Skip to content

Privacy policy

Translations: EN 🇺🇸 | DE 🇩🇪 (verbindliche Fassung)

Preamble#

Through this Privacy Policy, we aim to inform you about the types of your personal data (hereinafter also referred to briefly as "data") we process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the provision of our services and notably on our websites, in mobile applications, and through external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offering").

The terms used are not gender-specific.

Date: October 11, 2023

Table of Contents#

Controller#

Philipp Kopp
Hohenzollernstraße 55
80801 Munich
Germany

Email: phil@philipp-kopp.com

Imprint

Overview of Processing#

The following overview summarizes the types of processed data and the purposes of their processing, referring to the affected individuals.

Types of processed data#

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of affected individuals#

  • Customers.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Pupils/Students/Participants.
  • Participants.

Purposes of processing#

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Office and organizational procedures.
  • Conversion measurement.
  • Affiliate tracking.
  • Handling and responding to inquiries.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases according to the GDPR: Below, you'll find an overview of the legal bases of the GDPR on which we process personal data. Please note that alongside the regulations of the GDPR, national data protection provisions may apply in your or our country of residence or establishment. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for a specific purpose or multiple defined purposes.
  • Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data override those interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Law for the Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may be applicable.

Reference to the applicability of GDPR and Swiss DPA: These data protection notices serve as information under both the Swiss Federal Data Protection Act (Swiss DPA) and the General Data Protection Regulation (GDPR). Therefore, please note that for broader spatial application and comprehensibility, the terms of the GDPR are used. Particularly, instead of the terms used in the Swiss DPA such as "processing" of "personal data," "prevailing interest," and "particularly sensitive personal data," the terms used in the GDPR, "processing" of "personal data," "legitimate interest," and "special categories of data" are used. However, within the scope of the Swiss DPA, the legal meaning of these terms continues to be determined according to the Swiss DPA.

Security Measures#

In accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we implement suitable technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation thereof. Additionally, we have established procedures that guarantee the exercise of data subject rights, data deletion, and responses to data risks. Moreover, we consider data protection from the outset in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and privacy-friendly default settings.

TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Transmission of Personal Data#

In the course of processing personal data, it happens that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and particularly enter into contracts or agreements with these recipients of your data to ensure the protection of your data.

International Data Transfers#

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or disclosing/transmitting data to other persons, entities, or companies, this is done only in compliance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only occur when the level of data protection is otherwise secured, especially through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 Para. 1 GDPR). Additionally, we inform you about the basis for third-country transfers from individual providers in the third country, with adequacy decisions primarily serving as the basis. Information on third-country transfers and available adequacy decisions can be found in the European Commission's information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the US under the adequacy decision of 10/07/2023 as safe. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you within the scope of the data protection notices which service providers we use are certified under the Data Privacy Framework.

Data Deletion#

The data processed by us will be deleted in accordance with legal requirements as soon as the consent for processing granted or other permissions expire (e.g., when the purpose of processing this data has ceased to exist or they are no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person. Additionally, our data protection notices may contain further information regarding the retention and deletion of data that primarily apply to specific processing activities.

Rights of Data Subjects#

Rights of data subjects under the GDPR: As data subjects, you have various rights under the GDPR, particularly arising from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent given at any time.
  • Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and other information as per legal requirements.
  • Right to rectification: In accordance with legal requirements, you have the right to request the completion of your personal data or the rectification of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request the immediate deletion of personal data concerning you or, alternatively, the restriction of processing according to legal requirements.
  • Right to data portability: You have the right, in accordance with legal requirements, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Use of Cookies#

Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from end devices. For example, they store the login status in a user account, shopping cart contents in an e-shop, accessed content, or functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as creating analyses of visitor traffic.

Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is particularly not necessary if the storage and retrieval of information, including cookies, are absolutely necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. Cookies that are absolutely necessary usually include cookies with functions related to displaying and running the online offering, load balancing, security, storing user preferences and choices, or similar purposes associated with providing the main and ancillary functions of the online offering requested by users. Revocable consent is clearly communicated to users and contains information about the respective cookie usage.

Notes on Data Protection Legal Basis: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies based on our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if it occurs within the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We inform users about the purposes for which we process cookies during this privacy policy or as part of our consent and processing procedures.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
  • Persistent Cookies: Persistent cookies remain stored even after the device is closed. For instance, login status can be saved, or preferred content can be displayed directly when the user revisits a website. Also, the data collected from users using cookies can be used for reach measurement. If we do not explicitly provide information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent and the storage duration can be up to two years.

General Information on Revocation and Objection (so-called "Opt-Out"): Users can revoke the consents they have given at any time and object to processing in accordance with legal requirements. Users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further Information on Processing Procedures, Methods, and Services:

  • Processing of Cookie Data Based on Consent: We use a cookie consent management procedure through which user consent for the use of cookies or processing mentioned within the scope of the cookie consent management procedure can be obtained, managed, and revoked by users. The consent declaration is stored to avoid repeating the request for consent and to be able to provide evidence of consent as required by law. Storage can be server-side and/or in a cookie (so-called opt-in cookie or similar technologies) to assign consent to a user or their device. Subject to individual information about providers of cookie management services, the following applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used; Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Business Services#

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners") within the scope of contractual and similar legal relationships, as well as associated measures and in the context of communication with contractual partners (or pre-contractually), for example, to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed-upon services, any updating obligations, and remedies for warranty and other service disruptions. Furthermore, we process the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations and corporate organization. Additionally, we process the data based on our legitimate interests in proper and commercial business management as well as security measures to protect our contractual partners and our business operations from misuse, jeopardizing their data, secrets, information, and rights (e.g., involving telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Under applicable law, we only disclose data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further types of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners, prior to or during data collection (e.g., in online forms), about which data is necessary for the aforementioned purposes, e.g., through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be archived for legal reasons. The statutory retention period for tax-relevant documents, commercial books, inventories, opening balance sheets, annual financial statements, the instructions necessary to understand these documents, and other organizational documents and booking records is ten years, and for received commercial and business letters and copies of sent commercial and business letters, six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking record was made, and also when the records or other documents were created.

If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply to the relationship between users and providers.

  • Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Customers; Interested parties; Business and contractual partners. Students/Participants.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact inquiries and communication; Office and organizational procedures; Management and response to inquiries.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, procedures, and services:

  • Shop and E-commerce: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment, delivery, or execution. If necessary for order fulfillment, we use service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution to our customers. For handling payment transactions, we use the services of banks and payment service providers. The necessary details are indicated as such during the order or similar purchasing process and include the information required for delivery, provision, billing, as well as contact information to enable any queries; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Agency Services: We process our customers' data within the scope of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Educational and Training Services: We process the data of participants in our educational and training programs (collectively referred to as "trainees") to provide them with our training services. The processed data, the nature, scope, purpose, and necessity of their processing, are determined by the underlying contractual and training relationship. Processing activities also include performance assessment and evaluation of our services as well as those of the instructors. As part of our activities, we may also process special categories of data, particularly information on the trainees' health, as well as data revealing ethnic origin, political opinions, religious or philosophical beliefs. If necessary, we obtain explicit consent from the trainees and otherwise process special categories of data only when necessary for providing training services, health care, social protection, or protecting the vital interests of the trainees; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Craftsmanship Services: We process our customers' and clients' (collectively referred to as "clients") data to enable them to select, purchase, or commission the chosen services or works and related activities, as well as their payment, delivery, or execution. The necessary details are indicated as such in the context of the order, purchase, or comparable conclusion of a contract and include the information required for delivery and billing, as well as contact information to enable any queries; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Artistic and Literary Services: We process the data of our clients to enable them to select, purchase, or commission the chosen services or works and related activities, as well as their payment, delivery, or execution. The necessary details are indicated as such in the context of the order, purchase, or comparable conclusion of a contract and include the information required for delivery and billing, as well as contact information to enable any queries; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") to enable them to select, purchase, or commission the chosen services or works and related activities, as well as their payment and provision, execution, or provision. The necessary information is indicated as such in the context of the order, purchase, or similar conclusion of a contract and includes the information required for the provision of services and billing, as well as contact information to enable any queries. If we have access to information of end customers, employees, or other individuals, we process this in accordance with legal and contractual requirements; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Offer of Software and Platform Services: We process the data of our users, registered, and any test users (hereinafter uniformly referred to as "users") to be able to provide them with our contractual services and based on legitimate interests, to ensure the security of our offering and to further develop it. The necessary details are indicated as such in the context of the order, purchase, or similar conclusion of a contract and include the information required for the provision of services and billing, as well as contact information to enable any queries; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Technical Services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") to enable them to select, purchase, or commission the chosen services or works and related activities, as well as their payment and provision, execution, or provision. The necessary information is indicated as such in the context of the order, purchase, or similar conclusion of a contract and includes the information required for the provision of services and billing, as well as contact information to enable any queries. If we have access to information of end customers, employees, or other individuals, we process this in accordance with legal and contractual requirements; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Events and Gatherings: We process the data of participants in the events, gatherings, and similar activities offered or hosted by us (hereinafter uniformly referred to as "participants" and "events") to enable them to participate in the events and benefit from the services or actions associated with participation. If we process health-related data, religious, political, or other special categories of data in this context, it is done in accordance with obviousness (e.g., in thematically oriented events or for health care, safety, or with the consent of the data subjects). The necessary information is indicated as such in the context of the order, purchase, or similar conclusion of a contract and includes the information required for the provision of services and billing, as well as contact information to enable any queries. If we have access to information of end customers, employees, or other individuals, we process this in accordance with legal and contractual requirements; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Use of Online Platforms for Sales and Distribution Purposes#

We offer our services on online platforms operated by other service providers. In this context, the data protection guidelines of the respective platforms apply in addition to our data protection information. This particularly applies to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.

  • Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Customers; Users (e.g., website visitors, users of online services). Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Marketing. Provision of our online offering and user-friendliness.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional information on processing procedures, procedures, and services:

Providers and Services Used in the Course of Business Activities#

In the course of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers (shortly referred to as "services") while adhering to legal requirements. Their use is based on our interests in conducting our business activities properly, lawfully, and in compliance with data protection regulations. The provided services may collect and use information to improve and adapt their own services. This may involve the processing of personal data.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers; Users (e.g., website visitors, users of online services); Communication partners; Students/Participants; Business and contractual partners.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Payment Methods#

In the context of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer affected individuals efficient and secure payment options and use additional service providers alongside banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data such as names and addresses, bank data such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related information, amounts, and recipient-related information. The information is necessary to execute the transactions. However, the inputted data is processed and stored only by the payment service providers. That means we do not receive any account or credit card-related information, but solely information confirming or denying the payment. Under certain circumstances, data may be transmitted by the payment service providers to credit agencies. This transmission serves the purpose of identity and credit checks. We refer to the terms and conditions and the data protection notices of the payment service providers.

For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which are available within the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information, and other data subject rights.

  • Processed Data Types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Customers. Prospective customers.
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations.
  • Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Provision of Online Services and Web Hosting#

We process user data to provide them with our online services. For this purpose, we process the user's IP address, necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., inputs in online forms).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Provision of Online Offering on Rented Storage Space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files can include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, message about successful access, browser type, and version, user's operating system, referrer URL (the previously visited page), and in general, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and also to ensure the load and stability of the servers; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidence purposes will be excluded from deletion until the final clarification of the respective incident.
  • Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information regarding email transmission (e.g., the involved providers), and the content of the respective emails are processed. The aforementioned data may also be processed to detect SPAM. Please note that emails are generally not encrypted when sent over the internet. Typically, emails are encrypted in transit, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission route of emails between the sender and our server; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service that helps deliver content of an online offering, especially large media files such as graphics or program scripts, faster and more securely through regionally distributed servers connected via the internet; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz. Data Processing Agreement: Provided by the service provider.
  • Instart: Content Delivery Network (CDN) - a service that helps deliver content of an online offering, especially large media files such as graphics or program scripts, faster and more securely through regionally distributed servers connected via the internet; Service Provider: Instart Logic, Inc., 450 Lambert Avenue, Palo Alto, CA 94306, USA; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instart.com. Privacy Policy: https://www.instart.com/company/legal/privacy-policy.
  • GitHub: GitHub is an online service for version control for software development projects. This website, including all content like posts, is hosted via GitHub Pages, and GitHub comments are used for the comment function under the posts. Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://github.com/; Privacy Policy: https://docs.github.com/de/site-policy/privacy-policies/github-privacy-statement. Basis for Third-Country Transfers: EU-US Data Privacy Framework (DPF).

Community Functions#

The community functions we provide allow users to engage in conversations or exchanges with each other. Please note that the use of community functions is permitted only in compliance with applicable laws, our terms and policies, as well as the rights of other users and third parties.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Security measures.
  • Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • User contributions are public: Contributions and content created by users are publicly visible and accessible; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Storage of data for security purposes: User contributions and other inputs are processed for the purposes of community and conversation functions and, subject to legal obligations or permissions, are not disclosed to third parties. Disclosure obligations may arise, especially in the case of unlawful contributions for the purpose of legal action. We note that in addition to the content of contributions, their timing and the IP address of the users are stored. This is done to take appropriate measures to protect other users and the community; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Right to deletion of content and information: Deletion of user contributions, content, or information is permissible to the extent required after careful consideration if there are specific indications that they violate legal rules, our guidelines, or the rights of third parties; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Limited deletion of conversation contributions: Out of consideration for other users, conversation contributions of users are stored even after termination and deletion of accounts to ensure that conversations, comments, advice, or similar communications between and among users do not lose or reverse their meaning. User names are deleted or pseudonymized if they did not already represent pseudonyms. Users can request the complete deletion of conversation contributions at any time; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Protection of own data: Users decide on the data they disclose about themselves within our online offering. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to publish personal data only carefully and to the necessary extent. In particular, we ask users to protect access data very carefully and to use secure passwords (i.e., especially long and random character combinations); Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • GitHub: GitHub is an online service for version control for software development projects. This website, including all content like posts, is hosted via GitHub Pages, and GitHub comments are used for the comment function under the posts. Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://github.com/; Privacy Policy: https://docs.github.com/de/site-policy/privacy-policies/github-privacy-statement. Basis for Third-Country Transfers: EU-US Data Privacy Framework (DPF).

Blogs and Publication Media#

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Reader data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within this data protection information.

  • Processed Data Types: Inventory data (e.g., names, addresses); Contact details (e.g., email, phone numbers); Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form); Provision of our online offering and user-friendliness; Security measures. Management and response to inquiries.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

More Information about Processing Procedures, Processes, and Services:

  • Comments and Posts: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (such as insults, prohibited political propaganda, etc.). In such cases, we could be held accountable for the comment or post and are therefore interested in the identity of the author.

    Furthermore, we reserve the right, based on our legitimate interests, to process user information for spam detection.

    On the same legal basis, in the case of surveys, we reserve the right to store users' IP addresses for the duration of the survey and to use cookies to avoid multiple votes.

    The information provided within comments and posts about the individual, including contact and website information, as well as the content-related information, will be stored permanently by us until the users object;
    Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

  • Retrieval of WordPress Emojis and Smilies: Retrieval of WordPress emojis and smilies - Within our WordPress blog, graphical emojis (or smilies), i.e., small graphic files expressing emotions, are used for efficient content integration, sourced from external servers. The providers of these servers collect users' IP addresses. This is necessary for the emoji files to be transmitted to users' browsers; Service Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF).

  • Akismet Anti-Spam Check: Akismet Anti-Spam Check - Based on our legitimate interests, we use the "Akismet" service. Akismet distinguishes between comments from real people and spam comments. To do this, all comment details are sent to a server in the USA, where they are analyzed and stored for comparison purposes for four days. If a comment is classified as spam, the data will be stored beyond this time. This includes the entered name, email address, IP address, comment content, referrer, information about the browser used, and the computer system, as well as the time of entry.

    Users are welcome to use pseudonyms or refrain from entering their name or email address. They can completely prevent the transmission of data by not using our comment system. That would be a pity, but unfortunately, we see no equally effective alternatives;
    Service Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF).

  • Giscus Comment Function: Based on our legitimate interests in efficient, secure, and user-friendly comment management, we use the Giscus comment service.

    To use the Giscus comment function, users can log in via their own GitHub user account. The users' login data is managed by GitHub.

    We merely embed Giscus with its functions into our website, although we can influence user comments. However, users enter into a direct contractual relationship with GitHub, within which GitHub processes users' comments and acts as a contact for potential deletion of user data. We refer users to GitHub's privacy policy and also inform them that GitHub, besides the comment content, may store their IP address and the time of the comment. Additionally, cookies may be stored on users' computers and used to display advertisements;

    Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://github.com/; Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF).

  • Gravatar Profile Pictures: Profile pictures - Within our online offering, especially in the blog, we use the Gravatar service.

    Gravatar is a service where users can register and store profile pictures and their email addresses. When users leave posts or comments on other online presences (especially in blogs) with their respective email address, their profile pictures can be displayed alongside the posts or comments. For this purpose, the email address provided by the users is encrypted and transmitted to Gravatar to check if a profile is stored for it. This is the sole purpose of transmitting the email address. It is not used for other purposes and is deleted thereafter.

    The use of Gravatar is based on our legitimate interests, as it allows the authors of posts and comments to personalize their contributions with a profile picture.

    By displaying the images, Gravatar learns the users' IP addresses, as this is necessary for communication between a browser and an online service.

    If users do not want a user image linked to their email address with Gravatar to appear in comments, they should use an email address not stored with Gravatar when commenting. Furthermore, it is also possible to use an anonymous or no email address if users do not wish their email address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system;
    Service Provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF).

  • Medium: Hosting platform for blogs/websites; Service Provider: A Medium Corporation, P.O. Box 602, San Francisco, CA 94104–0602, USA; Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://medium.com/. Privacy Policy: https://medium.com/policy/medium-privacy-policy-f03bf92035c9.

Contact and Inquiry Management#

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within existing user and business relationships, the information of the inquiring parties is processed to the extent necessary to respond to the contact inquiries and any requested measures.

  • Processed Data Types: Contact details (e.g., email, telephone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Contact inquiries and communication; management and response to inquiries; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR). Contractual performance and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data disclosed to us in this context to process the stated request; Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Audio Content#

We use hosting and analysis services from service providers to offer our audio content for listening or download and to obtain statistical information on accessing the audio content.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); conversion measurement (measurement of the effectiveness of marketing measures); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

Newsletter and Electronic Notifications#

We only send newsletters, emails, and other electronic notifications (hereinafter "newsletter") with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described within the scope of a newsletter registration, it is decisive for the users' consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you for a name, for personal address in the newsletter, or further details if necessary for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter generally takes place in a so-called double opt-in procedure. That is, after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent others from registering with your email addresses. Newsletter registrations are logged to demonstrate the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation times as well as the IP address. Likewise, changes to your data stored by the sending service provider are logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to demonstrate a previously given consent. The processing of this data is limited to the purpose of potential defense against claims. Individual deletion requests are possible at any time, provided that the former existence of consent is confirmed simultaneously. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of demonstrating its proper course. If we commission a service provider to send emails, this is done based on our legitimate interests in an efficient and secure mailing system.

Content:

Information about us, our services, promotions, and offers.

  • Processed Data Types: Inventory data (e.g., names, addresses); contact details (e.g., email, phone numbers); meta, communication, and procedure data (e.g., IP addresses, timestamps, identification numbers, consent status); usage data (e.g., visited websites, interest in content, access times).
  • Affected Persons: Communication partners; users (e.g., website visitors, users of online services).
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail). Provision of contractual services and fulfillment of contractual obligations.
  • Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).
  • Opt-Out Option: You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or can use one of the contact options provided above, preferably via email.

Further Notes on Processing Procedures, Processes, and Services:

  • Measurement of Open and Click Rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a mailing service provider, from their server. During this retrieval, technical information such as browser information and your system, as well as your IP address and the time of retrieval, are collected.

    This information is used for the technical improvement of our newsletter based on technical data or on the readers' behavior, such as their reading habits and their locations (determinable via IP addresses) or access times. This analysis also includes determining if and when the newsletters are opened and which links are clicked. These details are assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations help us understand user reading habits and customize our content for them or send different content according to our users' interests.

    The measurement of open rates, click rates, and the storage of measurement results in user profiles are used to evaluate and improve the effectiveness of our newsletters and marketing material. It allows us to create more targeted and relevant newsletters to provide better service to our subscribers.

    Your consent to the use of web beacons and the measurement of open and click rates is obtained by subscribing to the newsletter and is voluntary. If you do not wish this, you can unsubscribe from the newsletter or opt-out of web beacon usage by disabling the display of images in your email program.

    Legal Basis: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR).

  • Condition for the Use of Free Services: Consent to receive mailings may be a condition for using free services (e.g., access to specific content or participation in specific promotions). If users want to use the free service without subscribing to the newsletter, we ask them to contact us.

  • Mailchimp: Email delivery and automation services; Service Provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://mailchimp.com; Privacy Policy: https://mailchimp.com/legal/; Data Processing Agreement: https://mailchimp.com/legal/; Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Provided by the service provider). Further Information: Special security measures: https://mailchimp.com/help/Mailchimp-european-data-transfers/.

Commercial Communication via Email, Post, Fax, or Telephone#

We process personal data for the purpose of commercial communication through various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to commercial communication at any time.

Upon revocation or objection, we store the data required to prove the previous consent for contact or to send information for up to three years after the end of the year of revocation or objection, based on our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest of permanently observing the revocation or objection of users, we also store the data necessary to prevent future contact (e.g., email address, phone number, name depending on the communication channel).

  • Processed Data Types: Inventory data (e.g., names, addresses); contact details (e.g., email, phone numbers).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Surveys and Questionnaires#

We conduct surveys and questionnaires to collect information for the communicated survey or questionnaire purpose. The surveys conducted by us are anonymously evaluated. Processing of personal data only occurs to the extent necessary for the provision and technical execution of the surveys (e.g., processing of IP addresses to display the survey in the user's browser or enabling the resumption of a survey using a cookie).

  • Processed Data Types: Contact details (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedure data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Communication partners. Participants.
  • Purposes of Processing: Feedback (e.g., collecting feedback via online form).
  • Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

Web Analysis, Monitoring, and Optimization#

Web analysis (also known as "reach measurement") serves to evaluate the visitor traffic of our online offer and may include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can recognize, for example, the most frequently used time for our online offer or its functions or contents, or invite for reutilization. We can also identify areas that require optimization.

In addition to web analysis, we may use test procedures to test and optimize different versions of our online offer or its components.

Unless otherwise specified below, profiles may be created for these purposes, i.e., data aggregated to a usage process, and information may be stored in a browser or on a device and read from it. Information collected includes, in particular, visited websites and used elements, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have agreed to the collection of their location data with us or with the providers of the services we use, location data may also be processed.

However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, during web analysis, A/B testing, and optimization, no clear user data (such as email addresses or names) is stored, but pseudonyms. That is, we and the providers of the software used do not know the actual identity of the users but only the information stored in their profiles for the purposes of the respective procedures.

Settings / Opt-Out Option:

Tracking scripts are only loaded and activated after third-party cookies are approved by "Approve."

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedure data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
  • Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Google Optimize: Software for analyzing and optimizing online offers based on feedback functions and pseudonymously conducted measurements and analyses of user behavior, including A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement of click paths, and interaction with content and functions of the online offer; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR); Website: https://optimize.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms). Further Information: https://business.safety.google/adsservices/ (Types of processing and processed data).
  • Google Analytics 4: We use Google Analytics to measure and analyze the usage of our online services based on a pseudonymous user ID. This identification number does not contain unique data such as names or email addresses. It is used to associate analytical information with a device to recognize which content users accessed within one or several usage processes, which search terms they used, revisited, or interacted with within our online services. Additionally, the time of usage and its duration, as well as user sources referring to our online services and technical aspects of their devices and browsers, are stored. Pseudonymous profiles of users with information from the usage of different devices are created, and cookies might be used. Google Analytics does not log or store individual IP addresses for EU users. However, it provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is solely used for this derivation of geolocation data before being immediately deleted. They are not logged, accessible, or used for further purposes. When Google Analytics collects measurement data, all IP queries for EU-based traffic are conducted on EU-based servers before the traffic is forwarded for processing to Analytics servers; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out Possibility: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertising: https://adssettings.google.com/authenticated. Further Information: https://business.safety.google/adsservices/ (Types of processing and processed data).
  • Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags through an interface and thus integrate other services into our online services (for more details, please refer to the additional information in this privacy policy). With the Tag Manager itself (which implements the tags), no user profiles are created or cookies stored. Google only learns the IP address of the user, which is necessary to execute the Google Tag Manager; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

We include so-called affiliate links or other references (which may include search masks, widgets, or discount codes) to the offers and services of third-party providers in our online services (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently use the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

To track whether users have taken advantage of the offers associated with an affiliate link used within our online services, it is necessary for the respective third-party providers to know that the users have followed an affiliate link used within our online services. The assignment of affiliate links to the respective transactions or other actions (e.g., purchases) serves solely for commission settlement purposes and is canceled once it is no longer necessary for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links can be supplemented with certain values that are part of the link or stored elsewhere, e.g., in a cookie. These values may include the referring website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on Legal Bases: If we ask users for their consent for the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Processed Data Types: Contract data (e.g., contract object, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedure data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Affiliate tracking.
  • Legal Bases: Consent (Art. 6 para. 1 S. 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

  • Amazon Partner Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates); Service Provider: Amazon EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg; Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR); Website: https://www.amazon.de; Privacy Policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010. Basis of Third-Country Transfer: EU-US Data Privacy Framework (DPF).

Presence on Social Networks (Social Media)#

We maintain online presences within social networks and process user data within this framework to communicate with active users there or to provide information about us.

Please note that data of users may be processed outside the European Union in this context. This may result in risks for the users, for example, because enforcing the rights of users might be more difficult.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on usage behavior and resulting user interests. These user profiles can then be used, for example, to display advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the users' usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in there).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer you to the data protection declarations and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Processed Data Types: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedure data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact requests and communication; Feedback (e.g., collecting feedback via online form). Marketing.
  • Legal Bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

Plugins and Embedded Functions and Contents#

We integrate functional and content elements into our online offering, sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These could include, for instance, graphics, videos, or maps (hereinafter uniformly referred to as "contents").

The integration always presupposes that the third-party providers of these contents process users' IP addresses, as they couldn't send the content to their browsers without the IP address. The IP address is thus necessary for displaying these contents or functions. We strive to only use contents from providers who solely utilize the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" allow the evaluation of information such as visitor traffic on this website. The pseudonymous information may also be stored in cookies on users' devices, containing technical information about the browser and operating system, referring websites, visit times, as well as additional details regarding the use of our online offering, potentially being linked with information from other sources.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms); Location data (information regarding the geographic position of a device or person).
  • Affected Individuals: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of our online offering and user-friendliness; Profiles with user-related information (creating user profiles); Marketing.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

  • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from servers of other providers (e.g., functional libraries that we use to present or enhance the user-friendliness of our online offering). In this process, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, ensuring security, as well as for evaluating and optimizing their offerings. - We integrate software into our online offering that we retrieve from servers of other providers (e.g., functional libraries that we use to present or enhance the user-friendliness of our online offering). In this process, the respective providers collect users' IP addresses and may process them for the purpose of transmitting the software to users' browsers, ensuring security, as well as for evaluating and optimizing their offerings; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Google Fonts (Access from Google Server): Access to fonts (and symbols) for the purpose of a technically secure, maintenance-free, and efficient use of fonts and symbols regarding their timeliness and loading times, ensuring their uniform presentation and consideration of possible licensing restrictions. The provider of the font receives the user's IP address so that the fonts can be made available in the user's browser. Furthermore, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, necessary for providing the fonts depending on the devices used and the technical environment. These data can be processed on a server of the font provider in the USA - When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for accessing the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website where the Google font is intended to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a specific font family is requested. In the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for maintaining production and generating an aggregated report on the top integrations based on the number of font requests. According to Google's own statements, they do not use any of the information collected by Google Fonts to create user profiles or display targeted ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=en.
  • Font Awesome (Provision on Own Server): Display of fonts and symbols; Service Provider: The Font Awesome Icons are hosted on our server, no data is transmitted to the Font Awesome provider; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Google Maps: We integrate maps from the "Google Maps" service provided by Google. Processed data may particularly include users' IP addresses and location data; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF).
  • LinkedIn Plugins and Contents: LinkedIn Plugins and Contents - These may include content such as images, videos, or texts and buttons allowing users to share content of this online offering within LinkedIn; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Basis for Third-Country Transfer: Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • OpenStreetMap: We integrate maps from the "OpenStreetMap" service offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap exclusively uses users' data for the purpose of displaying map functions and caching selected settings. This data may particularly include users' IP addresses and location data, but only with their consent (usually managed within the settings of their end devices or browsers); Service Provider: OpenStreetMap Foundation (OSMF); Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.openstreetmap.org. Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
  • X Plugins and Contents: Plugins and buttons of the "X" platform - These may include content such as images, videos, or texts and buttons allowing users to share content of this online offering within X; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://twitter.com/en; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization); Data Processing Agreement: https://privacy.twitter.com/en/for-our-partners/global-dpa. Basis for Third-Country Transfer: Standard Contractual Clauses (https://privacy.twitter.com/en/for-our-partners/global-dpa).
  • YouTube Videos: Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF). Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for Displaying Ads: https://adssettings.google.com/authenticated.
  • Vimeo Video Player: Integration of a video player; Service Provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa. Basis for Third-Country Transfer: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).

Management, Organization, and Tools#

We utilize services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purpose of organization, management, planning, and providing our services. When selecting third-party providers and their services, we adhere to legal requirements.

Within this framework, personal data may be processed and stored on the servers of third-party providers. This may include various data that we process in accordance with this privacy policy. These data may particularly include master data, user contact details, data on transactions, contracts, other processes, and their contents.

If users, in the course of communication, business, or other relationships with us, are referred to third-party providers or their software or platforms, these third-party providers may process usage data and metadata for security purposes, service optimization, or marketing. Therefore, we kindly ask you to observe the data protection guidelines of the respective third-party providers.

  • Processed Data Types: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Contact details (e.g., email, phone numbers).
  • Affected Individuals: Communication partners; Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional Information on Processing Procedures, Methods, and Services:

Change and Update of Privacy Policy#

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation action (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and we kindly ask you to verify the details before contacting them.

Definition of Terms#

In this section, you'll find an overview of the terms used in this privacy policy. To the extent that the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

  • Affiliate Tracking: In the context of affiliate tracking, links are logged that redirect users from linking websites to websites with product or other offers. The operators of the linking websites may receive a commission if users follow these so-called affiliate links and subsequently avail themselves of the offers (e.g., purchase goods or use services). For this purpose, it is necessary for the providers to track whether users interested in specific offers subsequently take advantage of them due to the influence of affiliate links. Therefore, for the functionality of affiliate links, it is necessary to supplement them with specific values that become part of the link or are stored elsewhere, e.g., in a cookie. These values include, in particular, the originating website (referrer), the time, an online identifier of the operators of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertisement ID, partner ID, and categorizations.
  • Conversion Measurement: Conversion measurement (also known as "visit action evaluation") is a method used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on users' devices within the websites where the marketing measures take place and is then retrieved again on the target website. For instance, we can track whether the ads we placed on other websites were successful.
  • Personal Data: "Personal data" refers to all information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Profiles with User-Related Information: The processing of "profiles with user-related information," or simply "profiles," includes any kind of automated processing of personal data involving the use of such data to analyze, evaluate, or predict specific personal aspects related to a natural person (depending on the type of profiling, this may include various information about demographics, behavior, and interests, such as interactions with websites and their content, etc.). For profiling purposes, cookies and web beacons are often used.
  • Reach Measurement: Reach measurement (also referred to as web analytics) serves to evaluate visitor traffic to an online offering and may encompass the behavior or interests of visitors in certain information, such as content on web pages. Through reach analysis, operators of online offerings, for example, can recognize when users visit their websites, and which content they are interested in. This enables them to better tailor website content to the needs of their visitors. For reach analysis purposes, pseudonymous cookies and web beacons are often used to recognize returning visitors and obtain more precise analyses of the use of an online offering.
  • Location Data: Location data is generated when a mobile device (or another device with the technical requirements for determining a location) connects to a cell tower, Wi-Fi, or similar technical means and functions for determining a location. Location data indicates the geographically determinable position on Earth where the respective device is located. Location data may be used, for example, to display map functions or other information dependent on a location.
  • Controller: The "controller" is the natural or legal person, authority, institution, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
  • Processing: "Processing" refers to any operation or set of operations performed on personal data, with or without the use of automated means. The term is broad and includes practically any handling of data, whether it is collecting, evaluating, storing, transmitting, or deleting.

Generated with the free Datenschutz-Generator.de by Dr. Thomas Schwenke


This post is licensed under CC BY-SA 4.0 by the author. | Share:

Propose edit | Keep up-to-date via RSS | Support via PayPal

Comments