we use WordPress on our website?

We have many strengths, but programming is not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. A website builder or content management system like WordPress makes this possible. With WordPress, we don’t need to be programming experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily without technical knowledge. If technical problems arise or if we have specific requests for our website, we still have our specialists who are familiar with HTML, PHP, CSS, and other technologies.

The ease of use and comprehensive features of WordPress allow us to design our web presence according to our preferences and provide you with a good user experience.

What data does WordPress process?

Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet service provider, and the date of your visit.

In addition, personal data is also collected. This primarily includes contact details (email address or phone number, if provided), IP address, or your geographic location.

WordPress may also use cookies to collect data. These often capture information about your behavior on our website. For example, it may track which subpages you particularly like to view, how long you stay on individual pages, when you leave a page (bounce rate), or what settings (e.g., language preferences) you have made. Based on this data, WordPress can better tailor its marketing efforts to your interests and user behavior. When you visit our website again, it will be displayed to you as you previously configured it.

WordPress may also use technologies like pixel tags (web beacons) to, for example, clearly identify you as a user and possibly offer interest-based advertising.

How long and where is the data stored?

The duration of data storage depends on various factors, primarily the type of data stored and the specific settings of the website. Generally, data on WordPress is deleted when it is no longer needed for its purposes. There are exceptions, especially if legal obligations require a longer retention period. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyze traffic on its websites (e.g., all WordPress sites) and to address potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for recovery; after that, it may remain in backups and caches until they are deleted. Data is stored on American servers operated by Automattic.

How can I delete my data or prevent data storage?

You have the right and the ability to access your personal data at any time and to object to its use and processing. You can also file a complaint with a government supervisory authority at any time.

In your browser, you also have the option to manage, delete, or disable cookies individually. Please note that disabled or deleted cookies may have potential negative effects on the functionality of our WordPress site. Depending on which browser you use, managing cookies works slightly differently. Under the “Cookies” section, you will find the relevant links to the instructions for the most common browsers.

Legal Basis

If you have consented to the use of WordPress, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (Consent), this consent constitutes the legal basis for processing personal data as collected by WordPress.

Additionally, we have a legitimate interest in using WordPress to optimize our online service and present it attractively for you. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). We only use WordPress to the extent that you have granted consent.

WordPress or Automattic also processes your data in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which governs the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Automattic uses Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Automattic commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more details on the privacy policy and how data is processed by WordPress, visit https://automattic.com/privacy/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics, including data such as access locations, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. More details can be found with the specific web analytics tool used. 📅 Storage Duration: Depends on the web analytics tool used ⚖️ Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software for evaluating the behavior of website visitors on our site, commonly referred to as Web Analytics or Web Analysis. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also known as tracking tools). The data is used to create analyses of user behavior on our website, which are then made available to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. To do this, we might show two different offers for a limited time. After the test (known as an A/B test), we know which product or content is more interesting to our website visitors. Such testing methods, as well as other analytics methods, may also involve creating user profiles and storing data in cookies.

Why Do We Use Web Analytics?

With our website, we have a clear goal: we aim to provide the best web offering in our industry. To achieve this, we want to offer the best and most interesting content while ensuring that you have a pleasant experience on our website. Web analytics tools help us examine the behavior of our website visitors more closely and then improve our web offering accordingly. For example, we can determine the average age of our visitors, their locations, peak visiting times, or which content or products are particularly popular. All this information helps us optimize the website and tailor it to your needs, interests, and preferences.

What Data is Processed?

The specific data stored depends on the analytics tools used. Typically, data such as which content you view on our website, which buttons or links you click, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to access the website, or which computer system you use is recorded. If you consented to the collection of location data, this can also be processed by the web analytics tool provider.

Additionally, your IP address is stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized form (i.e., anonymized and truncated). For the purposes of testing, web analysis, and web optimization, no direct data, such as your name, age, address, or email address, is generally stored. All such data, if collected, is stored pseudonymously. This means you cannot be identified as an individual.

The following example schematically shows how Google Analytics functions as an example of client-based web tracking with JavaScript code.

How Long is Data Stored?

The duration for which data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while others can retain data for several years.

Duration of Data Processing

We will inform you about the duration of data processing further down if we have additional information on this. In general, we process personal data only as long as necessary to provide our services and products. If legally required, such as in the case of accounting, this storage period may be extended.

Right to Object

You also have the right to withdraw your consent to the use of cookies or third parties at any time. This can be done either through our cookie management tool or through other opt-out features. For instance, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we obtained through our cookie popup. This consent constitutes the legal basis for processing personal data as outlined in Article 6(1)(a) GDPR (Consent) for data collected through web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to technically and economically improve our offering. With the help of web analytics, we can identify website errors, detect attacks, and enhance efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We will use these tools only if you have given consent.

Since web analytics tools use cookies, we also recommend reading our general privacy policy on cookies. To understand what data is specifically stored and processed about you, you should review the privacy statements of the respective tools.

Information about specific web analytics tools can be found in the following sections, if available.

Email Marketing Introduction

Email Marketing Summary 👥 Affected: Newsletter subscribers 🤝 Purpose: Direct email advertising, notification about system-relevant events 📓 Processed Data: Data entered during registration, but at least the email address. More details can be found in the privacy policy of the respective email marketing tool. 📅 Retention Period: Duration of the subscription ⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Email Marketing?

To keep you updated, we also use email marketing. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a subfield of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of interested people.

If you want to participate in our email marketing (usually via newsletters), you generally need to sign up with your email address. To do this, you fill out an online form and submit it. Occasionally, we may also ask for your salutation and name so we can address you personally.

Typically, signing up for newsletters uses a “double opt-in” procedure. After you sign up for our newsletter on our website, you will receive an email asking you to confirm your subscription. This ensures that the email address belongs to you and that no one else has signed up with your email. We or a notification tool we use will log each registration. This is necessary to demonstrate that the registration process is legally compliant. Typically, the time of registration, the time of confirmation, and your IP address are recorded. Additionally, any changes to your stored data will also be logged.

Why Do We Use Email Marketing?

We want to stay in touch with you and keep you informed about the latest news regarding our company. To achieve this, we use email marketing—often simply called “newsletters”—as a key component of our online marketing. If you agree or if it is legally permitted, we will send you newsletters, system emails, or other notifications via email. When we refer to “newsletters” in this text, we primarily mean regularly sent emails. We certainly do not want to bother you with our newsletters. We strive to provide only relevant and interesting content. For example, you will learn more about our company, our services, or products. As we continuously improve our offerings, our newsletter will also keep you updated on any news or special, lucrative promotions we may offer. If we engage a service provider with a professional mailing tool for our email marketing, it is to ensure that we can provide you with fast and secure newsletters. The main purpose of our email marketing is to inform you about new offers and to help us achieve our business goals.

What Data Is Processed?

When you subscribe to our newsletter via our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your salutation, name, address, and phone number may also be stored, but only if you consent to this data storage. The marked data is necessary for you to participate in the offered service. Providing this information is voluntary, but if you do not provide it, you will not be able to use the service. Additionally, information about your device or your preferred content on our website may also be stored. More information about data storage when visiting a website can be found in the section “Automatic Data Storage.” We record your consent declaration to ensure that we can always prove compliance with our laws.

Duration of Data Processing

If you unsubscribe from our email/newsletter distribution list, we may keep your address for up to three years based on our legitimate interests, to prove your previous consent. We may only process this data if we need to defend against any claims.

However, if you confirm that you have given us consent for the newsletter subscription, you can request deletion at any time. If you permanently withdraw your consent, we reserve the right to store your email address in a blocklist. As long as you voluntarily subscribe to our newsletter, we will of course keep your email address.

Right to Object

You always have the option to cancel your newsletter subscription. You only need to withdraw your consent for the newsletter subscription. This usually takes only a few seconds or one or two clicks. Typically, you will find a link at the end of each email to cancel the newsletter subscription. If the link is truly not found in the newsletter, please contact us via email and we will promptly cancel your newsletter subscription.

Legal Basis

Sending our newsletter is based on your consent (Article 6(1)(a) GDPR). This means we can only send you a newsletter if you have actively subscribed to it. We may also send you promotional messages if you have become our customer and have not objected to the use of your email address for direct advertising.

Information about specific email marketing services and how they process personal data can be found—if available—in the following sections.

MailPoet Privacy Policy

MailPoet Privacy Policy Summary 👥 Affected Individuals: Newsletter subscribers 🤝 Purpose: Direct marketing via email, notification of relevant events 📓 Processed Data: Data entered during registration, including at least the email address 📅 Storage Duration: Duration of the subscription ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is MailPoet?

We use MailPoet on our website, a WordPress plugin for our email marketing. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company, originally named “WYSIJA,” was founded in 2011 by Kim Gjerstad. The plugin quickly gained popularity because it allows WordPress users to create email marketing campaigns directly through the content management system (CMS). In 2017, MailPoet merged with Automattic, the company behind WordPress.com.

WordPress itself was launched in 2003 and rapidly became one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content in a structured and appealing way. This content can include text, audio, and video.

Through the use of MailPoet, personal data such as IP addresses, geographic data, or contact information may be collected, stored, and processed. Generally, mainly technical data such as operating system, browser, screen resolution, or hosting provider are stored.

Why do we use MailPoet on our website?

We use an email marketing service to stay in contact with you. We want to inform you about what’s new with us or what attractive offers we currently have in our program. For our marketing activities, we always seek the simplest and best solutions. That’s why we chose MailPoet’s service. Although the software is very easy to use, it offers a wide range of helpful features. This allows us to create interesting and visually appealing newsletters directly through WordPress in a short amount of time. With the available design templates, we can customize each newsletter individually, and thanks to responsive design, our content is displayed clearly and attractively on your smartphone (or other mobile devices).

The email marketing service also provides us with valuable analytics. This means that when we send a newsletter, we can find out whether and when the newsletter was opened by you. The software also detects and records whether and which link you click on in the newsletter. This information is immensely helpful in tailoring and optimizing our service to your needs and preferences. After all, we want to offer you the best possible service. In addition to the data already mentioned, data about your user behavior is also stored.

What Data is Processed by MailPoet?

When you become a subscriber to our newsletter through our website, you confirm your membership in a MailPoet email list via email. To allow MailPoet to verify your subscription to the “list provider,” the date of subscription and your IP address are stored.

With MailPoet, we can always provide you with up-to-date and first-hand information about what’s happening in our company. However, you should know that during the newsletter sign-up process, all the data you enter (such as your email address or your first and last name) is stored and managed on our server and by MailPoet. This also includes personal data. During the registration process, you also consent to us sending you the newsletter and are informed about this privacy policy. Additionally, data such as click behavior within the newsletter may be processed. This information is used to send you emails and to enable certain other MailPoet functions (e.g., newsletter analysis).

How Long and Where is the Data Stored?

The duration for which data is stored depends on various factors, primarily the type of data stored and the specific settings. Generally, data at MailPoet or Automattic is deleted when it is no longer needed for their purposes. There are exceptions, especially when legal obligations require longer retention of data. Web server logs containing your IP address and technical data are deleted by MailPoet or Automattic after 30 days. During this period, Automattic uses the data to analyze traffic on its websites (such as all WordPress sites) and to address any potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for recovery, after which it may remain in backups and caches until they are deleted. The data is stored on American servers operated by Automattic.

Right to Object

You have the right at any time to cancel your newsletter subscription. You only need to withdraw your consent to the newsletter subscription. This usually takes just a few seconds or one or two clicks. Typically, you will find a link at the end of each email to unsubscribe from the newsletter. If you cannot find the link in the newsletter, please contact us by email, and we will promptly cancel your newsletter subscription. After unsubscribing, your personal data will be deleted from our server and from the MailPoet servers. You have the right to request free information about your stored data and, if applicable, also the right to deletion, blocking, or correction of your data.

Legal Basis

If you have consented to the use of MailPoet, this consent serves as the legal basis for the corresponding data processing. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for processing personal data as it may occur with MailPoet.

Additionally, we have a legitimate interest in using MailPoet to optimize our online service and to create attractive and informative newsletters for you. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). If consent is not required, the newsletter dispatch is based on the legitimate interest in direct marketing (Article 6(1)(f)), provided that this is legally permissible. We record your registration process to ensure that we can always demonstrate compliance with the law.

MailPoet and Automattic also process data from you, including in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Automattic uses so-called Standard Contractual Clauses (SCC) as defined in Articles 46(2) and (3) of the GDPR. Standard Contractual Clauses are model contracts provided by the EU Commission and are intended to ensure that your data meets European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, MailPoet and Automattic commit to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more details on the privacy policy and how MailPoet processes data, visit https://automattic.com/privacy/.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Affected Parties: Visitors to the website 🤝 Purpose: Displaying and optimizing our services, contacting visitors, prospects, etc., advertising 📓 Processed Data: Data such as phone numbers, email addresses, contact information, user behavior data, information about your device, and your IP address.More details can be found with the specific social media tool used. 📅 Retention Period: Dependent on the social media platforms used ⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. Data from users can be processed so that we can specifically target users interested in us through social networks. Additionally, elements of a social media platform may be embedded directly on our website. This is the case, for example, when you click on a social button on our website and are redirected to our social media presence. Social media refers to websites and apps through which registered members can produce content, exchange content openly or within specific groups, and connect with other members.

Why Do We Use Social Media?

For years, social media platforms have been the place where people communicate and connect online. Through our social media profiles, we can introduce our products and services to interested parties. The social media elements integrated into our website help you quickly and easily switch to our social media content.

The data stored and processed through your use of a social media channel primarily serves the purpose of conducting web analyses. The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to make relevant inferences about your interests and create so-called user profiles. This also enables the platforms to present you with tailored advertisements. Typically, cookies are set in your browser for this purpose, storing data about your usage behavior.

We generally assume that we remain responsible for data protection even when using social media platform services. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may be jointly responsible with us under Article 26 GDPR. Where this is the case, we will indicate it separately and work based on an agreement related to this matter. The essence of the agreement will be detailed further down with the affected platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to enforce or assert your rights regarding your personal data as easily.

Which Data is Processed?

The specific data stored and processed depends on the social media platform provider. Generally, this includes data such as phone numbers, email addresses, information entered into contact forms, user data like which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile with the visited social media channel and are logged in, data may be linked to your profile.

All data collected through a social media platform is also stored on the provider’s servers. Therefore, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by social media providers and how to object to the data processing, you should carefully read the privacy policy of the respective company. If you have questions about data storage and processing or want to assert your rights, we recommend contacting the provider directly.

Duration of Data Processing

We will inform you about the duration of data processing further below if we have additional information on the subject. For example, the social media platform Facebook stores data until it is no longer needed for its purpose. Customer data matched with user data is typically deleted within two days. Generally, we process personal data only as long as necessary to provide our services and products. If legally required, such as in the case of accounting, this storage duration may be exceeded.

Right to Object

You also have the right and the option to withdraw your consent for the use of cookies or third-party providers, such as embedded social media elements, at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend reviewing our general privacy policy regarding cookies. To find out what data is specifically stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining prompt and effective communication with you or other customers and business partners, provided that you have given consent. We use the tools only to the extent that you have granted consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend reading our privacy text on cookies carefully and reviewing the privacy policies or cookie policies of the respective service providers.

Information on specific social media platforms can be found in the following sections, if available.

Blogs and Publication Media Introduction

Blogs and Publication Media Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Presentation and optimization of our service, communication between website visitors, security measures, and management 📓 Processed Data: Data such as contact information, IP address, and published content. More details can be found with the tools used. 📅 Storage Duration: Dependent on the tools used ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 S. 1 lit. b GDPR (Contract)

What are Blogs and Publication Media?

We use blogs or other communication tools on our website to facilitate communication between you and us. This may involve storing and processing your data to ensure that content is presented appropriately, communication functions correctly, and security is enhanced. Our privacy text outlines generally which data about you may be processed. Specific details about data processing always depend on the tools and functions used. For precise information about data processing, you should refer to the privacy notices of the respective providers.

Why do we use Blogs and Publication Media?

Our main goal with our website is to provide you with interesting and engaging content, while also valuing your opinions and contributions. We aim to create a good interactive exchange between us and you. Various blogs and publication options help us achieve this. For example, you can write comments on our content, comment on other comments, or even create your own posts in some cases.

Which Data is Processed?

The specific data processed depends on the communication functions we use. Often, IP addresses, usernames, and published content are stored. This is primarily to ensure security, prevent spam, and address unlawful content. Cookies may also be used for data storage. These are small text files stored in your browser with information. More details about the data collected and stored can be found in our individual sections and in the privacy statement of the respective provider.

Duration of Data Processing

We will inform you below about the duration of data processing, provided we have further information on this. For example, data from post and comment functions are stored until you revoke data storage. In general, personal data is stored only as long as necessary to provide our services.

Right to Object

You also have the right at any time to withdraw your consent for the use of cookies or third-party communication tools. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may also be used in publication media, we recommend reviewing our general privacy statement regarding cookies. To find out exactly which data about you is stored and processed, you should read the privacy statements of the respective tools.

Legal Basis

We use communication tools primarily based on our legitimate interests (Art. 6 (1) (f) GDPR) in maintaining effective and efficient communication with you or other customers, business partners, and visitors. If the use is related to the execution or initiation of contractual relationships, the legal basis is also Art. 6 (1) (b) GDPR.

Certain processes, especially the use of cookies and the use of comment or messaging functions, require your consent. If and to the extent that you have consented to the processing and storage of your data through integrated publication media, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend reading our privacy text on cookies carefully and reviewing the privacy statement or cookie policies of the respective service provider.

Information about specific tools can be found – if available – in the following sections.

Partner Programs Introduction

Partner Programs Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Economic success and optimization of our service 📓 Processed Data: Access statistics including data such as access locations, device data, duration and timing of access, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. 📅 Retention Period: Personal data is typically stored by partner programs until it is no longer needed ⚖️ Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What are Partner Programs?

We use partner programs from various providers on our website. When using a partner program, data about you may be transferred, stored, and processed by the respective partner program provider. This privacy notice provides an overview of data processing by partner programs and explains how you can prevent or revoke data transmission. Each partner program (also known as an affiliate program) operates on the principle of commission-based referral. On our website, a link or advertisement with a link is placed, and if you are interested, click on it, and purchase a product or service through this link, we receive a commission (advertising cost reimbursement).

Why do we use partner programs on our website?

Our goal is to provide you with a pleasant experience and many helpful contents. We invest a lot of work and time into developing our website. Partner programs allow us to be rewarded for our efforts. Each partner link is related to our topic and shows offers that may interest you.

What data is processed?

To track whether you clicked on a link provided by us, the partner program provider needs to know that you were the one who followed the link from our website. A correct assignment of the partner program links to subsequent actions (such as business completion, purchase, conversion, impression, etc.) must occur. Only then can the commission billing work correctly.

To facilitate this assignment, a value may be attached to a link (in the URL) or information may be stored in cookies. This includes information such as where you came from (referrer), when you clicked on the link, an identifier for our website, the offer involved, and a user identifier.

This means that as soon as you interact with products and services of a partner program, that provider also collects data from you. The exact data stored depends on the individual providers. For example, the Amazon affiliate program distinguishes between active and automatic information. Active information includes name, email address, phone number, age, payment information, or location data. Automatically stored information includes user behavior, IP address, device information, and URL.

Duration of Data Processing

We will inform you about the duration of data processing further below, if we have additional information on this. In general, personal data is only processed as long as necessary to provide the services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain in your browser for several years if not actively deleted. The exact duration of data processing depends on the provider used; typically, you should expect a retention period of several years. The specific privacy notices of the respective providers usually provide detailed information about the duration of data processing.

Right to Object

You always have the right to request information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible party of the partner program provider used at any time. Contact details can be found either in our specific privacy notice or on the website of the respective provider.

Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this is done in different ways.

Legal Basis

If you have consented to the use of partner programs, this consent is the legal basis for the corresponding data processing. According to Article 6(1)(a) GDPR (Consent), this consent constitutes the legal basis for the processing of personal data as it may occur through a partner program.

We also have a legitimate interest in using a partner program to optimize our online services and marketing activities. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We only use the partner program to the extent that you have provided consent.

Information about specific partner programs can be found—if available—in the following sections.

Amazon Partner Program Privacy Policy

Amazon Partner Program Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Economic success and optimization of our service 📓 Processed Data: Access statistics including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as names or email addresses may also be processed. 📅 Storage Duration: Personal data is stored by Amazon until it is no longer needed ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is the Amazon Partner Program?

We use the Amazon Partner Program from Amazon.com, Inc. on our website. The responsible parties for data protection are Amazon Europe Core S.à r.l., Amazon EU S.à r.l., Amazon Services Europe S.à r.l., and Amazon Media EU S.à r.l., all based at 5 Rue Plaetis, L-2338 Luxembourg, as well as Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. The data processor is Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich. By using this Amazon Partner Program, data about you may be transmitted, stored, and processed by Amazon.

In this privacy policy, we inform you about which data is involved, why we use the program, and how you can manage or prevent the data transmission.

The Amazon Partner Program is an affiliate marketing program of the online retailer Amazon.de. Like any affiliate program, the Amazon Partner Program is based on the principle of referral commissions. Amazon or we place advertisements or partner links on our website, and if you click on them and purchase a product through Amazon, we receive an advertising fee (commission).

Why do we use the Amazon Partner Program on our website?

Our goal is to provide you with an enjoyable experience with many useful contents. We invest a lot of work and energy into developing our website. Through the Amazon Partner Program, we have the opportunity to receive some compensation for our efforts. Every partner link to Amazon is, of course, always relevant to our topic and displays offers that might interest you.

Which Data is Stored by the Amazon Partner Program?

As soon as you interact with Amazon’s products and services, Amazon collects data about you. Amazon distinguishes between information you actively provide to the company and information that is automatically collected and stored.

“Active information” includes data such as your name, email address, phone number, age, payment information, or location information. “Automatic information” is primarily stored through cookies. This includes data on user behavior, IP address, device information (such as browser type, location, operating systems), and the URL. Amazon also stores the clickstream, which refers to the sequence of pages you visit to reach a product. To track the origin of an order, Amazon saves cookies in your browser. This allows the company to recognize that you clicked on an Amazon advertisement or partner link through our website.

If you have an Amazon account and are logged in while browsing our site, the collected data can be linked to your account. You can prevent this by logging out of Amazon before browsing our website.

Here, we show examples of cookies that are set in your browser when you click on an Amazon link on our website.

Name: uid
Value: 3230928052675285215112837297-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiration Date: After 2 months

Name: ad-id
Value: AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com and is used by the company for various advertising purposes.
Expiration Date: After 8 months

Name: uuid2
Value: 8965834524520213028112837297-2
Purpose: This cookie enables targeted and interest-based advertising through the AppNexus platform. It collects and stores anonymous data about which ads you have clicked on and which pages you have visited, based on your IP address.
Expiration Date: After 3 months

Name: session-id
Value: 262-0272718-2582202112837297-1
Purpose: This cookie stores a unique user ID assigned by the server for the duration of a website visit (session). When you visit the same page again, the stored information is retrieved.
Expiration Date: After 15 years

Name: APID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information about how you use a website and what ads you have viewed before visiting the website.
Expiration Date: After 1 year

Name: session-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie tracks the time you spend on a webpage with a unique cookie ID.
Expiration Date: After 2 years

Name: csm-hit
Value: 2082754801l
Purpose: We could not obtain accurate information about this cookie.
Expiration Date: After 15 years

Note: Please be aware that this list only provides examples of cookies and does not claim to be complete.

Amazon uses the information it collects to better tailor advertisements to user interests.

How long and where is the data stored?

Personal data is stored by Amazon for as long as necessary for its business services or as legally required. Since Amazon’s headquarters are in the USA, the collected data is also stored on American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have an Amazon account, you can manage or delete many of the collected data through your account.

Another option to manage data processing and storage according to your preferences is through your browser. You can manage, disable, or delete cookies there. This process differs slightly depending on the browser. In the “Cookies” section, you will find links to the relevant instructions for the most popular browsers.

Legal Basis

If you have consented to the use of the Amazon Affiliate Program, this consent is the legal basis for the corresponding data processing. According to Art. 6(1)(a) GDPR (Consent), this consent serves as the legal basis for the processing of personal data that may occur through the Amazon Affiliate Program.

Additionally, we have a legitimate interest in using the Amazon Affiliate Program to optimize our online service and marketing efforts. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the Amazon Affiliate Program to the extent that you have given consent.

Amazon processes data about you, among other things, in the USA. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Amazon uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data meets European data protection standards even when it is transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Amazon commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Agreement (AWS GDPR DATA PROCESSING), which conforms to the Standard Contractual Clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have provided you with the key information about data transfer through the use of the Amazon Affiliate Program. For more information, please visit https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Creative Fabrica Affiliate program

With the Creative Fabrica Affiliate program I earn from new accounts and product purchases.

Fiverr Affiliate program

With the Fiverr Affiliate program I earn from new accounts and product purchases.

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary 👥 Affected Individuals: Website visitors 🤝 Purpose: Cybersecurity 📓 Processed Data: Data such as your IP address, name, or technical data such as browser version More details can be found further below and in the individual privacy policies. 📅 Retention Period: Data is generally stored as long as necessary to fulfill the service ⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Security & Anti-Spam Software?

Security & Anti-Spam software helps protect both you and us from various spam or phishing emails and potential other cyberattacks. Spam refers to unsolicited marketing emails sent in bulk, which you did not request. Such emails are also called “data waste” and can incur costs. Phishing emails, on the other hand, are messages designed to build trust through fake messages or websites to obtain personal data. Anti-Spam software typically protects against unwanted spam messages or malicious emails that could inject viruses into our system. We also use general firewall and security systems to protect our computers from unwanted network attacks.

Why do we use Security & Anti-Spam Software?

We place a high priority on security on our website. After all, it concerns not only our own security but also, and most importantly, your security. Unfortunately, in the world of IT and the internet, cyber threats have become a part of everyday life. Hackers often attempt to steal personal data from an IT system through cyberattacks. Therefore, a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computers. To achieve even greater security against cyberattacks, we use additional external security services in addition to standardized security systems on our computers. This helps better prevent unauthorized data traffic and protects us from cybercrime.

What Data is Processed by Security & Anti-Spam Software?

The specific data collected and stored depends on the respective service. However, we always strive to use programs that collect only minimal data or only store data necessary to provide the service. Generally, the service may store data such as name, address, IP address, email address, and technical data like browser type or browser version. It may also collect performance and log data to detect potential incoming threats in a timely manner. This data is processed in the context of the services and in compliance with applicable laws, including the GDPR for US providers (through Standard Contractual Clauses). These security services may also collaborate with third parties who, under instruction and in compliance with data protection policies and additional security measures, can store and/or process data. Data storage is usually done through cookies.

Duration of Data Processing

We will inform you about the duration of data processing below, as far as we have additional information. For example, security programs store data until you or we revoke the data storage. Generally, personal data is only stored for as long as necessary to provide the services. Unfortunately, in many cases, we do not have precise information from the providers about the duration of storage.

Right to Object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party security software. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend reviewing our general privacy policy on cookies. To understand what data about you is stored and processed, you should read the privacy statements of the respective tools.

Legal Basis

We use security services primarily based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in having a good security system against various cyberattacks.

Certain processing activities, particularly the use of cookies and the use of security functions, require your consent. If you have consented to data being processed and stored by integrated security services, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools, if available, can be found in the following sections.

Audio & Video Einleitung

Audio & Video Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Optimization of our service 📓 Processed Data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored. More details can be found further below in the relevant privacy texts. 📅 Storage Duration: Data is generally stored as long as it is necessary for the service purpose. ⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Audio and Video Elements?

On our website, we have integrated audio and video elements so you can directly watch videos or listen to music/podcasts. These contents are provided by service providers, meaning they are also retrieved from the corresponding servers of these providers.

These are embedded functionality elements from platforms such as YouTube, Vimeo, or Spotify. The use of these platforms is generally free, although there can also be paid content. With these embedded elements, you can access the respective content directly on our website.

When you use audio or video elements on our website, personal data may also be transmitted, processed, and stored by the service providers.

Why do we use Audio & Video Elements on our Website?

We aim to provide you with the best possible experience on our website. We understand that content is no longer conveyed solely through text and static images. Instead of just providing a link to a video, we offer you audio and video formats directly on our website that are entertaining, informative, and ideally, both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What Data is Stored by Audio & Video Elements?

When you visit a page on our website that, for example, has an embedded video, your server connects with the server of the service provider. During this process, data about you is transmitted to and stored by the third-party provider. Some data is collected and stored regardless of whether you have an account with the third-party provider. This typically includes your IP address, browser type, operating system, and other general information about your device. Additionally, most providers also collect information about your web activity. This includes session duration, bounce rate, which buttons you clicked, or which website you used to access the service. All this information is usually stored via cookies or pixel tags (also known as web beacons). Pseudonymized data is often stored in cookies in your browser. The specific data stored and processed is detailed in the privacy policy of the respective provider.

Duration of Data Processing

The exact duration for which data is stored on the servers of third-party providers can be found either below in the privacy text for the respective tool or in the privacy policy of the provider. In general, personal data is only processed as long as necessary for the provision of our services or products. This usually applies to third-party providers as well. You can generally expect that certain data will be stored on the servers of third-party providers for several years. Data stored in cookies may be retained for varying lengths of time. Some cookies are deleted immediately after leaving the website, while others may be stored in your browser for several years.

Right to Object

You also have the right and the option to withdraw your consent for the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or through other opt-out features. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The legality of processing up to the point of withdrawal remains unaffected.

Since embedded audio and video functions on our site often use cookies, you should also review our general privacy policy on cookies. The privacy policies of the respective third-party providers will provide more details about how your data is handled and stored.

Legal Basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining fast and effective communication with you or other customers and business partners. We use the embedded audio and video elements only to the extent that you have given consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Affected Parties: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed Data: Data such as contact details, user behavior data, information about your device, and your IP address may be stored. More details can be found further down in this privacy policy. 📅 Retention Period: Data is generally stored as long as necessary for the service purpose. ⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website to present interesting videos directly on our page. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to YouTube’s or Google’s servers. Depending on your settings, various data may be transmitted. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for data processing within the European area.

Below, we will explain in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the years, YouTube has become one of the most important social media channels worldwide. To display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to provide you with the best possible user experience on our website. Naturally, interesting videos are an essential part of this. By embedding videos, we provide additional helpful content alongside our texts and images. Furthermore, our website is more easily found on Google search due to the embedded videos. Even when we run ads through Google Ads, Google can use the collected data to ensure that these ads are shown only to people who are genuinely interested in our offerings.

What Data is Stored by YouTube?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually link your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information like browser type, screen resolution, or your Internet service provider. Additional data may include contact details, any ratings, sharing of content via social media, or adding items to your YouTube favorites.

If you are not logged into a Google or YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, this keeps your preferred language setting. However, many interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set during a test in the browser. On one hand, we show cookies set without being logged into a YouTube account. On the other hand, we show cookies set with a logged-in account. The list cannot claim to be complete as user data always depends on interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y112837297-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration Date: At the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google uses PREF to collect statistics on how you use YouTube videos on our website.
Expiration Date: After 8 months

Name: GPS
Value: 1
Purpose: This cookie tracks your unique ID on mobile devices to monitor the GPS location.
Expiration Date: After 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with embedded YouTube videos).
Expiration Date: After 8 months

Other Cookies Set When Logged into Your YouTube Account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7112837297-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiration Date: After 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also helps with security by verifying users and protecting user data from unauthorized access.
Expiration Date: After 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps in displaying personalized advertisements.
Expiration Date: After 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration Date: After 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiration Date: After 2 years

Name: SID
Value: oQfNKjAsI112837297-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiration Date: After 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
Expiration Date: After 3 months

How long and where is the data stored?

The data that YouTube collects and processes from you is stored on Google servers. Most of these servers are located in the United States. You can see the exact locations of Google’s data centers at this link. Your data is distributed across these servers, which allows for faster retrieval and better protection against tampering.

Google stores the collected data for varying lengths of time. Some data can be deleted by you at any time, while other data is automatically deleted after a certain period, and some data is stored by Google for longer durations. Some data (such as items from “My Activity,” photos, documents, products) stored in your Google account remains stored until you delete it. Even if you are not logged into a Google account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google account. With the automatic deletion feature introduced in 2019 for location and activity data, information is stored based on your choice—either 3 or 18 months—and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. This process varies depending on which browser you use. In the “Cookies” section, you will find links to the respective instructions for the most popular browsers.

If you generally do not want cookies, you can set your browser to notify you whenever a cookie is to be set. This way, you can decide whether to allow or reject each cookie individually.

Legal Basis

If you have consented to the processing and storage of your data through embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Your data is also processed and stored based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining effective and timely communication with you or other customers and business partners. We use the embedded YouTube elements only to the extent that you have given consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend reading our privacy policy on cookies carefully and reviewing the privacy policy or cookie policies of the respective service provider.

YouTube processes data about you, including in the USA. YouTube, or Google, is an active participant in the EU-US Data Privacy Framework, which governs the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template documents provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the relevant Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend reading the privacy policy at https://policies.google.com/privacy?hl=de.

Web Design Introduction

Web Design Privacy Policy Summary 👥 Affected Individuals: Visitors to the website 🤝 Purpose: Improvement of user experience 📓 Processed Data: The specific data processed varies greatly depending on the services used. Typically, this includes IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found with the respective web design tools used. 📅 Data Retention Period: Depends on the tools employed ⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website that serve our web design needs. Web design is not just about making our website look attractive, as often assumed, but also about functionality and performance. However, the visual appeal of a website is also one of the major goals of professional web design. Web design is a subfield of media design and deals with both the visual and structural as well as functional aspects of a website. The goal is to improve your experience on our website through web design. In web design terminology, this is referred to as User Experience (UX) and Usability. User Experience encompasses all impressions and experiences a website visitor has on a site. A subcategory of User Experience is Usability, which focuses on the user-friendliness of a website. It emphasizes ensuring that content, subpages, or products are clearly structured so you can easily and quickly find what you are looking for. To provide you with the best possible experience on our website, we also use so-called web design tools from third parties. In this privacy policy, the category “Web Design” includes all services that improve the design of our website. This could include fonts, various plugins, or other integrated web design features.

Why do we use web design tools?

How you absorb information on a website depends significantly on the website’s structure, functionality, and visual perception. Therefore, a good and professional web design has become increasingly important for us. We are constantly working on improving our website and view this as an extended service for you as a website visitor. Additionally, a well-designed and functioning website also has economic benefits for us. After all, you are more likely to visit us and make use of our services if you feel comfortable and satisfied.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can process data. The specific data processed depends largely on the tools used. Further below, you will see which tools we use for our website. We recommend reading the privacy policies of the respective tools for more detailed information about data processing. There, you will usually find out which data is processed, whether cookies are used, and how long the data is retained. For example, fonts such as Google Fonts automatically transmit information like language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.

Duration of Data Processing

The duration for which data is processed is highly variable and depends on the web design elements used. For instance, if cookies are involved, the retention period can range from just one minute to several years. Please familiarize yourself with this aspect. We recommend reading our general section on cookies and the privacy policies of the tools used. There, you will generally find information on which cookies are specifically used and what information they store. For example, Google Font files are stored for one year to improve website loading times. Generally, data is retained only as long as necessary for providing the service. Data may be stored longer if required by legal provisions.

Right to Object

You also have the right and the option to withdraw your consent to the use of cookies or third-party services at any time. This can be done either through our cookie management tool or other opt-out functions. You can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. However, some data collected by web design elements (usually fonts) may not be so easily deleted. This is the case when data is automatically collected and transmitted to a third party (such as Google) during a page visit. In such cases, please contact the support of the respective provider. For Google, you can reach support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to the use of web design tools, that consent is the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (Consent), this consent provides the legal basis for processing personal data that may occur when using web design tools. Additionally, we have a legitimate interest in improving the web design on our website. After all, we can only provide you with an attractive and professional web experience if we use web design tools. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). We emphasize that web design tools are only used to the extent that you have granted consent. This is something we want to highlight once again.

Information on specific web design tools, if available, will be provided in the following sections.

Font Awesome Privacy Policy

Font Awesome Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Optimization of our service 📓 Processed Data: Includes IP address and the icon files that are loaded More details can be found further down in this privacy policy. 📅 Retention Period: Files in identifiable form are stored for a few weeks ⚖️ Legal Bases: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is Font Awesome?

We use Font Awesome from the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA) on our website. When you visit one of our web pages, the web font Font Awesome (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This ensures that text, fonts, and icons are displayed correctly on any device. In this privacy policy, we will discuss the data storage and processing practices of this service in more detail.

Icons play an increasingly important role for websites. Font Awesome is a web font specifically designed for web designers and developers. With Font Awesome, icons can be scaled and colored using the CSS stylesheet language. This replaces old image-based icons. The Font Awesome CDN is the easiest way to load icons or fonts onto your website. We only needed to add a small line of code to our site.

Why do we use Font Awesome on our website?

Font Awesome helps us present content on our website more effectively. This makes it easier for you to navigate and understand the content. Icons can sometimes replace entire words, saving space. This is especially useful when we optimize content specifically for smartphones. These icons are inserted as HTML code rather than image files, allowing us to edit them with CSS as needed. At the same time, Font Awesome improves our loading speed because it deals with HTML elements rather than icon images. All these advantages help us make the website more organized, fresh, and faster for you.

What data is stored by Font Awesome?

To load icons and symbols, the Font Awesome Content Delivery Network (CDN) is used. CDNs are networks of servers distributed worldwide that allow files to be loaded quickly from nearby locations. Thus, when you visit one of our pages, the relevant icons from Font Awesome are provided.

In order for the web fonts to be loaded, your browser must establish a connection to the servers of Fonticons, Inc. This process involves recognizing your IP address. Font Awesome also collects data on which icon files are downloaded and when. Additionally, technical data such as your browser version, screen resolution, or the time of the page request is transmitted.

The data is collected and stored for the following reasons:

• To optimize Content Delivery Networks (CDNs)
• To detect and fix technical issues
• To protect CDNs from misuse and attacks
• To calculate fees for Font Awesome Pro customers
• To understand the popularity of icons
• To know which computer and software you are using

If your browser does not allow web fonts, a standard font from your PC will be used automatically. As of our current knowledge, no cookies are set. We are in contact with Font Awesome’s data protection department and will inform you once we have more detailed information.

How long and where is the data stored?

Font Awesome stores data about the use of the Content Delivery Network on servers in the United States of America. However, CDN servers are located worldwide and store user data wherever you are. In identifiable form, data is typically stored for only a few weeks. Aggregated statistics on the use of the CDNs may be stored for a longer period, but these do not include personal data.

How can I delete my data or prevent data storage?

As of our current knowledge, Font Awesome does not store personal data through Content Delivery Networks. If you do not want data about the icons used to be stored, you will unfortunately not be able to visit our website. If your browser does not allow web fonts, no data will be transmitted or stored. In this case, the standard font of your computer will be used.

Legal Basis

If you have consented to the use of Font Awesome, this consent serves as the legal basis for the corresponding data processing. According to Art. 6 (1) (a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data that may occur when using Font Awesome.

We also have a legitimate interest in using Font Awesome to optimize our online service. The corresponding legal basis for this is Art. 6 (1) (f) of the GDPR (Legitimate Interests). However, we only use Font Awesome to the extent that you have given consent.

We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by Font Awesome, which may result in data not being anonymized and stored. Furthermore, US government agencies may potentially have access to individual data. It is also possible that this data may be linked with data from other Font Awesome services where you have a user account.

If you want to learn more about Font Awesome and its handling of data, we recommend reviewing the privacy policy at https://fontawesome.com/privacy and the support page at https://fontawesome.com/support.

Google Fonts Datenschutzerklärung

Google Fonts Privacy Policy Summary – 👥 Affected: Visitors to the website – 🤝 Purpose: Optimization of our service performance – 📓 Processed Data: Data such as IP address and CSS and font requests – More details can be found further down in this privacy policy. – 📅 Retention Period: Font files are stored at Google for one year – ⚖️ Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What are Google Fonts?

On our website, we use Google Fonts. These are the “Google Fonts” from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

To use Google Fonts, you do not need to log in or provide a password. Additionally, no cookies are stored in your browser. The files (CSS, fonts) are requested from the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account data being transmitted to Google while using Google Fonts. Google collects usage data on CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look in detail at how data storage works.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides to its users for free.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our website without having to upload them to our own server. Google Fonts is a crucial component in maintaining the quality of our website. All Google Fonts are automatically optimized for the web, saving data volume and providing a significant advantage for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can lead to errors, which can sometimes distort text or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as beautifully and consistently as possible.

What data is stored by Google?

When you visit our website, the fonts are loaded from a Google server. This external request transmits data to the Google servers. Google also recognizes that you, or rather your IP address, have visited our website. The Google Fonts API was designed to limit the use, storage, and collection of end-user data to what is necessary for the proper delivery of fonts. API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests at Google, ensuring protection. By analyzing the collected usage statistics, Google can determine how well individual fonts are received. The results are published by Google on internal analysis pages, such as Google Analytics. Additionally, Google uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the BigQuery database of Google Fonts. Businesses and developers use the Google web service BigQuery to analyze and manage large amounts of data.

However, it is important to note that each Google Fonts request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers. Whether this data is also stored is not clearly determinable or explicitly communicated by Google.

How long and where is the data stored?

Requests for CSS assets are stored by Google for one day on its servers, which are primarily located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that allows for easy and quick changes to, for example, the design or font of a website.

The font files are stored by Google for one year. Google aims to improve the loading times of websites fundamentally. When millions of websites reference the same fonts, they are cached after the first visit and appear instantly on all other subsequently visited websites. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot be easily deleted. The data is automatically transmitted to Google when the page is accessed. To request early deletion of this data, you must contact Google support at https://support.google.com/?hl=de&tid=112837297. In this case, you can only prevent data storage by not visiting our website.

Unlike other web fonts, Google provides us with unrestricted access to all fonts. Therefore, we can access an extensive range of fonts and optimize our website accordingly. For more information about Google Fonts and related questions, visit https://developers.google.com/fonts/faq?tid=112837297. While Google does address privacy issues there, detailed information about data storage is not provided. It is relatively difficult to obtain precise information from Google about stored data.

Legal Basis

If you have consented to the use of Google Fonts, this consent is the legal basis for the corresponding data processing. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur with Google Fonts.

Additionally, we have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). We only use Google Fonts to the extent that you have given consent.

Google processes data about you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can also read about the data Google collects and how it is used at https://www.google.com/intl/de/policies/privacy/.

Explanation of Terms Used

We strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP address). We do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are derived from the GDPR and are definitions, we will also reference the GDPR texts and, if necessary, provide our own explanations.

Data Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Data Processor” refers to a natural or legal person, authority, agency, or other body that processes personal data on behalf of the Controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the Controller, there can also be so-called Data Processors. This includes any company or person who processes personal data on our behalf. Data Processors can, therefore, include service providers such as tax advisors, as well as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them by a statement or a clear affirmative action;

Explanation: Typically, on websites, such consent is obtained through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you consent to data processing or not. You can usually also make individual settings and decide which data processing you allow and which you do not. If you do not give consent, no personal data should be processed. Of course, consent can also be given in writing, that is, not through a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Personal Data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data are all those data that can identify you as a person. Typically, these include data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number, or student ID number
• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device and consequently you as the connection owner based on your IP address. Therefore, storing an IP address also requires a legal basis under the GDPR.uch noch sogenannte „besondere Kategorien“ der personenbezogenen Daten, die auch besonders schützenswert sind. Dazu zählen:

• Racial and ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data, such as data obtained from blood or saliva samples
• Biometric data (information on psychological, physical, or behavioral characteristics that can identify a person)
• Health data
• Data related to sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR:

In the context of this regulation, the term:

“Profiling” refers to any type of automated processing of personal data that involves using this data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

Explanation: Profiling involves compiling various pieces of information about a person to gain more insights into them. In the online realm, profiling is often used for advertising purposes or credit assessments. For example, web or advertising analysis programs collect data about your behavior and interests on a website, creating a specific user profile. This profile helps target advertisements to a particular audience.

Controller

Definition according to Article 4 of the GDPR:

In the context of this regulation, the term:

“Controller” refers to the natural or legal person, authority, organization, or other entity that alone or jointly with others determines the purposes and means of processing personal data; if the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their designation may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data and, therefore, are the “Controller.” If we share collected data for processing with other service providers, they are “Processors.” This requires a “Data Processing Agreement (DPA)” to be signed.

Processing

Definition according to Article 4 of the GDPR:

In the context of this regulation, the term:

“Processing” refers to any operation or set of operations performed on personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.

Note: When we refer to processing in our privacy policy, we mean any type of data processing. This includes not only the collection but also the storage and handling of data, as mentioned in the original GDPR definition.

Closing Words

Congratulations! If you’re reading this, you’ve truly made it through our entire privacy policy or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.

It’s important to us to inform you about the processing of personal data to the best of our knowledge and belief. We want to not only tell you what data is processed but also explain the reasons behind using various software programs. Privacy policies often sound very technical and legal. Since most of you are not web developers or legal experts, we aimed to use simpler and clearer language to explain the matter. Of course, this isn’t always possible due to the nature of the topic. Therefore, we provide detailed explanations of key terms at the end of the privacy policy.

If you have any questions regarding data protection on our website, please don’t hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are copyright protected.

Source: Created with the Privacy Generator by AdSimple