Data protection

Privacy Policy

Table of contents

• Introduction and Overview
• scope
• Legal basis
• Contact details of the responsible party
• Storage duration
• Rights under the General Data Protection Regulation
• Data processing security
• communication
• Cookies
• Web Analytics Introduction
• Email Marketing Introduction
• Social Media Introduction
• Online Marketing Introduction
• Payment Providers Introduction
• Video Conferencing & Streaming Introduction
• Review Platforms Introduction
• Explanation of terms used
• Closing remarks

Introduction and Overview

We have prepared this privacy policy (version 28.08.2024-112865120) to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws explain which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We will provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it promotes transparency, technical details will be avoided. Terms are explained in a reader-friendly way , and links to further information are provided. Graphics We have implemented this policy. We are informing you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one provides the briefest, vague, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information here that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, access this EU General Data Protection Regulation online at EUR-Lex, your gateway to EU law. https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 Read more.

We only process your data if at least one of the following conditions applies:

1. consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

• In Austria This is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data ( Data Protection Act ), in short DSG .
• In Germany Does this apply? Federal Data Protection Act , in short BDSG .

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or body below:
Never Age Nutrition GmbH
Igor Kazal
Sterngasse 3/2/6
1020 Vienna

E-mail: office@neveragenutrition.com

Imprint: https://www.neveragenutrition.at/impressum/

Storage duration

We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled, in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at [website address]. https://www.dsb.gv.at/ You can find them here. In Germany, each federal state has a data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) Please contact us. The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, if necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secure – nobody can “listen in”.

This introduces an additional layer of security, allowing us to comply with data protection by design ( Article 25 Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small lock symbol. top left in the browser, to the left of the internet address (e.g. examplepage.de) and the use of the scheme https (instead of http) as part of our internet address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

communication

Communication Summary 👥 Affected: Everyone who communicates with us by phone, email or online form 📓 Data processed: e.g., telephone number, name, email address, form data entered. More details can be found under the respective contact method used. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage period: Duration of the business transaction and legal regulations ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

When you contact us and communicate via telephone, email or online form, personal data may be processed.

The data will be processed for the handling and processing of your inquiry and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

phone

When you call us, the call data is stored pseudonymously on your device and with your telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored for the purpose of responding to your inquiry. This data will be deleted as soon as the matter is resolved and legal requirements permit.

e-mail

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on our email server. This data will be deleted once the business transaction is complete and legal requirements permit.

Online forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address provided by us. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal grounds:

• Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
• Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.

Cookies

Cookies Summary 👥 Affected: Visitors to the website 🤝 Purpose: depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie. 📓 Data processed: Depends on the specific cookie used. More details can be found below or on the website of the software provider that sets the cookie. 📅 Storage duration: depends on the specific cookie and can vary from hours to years. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language preferences or personal website settings. When you revisit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser, such as Chrome, and a web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.

This is what cookie data might look like, for example:

Name: _ga
Value: GA1.2.1326744211.152112865120-9
Purpose of use: Differentiation of website visitors
Expiry date: after 2 years

These are the minimum sizes a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. And of course, this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265 , the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it's impossible to generalize about what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage duration of cookies

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website the cookies originate from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all others.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this information in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally don't want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. The procedure varies depending on the browser. The best way to find instructions is to search on Google using the keywords "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

Legal basis

The so-called "Cookie Directive" has been in effect since 2009. It stipulates that storing cookies is a consent (Article 6(1)(a) GDPR) requires your consent. However, reactions to these guidelines vary considerably across EU countries. In Austria, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not transposed into national law. Instead, they were largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

Strictly necessary cookies exist, even where no consent has been given. legitimate interests (Article 6 paragraph 1 letter f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

Unless strictly necessary, cookies are only used with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections will provide you with more detailed information about the use of cookies, if the software used employs cookies.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the documentation for the respective web analytics tool used. 📅 Storage duration: depends on the web analytics tool used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web analytics?

We use software on our website to analyze visitor behavior, commonly known as web analytics. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). This data is used to create analyses of user behavior on our website and made available to us as the website operator. Most tools also offer various testing options. For example, we can test which offers or content resonate best with our visitors. To do this, we display two different offers for a limited time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as other analytics methods, user profiles can be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: to deliver the best online offering on the market for our industry. To achieve this, we aim to provide the best and most engaging content while ensuring you feel completely comfortable on our website. Web analytics tools allow us to closely examine the behavior of our website visitors and then improve our online offerings accordingly, benefiting both you and ourselves. For example, we can determine the average age of our visitors, their geographical origin, peak traffic times, and which content or products are particularly popular. All this information helps us optimize the website and tailor it perfectly to your needs, interests, and preferences.

What data is processed?

Exactly which data is stored depends, of course, on the analytics tools used. However, it typically includes information such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you are using. If you have consented to the collection of location data, this may also be processed by the web analytics tool provider.

Your IP address will also be stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally stored in pseudonymized form (i.e., in an unidentifiable and shortened form). For the purposes of testing, web analytics, and web optimization, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored pseudonymously. This ensures that you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-based web tracking using JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, for example, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie popup. According to [source/regulation], this consent constitutes [legal basis/consent]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate Interests) . However, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy regarding cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools can be found – if available – in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, and click behavior. More details can be found below in this privacy policy. 📅 Storage duration: individually adjustable; by default, Google Analytics stores 4 data points for 14 months. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the Google Analytics tracking tool, version 4 (GA4), from the American company Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your activity on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This allows your activity to be analyzed across platforms.

For example, when you click a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. Below, we explain the tracking tool in more detail, focusing on what data is processed and how you can prevent this.

Google Analytics is a tracking tool used to analyze website traffic. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as name or address, but rather serves to assign events to a specific device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Furthermore, GA4 incorporates various machine learning functions to better understand user behavior and certain trends. GA4 uses machine learning to generate models. This means that, based on the collected data, missing data can be extrapolated to optimize the analysis and enable forecasting.

For Google Analytics to function correctly, a tracking code is embedded in our website's code. When you visit our website, this code records various actions you perform on our site. Using GA4's event-driven data model, we, as website operators, can define and track specific events to analyze user interactions. This allows us to track not only general information like clicks and page views, but also specific events that are important to our business. These specific events might include submitting a contact form or purchasing a product.

As soon as you leave our website, this data will be sent to and stored on Google Analytics servers.

Google processes the data and we receive reports about your user behavior. These may include, among other things, the following reports:

• Target group reports: Through target group reports, we get to know our users better and know more precisely who is interested in our service.
• Ad reports: Ad reports help us to analyze and improve our online advertising more easily.
• Acquisition reports: Acquisition reports give us helpful information about how we can attract more people to our service.
• Behavior reports: Here we learn how you interact with our website. We can track your path on our site and which links you click.
• Conversion reports: A conversion is a process where you perform a desired action as a result of a marketing message. For example, when you go from being a website visitor to a customer or newsletter subscriber. These reports help us understand how our marketing efforts are performing for you, which is how we aim to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following features:

• Event-based data model: This model captures very specific events that can occur on our website. For example, playing a video, purchasing a product, or subscribing to our newsletter.
• Advanced analytics features: These features allow us to better understand your behavior on our website and certain general trends. For example, we can segment user groups, conduct comparative analyses of target groups, or track your journey through our website.
• Predictive modeling: Based on collected data, machine learning can extrapolate missing data to predict future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: Data can be collected and analyzed from both websites and apps. This allows us to analyze user behavior across platforms, provided, of course, that you have consented to the data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of our website's strengths and weaknesses. On the one hand, we can optimize our site so that it's easier for interested people to find it on Google. On the other hand, the data helps us understand you, our visitors, better. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to make our advertising and marketing efforts more targeted and cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be recognized as a returning user. All collected data is stored along with this user ID. This is the only way to analyze pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. The Google Analytics 4 property is the default for every newly created property. Data is stored for varying lengths of time depending on the property used.

Your interactions are measured across platforms using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, provided you have consented. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

According to Google, Google Analytics 4 does not log or store IP addresses. However, Google uses IP address data to derive location data and deletes it immediately afterward. Therefore, all IP addresses collected from users in the EU are deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to earlier versions (such as Google Universal Analytics). However, there are some specific cookies used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152112865120-5
Purpose of use: By default, analytics.js uses the _ga cookie to store the user ID. This is primarily used to distinguish between website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152112865120-1
Purpose of use: The cookie is also used to distinguish website visitors.
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose of use: Used to reduce the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiry date: after 1 minute

Note: This list is not exhaustive, as Google frequently changes its cookie selection. GA4 also aims to improve data privacy. Therefore, the tool offers several options for controlling data collection. For example, we can define the storage duration ourselves and also control the data collection process.

Here we show you an overview of the most important types of data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. These heatmaps show exactly which areas you click on. This gives us information about where you are on our website.

Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you are inactive for 20 minutes, the session ends automatically.

Bounce rate (English: Bounce rate): A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, inferences about location data are used shortly before the IP address is deleted.

Technical information: Technical information includes, among other things, your browser type, your internet service provider, and your screen resolution.

Source of origin: Google Analytics, or rather we, are of course also interested in which website or advertisement you came to our site via.

Other data collected includes contact information, any ratings, media playback (e.g., when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where will the data be stored?

Google has distributed its servers all over the world. Here you can find out exactly where Google's data centers are located: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical storage devices. This has the advantage of faster data retrieval and better protection against manipulation. Each Google data center has corresponding emergency backup programs for your data. Even if, for example, Google's hardware fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

The data retention period depends on the properties used. The storage duration is always set individually for each property. Google Analytics offers four options for controlling the storage duration:

• 2 months: that is the shortest storage period.
• 14 months: by default, data is stored for 14 months in GA4.
• 26 months: the data can also be stored for 26 months.
• Data is only deleted when we delete it manually.

Additionally, there is the option to have data deleted only if you do not visit our website within the period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored separately from user data. Aggregated data is a combination of individual data points into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete, or restrict the processing of your data. Using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can find the browser add-on at [link to add-on]. https://tools.google.com/dlpage/gaoptout?hl=de Download and install. Please note that this add-on only disables data collection by Google Analytics.

If you wish to disable, delete or manage cookies in general, you will find the corresponding links to the respective instructions for the most well-known browsers under the section "Cookies".

Legal basis

The use of Google Analytics requires your consent, which we obtained via our cookie popup. According to [the relevant legislation/regulation], this consent constitutes [the following]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Google Analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate Interests) . However, we only use Google Analytics if you have given your consent.

Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to Google's privacy policy]. https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Google uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/ .

We hope we have provided you with the most important information regarding data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de .

If you would like to learn more about data processing, please refer to the Google Privacy Policy at https://policies.google.com/privacy?hl=de .

Microsoft Clarity Privacy Statement

We work with Microsoft Clarity and Microsoft Advertising to use behavioral metrics, heatmaps, and session replays to understand how you use and interact with our website in order to improve and market our products and services. Website usage data is collected using first-party and third-party cookies and other tracking technologies to determine the popularity of products, services, and online activities. We also use this information to optimize the website, for fraud and security prevention, and for advertising purposes. For more information about how Microsoft collects and uses your data, please see the Microsoft Privacy Statement .

Email Marketing Introduction

Email Marketing Summary 👥 Affected: Newsletter subscribers 🤝 Purpose: Direct marketing via email, notification of system-relevant events 📓 Data processed: Data entered during registration, but at least the email address. More details can be found in the documentation for the respective email marketing tool used. 📅 Storage period: Duration of the subscription ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is email marketing?

To keep you up to date, we also use email marketing. If you have consented to receive our emails or newsletters, your data will be processed and stored. Email marketing is a sub-area of ​​online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested in them.

If you would like to participate in our email marketing (usually via newsletter), you normally only need to register with your email address. To do this, you fill out an online form and submit it. However, we may also ask you for information such as your title and name so that we can address you personally.

Newsletter subscriptions generally work using the so-called "double opt-in" process. After you register for our newsletter on our website, you will receive an email to confirm your subscription. This ensures that the email address belongs to you and that no one has registered using someone else's email address. We, or a notification tool we use, logs each individual registration. This is necessary so that we can prove the legally compliant registration process. The log typically records the time of registration, the time of confirmation, and your IP address. Additionally, any changes you make to your saved data are also logged.

Why do we use email marketing?

We naturally want to stay in touch with you and keep you up-to-date on the latest news about our company. For this, we use email marketing – often simply called a "newsletter" – as a key component of our online marketing strategy. If you consent or if it is legally permitted, we will send you newsletters, system emails, or other notifications via email. When we use the term "newsletter" in the following text, we primarily mean regularly sent emails. Of course, we don't want to bother you with our newsletters in any way. That's why we always strive to offer only relevant and interesting content. For example, you'll learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed about any new developments or special, attractive promotions. If we use a service provider with a professional email marketing tool, we do so to ensure we can deliver our newsletters to you quickly and securely. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your title, name, address, and telephone number may also be stored. However, this only happens if you consent to this data storage. The data marked as such is necessary for you to participate in the offered service. Providing this information is voluntary; however, failure to provide it will prevent you from using the service. Information about your device or your preferred content on our website may also be stored. You can find more information about data storage when you visit a website in the section "Automatic Data Storage." We record your declaration of consent so that we can always demonstrate that it complies with our legal obligations.

Duration of data processing

If you unsubscribe from our email/newsletter mailing list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at the time. We may only process this data if we need to defend ourselves against potential claims.

However, if you confirm that you have given us your consent to subscribe to our newsletter, you can submit an individual deletion request at any time. If you permanently withdraw your consent, we reserve the right to store your email address on a suppression list. As long as you have voluntarily subscribed to our newsletter, we will, of course, retain your email address.

Right to object

You can unsubscribe from our newsletter at any time. Simply withdraw your consent to receive it. This usually only takes a few seconds or one or two clicks. You'll typically find an unsubscribe link at the bottom of every email. If you can't find the link in the newsletter, please contact us by email and we'll unsubscribe you immediately.

Legal basis

We send our newsletter based on your consent (Article 6(1)(a) GDPR). This means we can only send you a newsletter if you have actively subscribed beforehand. We may also send you promotional messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information on specific email marketing services and how they process personal data can be found – if available – in the following sections.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To present and optimize our services, to contact visitors, potential customers, etc., and to advertise. 📓 Data processed: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device and your IP address. More details can be found in the respective social media tool used. 📅 Storage duration: depends on the social media platforms used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. This may involve processing user data so that we can specifically target users who are interested in our content via social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This is the case, for example, when you click a "social button" on our website and are redirected directly to our social media profile. Social media platforms are websites and apps through which registered members can create content, share content openly or within specific groups, and connect with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to introduce our products and services to potential customers. The social media elements integrated into our website help you quickly and easily access our social media content.

The data collected and processed through your use of a social media channel primarily serves the purpose of web analytics. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to draw conclusions about your interests and create user profiles. This allows the platforms to present you with tailored advertisements. Cookies are usually placed in your browser for this purpose, storing data about your browsing behavior.

We generally assume that we remain responsible under data protection law even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 GDPR. Where this is the case, we will indicate this separately and operate on the basis of a corresponding agreement. The key points of the agreement are then reproduced below under the relevant platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective social media platform provider. However, it typically includes data such as phone numbers, email addresses, information you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Specifically, if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the provider's servers. Therefore, only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to this data processing, you should carefully read the respective company's privacy policy. If you have any questions about data storage and processing or wish to exercise your rights, we also recommend contacting the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with our own user data is deleted within two days. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party services such as embedded social media elements at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored through embedded social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR) . In principle, your data will also be processed on the basis of our legitimate interest if you have given your consent. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to enable fast and effective communication with you, other customers, and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific social media platforms – if available – can be found in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as customer data, user behavior data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until the data is no longer useful for Facebook's purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc., or, for the European region, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to offer you and people interested in our products and services the best possible experience.

If data about you is collected and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations are also set out in a publicly available agreement at [link to agreement]. https://www.facebook.com/legal/controller_addendum This is enshrined in our data protection policy. It stipulates, for example, that we must clearly inform you about the use of Facebook tools on our website. Furthermore, we are responsible for ensuring that these tools are integrated into our website in a data protection-compliant manner. Facebook, on the other hand, is responsible for the data security of its products. If you have any questions regarding data collection and processing by Facebook, you can contact the company directly. If you direct your question to us, we are obligated to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools." This is Facebook's official name. However, since the term is hardly known, we have decided to simply call them Facebook Tools. These include, among other things:

• Facebook Pixel
• social plug-ins (such as the "Like" or "Share" button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interfaces)
• SDKs (Collection of programming tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentation
• Technologies and services

These tools allow Facebook to expand its services and obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are genuinely interested. Facebook ads allow us to reach precisely these people. However, to show users relevant ads, Facebook needs information about their needs and desires. Therefore, we provide the company with information about user behavior (and contact details) on our website. This allows Facebook to gather better user data and show interested people relevant ads for our products and services. These tools thus enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as "event data." This data is also used for measurement and analytics services. Facebook can then create "campaign reports" on our behalf about the effectiveness of our advertising campaigns. Furthermore, these analyses give us a better understanding of how you use our services, website, or products. We use some of these tools to optimize your user experience on our website. For example, you can use social plugins to share content from our site directly on Facebook.

What data is stored by Facebook tools?

Using certain Facebook tools may result in personal data (customer data) being sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address may be transmitted.

Facebook uses this information to match the data it already holds about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it undergoes a process called "hashing." This means that any data set of any size is transformed into a string of characters. This also serves to encrypt the data.

In addition to contact information, "event data" is also transmitted. "Event data" refers to information we receive about you on our website, such as which subpages you visit or which products you purchase from us. Facebook does not share this information with third parties (such as advertisers) unless it has explicit permission or is legally obligated to do so. "Event data" can also be linked to contact information. This allows Facebook to offer more personalized advertising. After the aforementioned matching process, Facebook deletes the contact data.

To optimize ad delivery, Facebook uses event data only when it has been combined with other data (collected by Facebook through other means). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data and information in browsers. Depending on the tools used and whether you are a Facebook member, a varying number of cookies will be placed in your browser. We provide more detailed information about individual Facebook cookies in the descriptions of the various Facebook tools. You can also find general information about the use of Facebook cookies on [link to Facebook's cookie policy]. https://www.facebook.com/policies/cookies .

How long and where will the data be stored?

Generally, Facebook stores data until it is no longer needed for its own services and products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with the company's own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation (GDPR), you have the right to access, rectification, portability and erasure of your data.

Your data will only be completely deleted if you delete your Facebook account entirely. Here's how to delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Next, click on “Your Facebook Information” in the left column.

3) Now click “Deactivation and Deletion”.

4) Now select “Delete account” and then click “Next and delete account”.

5) Now enter your password, click "Next" and then "Delete account".

The data that Facebook receives through our site is stored, among other things, via cookies (e.g., for social plugins). You can disable, delete, or manage individual or all cookies in your browser. Depending on which browser you use, this works differently. Under the "Cookies" section, you will find links to the instructions for the most common browsers.

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR) . In principle, your data is also processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) The data is stored and processed to enable fast and effective communication with you, other customers, and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review Facebook's privacy statement or cookie policy.

Facebook processes your data, among other places, in the USA. Facebook, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to relevant page]. https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Facebook uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .

We hope we have provided you with the most important information about the use and processing of data by Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend that you read the data policy on [link to Facebook's data policy]. https://www.facebook.com/privacy/policy/ .

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as user behavior data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until Instagram no longer needs the data for its purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram features into our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook group. Embedding Instagram content on our website allows us to display content such as buttons, photos, or videos from Instagram directly on our site. When you visit pages on our website that have an integrated Instagram feature, data is transmitted to, stored by, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Therefore, your data is processed across all Facebook companies.

Below, we'll give you a more detailed look at why Instagram collects data, what data it collects, and how you can largely control its processing. Since Instagram belongs to Meta Platforms Inc., we draw our information from both Instagram's policies and Meta's own privacy policy.

Instagram is one of the most popular social media networks worldwide. It combines the advantages of a blog with those of audiovisual platforms like YouTube or Vimeo. On "Insta" (as many users casually call the platform), you can upload photos and short videos, edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has truly exploded in popularity in recent years. And of course, we've responded to this boom. We want you to feel as comfortable as possible on our website. That's why a diverse presentation of our content is a given for us. The embedded Instagram features allow us to enrich our content with helpful, funny, or exciting material from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be used for personalized advertising on Facebook. This ensures that our ads are only shown to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics, giving us more insight into your preferences and interests. It's important to note that these reports do not personally identify you.

What data does Instagram store?

When you visit one of our pages that includes Instagram features (such as Instagram images or plugins), your browser automatically connects to Instagram's servers. Data is then sent to, stored, and processed by Instagram, regardless of whether you have an Instagram account or not. This includes information about your visit to our website, your computer, purchases you've made, advertisements you see, and how you use our services. The date and time of your interaction with Instagram are also recorded. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that Instagram does the same. Customer data includes, for example, name, address, phone number, and IP address. This customer data will only be transmitted to Instagram after it has been hashed. Hashing means that a data record is transformed into a string of characters. This allows contact information to be encrypted. In addition, the aforementioned "event data" is also transmitted. Facebook—and consequently Instagram—understands "event data" as data about your user behavior. It is also possible that contact information may be combined with event data. The collected contact information is then compared with the data that Instagram already holds about you.

Small text files (cookies), usually placed in your browser, transmit the collected data to Facebook. The amount of data stored varies depending on the Instagram features you use and whether you have an Instagram account.

We assume that data processing on Instagram works the same way as on Facebook. This means: if you have an Instagram account or www.instagram.com If you have visited Instagram's website, at least one cookie has been set. If this is the case, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. This data is deleted or anonymized after a maximum of 90 days (after reconciliation). Although we have thoroughly examined Instagram's data processing practices, we cannot say exactly what data Instagram collects and stores.

Below, we show you the minimum number of cookies that are set in your browser when you click on an Instagram feature (such as a button or an Instagram image). For our test, we assume you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose of use: This cookie is most likely set for security reasons, to prevent request forgery. However, we were unable to determine this more precisely.
Expiry date: after one year

Name: mid
Value: “”
Purpose of use: Instagram uses this cookie to optimize its services and offers both on and off Instagram. The cookie assigns a unique user ID.
Expiry date: after the end of the session

Name: fbsr_112865120124024
Value: not specified
Purpose of use: This cookie stores the login request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Purpose of use: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: URLs
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe112865120”
Purpose of use: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session

Note: We cannot claim to provide a complete list here. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where will the data be stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation (GDPR), you have the right to access, transfer, rectify, and erase your data. You can manage your data in your Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how you delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and tap "Help Center." This will take you to the company's website. On the website, tap "Manage your account" and then "Delete your account."

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data using cookies. You can manage, disable, or delete these cookies in your browser. The process varies slightly depending on your browser. In the "Cookies" section, you'll find links to instructions for the most popular browsers.

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to your data being processed and stored through embedded social media elements, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR) . In principle, your data is also processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to ensure fast and effective communication with you, other customers, and business partners. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Instagram processes your data, among other places, in the USA. Instagram, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to relevant page]. https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Instagram uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. https://privacycenter.instagram.com/policy/ You can learn more about Instagram's data policies.

Online Marketing Introduction

Online Marketing Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. Further details can be found in the documentation for the respective online marketing tool used. 📅 Storage duration: depends on the online marketing tools used. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is online marketing?

Online marketing encompasses all measures taken online to achieve marketing goals such as increasing brand awareness or closing a sale. Furthermore, our online marketing efforts aim to drive traffic to our website. We engage in online marketing to showcase our offerings to a wide audience of interested individuals. This typically involves online advertising, content marketing, and search engine optimization (SEO). To ensure our online marketing is efficient and targeted, we also store and process personal data. This data helps us to show our content only to those who are genuinely interested in it, and it also allows us to measure the success of our online marketing campaigns.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in our offerings. We understand that this isn't possible without deliberate measures. That's why we engage in online marketing. Various tools are available to simplify our online marketing efforts and provide us with ongoing data-driven suggestions for improvement. This allows us to target our campaigns more precisely to our audience. Ultimately, the purpose of these online marketing tools is to optimize our offerings.

What data is processed?

To ensure our online marketing works effectively and the success of our campaigns can be measured, user profiles are created and data is stored, for example, in cookies (small text files). This data allows us not only to display traditional advertising but also to personalize the content on our website to your liking. Various third-party tools offer these functions and, accordingly, collect and store your data. These cookies store information such as which pages you visited on our website, how long you viewed them, which links or buttons you clicked, and which website referred you to us. Technical information may also be stored, such as your IP address, the browser you are using, the device you are using to access our website, and the time you entered and left our site. If you have consented to us determining your location, we can also store and process this information.

Your IP address is stored in pseudonymized (i.e., shortened) form. Unique data that directly identifies you as an individual, such as your name, address, or email address, is also stored only in pseudonymized form for advertising and online marketing purposes. Therefore, we cannot identify you as an individual; we only store the pseudonymized information in the user profiles.

The cookies may also be used, analyzed, and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique identifiers (names, email addresses, etc.) may also be stored in user profiles. This occurs, for example, if you are a member of a social media channel that we use for our online marketing activities and the network links previously received data to the user profile.

With all the advertising tools we use that store your data on their servers, we only ever receive aggregated information and never data that identifies you as an individual. The data simply shows how well our advertising campaigns performed. For example, we can see which measures motivated you or other users to visit our website and purchase a service or product. Based on these analyses, we can improve our advertising in the future and tailor it even more precisely to the needs and desires of interested individuals.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. Generally, we only process personal data for as long as is absolutely necessary for providing our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. You can usually find detailed information about the specific cookies used by each provider in their respective privacy policies.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of the processing up to the point of withdrawal remains unaffected.

Since online marketing tools typically use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to [relevant legal provision], this consent constitutes [relevant legal provision]. Article 6 paragraph 1 letter a GDPR (consent) This represents the legal basis for the processing of personal data, as may occur when data is collected through online marketing tools.

We also have a legitimate interest in measuring online marketing activities in anonymized form in order to optimize our offerings and measures using the data obtained. The corresponding legal basis for this is... Article 6 paragraph 1 letter f GDPR (Legitimate Interests) . However, we only use the tools if you have given your consent.

Information on specific online marketing tools can be found – if available – in the following sections.

Payment Providers Introduction

Payment provider privacy policy summary 👥 Affected: Visitors to the website 🤝 Purpose: To enable and optimize the payment process on our website 📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data More details can be found in the respective payment provider tool. 📅 Storage duration: depends on the payment provider used ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that ensure a secure and seamless payment process for both you and us. This may involve sending, storing, and processing personal data with the respective payment provider. These payment providers are online payment systems that allow you to place an order via online banking. The payment processing is handled by your chosen payment provider, and we subsequently receive confirmation of the payment. This method is available to any user with an active online banking account and PIN/TAN authentication. Very few banks still offer or accept such payment methods.

Why do we use payment providers on our website?

Naturally, we want to offer the best possible service with our website and integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is valuable and that payment processing, in particular, needs to be quick and seamless. For this reason, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

The exact data processed depends, of course, on the specific payment provider. However, data such as name, address, and bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary to process a transaction. Additionally, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is generally stored and processed on the payment providers' servers. We, as website operators, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. All payment transactions are always subject to the terms and conditions and privacy policies of the respective provider. Therefore, please always review the payment provider's terms and conditions and privacy policy. You also have the right to have your data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right of access, and data subject rights).

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents pertaining to a contract (invoices, contracts, bank statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are generated.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible parties at the payment provider you are using. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, disable, or manage cookies used by payment providers in your browser. The process varies depending on your browser. Please note, however, that this may prevent the payment process from working.

Legal basis

We therefore offer services for handling contractual and legal relationships. (Art. 6 para. 1 lit. b GDPR) In addition to traditional banks/credit institutions, other payment service providers are also offered. The privacy policies of the individual payment providers (such as...) Amazon Payments Apple Pay or Discover provides you with a detailed overview of data processing and storage. Furthermore, you can always contact the responsible parties with any questions regarding data protection issues.

Information on specific payment providers can be found – if available – in the following sections.

PayPal Privacy Statement

PayPal Privacy Statement Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data may be processed. You can find more details further down in this privacy policy. 📅 Data retention period: Data is generally stored until the cooperation with PayPal is terminated. ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. a GDPR (consent)

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For the European region, PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

PayPal allows all users to send and receive money electronically. Founded in 1998, the company now has over 325 million active customers and is one of the world's largest and best-known online payment providers.

Why do we use PayPal for our website?

There are several reasons why we use and offer PayPal on our website. Since PayPal is one of the best-known online payment providers, many of our website visitors use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data as effectively as possible. We also appreciate PayPal's ease of use and the ability to make international payments in different currencies. Transactions are generally processed very quickly, which is another advantage for both us and you as a customer.

What data does PayPal process?

PayPal's privacy policy distinguishes between various categories of personal data that may be processed through the use of its service. These include registration and contact information, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. Derived data refers to information that can be inferred from transactions or other data. This can include purchasing habits, behavioral patterns, creditworthiness, or personal preferences.

Then there is also personal data collected by third parties (such as identity verification companies, fraud detection providers, or your bank). This data includes information from credit bureaus, transaction data, information relating to legal regulations, technical usage data, location data, and also derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons and widgets to recognize you as a user, to personalize content and to conduct analyses for interest-based advertising.

How long and where will the data be stored?

Generally, PayPal stores data for as long as necessary to fulfill its obligations and within the scope of the purpose for which it was collected. Personal data necessary for the customer relationship is retained for up to 10 years after the termination of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is governed by the applicable law (e.g., insolvency law). PayPal also stores personal data for as long as necessary if retention is advisable in the context of legal disputes.

Because PayPal is a globally operating company, it also has data centers worldwide where your data can be stored. This means your data may be stored on PayPal servers outside your country and even outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to access, rectify, erase, and restrict the processing of your personal data at any time. You can also withdraw your consent to data processing at any time.

If you wish to disable, delete or manage cookies in general, you will find the corresponding links to the respective instructions for the most well-known browsers under the section "Cookies".

Legal basis

We have a legitimate interest in integrating PayPal as an external payment service to make our offering more attractive and to improve it technically and economically. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. This may require you to provide further data protection and contractual declarations (e.g., your consent).

PayPal also processes your data in the USA, among other locations. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.

PayPal uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or for transferring data to such countries. Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses oblige PayPal to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of PayPal, please see the privacy policy at [link to privacy policy]. https://www.paypal.com/webapps/mpp/ua/privacy-full .

Video Conferencing & Streaming Introduction

Video Conferencing & Streaming Privacy Policy Summary 👥 Affected: Users who use our video conferencing or streaming tool 🤝 Purpose: Communication and presentation of content 📓 Data processed: Access statistics containing data such as name, address, contact details, email address, telephone number, or your IP address. More details can be found in the documentation for the respective video conferencing or streaming tool used. 📅 Storage duration: depends on the video conferencing or streaming tool used. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 lit. b GDPR (contract)

What are video conferences and streaming?

We use software programs that allow us to hold video conferences, online meetings, webinars, screen sharing, and/or streaming sessions. During a video conference or stream, information is transmitted simultaneously via audio and video. With the help of such video conferencing or streaming tools, we can communicate quickly and easily with customers, business partners, clients, and employees over the internet. Naturally, we ensure compliance with all applicable legal regulations when selecting our service provider.

In principle, third-party providers can process data as soon as you interact with the software program. Third-party video conferencing and streaming solution providers use your data and metadata for various purposes. For example, the data helps to make the tool more secure and improve the service. In most cases, the data may also be used for the third-party provider's own marketing purposes.

Why do we use video conferencing and streaming on our website?

We want to communicate with you, our customers and business partners, quickly, easily, and securely, including digitally. This works best with user-friendly video conferencing solutions. Most tools work directly through your browser, and you'll be in the middle of a video meeting in just a few clicks. These tools also offer helpful additional features such as chat and screen sharing, or the ability to share content between meeting participants.

What data is processed?

When you participate in our video conference or streaming event, your data will also be processed and stored on the servers of the respective service provider.

Exactly what data is stored depends on the solution used. Each provider stores and processes different and varying amounts of data. However, most providers typically store your name, address, contact details such as your email address or phone number, and your IP address. Information about your device, usage data such as which websites you visit, when you visit a website, or which buttons you click may also be stored. Data shared within the video conference (photos, videos, text) may also be stored.

Duration of data processing

We will inform you about the duration of data processing below in connection with the service used, provided we have further information on this. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. The provider may store your data according to their own policies, over which we have no control.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party for the video conferencing or streaming tool used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective provider.

You can delete, disable, or manage cookies used by providers for their functions in your browser. The process varies depending on the browser you use. Please note, however, that some functions may no longer work as expected.

Legal basis

If you have consented to your data being processed and stored by the video or streaming solution, this consent serves as the legal basis for data processing. (Art. 6 para. 1 lit. a GDPR) . Furthermore, we can also offer video conferencing as part of our services if this has been contractually agreed with you in advance. (Art. 6 para. 1 lit. b GDPR) . In principle, your data is also processed on the basis of our legitimate interest. (Art. 6 para. 1 lit. f GDPR) Your data is stored and processed to enable fast and effective communication with you or other customers and business partners, but only to the extent that you have given your consent. Most video and streaming solutions also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific video conferencing and streaming solutions can be found – if available – in the following sections.

Review Platforms Introduction

Review Platforms Summary 👥 Affected: Visitors to the website or a review platform 🤝 Purpose: Feedback on our products and/or services 📓 Data processed: Including IP address, email address, name. More details can be found below or on the respective rating platforms used. 📅 Storage duration: depends on the respective platform ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests),

What are rating platforms?

You can rate our products or services on various review platforms. We participate in some of these platforms so that we can receive your feedback and thus improve our offerings. When you rate us via a review platform, the privacy policy and terms and conditions of the respective review service apply. Very often, you will also need to register to submit a review. Review technologies (widgets) may also be integrated into our website. By using such an integrated tool, data is also transferred to, processed by, and stored by the respective provider.

Many of these integrated programs work on a similar principle. After you have ordered a product or used a service from us, you will be asked to submit a review, either via email or on the website. You will usually be redirected to a review page via a link, where you can easily and quickly create a review. Some review systems also offer an interface to various social media channels to make the feedback accessible to more people.

Why do we use rating platforms?

Review platforms collect feedback and ratings about our offerings. Your reviews provide us with quick and valuable feedback, allowing us to improve our products and/or services much more efficiently. Consequently, these ratings help us optimize our offerings and also give you and all our future customers a good overview of the quality of our products and services.

What data is processed?

With your consent, we transmit information about you and the services you have used to the relevant review platform. We do this to ensure that you have actually used one of our services, as this is the only way you can provide genuine feedback. The transmitted data is used solely for user identification. The specific data stored and processed depends, of course, on the providers used. In most cases, review platforms also receive personal data such as your IP address, email address, or name. Even after you submit your review, order information, such as the order number of a purchased item, is forwarded to the platform. If your email address is transmitted, this is so that the review platform can send you an email after your purchase. To enable us to integrate your review into our website, we also inform the providers that you have visited our site. The review platform used is responsible for the collected personal data.

How long and where will the data be stored?

You can find more detailed information about the duration of data processing in the provider's privacy policy below, provided we have further information on this. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Personal data mentioned in a review is usually anonymized by employees of the platform used and is therefore only visible to the company's administrators. The collected data is stored on the providers' servers and, in most cases, deleted after the order is completed.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

If you have consented to the use of a review platform, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by a review portal.

We also have a legitimate interest in using a rating platform to optimize our online service. The corresponding legal basis for this is Article 6(1)(f) GDPR (legitimate interests). However, we only use a rating platform if you have given your consent.

We hope we have provided you with the most important general information regarding data processing by review platforms. Further details can be found below in the data protection texts or in the linked privacy policies of the companies.

Google Customer Reviews Privacy Policy

We also use the Google Customer Reviews platform for our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at [link to Google's privacy policy]. https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Google uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/

You can find out more about the data processed through the use of Google in the privacy policy at https://policies.google.com/privacy?hl=de .

Trusted Shops Privacy Policy

We also use the Trusted Shops review platform for our website. The service provider is the German company Trusted Shops GmbH, Subbelrather Straße 15c, 50823 Cologne, Germany.

You can find out more about the data processed through the use of Trusted Shops in the privacy policy at [link to privacy policy]. https://www.trustedshops.de/impressum-datenschutz/#datenschutz .

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this isn't always easy, especially when dealing with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we don't want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have adequately addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and, where necessary, add our own explanations.

Data processor

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Data processor” a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual who processes personal data on our behalf. Data processors can therefore include, besides service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Consent" any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Websites typically obtain such consent via a cookie consent tool. You're probably familiar with this. Whenever you visit a website for the first time, you're usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust your settings and thus decide for yourself which data processing you allow and which you don't. If you don't consent, no personal data may be processed. Of course, consent can also be given in writing, i.e., not via a tool.

Personal data

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“personal data” all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore any data that can identify you as an individual. This typically includes data such as:

• name
• address
• E-mail address
• Postal address
• Telephone number
• birth date
• Identification numbers such as social security number, tax identification number, identity card number or matriculation number
• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), yours also counts. IP address as personal data . IT experts can use your IP address to determine at least the approximate location of your device and, consequently, you as the internet connection owner. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" personal data, which is also particularly worthy of protection. This includes:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (that is, information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• Data on sexual orientation or sex life

Profiling

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Profiling” any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. In the online world, profiling is frequently used for advertising purposes or credit checks. Web analytics programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can then be used to target advertising to a specific audience.

Responsible

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Person in charge" the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller”. If we transfer collected data to other service providers for processing, these are “processors”. A “data processing agreement (DPA)” must be signed for this.

processing

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

Closing remarks

Congratulations! If you're reading this, you've really made it through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you about the processing of your personal data to the best of our knowledge and belief. We want to tell you not only which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach and explain the matter in simple and clear language. Of course, this isn't always possible due to the complexity of the subject matter. Therefore, the most important terms are explained in more detail at the end of this privacy policy.
If you have any questions regarding data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the Data Privacy Generator Austria from AdSimple