Imprint

NameDr Nina Rödig (née Albers)
Specialist veterinarian for horses – Germany
AddressDeichweg 27
40668 Meerbusch
Email
Websitehttps://www.pferdepraxis-roedig.de
Telephone+49-151-23063527
Fax+49-211-41740511
Veterinary ChamberVeterinary Chamber of North Rhine
St. Töniser Straße 15
47906 Kempen
http://www.tieraerztekammer-nordrhein.de/
VAT IDDE263104164
Third-party liability insuranceAXA Insurance AG
German Doctors' Insurance General
Stock Exchange Place 1
50667 Cologne
Professional rulesThe professional legal regulations can be found under the heading „Professional Law“ at http://www.tieraerztekammer-nordrhein.de/ to be inspected
Clearing officeIt is important to us to treat and care for your pet in an optimal and comprehensive manner. To ensure we have as much time as possible for this amidst the ever-increasing administrative burden, we work with BFS health finance GmbH and the Tierärztliche Verrechnungsstelle Niedersachsen r.V. (TVN) in the area of billing.
As part of the collaboration with BFS and TVN, address data (name, date of birth, and address) may be transmitted to infoscore Consumer Data GmbH for the purpose of credit scoring.
We thank you for your understanding.
BillingWe bill our services according to the professional fees for veterinarians (GOT). Further information can be found from the Federal Chamber of Veterinarians. here.
Data Protection OfficerOur Data Protection Officer can be reached using the following contact details:

Privacy Policy

Table of Contents

Introduction and overview

We have drafted this privacy policy (version 07.08.2023-312557314) to comply with the requirements of General Data Protection Regulation (EU) 2016/679 and applicable national laws, explaining what personal data (data for short) we, as controllers – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what legal options you have. The terms used are to be understood in a gender-neutral way.
In short: We will provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical Terms explained in a reader-friendly way, links to further information are provided and Graphics put into practice. We use this to inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if you provide explanations that are as brief, unclear, and legally technical as possible, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you were not aware of.
If you still have questions, we kindly ask you to contact the responsible party mentioned below or in the legal notice, to follow the existing links, and to view further information on third-party websites. You will of course also find our contact details in the legal notice.

Scope of application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in the sense of Art. 4 No. 1 GDPR, such as a person's name, e-mail address, and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy covers:

  • all online presences (websites, online shops) that we operate
  • Social media presence and email communication
  • mobile apps for smartphones and other devices

In short: The data protection policy applies to all areas where personal data is processed in a structured manner within the company via the specified channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately as appropriate.

Legal basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course find this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 read up.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you input into a contact form.
  2. Contract (Article 6(1)(b) GDPR): We process your data to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we require personal information in advance.
  3. Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation to do so. For example, we are legally obliged to retain invoices for accounting purposes. These typically contain personal data.
  4. Legitimate interests (Article 6(1)(f) GDPR): We reserve the right to process personal data in the case of legitimate interests that do not restrict your fundamental rights. For example, we need to process certain data to operate our website safely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the perception of recordings of public interest and the exercise of public authority, as well as the protection of vital interests, do not typically arise for us. Insofar as such a legal basis should nevertheless be relevant, it will be indicated at the corresponding point.

In addition to the EU regulation, national laws also apply:

  • In Austria Is this the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Actshort DSG.
  • In Germany Is that valid? Federal Data Protection Act, short BDSG.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or body below:
Veterinary Practice Dr. Nina Rödig
Dr Nina Rödig
Deichweg 27, 40668 Meerbusch, Germany
Authorised to represent: Dr. Nina Rödig
E-mail:
Telephone: +4915123063527
Legal Notice https://pferdepraxis-roedig.de/impressum

Storage duration

We generally have a policy of only storing personal data for as long as it is strictly necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish for your data to be deleted or withdraw your consent for data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will provide more information on the specific duration of the respective data processing below, should we have further details.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we would like to inform you of the following rights that you are entitled to, to ensure fair and transparent data processing:

  • Under Article 15 of the GDPR, you have a right to information as to whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following:
    • for what purpose we carry out the processing;
    • the categories, i.e. the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data is stored for;
    • the right to rectification, erasure or restriction of processing and the right to object to processing;
    • that you can complain to a supervisory authority (links to these authorities can be found below);
    • the origin of the data, if we did not collect it from you;
    • whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you.
  • Under Article 16 of the GDPR, you have a right to rectification of your data, meaning that we must correct any inaccuracies we find.
  • Under Article 17 of the GDPR, you have the right to erasure („right to be forgotten“), which specifically means you may request the deletion of your data.
  • Under Article 18 of the GDPR, you have the right to restrict processing, which means we are only allowed to store your data but not use it further.
  • Under Article 20 of the GDPR, you have the right to data portability, meaning that we will provide you with your data in a commonly used format upon request.
  • According to Article 21 of the GDPR, you have a right to object, which, once asserted, leads to a change in processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
    • If data is used for direct marketing, you can object to this type of data processing at any time. We will no longer be able to use your data for direct marketing after that.
    • If data is used for profiling, you can object to this type of data processing at any time. We will no longer be allowed to use your data for profiling afterwards.
  • Under Article 22 of the GDPR, you may have the right not to be subjected to a decision based solely on automated processing (for example, profiling).
  • Under Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data infringes the GDPR.

In short: You have rights – please do not hesitate to contact the responsible body listed above!

If you believe that your data is being processed in violation of data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Datenschutzbehörde (Data Protection Authority), whose website can be found at https://www.dsb.gv.at/ find. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) to be used if necessary. The following local data protection authority is responsible for our company:

North Rhine-Westphalia Data Protection Authority

Data Protection Commissioner Bettina Gayk
Address Kavalleriestraße 2-4, 40213 Düsseldorf
Phone number: 02 11/384 24-0
Email address
Website https://www.ldi.nrw.de/

Data transfer to third countries

We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, it is legally required or contractually necessary and in any case only to the extent that it is generally permitted. Your consent is the most important reason in most cases why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. The processing of data by US services (such as Google Analytics) may result in data not being processed and stored anonymously, where applicable. Furthermore, US government authorities may, where applicable, gain access to individual data. In addition, the data collected may be linked with data from other services of the same provider, provided you have a corresponding user account. Wherever possible, we try to use server locations within the EU, if this is offered.

We will inform you in more detail about data transfers to third countries at the appropriate points in this privacy policy, where applicable.

Data processing security

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. This makes it as difficult as possible, within our capabilities, for third parties to infer personal information from our data.

Art. 25 GDPR speaks here of “data protection by design and by default” and means that security must be considered and appropriate measures implemented for both software (e.g. forms) and hardware (e.g. access to server rooms). Below, we will discuss specific measures, if necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (which stands for Hypertext Transfer Protocol Secure) to transmit data securely over the internet, preventing eavesdropping.
This means that the complete transfer of all data from your browser to our web server is secured – no one can “eavesdrop”.

With this, we have introduced an additional layer of security and are fulfilling data protection by design (Article 25(1) GDPRBy using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data.
You can recognise the use of this data transfer security by the small padlock symbol. top of the browser, to the left of the internet address (e.g. examplepage.co.uk) and the use of the https scheme (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links for further information.

Communication

Communication Summary
👥 Affected: Anyone communicating with us via phone, email, or online form
Processed data: e.g. phone number, name, email address, data entered into forms. You can find more details on this under the respective contact method used.
Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and legal regulations
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate interests)

When you contact us and communicate by telephone, email or online form, personal data may be processed.

The data will be processed for the handling and processing of your query and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Affected persons

All of the processes mentioned are affected for those who seek to contact us via the communication channels we provide.

Telephone

When you call us, the call data will be pseudonymised and stored on the respective terminal device and by the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent by email and stored for the purpose of responding to your request. The data will be deleted as soon as the business case has been concluded and statutory regulations permit.

Email

When you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data will be stored on the email server. The data will be deleted as soon as the business transaction has been concluded and legal requirements permit.

Online Forms

If you communicate with us via an online form, data will be stored on our web server and, if necessary, forwarded to one of our email addresses. The data will be deleted as soon as the business case has been concluded and legal requirements permit.

Legal basis

The processing of data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): You give us your consent to store your data and use it for purposes relating to the business case.;
  • Art. 6(1)(b) GDPR (Contract): There is a need for the performance of a contract with you or a processor, such as a telephone provider, or we must process the data for pre-contractual activities, such as preparing a quote;
  • Article 6(1)(f) GDPR (Legitimate interests): We aim to conduct customer inquiries and business communication within a professional framework. To achieve this, certain technical facilities, such as email programs, Exchange servers, and mobile network operators, are necessary for efficient communication.

Data Processing Agreement (DPA)

In this section, we want to explain what a data processing agreement is and why it is needed. Because the word “Auftragsverarbeitungsvertrag” is quite a mouthful, we will also often use the acronym AVV (Auftragsverarbeitungsvertrag) in this text. Like most companies, we don't work alone but also use the services of other companies or individuals ourselves. By engaging various companies or service providers, we may pass on personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called data processing agreement (AVV). The most important thing for you to know is that your personal data will be processed exclusively on our instructions and must be regulated by the AVV.

Auftragsverarbeiter sind Personen oder Unternehmen, die Daten im Auftrag eines Datenverantwortlichen verarbeiten.

As a company and website owner, we are responsible for all data that we process from you. In addition to the controllers, there can also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, public authority, agency or other body which processes personal data on our behalf shall be considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, for example.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

Affected person (You as a customer or interested party) Person in charge (we as a company and client) Data processor Service providers such as web hosts or cloud providers

Content of a Contract Processing Agreement

As mentioned above, we have concluded a data processing agreement with our partners, who act as data processors. This agreement states, first and foremost, that the data processor shall process the data to be processed exclusively in accordance with the GDPR. The agreement must be concluded in writing, although in this context, electronic contract conclusion is also considered „in writing“. The processing of personal data will only take place on the basis of the agreement. The agreement must contain the following:

  • Commitment to us as a responsible party
  • Responsibilities and rights of the controller
  • Categories of affected persons
  • Type of personal data
  • Nature and purpose of data processing
  • Subject matter and duration of data processing
  • Place of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

  • Measures to ensure data security
  • possible technical and organisational measures to be taken to protect the rights of the data subject
  • to maintain a register of processing activities
  • upon the request of the data protection supervisory authority to cooperate with it
  • to carry out a risk analysis regarding the personal data received
  • Sub-processors may only be engaged with the prior written authorisation of the controller

You can see what an AVV looks like in detail, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html See. Here a sample contract is presented.

Biscuits

Cookie summary
Website Visitors
🤝 Purpose: Dependent on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie.
Processed data: Depending on the cookie used. More details can be found below or with the manufacturer of the software that sets the cookie.
📅 Storage duration: depends on the respective cookie, can vary from hours to years
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

Cookies sind kleine Textdateien, die bei Ihrem Besuch einer Website auf Ihrem Computer oder Mobilgerät gespeichert werden. Sie werden häufig verwendet, um Ihre Präferenzen zu speichern und Ihre Aktivität auf der Website zu verfolgen.

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are genuinely useful aids. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for different applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser sends the „user-related“ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie back from the server, which the browser reuses when another page is requested.

HTTP Cookie Interaction between Browser and Web Server

There are both first-party and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be assessed individually, as each cookie stores different data. The expiry period of a cookie also varies, from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other „malware“. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value GA1.2.1326744211.152312557314-9
Purpose: Differentiating website visitors
Expiry date after 2 years

These minimum sizes should be supported by a browser:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services employed and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies you can distinguish:

Essential Cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user adds a product to their shopping basket, then browses other pages, and only later proceeds to checkout. Thanks to these cookies, the shopping basket is not deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure loading times and website behaviour across different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, entered locations, font sizes, or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver advertising tailored to the user. This can be very convenient, but also very annoying.

Typically, when you visit a website for the first time, you'll be asked which of these cookie types you wish to allow. And, of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments named “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. You can find more details about this below or from the manufacturer of the software that sets the cookie.

Welche Daten werden verarbeitet?

Cookies are small helpers for a wide variety of tasks. Unfortunately, we cannot generalise what data is stored in cookies, but we will inform you about the processed or stored data within the scope of the following privacy policy.

Cookie storage duration

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also below “Right to object”). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of storage up to that point remains unaffected.

Right to object – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies are stored in your browser, change cookie settings, or delete them, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Delete and Manage Cookies

If you do not want to accept cookies at all, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether you want to allow it or not. The procedure varies depending on the browser. It is best to search for instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal basis

Since 2009, what are known as „cookie directives“ have been in place. These stipulate that storing cookies is a Consent (Article 6(1)(a) GDPR) requires you to do so. However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive was implemented in § 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in § 15(3) of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent has been given, legitimate interests (Article 6(1)(f) GDPR), which are in most cases economic in nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary.

Unless non-essential cookies are used, this will only happen with your consent. The legal basis for this is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, should the software used employ cookies.

Application data

Application Data Summary
👥 Affected parties: Users applying for a position with us
🤝 Purpose: Handling of an application process
Processed Data: Name, address, contact details, email address, phone number, proof of qualifications (certificates), possibly special category data.
📅 Storage duration: In case of a successful application, until the end of the employment relationship. Otherwise, the data will be deleted after the application process or stored for a certain period with your consent.
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), legitimate interests (Art. 6(1)(f) GDPR), Art. 6(1)(b) GDPR (contract), Art. 9(2)(a) GDPR (processing of special categories)

Bewerbungsdaten sind Informationen, die ein Bewerber bei der Beantragung einer Stelle oder eines Programms bereitstellt.

You can apply for a job with our company via email, an online form, or a recruitment tool. All data we receive from you as part of an application and process counts as application data. In doing so, you will always disclose personal data such as name, date of birth, address, and telephone number.

Why do we process application data?

We process your data to conduct a proper selection process for the advertised position. Additionally, we are happy to keep your application documents in our application archive. This is because it often happens that a collaboration for the advertised position does not work out for various reasons, but we are impressed by you and your application and can well envision future collaboration. If you give us your consent for this, we will archive your documents so that we can easily contact you for future positions within our company.

We guarantee that we will handle your data with extreme care and will only process your data within the legal framework. Within our company, your data will only be passed on to individuals who are directly involved with your application. In short: your data is safe with us!

Welche Daten werden verarbeitet?

If you apply to us by email, for example, we will naturally receive personal data, as mentioned above. Even an email address counts as personal data. However, in the course of an application process, only those data that are relevant to our decision on whether or not we wish to welcome you to our team will be processed.

The exact data processed depends primarily on the job advertisement. However, it usually includes name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data will be transferred to us in encrypted form. If you send us the application by email, this encryption will not take place. Therefore, we cannot accept responsibility for the method of transmission. However, once the data is on our servers, we are responsible for the lawful handling of your data.

During the application process, in addition to the data mentioned above, information about your health or ethnic origin may be requested, so that we and you can exercise the rights relating to labour law, social security, and social protection, while at the same time fulfilling the corresponding obligations. This data is considered special category data.

Here is a list of possible data we may receive and process from you:

  • Name
  • Contact address
  • Email address
  • telephone number
  • Date of birth
  • Information gleaned from cover letters and CVs
  • Certificates (e.g.) diplomas
  • Data of special categories (e.g. ethnic origin, health data, religious beliefs)
  • Usage data (visited websites, access data, etc.)
  • Metadata (IP address, device information)

How long will the data be stored?

If we welcome you as a team member to our company, your data will be further processed for the purpose of the employment relationship and retained by us at least until the termination of the employment relationship. All application documents will then be added to your employee file.

If we do not offer you a job, you decline our offer, or you withdraw your application, we may retain your data for up to 6 months after the conclusion of the application process due to our legitimate interest (Art. 6(1)(f) GDPR). Thereafter, your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data so that we can answer any further queries or so that we can provide proof of the application in the event of legal disputes. If a legal dispute arises and we may still need the data after the 6-month period has expired, we will only delete the data when there is no longer any reason to retain it. If there are statutory retention obligations to be met, we must generally store the data for longer than 6 months.

We may also store your data for longer if you have given specific consent for this. We do this, for example, if we can well imagine a future collaboration with you. It is then helpful to have your data archived so that we can reach you without any issues. In this case, the data is placed in our applicant pool. Naturally, you can withdraw your consent for longer data storage at any time. If no withdrawal is made and you do not give new consent, your data will be deleted after 2 years at the latest.

Legal basis

The legal bases for processing your data are Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests) and Art. 9(2)(a) GDPR (processing of special categories).

If we include you in our applicant tool, this happens based on your consent (Art. 6 (1) lit. a GDPR). We would like to point out that your consent to be included in our applicant pool is voluntary, has no influence on the application process, and you have the option to withdraw your consent at any time. The lawfulness of processing up to the point of withdrawal will not be affected.

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, provision of care or treatment in the health or social sector, or the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h GDPR. If you voluntarily disclose special categories of data, processing is carried out on the basis of Art. 9 para. 2 lit. a GDPR.

Customer data

Customer Data Summary
👥 Affected Parties: Customers, Business Partners and Contractual Partners
Purpose: Provision of services agreed contractually or pre-contractually, including associated communication
Processed Data: Name, Address, Contact Details, Email Address, Telephone Number, Payment Information (such as invoices and bank details), Contract Data (such as term and subject of the contract), IP Address, Order Data
Retention period: data will be deleted as soon as it is no longer required for the provision of our business purposes and there is no statutory retention obligation.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), Contract (Art. 6(1)(b) GDPR)

Kundendaten sind Informationen, die ein Unternehmen über seine Kunden sammelt.

In order for us to be able to offer our services or contractual services, we also process data belonging to our customers and business partners. This data always includes personal data. Customer data is understood to mean all information that is processed on the basis of a contractual or pre-contractual working relationship in order to be able to provide the services offered. Customer data therefore comprises all collected information that we gather and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important one is that we simply need various data to provide our services. Sometimes your email address is sufficient for this, but if you purchase a product or service, for example, we also need data such as your name, address, bank details, or contract details. We also subsequently use the data for marketing and sales optimisations so that we can improve our service for our customers overall. Another important point is our customer service, which is always very close to our hearts. We want you to be able to contact us at any time with questions about our offers, and for that, we need at least your email address.

Welche Daten werden verarbeitet?

Precisely what data is stored can only be summarised by categories at this point. This always depends on which services you obtain from us. In some cases, you simply provide us with your email address so that we can, for example, get in touch with you or answer your questions. In other cases, you purchase a product or service from us, and for that, we require considerably more information, such as your contact details, payment details, and contract details.

Here is a list of possible data we may receive and process from you:

  • Name
  • Contact address
  • Email address
  • telephone number
  • Date of birth
  • Payment details (invoices, bank details, payment history etc.)
  • Contract data (term, content)
  • Usage data (visited websites, access data, etc.)
  • Metadata (IP address, device information)

How long will the data be stored?

Once we no longer require your customer data to fulfil our contractual obligations and our purposes, and this data is also not necessary for potential warranty and liability claims, we will delete the corresponding customer data. This is the case, for example, when a business contract ends. The statutory limitation period is generally 3 years thereafter, although longer periods may apply in individual cases. We naturally also comply with statutory retention obligations. Your customer data will absolutely not be passed on to third parties unless you have explicitly given your consent for this.

Legal basis

The legal bases for processing your data are Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract or pre-contractual measures), Article 6(1)(f) GDPR (legitimate interests) and, in special cases (e.g., for medical services), Article 9(2)(a) GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, provision of care or treatment in the health or social sector, or the management of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 para. 2 lit. h GDPR. If you voluntarily disclose special categories of data, processing is carried out on the basis of Art. 9 para. 2 lit. a GDPR.

Web Hosting Introduction

Web hosting summary
Website Visitors
Purpose: Professional website hosting and operational security
Processed data: IP address, time of website visit, browser used, and other data. Further details can be found below or with the respective web hosting provider.
📅 Storage duration: dependent on the provider, but generally 2 weeks
⚖️ Legal basis: Article 6(1)(f) GDPR (Legitimate interests)

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically generated and saved, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean, incidentally, the entirety of all web pages on a domain, i.e., everything from the start page (homepage) to the very last sub-page (like this one). By domain, we mean, for example, example.co.uk or sample.com.

When you want to view a website on a computer, tablet or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We simply call them a browser or web browser.

To display the website, the browser must connect to another computer where the website's code is stored: the web server. Running a web server is a complicated and intensive task, which is why it is usually handled by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. Quite a lot of technical terms, but please bear with us, it gets even better!

When your browser connects on your computer (desktop, laptop, tablet or smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture says more than a thousand words, so the following graphic illustrates the interaction between the browser, the internet and the hosting provider.

Browser and web server

Why do we process personal data?

The purposes of data processing are:

  1. Professional website hosting and operational security
  2. to maintain operational and IT security
  3. Anonymous evaluation of access behaviour for the improvement of our services and, if necessary, for criminal prosecution or the pursuit of claims.

Welche Daten werden verarbeitet?

Even while you are visiting our website right now, our web server, that is the computer on which this website is stored, usually automatically saves data such as

  • the complete internet address (URL) of the web page that was viewed
  • Browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
  • the hostname and IP address of the device from which access is being made (e.g. COMPUTERNAME and 194.23.43.121)
  • Date and time
  • in files, the so-called web server log files

How long is data stored for?

As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be accessed by authorities in the event of unlawful behaviour.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not pass on your data without consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting arises from Article 6(1)(f) GDPR (legitimate interests), as the use of professional hosting with a provider is necessary to present the company online in a secure and user-friendly manner and to be able to pursue attacks and claims arising from this, where applicable.

Between us and the hosting provider, there is usually a contract on order processing pursuant to Art. 28 GDPR, which ensures compliance with data protection and guarantees data security.

1&1 IONOS Webhosting Privacy Policy

To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany, 1&1 IONOS SE is located at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, you can find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna.

What is 1&1 IONOS web hosting?

IONOS offers the following services for web hosting: Domain, Website & Shop, Hosting & WordPress, Marketing, E-Mail & Office, IONOS Cloud and Servers. With over 22 million domains, almost 9 million customer contracts and 100,000 servers, IONOS is one of the largest established players in the web hosting sector in Germany.
As we already mentioned in our introductory words on the topic of web hosting: hosting also involves storing data belonging to you or your end device on IONOS servers. First and foremost, your IP address, which is known to be personal data, is stored. In addition, technical data such as the URL of our website, the name of your internet browser, or which operating system you are using, are also stored.

Why do we use 1&1 IONOS web hosting?

IONOS was founded in Germany back in 1988 and therefore has over 30 years of experience under its belt. However, this does not mean that the company has not continuously evolved in terms of technology. It is precisely this combination of experience and innovative spirit that, in our opinion, provides a good foundation for our website. After all, we want our website to function smoothly 24 hours a day while ensuring a high level of security. As IONOS does not limit monthly data traffic and provides plenty of storage space, our website remains high-performing even with many visitors. We are very satisfied with the website's speed, and the price-performance ratio currently meets our requirements.

More information about data protection at IONOS can be found in the privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about data protection, you can also contact the IONOS data protection team by email at Contact.

Order Processing Agreement (AVV) IONOS

In accordance with Article 28 of the GDPR, we have concluded a Data Processing Agreement (DPA) with IONOS. You can read more about what a DPA is and, in particular, what needs to be included in a DPA in our general section „Data Processing Agreement (DPA)“.

This contract is legally required because IONOS processes personal data on our behalf. It clarifies that IONOS may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details on this can be found further down in this privacy policy and in the providers' privacy policy.
📅 Storage duration: depends on the provider
Legal bases: Art. 6(1)(f) GDPR (Legitimate interests), Art. 6(1)(a) GDPR (Consent)

Website builder platforms are tools that allow users to create websites without needing to know how to code. They typically offer a drag-and-drop interface and pre-designed templates, making it easy for individuals and small businesses to build and manage their online presence.

We use a website builder system for our website. Website builder systems are particular types of content management systems (CMS). With a website builder system, website operators can create a website very easily and without programming knowledge. In many cases, web hosts also offer website builder systems. By using a website builder system, personal data of yours can also be collected, stored, and processed. In this privacy policy text, we will provide you with general information about data processing by website builder systems. You can find more detailed information in the provider's privacy policy.

Sowohl für kleine Unternehmen als auch für Freiberufler sind Website-Baukastensysteme eine hervorragende Option, um die eigene Online-Präsenz aufzubauen, ohne tiefgreifende technische Kenntnisse oder ein großes Budget zu benötigen. Diese Systeme bieten eine benutzerfreundliche Oberfläche, oft im Drag-and-Drop-Verfahren, mit vorgefertigten Vorlagen. So können Nutzer schnell eine optisch ansprechende Website erstellen, die sowohl für Desktops als auch für mobile Geräte responsiv ist. Mit Zusatzfunktionen wie integrierten Shopsystemen, Blogging-Tools oder Kontaktformularen lassen sich die Websites zudem leicht erweitern und an die individuellen Bedürfnisse anpassen. Zusätzlich entfällt bei vielen Baukastensystemen die Notwendigkeit, sich um Hosting und Domainregistrierung zu kümmern, da diese oft im Paket enthalten sind. Das erleichtert den Prozess weiter und macht Website-Baukästen zu einer attraktiven Lösung für alle, die schnell und unkompliziert online gehen möchten.

The greatest advantage of a modular system is its ease of use. We want to offer you a clear, simple, and well-organised website that we can easily operate and maintain ourselves – without external support. A modular system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.

What data is stored by a modular system?

The exact data that is stored naturally depends on the website builder system used. Each provider processes and collects different data from website visitors. However, as a general rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit is collected. Furthermore, tracking data (e.g. browser activity, clickstream activities, session heatmaps, etc.) may also be processed. In addition, personal data may also be collected and stored. This usually comprises contact details such as email address, telephone number (if you have provided them), IP address, and geographical location data. You can find out exactly which data is stored in the provider's privacy policy.

How long and where will the data be stored?

We will inform you about the duration of data processing further down in connection with the website builder system used, provided we have further information on this. You can find detailed information about this in the provider's privacy policy. Generally, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. The provider may store data from you according to their own specifications, over which we have no influence.

Right of objection

You always have the right to access, rectify, and erase your personal data. If you have any questions, you can also contact the responsible persons of the website builder system used at any time. You can find contact details either in our data protection declaration or on the website of the respective provider.

You can delete, disable, or manage cookies that providers use for their functions in your browser. How this works varies depending on the browser you use. Please note, however, that some functions may then no longer work as expected.

Legal basis

We have a legitimate interest in using a website builder system to optimise our online service and present it to you in an efficient and user-friendly manner. The relevant legal basis for this is Art. 6(1)(f) GDPR (Legitimate interests). Nevertheless, we will only use the builder system to the extent that you have given your consent.

To the extent that the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies particularly to tracking activities. The legal basis for this is Art. 6(1)(a) GDPR.

With this privacy policy, we have provided you with the most important general information regarding data processing. If you wish to find out more about this, you will find further information – if available – in the following section or in the provider's privacy policy.

Web Analytics Introduction

Web Analytics Privacy Policy Summary
Website Visitors
Purpose: Evaluation of visitor information for the optimisation of the web offering.
Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behaviour, click behaviour, and IP addresses. Further details can be found with the respective web analytics tool used.
📅 Storage duration: depends on the web analytics tool used
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use website analytics software on our website to analyse visitor behaviour. This involves the collection of data, which is then stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to create analyses of user behaviour on our website and is made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we present two different offers for a limited period. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and data stored in cookies.

Why do we do web analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we aim, on the one hand, to provide the best and most interesting offering and, on the other hand, to ensure that you feel completely at ease on our website. With the help of web analytics tools, we can examine the behaviour of our website visitors more closely and then, accordingly, improve our web offering for you and us. For example, we can see the average age of our visitors, where they come from, when our website is visited most often, or which content or products are particularly popular. All of this information helps us to optimise the website and thus adapt it perfectly to your needs, interests, and desires.

Welche Daten werden verarbeitet?

Exactly what data is stored naturally depends on the analysis tools used. However, as a general rule, the following information is stored, for example: which content you view on our website, which buttons or links you click, when you access a page, which browser you are using, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you are using. If you have consented to location data also being collected, this may also be processed by the web analytics tool provider.

Furthermore, your IP address will also be stored. In accordance with the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address will generally be stored in a pseudonymised form (i.e. in an unrecognisable and truncated format). For the purposes of testing, web analysis and web optimisation, direct data such as your name, age, address or email address will generally not be stored. All such data, if collected, will be stored pseudonymised, meaning you cannot be identified as an individual.

The following example shows the schematic functioning of Google Analytics as an example of client-based web tracking with Java-Script code.

Schematic data flow in Google Analytics

The length of time specific data is stored always depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If, as is the case with accounting for example, it is legally required, this storage period may also be exceeded.

Right of objection

You also have the right and the option at any time to withdraw your consent to the use of cookies or third parties. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie pop-up. This consent is, according to Art. 6(1)(a) GDPR (Consent) the legal basis for the processing of personal data, as may occur during collection by web analytics tools.

In addition to consent, we also have a legitimate interest in analysing the behaviour of website visitors in order to technically and economically improve our services. With the help of web analytics, we can identify website errors, detect attacks and improve profitability. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We nonetheless only use the tools if you have given your consent.

As web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Information regarding special web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
Website Visitors
Purpose: Evaluation of visitor information for the optimisation of the web offering.
Processed data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behaviour, and click behaviour. More details on this can be found further down in this privacy policy.
📅 Storage duration: Individually configurable, Google Analytics 4 data is stored for 14 months by default
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Google Analytics ist ein kostenloser Webanalysedienst, der den Website-Traffic verfolgt und meldet.

We use the analytics tracking tool Google Analytics on our website, specifically the Google Analytics 4 (GA4) version from the American company Google Inc. Within Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login credentials, you can be identified across different devices as a user. This allows your actions to be analysed across platforms as well.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better tailor our website and service to your needs. Below, we go into more detail about the tracking tool and, above all, inform you about which data is processed and how you can prevent this.

Google Analytics is a tracking tool used for analysing the traffic on our website. This measurement and analysis is based on a pseudonymous user identification number. This number does not contain personal data such as name or address, but is used to link events to an end device. GA4 uses an event-based model that captures detailed information on user interactions such as page views, clicks, scrolling, and conversion events. Furthermore, GA4 also incorporates various machine learning functions to better understand user behaviour and certain trends. GA4 relies on modelling with the help of machine learning functions. This means that based on the data collected, missing data can also be extrapolated in order to optimise the analysis and also to provide forecasts.

In order for Google Analytics to function fundamentally, a tracking code is incorporated into our website's code. When you visit our website, this code records various events you perform on our site. The event-based data model of GA4 allows us, as website operators, to define and track specific events to obtain analyses of user interactions. This means that in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events could be, for example, submitting a contact form or purchasing a product.

As soon as you leave our website, these data are sent to Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behaviour. These reports can include the following, among others:

  • Audience reports: Through audience reports, we get to know our users better and understand more precisely who is interested in our service.
  • Ad reports: Ad reports make it easier for us to analyse and improve our online advertising.
  • Acquisition reports: Acquisition reports provide us with helpful information on how we can get more people to use our service.
  • Behavioural Reports: Here we learn how you interact with our website. We can track your journey on our site and which links you click.
  • Conversion reports: A conversion is when you take a desired action as a result of a marketing message. For example, when a pure website visitor becomes a buyer or a newsletter subscriber. These reports help us understand how our marketing efforts are resonating with you. This is how we aim to increase our conversion rate.
  • Real-time reports: Here we always find out immediately what is currently happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features, among others:

  • Event-based data model: This model captures very specific events that can occur on our website. For example, playing a video, purchasing a product, or signing up for our newsletter.
  • Extended analysis functions: These functions enable us to gain an even better understanding of your behaviour on our website or certain general trends. For example, we can segment user groups, carry out comparative analyses of target groups, or trace your journey or path on our website.
  • Forecasting modelling: Based on collected data, machine learning can be used to extrapolate missing data, predicting future events and trends. This can help us develop better marketing strategies.
  • Cross-platform analysis: Data can be collected and analysed from both websites and apps. This gives us the opportunity to analyse user behaviour across platforms, provided you have consented to data processing, of course.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically evaluated data shows us a clear picture of our website's strengths and weaknesses. On the one hand, we can optimise our site so that it is more easily found on Google by interested people. On the other hand, the data helps us understand you as a visitor better. We therefore know very precisely what we need to improve on our website in order to offer you the best possible service. The data also allows us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

Google Analytics speichert eine Vielzahl von Daten, um Website-Besucher zu verfolgen und zu analysieren. Dazu gehören: **Grundlegende Daten:** * **IP-Adresse:** Wird zur Bestimmung des ungefähren Standorts des Nutzers verwendet. In der Regel wird die IP-Adresse vor der Speicherung gekürzt oder anonymisiert. * **Geräteinformationen:** Informationen über das vom Nutzer verwendete Gerät, wie Betriebssystem, Browser-Typ, Bildschirmauflösung und Gerätemodell. * **Browserinformationen:** Details zum verwendeten Browser, einschliesslich Version und installierter Plugins. * **Zeitstempel:** Wann die Seite aufgerufen wurde und wann die Interaktion stattfand. * **Referrer-Informationen:** Von welcher Website oder URL der Nutzer auf die aktuelle Seite gelangt ist. * **Besuchte Seiten:** Welche Seiten auf der Website der Nutzer angesehen hat. * **Aktionen des Nutzers:** Welche Klicks, Downloads oder Formularübermittlungen der Nutzer auf der Website durchgeführt hat. * **Sprache:** Die vom Browser des Nutzers eingestellte Sprache. * **Demografische Daten (sofern aktiviert und aggregiert):** Alter, Geschlecht und Interessen der Nutzer, basierend auf aggregierten Daten von Google. **Schlüssel-IDs:** * **Client-ID:** Eine zufällig generierte Kennung, die einem bestimmten Browser oder Gerät zugeordnet ist. Sie ermöglicht es, die Sitzungen und das Verhalten eines einzelnen Nutzers über mehrere Besuche hinweg zu verfolgen. * **User-ID (optional und bei Anmeldung):** Wenn eine Website eine Benutzeranmeldung implementiert, kann die User-ID verwendet werden, um das Verhalten eines angemeldeten Nutzers über verschiedene Geräte und Browser hinweg zu verfolgen. Dies erfordert die explizite Übermittlung dieser ID durch die Website. **Zusätzlich gespeicherte Daten (je nach Konfiguration):** * **Ereignisse (Events):** Spezifische Aktionen, die auf der Website stattfinden und die Website-Betreiber als wichtig definieren (z. B. Video-Wiedergaben, Button-Klicks, Scrolltiefe). * **E-Commerce-Daten:** Informationen über Produktkäufe, Warenkörbe und Transaktionen, wenn E-Commerce-Tracking aktiviert ist. * **Kampagnen-Tracking:** Daten über die Herkunft des Traffics, z. B. über UTM-Parameter, um die Leistung von Marketingkampagnen zu messen. * **Benutzerdefinierte Dimensionen und Metriken:** Zusätzliche Datenpunkte, die von Website-Betreibern selbst definiert und gesammelt werden können. **Was Google Analytics NICHT speichert (standardmässig):** * **Persönlich identifizierbare Informationen (PII) direkt:** Google Analytics ist darauf ausgelegt, keine vollen Namen, E-Mail-Adressen oder Telefonnummern direkt zu speichern. Es ist jedoch wichtig zu beachten, dass indirekte Identifizierung durch die Kombination verschiedener Daten möglich ist, was die Bedeutung von Anonymisierungsfunktionen wie der IP-Anonymisierung unterstreicht. * **Sensible Daten:** Informationen wie Kreditkartennummern oder sensible Gesundheitsdaten sollten niemals über Google Analytics erfasst werden. * **Passwörter oder Login-Daten.** Die gesammelten Daten werden verwendet, um Berichte über das Nutzerverhalten zu erstellen, die Leistung von Inhalten zu bewerten, die Benutzerfreundlichkeit zu verbessern und Marketingstrategien zu optimieren. Es ist wichtig, dass Website-Betreiber die Datenschutzbestimmungen und die Konfigurationseinstellungen von Google Analytics sorgfältig prüfen, um die Einhaltung der geltenden Gesetze (wie der DSGVO) sicherzustellen.

Google Analytics creates a random, unique ID using a tracking code, which is linked to your browser cookie. This is how Google Analytics recognises you as a new user and assigns you a user ID. The next time you visit our site, you will be recognised as a „returning“ user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

To analyse our website with Google Analytics, a Property ID must be inserted into the tracking code. The data will then be stored in the corresponding property. For every newly created property, Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Your interactions are measured across platforms using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, provided you have consented. Interactions are any type of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics can be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur if legally required.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses IP address data to derive location data and deletes it immediately afterwards. Therefore, all IP addresses collected from users in the EU are deleted before the data is stored in a data centre or on a server.

As Google Analytics 4 is event-based, the tool uses significantly fewer cookies compared to previous versions (like Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
Value 2.1326744211.152312557314-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Fundamentally, it serves to distinguish between website visitors.
Expiry date after 2 years

Name: _gid
Value 2.1687193234.152312557314-1
Purpose: The cookie also serves to distinguish website visitors
Expiry date after 24 hours

Name: _gat_gtag_UA_
Value 1
Purpose: Used to decrease the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
Expiry date after 1 minute

Note: This list cannot claim to be exhaustive, as Google also changes its cookie choices repeatedly. GA4 also aims to improve data protection. Therefore, the tool offers several options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we provide an overview of the main types of data collected by Google Analytics:

Heatmaps Google creates so-called heatmaps. Heatmaps show you exactly which areas you click on. This gives us information about where you „navigate“ on our site.

Session duration: As session duration, Google refers to the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session automatically ends.

Bounce rate (English: Bounce Rate): A bounce occurs when you view only one page on our website and then leave our site again.

Account Creation When you create an account or place an order on our website, Google Analytics collects this data.

Location IP addresses are not logged or stored in Google Analytics. However, derivatives for location data are used shortly before the IP address is deleted.

Technical Information: Technical information includes, among other things, your browser type, your internet provider, or your screen resolution.

Source Google Analytics, or rather, we are of course also interested in which website or advertisement brought you to our site.

Further data includes contact details, any reviews, media playback (e.g., if you play a video via our site), sharing content via social media, or adding to your favourites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where will the data be stored?

Google has distributed its servers all over the world. You can find out exactly where the Google data centres are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical storage media. This has the advantage that the data is more readily accessible and better protected against manipulation. Your data is backed up with appropriate emergency programmes in every Google data centre. If, for example, hardware fails at Google or natural disasters cripple servers, the risk of a service interruption at Google remains low.

The data retention period depends on the properties used. The storage duration is always set individually for each property. Google Analytics offers us four options for controlling the storage duration:

  • 2 months: that's the shortest storage period.
  • 14 months: By default, data in GA4 is stored for 14 months.
  • 26 months: the data can also be stored for 26 months.
  • Data will only be deleted when we manually delete it

Additionally, there is also the option that data is only deleted if you do not visit our website within the period chosen by us. In this case, the retention period is reset each time you visit our website again within the specified period.

Once the set period expires, data will be deleted once a month. This retention period applies to your data linked to cookies, user identification and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under the European Union's data protection law, you have the right to access, update, delete, or restrict your data. By using the browser add-on for disabling Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. You can find the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de Download and install. Please note that this add-on only deactivates data collection by Google Analytics.

If you want to generally disable, delete, or manage cookies, you will find links to the respective instructions for the most common browsers under the „Cookies“ section.

Legal basis

The use of Google Analytics requires your consent, which we obtained via our cookie popup. According to Art. 6(1)(a) GDPR (Consent) the legal basis for the processing of personal data, as may occur during collection by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to technically and economically improve our services. With the help of Google Analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use Google Analytics if you have given your consent.

Google processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the lawfulness and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for transfers of data there, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information regarding Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about data processing, use the Google Privacy Policy at https://policies.google.com/privacy?hl=de.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with Google. You can read about what a DPA is and, in particular, what must be included in a DPA in our general section „Data Processing Agreement (DPA)“.

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us according to our instructions and must comply with GDPR. The link to the contract processing terms can be found at https://business.safety.google/intl/de/adsprocessorterms/

Google Analytics reports on demographics and interests

We have enabled advertising features in Google Analytics. The demographic and interest reports contain information about age, gender, and interests. This allows us to get a better picture of our users without being able to attribute this data to individual people. You can find out more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can control the use of your Google Account's activities and information under “Ad Settings” on https://adssettings.google.com/authenticated to stop the checkbox.

Google Analytics IP-anonymisation

We have implemented IP address anonymisation on this website. This feature was developed by Google so that this website can comply with applicable data protection regulations and recommendations from local data protection authorities when they prohibit the storage of full IP addresses. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive at the Google Analytics data collection network and before any data is stored or processed.

Mehr Informationen zur IP-Anonymisierung finden Sie auf https://support.google.com/analytics/answer/2763052?hl=de.

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary
Website Visitors
Purpose: Evaluation of visitor information for the optimisation of the web offering.
Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behaviour, click behaviour, and IP addresses. More details can be found below and in the Google Analytics privacy policy.
📅 Storage duration: depends on properties used
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Google Site Kit?

We have integrated the Google Site Kit WordPress plugin from the American company Google Inc. into our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics, which originate from various Google products such as Google Analytics, directly within our WordPress dashboard. The tool, and the tools integrated into Google Site Kit, collect personal data from you, among other things. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other data protection texts are relevant to you in this context.

Google Site Kit is a plugin for the WordPress content management system. This plugin allows us to view important website analytics statistics directly in our dashboard. These statistics are collected from other Google products, primarily Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insights, Google AdSense, Google Optimize, and Google Tag Manager can also be linked with Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our job to offer you the best possible experience on our website. You should feel comfortable on our website and quickly and easily find exactly what you are looking for. Statistical evaluations help us to get to know you better and to adapt our services to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work in this regard much easier because we can view and analyse the statistics from Google products directly in the dashboard. This means we no longer have to log in separately for each tool. Site Kit thus always provides a good overview of the most important analysis data.

Welche Daten werden von Google Site Kit gespeichert?

If you have actively consented to tracking tools in the cookie notice (also known as a script or banner), Google products such as Google Analytics will set cookies and send data about your user behaviour to Google, where it will be stored and processed. This includes personal data such as your IP address.

For more detailed information on the individual services, we have dedicated text sections within this privacy policy. For example, please refer to our privacy policy on Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how you can prevent data storage. Likewise, we also have separate privacy policies with comprehensive information for other Google services, such as Google Tag Manager or Google AdSense.

The following are example Google Analytics cookies that may be set in your browser, provided you have generally consented to data processing by Google. Please note that these cookies are only a selection:

Name: _ga
Value2.1326744211.152312557314-2
Purpose: By default, analytics.js uses the _ga cookie to store the User ID, which is primarily used to distinguish website visitors.
Expiry date after 2 years

Name: _gid
Value2.1687193234.152312557314-7
Purpose: This cookie also serves to distinguish website visitors.
Expiry date after 24 hours

Name: _gat_gtag_UA_
Value 1
Purpose: This cookie is used to throttle the request rate.
Expiry date after 1 minute

How long and where will the data be stored?

Google stores collected data on its own Google servers, which are distributed globally. Most servers are located in the United States, so it is quite possible that your data will also be stored there. https://www.google.com/about/datacenters/locations/?hl=de You see exactly where the company provides servers.

Data collected by Google Analytics are stored for a standard period of 26 months. Following this, your user data will be deleted. The retention period applies to all data linked to cookies, user identification and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to obtain information about your data, have your data deleted, corrected or restricted. You can also deactivate, delete or manage cookies in your browser at any time.

If you want to generally disable, delete, or manage cookies, you will find links to the respective instructions for the most common browsers under the „Cookies“ section.

Legal basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie popup. According to Art. 6(1)(a) GDPR (Consent) the legal basis for the processing of personal data, as may occur during collection by web analytics tools.

In addition to consent, we also have a legitimate interest in analysing the behaviour of website visitors in order to technically and economically improve our offering. With the help of Google Site Kit, we can recognise website errors, identify attacks and improve profitability. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Site Kit if you have given your consent.

Google processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the lawfulness and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for transfers of data there, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/

To find out more about how Google processes data, we recommend Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary
Website Visitors
🤝 Purpose: Contact requests and general communication between us and you
Processed data: Data such as name, address, email address, telephone number, general content data, and where applicable, IP address.
More details on this can be found with the tools used in each case.
📅 Storage duration: depends on the messenger and communication functions used
Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests), Art. 6(1) sentence 1(b) GDPR (Contractual or pre-contractual obligations)

What are messaging and communication features?

On our website, we offer various ways to communicate with us (such as messenger and chat functions, online or contact forms, email, telephone). Your data will also be processed and stored in so far as it is necessary for the purpose of responding to your enquiry and for our subsequent actions.

In addition to traditional communication methods such as email, contact forms, or telephone, we also use chats and messengers. The most frequently used messenger function currently is WhatsApp, but there are of course many different providers specifically for websites that offer messenger functions. If content is end-to-end encrypted, this is indicated in the respective data protection texts or in the privacy policy of the provider. End-to-end encryption means nothing more than that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Warum nutzen wir Messenger- und Kommunikationsfunktionen?

Communication channels with you are of great importance to us. After all, we want to talk to you and answer all possible questions about our service as best we can. Good communication is an important part of our service. With our practical messenger and communication functions, you can choose the ones you prefer at any time. In exceptional cases, however, it can also happen that we cannot answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In such cases, we recommend other communication options such as email or telephone.

We generally assume that we remain responsible for data protection, even when using the services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will point this out separately and will operate on the basis of an agreement to this effect. The essential points of the agreement are reproduced below for the relevant platform.

Please note that when using our embedded elements, data about you may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may make it more difficult for you to claim or enforce your rights regarding your personal data.

Welche Daten werden verarbeitet?

The exact data that is stored and processed depends on the respective provider of the messenger and communication functions. In principle, this includes data such as name, address, telephone number, email address, and content data, such as all information you enter into a contact form. Information about your device and your IP address is usually also stored. Data collected via a messenger and communication function is also stored on the providers' servers.

If you want to know precisely what data is stored and processed by the respective providers and how you can object to the data processing, you should carefully read the company's respective privacy policy.

How long is data stored for?

How long data is processed and stored depends primarily on the tools we use. You can find out more about the data processing of individual tools below. The providers' privacy policies typically state precisely which data is stored and processed for how long. In principle, personal data is only processed for as long as is necessary for the provision of our services. If data is stored in cookies, the storage duration varies greatly. The data can be deleted immediately after leaving a website, but it can also be stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about data storage. You will usually find informative details about individual cookies in the privacy policies of the individual providers as well.

Right of objection

You also have the right and the option at any time to withdraw your consent to the use of cookies or third parties. This can be done either via our cookie management tool or via other opt-out features. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. For further information, please refer to the section on consent.

As cookies may be used for messenger and communication functions, we also recommend our general cookie policy. To find out exactly what data is stored and processed by you, you should read the data protection declarations of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated messenger and communication functions, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). We process your request and manage your data within the scope of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer enquiries. The basis for this is Article 6(1)(b) GDPR. In principle, your data will also be processed on the basis of our legitimate interest, provided consent has been given (Art. 6(1)(f) GDPR) stored and processed for quick and good communication with you or other customers and business partners.

WhatsApp Privacy Policy

We use the instant messaging service WhatsApp on our website. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. (until October 2021 Facebook Inc.). For the European region, the company WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible.

What is WhatsApp?

We probably don't need to introduce WhatsApp to you in detail. The chances are relatively high that you use this well-known messaging service on your smartphone yourself. For many years, there have been voices criticising WhatsApp and its parent company Meta Platforms regarding the handling of personal data. In recent years, the main criticism has focused on the merging of WhatsApp user data with Facebook. Facebook reacted to this in 2021 and adjusted the terms of service. In these, Facebook announced that currently (as of 2021) no personal data from WhatsApp users would be shared with Facebook.
Nevertheless, a number of your personal data will of course be processed by WhatsApp, provided you use WhatsApp and have agreed to data processing. In addition to your phone number and chat messages, this also includes sent photos, videos, and profile data. However, photos and videos are only intended to be temporarily cached, and all messages and calls are end-to-end encrypted. Therefore, they should not be viewable even by Meta itself. Furthermore, information from your address book and other metadata are also stored by WhatsApp.

Why do we use WhatsApp?

We'd like to stay in touch with you and WhatsApp is the best way to do that. Firstly, because the service works flawlessly, and secondly, because WhatsApp is still the most widely used instant messaging tool worldwide. The service is practical and allows for straightforward and quick communication with you.

How secure is data transfer on WhatsApp?

WhatsApp processes data about you, including in the USA. Please note that, according to the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. This may be associated with various risks to the lawfulness and security of data processing.
WhatsApp uses Standard Contractual Clauses (SCCs) – as per Article 46(2) and (3) of the GDPR – as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and specifically in the USA) or for transferring data to such countries. Standard Contractual Clauses are model clauses provided by the EU Commission and are intended to ensure that your data continues to comply with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, WhatsApp undertakes to adhere to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an Implementing Decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Information regarding data transfer on WhatsApp that complies with the Standard Contractual Clauses can be found at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927

We hope we have provided you with the most important information regarding the use of WhatsApp and its data processing. You can find out more about the data processed through the use of WhatsApp in the Privacy Policy at https://www.whatsapp.com/privacy.

Social Media Introduction

Social Media Privacy Policy Summary
Website Visitors
🤝 Purpose: Presentation and optimisation of our service offering, contact with visitors, prospects etc., advertising
Processed Data: Data such as phone numbers, email addresses, contact details, user behaviour data, device information, and your IP address.
More details on this can be found with the respective social media tool used.
Storage duration: dependent on the social media platforms used
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Was ist Social Media?

In addition to our website, we are also active on various social media platforms. This may involve the processing of user data so that we can specifically target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be directly embedded in our website. This is the case, for example, when you click on a so-called social button on our website and are directly redirected to our social media presence. Social media refers to websites and apps on which registered members can produce content, exchange content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you switch to our social media content quickly and without complications.

The data stored and processed through your use of a social media channel primarily serves the purpose of enabling web analytics. The aim of these analyses is to develop more precise and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and to create so-called user profiles. This also allows platforms to present you with tailor-made advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behaviour.

We generally assume that we remain responsible under data protection law, even when using services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform, together with us, can be jointly responsible within the meaning of Art. 26 GDPR. Where this is the case, we will point this out separately and operate under a corresponding agreement. The essential points of the agreement are then reproduced below for the affected platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may mean that you are no longer able to easily assert or enforce your rights regarding your personal data.

Welche Daten werden verarbeitet?

The exact data that is stored and processed depends on the respective social media platform provider. However, it is usually data such as phone numbers, email addresses, data that you enter into a contact form, user data such as which buttons you click, who you like or who you follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile with the visited social media channel yourself and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the provider's servers. Therefore, only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know precisely what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the respective company's privacy policy. Even if you have questions about data storage and processing or wish to exercise corresponding rights, we recommend contacting the provider directly.

Duration of data processing

We will inform you further about the duration of data processing below, should we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with its own user data is deleted within two days. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. If, as is the case with accounting for example, it is legally required, this storage period may also be exceeded.

Right of objection

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers, such as embedded social media elements. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As social media tools may use cookies, we also recommend our general cookie policy. To find out precisely what data is stored and processed about you, please read the privacy policies of the respective tools.

Legal basis

If you have consented to data about you being processed and stored by embedded social media elements, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). In principle, your data will also be processed on the basis of our legitimate interest, provided consent has been given (Art. 6(1)(f) GDPR) saved and processed for fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie policies of the respective service provider.

Information on special social media platforms will be found in the following sections, where applicable.

Facebook Privacy Policy

Facebook Privacy Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed data: Data such as customer data, user behaviour data, information about your device, and your IP address.
More details on this can be found further down in the privacy policy.
📅 Retention period: until the data is no longer useful for Facebook's purposes
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Facebook tools?

We use selected Facebook tools on our website. Facebook is a social media network operated by Meta Platforms Inc. or, for the European region, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to offer you and people who are interested in our products and services the best possible experience.

If data is collected from you and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible. Facebook alone is responsible for the further processing of this data. Our common obligations have also been documented in a publicly accessible agreement under https://www.facebook.com/legal/controller_addendum anchored. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a data protection-compliant manner. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you direct a question to us, we are obliged to forward it to Facebook.

The following provides an overview of the different Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official designation from Facebook. However, as the term is barely known, we have decided to simply call them Facebook tools. These include, among others:

  • Facebook Pixel
  • social plugins (such as the „Like“ or „Share“ button)
  • Facebook Login
  • Account Kit
  • APIs (Application Programming Interface)
  • SDKs (Software Development Kits)
  • Platform integrations
  • Plugins
  • Codes
  • Specifications
  • Documentation
  • Technologies and Services

Through these tools, Facebook expands its services and gains the ability to obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We want to show our services and products only to people who are genuinely interested. Through advertising (Facebook Ads), we can reach exactly these people. For Facebook to show relevant ads, it needs information about people's desires and needs. This way, information about user behaviour (and contact details) on our website is made available to the company. This allows Facebook to collect better user data and display suitable advertising for our products or services to interested individuals. The tools therefore enable tailor-made advertising campaigns on Facebook.

Facebook refers to data about your behaviour on our website as „event data“. This is also used for measurement and analytics services. Facebook can thus create „campaign reports“ on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analytics, we gain a better insight into how you use our services, website or products. With some of these tools, we can optimise your user experience on our website. For example, with social plug-ins, you can share content on our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number and IP address can be transmitted.

Facebook uses this information to match the data with the data it has itself (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called „hashing“ is performed. This means that a data set of any size is transformed into a string of characters. This also serves to encrypt data.

In addition to contact details, „event data“ is also transmitted. „Event data“ refers to the information we receive about you on our website. For example, which sub-pages you visit or which products you buy from us. Facebook does not share the information received with third parties (such as advertisers), unless the company has explicit permission or is legally obliged to do so. „Event data“ can also be linked to contact details. This allows Facebook to offer better personalised advertising. After the aforementioned matching process, Facebook deletes the contact details again.

To deliver advertisements optimally, Facebook only uses event data when it has been aggregated with other data (which Facebook has collected in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, varying numbers of cookies will be created in your browser. We will provide more details on individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where will the data be stored?

Essentially, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been cross-referenced with its own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to access, rectify, port, and erase your data.

Your data will only be completely deleted if you delete your Facebook account permanently. And this is how to delete your Facebook account:

1) Click on Settings on the right-hand side of Facebook.

2) Next, click on „Your Facebook Information“ in the left-hand column.

3) Now click “Deactivation and deletion”.

4) Select „Delete Account“ and then click „Continue and Delete Account“.“

5) Now enter your password, click „Next“, and then click „Delete Account“.“

The data that Facebook receives via our website is stored using cookies (e.g., with social plugins). You can deactivate, delete, or manage individual or all cookies in your browser. The way this works varies depending on the browser you use. In the „Cookies“ section, you will find the corresponding links to the specific instructions for the most popular browsers.

If you do not want cookies at all, you can configure your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to data about you being processed and stored by integrated Facebook tools, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). In principle, your data will also be processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) saved and processed for fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text on cookies carefully and view the privacy policy or cookie guidelines of Facebook.

Facebook processes data about you, including in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks to the legality and security of data processing.

When processing data with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. particularly in the USA) or transferring data there, Facebook uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards, even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to adhere to the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook Data Processing Terms, which comply with the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope that we have provided you with the most important information on the use and data processing by Facebook's tools. If you want to learn more about how Facebook uses your data, we recommend the data policy on https://www.facebook.com/privacy/policy/.

Facebook Social Plugins Privacy Policy

Our website incorporates social plug-ins from Meta Platforms Inc. You can recognise these buttons by the classic Facebook logo, such as the „Like“ button (the hand with an upraised thumb), or by a clear „Facebook Plug-in“ label. A social plug-in is a small part of Facebook integrated into our page. Each plug-in has its own function. The most commonly used functions are the well-known “Like” and “Share” buttons.

The following social plug-ins are offered by Facebook:

  • “Save button
  • “Like, Share, Send and Quote
  • Page plugin
  • Comments
  • Messenger Plug-in
  • Embedded posts and video player
  • Group plug-in

Up https://developers.facebook.com/docs/plugins receive more detailed information on how individual plug-ins are used. We use social plug-ins on the one hand to offer you a better user experience on our site, and on the other hand because Facebook can then optimise our advertisements.

If you have a Facebook account or https://www.facebook.com/ If you have already visited, Facebook has already set at least one cookie in your browser. In this case, your browser will send information to Facebook via this cookie as soon as you visit our page or interact with social plug-ins (e.g. the „Like“ button).

The information received will be deleted or anonymised within 90 days. According to Facebook, this data includes your IP address, which website you visited, the date, the time and other information relating to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and associating it with Facebook data, you must log out of Facebook during your website visit.

If you are not logged into Facebook or do not have a Facebook account, your browser will send less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you are visiting can be transmitted to Facebook. We would also like to point out that we do not know the exact content of the data. However, we try to inform you as best as possible about data processing based on our current knowledge. You can also find out how Facebook uses the data in the company's data policy at https://www.facebook.com/about/privacy/update read up.

The following cookies will be set in your browser at a minimum when you visit a website with Facebook social plug-ins:

Name: DPR
Value Not specified
Purpose: This cookie is used to enable social plugins on our website to function.
Expiry date after the meeting has ended

Name: fr
Value 0jieyh4312557314c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is also necessary for the plug-ins to function correctly.
Expiry date after 3 months

Note: These cookies were set following a test, even if you are not a Facebook member.

Sofern Sie bei Facebook angemeldet sind, können Sie Ihre Einstellungen für Werbeanzeigen unter https://www.facebook.com/adpreferences/advertisers/ yourself. If you are not a Facebook user, you can https://www.youronlinechoices.com/de/praferenzmanagement/?tid=312557314 fundamentally manage your usage-based online advertising. There you have the option to deactivate or activate providers.

If you want to learn more about Facebook's data protection, we recommend the company's own data policy at https://www.facebook.com/privacy/policy/.

Facebook Fanpage Privacy Policy

We also have a Facebook Fan Page for our website. The service provider is the American company Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Facebook processes data about you, including in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks to the legality and security of data processing.

When processing data with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. particularly in the USA) or transferring data there, Facebook uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards, even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to adhere to the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook Data Processing Addendum, which corresponds to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy.

Instagram Privacy Policy

Instagram Privacy Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed data: Data such as data on user behaviour, information about your device, and your IP address.
More details on this can be found further down in the privacy policy.
📅 Retention period: until Instagram no longer needs the data for its purposes
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Instagram?

We have integrated Instagram features onto our website. Instagram is a social media platform owned by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is part of Facebook's products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos, or videos from Instagram directly on our website. When you access pages on our website that have an integrated Instagram feature, data is transmitted to, stored, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data will therefore be processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what kind of data it is, and how you can largely control the data processing. As Instagram belongs to Meta Platforms Inc., we draw our information from both Instagram's policies and Meta's privacy policies.

Instagram is one of the best-known social media networks worldwide. Instagram combines the benefits of a blog with the benefits of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos to „Insta“ (as many users casually call the platform), edit them with various filters, and also share them on other social networks. And if you don't want to be active yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?

Instagram is that social media platform that has really taken off in recent years. And of course, we've reacted to this boom. We want you to feel as comfortable as possible on our website. That's why varied presentation of our content is a matter of course for us. Through the embedded Instagram functions, we can enrich our content with helpful, funny, or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalised advertising on Facebook. This way, our advertisements are only shown to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarised statistics and thus gain more insight into your wishes and interests. It is important to mention that these reports do not identify you personally.

Which data is stored by Instagram?

If you come across one of our pages that has integrated Instagram features (such as Instagram images or plug-ins), your browser will automatically connect to Instagram's servers. Data will then be sent, stored, and processed by Instagram. This applies whether or not you have an Instagram account. This data includes information about our website, your computer, purchases made, advertisements you see, and how you use our services. Furthermore, the date and time of your interaction with Instagram will also be stored. If you have an Instagram account or are logged in, Instagram will store a significantly larger amount of data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the same for Instagram. Customer data includes, for example, name, address, telephone number and IP address. This customer data will only be transmitted to Instagram after it has been „hashed“. Hashing means that a data record is transformed into a string of characters. This allows contact data to be encrypted. In addition, the „event data“ mentioned above will also be transmitted. Event data is understood by Facebook – and consequently by Instagram – to mean data about your user behaviour. It can also happen that contact data is combined with event data. The contact data collected will be matched with the data that Instagram already has from you.

Collected data is transmitted to Facebook via small text files (cookies) that are mostly set in your browser. Depending on the Instagram features used and whether you have an Instagram account yourself, varying amounts of data will be stored.

We assume that data processing works the same way on Instagram as it does on Facebook. This means: if you have an Instagram account, or www.instagram.com If you have visited it, Instagram has at least set a cookie. If this is the case, your browser will send information to Instagram via the cookie as soon as you interact with an Instagram feature. These data will be deleted or anonymised after 90 days at the latest (after reconciliation). Although we have dealt intensively with Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

Below we show you cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will naturally be set in your browser.

These cookies were used during our test:

Name: csrftoken
Value “”
Purpose: This cookie is very likely set for security reasons to prevent request forgery. However, we could not find out more precisely.
Expiry date after a year

Name: middle
Value “”
Purpose: This cookie is set by Instagram to optimise its services and offers both on and off Instagram. The cookie sets a unique user ID.
Expiry date at the end of the session

Name: fbsr_312557314124024
Value No details
Purpose: This cookie stores the login request for users of the Instagram app.
Expiry date at the end of the session

Name: Rur
Value ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date at the end of the session

Name: urlgen
Value “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe312557314”
Purpose: This cookie is for Instagram's marketing purposes.
Expiry date at the end of the session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where will the data be stored?

Instagram shares the information received between Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is distributed across Facebook servers around the world, for security reasons among others. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, rectification, and erasure of your data. You can manage your data in your Instagram settings. If you wish to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on „Help Centre“. You will now land on the company's website. On the website, click on „Manage your account“ and then on „Delete your account“.

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and therefore will not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, disable, or delete these cookies from your browser. The management process works slightly differently depending on your browser. Under the „Cookies“ section, you will find the relevant links to the specific instructions for the most well-known browsers.

You can also generally configure your browser to inform you whenever a cookie is about to be set. This means you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to data about you being processed and stored by embedded social media elements, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). In principle, your data will also be processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) We store and process data for quick and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Instagram and Facebook process data in the USA, among other places. We wish to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. particularly in the USA) or for data transfers there, Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46(2) and (3) GDPR). These clauses oblige Facebook to maintain the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision as well as the clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. On https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect Can you elaborate further on Instagram's data policies.

Partner Programmes Introduction

Partner Programme Privacy Policy Summary
Website Visitors
Purpose: economic success and the optimisation of our service performance.
Processed data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behaviour, click behaviour, and IP addresses. Personal data such as name or email address may also be processed.
📅 Storage duration: personal data is mostly stored by partner programmes until it is no longer required
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Was sind Partnerprogramme?

We use affiliate programmes from various providers on our website. By using an affiliate programme, data can be transferred, stored, and processed by the respective affiliate programme provider. In this privacy text, we provide a general overview of data processing through affiliate programmes and show you how you can prevent or revoke data transfer. Every affiliate programme (also called a partnership programme) is based on the principle of a referral commission. A link or advertisement with a link is placed on our website, and if you are interested in it, click on it, and purchase a product or service through this channel, we will receive a commission (advertising cost reimbursement) for it.

Why do we use affiliate programmes on our website?

Our aim is to provide you with an enjoyable time with plenty of helpful content. To achieve this, we invest a great deal of work and time into the development of our website. Through affiliate programmes, we have the opportunity to be compensated a little for our work. Every affiliate link is, of course, always related to our theme and shows offers that might interest you.

Welche Daten werden verarbeitet?

So that it can be understood whether you have clicked a link inserted by us, the affiliate programme provider must know that it was you who followed the link via our website. Therefore, the inserted affiliate programme links must be correctly assigned to the following actions (closing of a deal, purchase, conversion, impression, etc.). Only then can the settlement of commissions also function.

For this mapping to work, a value can be appended to a link (in the URL) or information can be stored in cookies. This would store, for example, which page you came from (referrer), when you clicked the link, an identifier for our website, which offer it is, and a user identifier.

This means that as soon as you interact with products and services from an affiliate programme, the provider will also collect data from you. Exactly what data is stored depends on the individual providers. For example, Amazon's affiliate programme distinguishes between active and automatic information. Active information includes name, email address, telephone number, age, payment information, or location details. In this case, automatically stored information includes user behaviour, IP address, device information, and the URL.

Duration of data processing

We will inform you about the duration of data processing further down, should we have more information on this. Generally, personal data is only processed for as long as is necessary to provide the services and products. Data stored in cookies are kept for varying lengths of time. Some cookies are deleted again as soon as you leave the website, while others can be stored in your browser for several years if not actively deleted. The exact duration of data processing depends on the provider used; generally, you should expect a storage period of several years. The respective privacy policies of the individual providers usually provide precise information about the duration of data processing.

Right of objection

You always have the right to access, rectify, and erase your personal data. Should you have any questions, you can also contact the persons responsible at the partner programme provider at any time. Contact details can be found either in our specific data protection declaration or on the website of the respective provider.

You can delete, deactivate or manage cookies used by providers for their functions within your browser. The way this works will vary depending on the browser you are using.

Legal basis

If you have consented to the use of affiliate programmes, the legal basis for the relevant data processing is this consent. According to Art. 6(1)(a) GDPR (Consent) the legal basis for processing personal data, as may occur when collected via an affiliate programme.

From our side, we also have a legitimate interest in using a partner programme to optimise our online service and our marketing measures. The relevant legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We shall only use the partner program if you have given your consent.

Information about special partner programmes, if any, can be found in the following sections.

Amazon Partnerprogramma Verklaring van het privacybeleid

Amazon Associate Programme Privacy Policy Summary
Website Visitors
Purpose: economic success and the optimisation of our service performance.
Processed data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behaviour, click behaviour, and IP addresses. Personal data such as name or email address may also be processed.
📅 Storage duration: Personal data is stored by Amazon until it is no longer needed
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What is the Amazon Associates programme?

We use the Amazon Partner Program of Amazon.com, Inc. on our website. The responsible parties within the meaning of the data protection declaration are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l., and Amazon Media EU S.à.r.l., all four located at 5, Rue Plaetis, L-2338 Luxembourg, as well as Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich. Amazon Deutschland Services GmbH, Marcel-Breuer-Str. 12, 80807 Munich, acts as the data processor. By using this Amazon Partner Program, data from you may be transferred to, stored, and processed by Amazon.

In this privacy policy, we will inform you about what data is involved, why we use the programme, and how you can manage or prevent data transmission.

The Amazon Associates programme is an affiliate marketing programme run by the online retailer Amazon.co.uk. Like all affiliate programmes, the Amazon Associates programme is based on the principle of referral commission. Amazon, or rather we, place advertising or affiliate links on our website, and if you click on them and buy a product through Amazon, we receive advertising compensation (a commission).

We use the Amazon Affiliate Programme on our website because...

Our goal is to provide you with an enjoyable time with plenty of helpful content. To achieve this, we invest a great deal of work and energy into developing our website. With the help of the Amazon Affiliate Programme, we have the opportunity to be a little rewarded for our work. Every affiliate link to Amazon naturally always relates to our topic and shows offers that might interest you.

Welche Daten werden durch das Amazon-Partnerprogramm gespeichert?

As soon as you interact with Amazon's products and services, Amazon collects data from you. Amazon distinguishes between information that you actively provide to the company and information that is automatically collected and stored. The “active information” includes, for example, your name, email address, telephone number, age, payment information or location information. So-called „automatic information“ is primarily stored via cookies. This includes information on user behaviour, IP address, device information (browser type, location, operating systems) or the URL. Amazon also stores the clickstream. This refers to the path (sequence of pages) that you as a user take to reach a product. Amazon also stores cookies in your browser in order to be able to trace the origin of an order. In this way, the company recognises that you have clicked on an Amazon advertisement or a partner link via our website.

If you have an Amazon account and are logged in while browsing our website, the data collected can be assigned to your account. You can prevent this by logging out of Amazon before browsing our website.

Here we show you example cookies that are set in your browser when you click on an Amazon link on our website.

Name: uid
Value 3230928052675285215312557314-9
Purpose: This cookie stores a unique user ID and collects information about your website activity.
Expiry date After 2 months

Namead-id
Value AyDaInRV1k-Lk59xSnp7h5o
Purpose: This cookie is provided by amazon-adsystem.com and is used by the company for various advertising purposes.
Expiry date after 8 months

Nameuuid2
Value 8965834524520213028312557314-2
Purpose: This cookie enables targeted and interest-based advertising via the AppNexus platform. The cookie collects and stores anonymous data, such as via the IP address, about which advertisements you have clicked on and which pages you have viewed.
Expiry date after 3 months

NameSession ID
Value 262-0272718-2582202312557314-1
Purpose: This cookie stores a unique user ID assigned to you by the server for the duration of a website visit (session). If you revisit the same page, the information stored within it will be retrieved again.
Expiry date after 15 years

NameAPID
Value UP9801199c-4bee-11ea-931d-02e8e13f0574
Purpose: This cookie stores information on how you use a website and what advertisements you have viewed before visiting the website.
Expiry date after a year

Namesession-id-time
Value tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Purpose: This cookie records the time you spend on a webpage with a unique cookie ID.
Expiry date after 2 years

Namecsm-hit
Value 2082754801l
Purpose: We couldn't get accurate information about this cookie.
Expiry date after 15 years

Note: Please note that this list only shows cookie examples and cannot claim to be exhaustive.

Amazon uses this received information to tailor advertisements more precisely to users' interests.

How long and where will the data be stored?

Personal data is stored by Amazon for as long as it is necessary for Amazon's business services or required for legal reasons. As the company Amazon is headquartered in the USA, the collected data is also stored on American servers.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. If you have an Amazon account, you can manage or delete much of the data collected within your account.

Another option for managing data processing and storage by Amazon according to your preferences is offered by your browser. There, you can manage, disable, or delete cookies. This works a little differently for each browser. Under the „Cookies“ section, you will find the corresponding links to the respective instructions for the most well-known browsers.

Legal basis

If you have consented to the use of the Amazon Associates Programme, the legal basis for the processing of the corresponding data is this consent. This consent, according to Art. 6(1)(a) GDPR (Consent) the legal basis for the processing of personal data, as may occur during collection by the Amazon Associates Programme.

Furthermore, we have a legitimate interest in using the Amazon Affiliate Programme to optimise our online services and marketing measures. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the Amazon Partner Programme if you have given your consent.

Amazon processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks to the lawfulness and security of data processing.

Amazon uses Standard Contractual Clauses (SCCs) (= Art. 46(2) and (3) GDPR) as the basis for data processing by recipients established in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. particularly the USA) or for data transfers there. Standard Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, Amazon undertakes to adhere to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon Data Processing Addendum (AWS GDPR DATA PROCESSING), which complies with the Standard Contractual Clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

We hope we have brought you closer to the most important information about data transfer through the use of the Amazon Partner Program. You can find more information at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.

Credit check agencies Introduction

Credit reference agencies privacy policy summary
👥 Affected Parties: Customers
🤝 Purpose: Creditworthiness and Credit Assessment
Processed data: stock data, payment data, contact data, contract data
Storage duration: dependent on the test points used
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Credit agencies.

For some of our online transactions, we use credit agencies to obtain information about your creditworthiness if we are to provide services in advance. The agencies calculate a statistical probability of default. This means we receive information about how likely it is, for example, that you will be able to pay your bill. Based on this information, we can better decide whether or not to provide certain services in advance. Therefore, if a credit check result is negative, we may also refuse services in advance (such as payment by invoice).

Why do we use credit reference agencies?

In our business, it frequently occurs that we provide a service before the contractually agreed consideration or accept similar economic risks. This is always the case, for example, with orders on account. In order to protect our legitimate interests, we can obtain identity and credit checks. In this process, credit risk is assessed using a mathematical-statistical method by credit checking agencies (credit bureaus).

Welche Daten werden verarbeitet?

The decision on whether or not to provide credit in advance is made by software working with information from the credit agency, based on an automated individual decision (= Art. 22 GDPR). Data that is typically processed includes your name, address, bank details, invoices, payment history, contact details such as email address and telephone number, as well as contract data such as term, customer information and the subject matter of the contract. Further information on data processing can be found in the respective privacy policies of the credit agencies.

Duration of data processing

The length of time data is processed and stored depends primarily on the credit reporting agencies we use. Further down, you can find out more about the data processing of each provider. The providers' privacy policies usually state precisely which data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary for the provision of our services. If data is stored in cookies, the storage duration varies greatly. In most cases, you will also find informative details about individual cookies in the respective provider's privacy policy.

Legal basis

When we obtain consent from our contractual partners, this also serves as the legal basis (Article 6(1)(a) GDPR) for the credit report and also for the transmission of data of the customer to a credit agency. If this consent is not given, the legal basis is our legitimate interest (Article 6(1)(f) GDPR) in creditworthiness. If we obtain consent from you, this is also the legal basis for credit information and data transmission.

We have no influence on the concrete examination process or the profiling of the credit reporting agencies we use, and therefore on the correctness or appropriateness of the result. In this respect, we are not responsible under data protection law. The responsibility in this respect remains solely with the credit reporting agency, whose data protection information we refer to below. Our responsibility exists only for obtaining and using a credit report created by a third party in individual cases.

Audio & Video Introduction

Audio & Video Data Protection Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed Data: Data such as contact details, user behaviour data, information about your device, and your IP address may be stored.
More details on this can be found in the relevant data protection texts below.
📅 Storage duration: Data is generally stored for as long as it is necessary for the purpose of the service.
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are audio and video elements?

We have embedded audio and video elements on our website to allow you to watch videos or listen to music/podcasts directly via our website. The content is provided by service providers. Therefore, all content is also sourced from the respective providers' servers.

These are embedded functional elements from platforms such as YouTube, Vimeo or Spotify. The use of these portals is generally free of charge, but paid content can also be published. With the help of these embedded elements, you can listen to or watch the respective content via our website.

If you use audio or video elements on our website, personal data relating to you may also be transmitted, processed, and stored by the service providers.

Why do we use audio & video elements on our website?

Naturally, we want to provide you with the best offer on our website. And we are aware that content is no longer conveyed merely through text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website, which are entertaining, informative, or ideally, both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio and video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the server of the service provider. Your data is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system and other general information about your end device. In addition, most providers also collect information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked on or which website you used to access the service. All this information is usually stored using cookies or pixel tags (also known as web beacons). Pseudonymised data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long data is stored on third-party servers either further down in the privacy text of the respective tool or in the provider's privacy policy. In principle, personal data is always processed only for as long as is absolutely necessary for the provision of our services or products. This generally also applies to third-party providers. You can usually assume that certain data will be stored on third-party servers for several years. Data can be stored for varying lengths of time, especially in cookies. Some cookies are deleted again immediately after leaving the website, while others can be stored in your browser for several years.

Right of objection

You also have the right and the option at any time to withdraw your consent to the use of cookies or third parties. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. The lawfulness of the processing up to the point of withdrawal remains unaffected.

Since the embedded audio and video functions on our site also use cookies in most cases, you should also read our general cookie policy. You will find more information about the handling and storage of your data in the privacy policies of the respective third-party providers.

Legal basis

If you have consented to data about you being processed and stored by embedded audio and video elements, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). In principle, your data will also be processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) We store and process this data to ensure quick and effective communication with you, other customers, and business partners. We only use the embedded audio and video elements if you have given your consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed Data: Data such as contact details, user behaviour data, information about your device, and your IP address may be stored.
You can find more details about this further down in this privacy policy.
📅 Storage duration: Data is generally stored for as long as it is necessary for the purpose of the service.
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to YouTube's or Google's servers. Depending on your settings, various data will be transferred. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing within the European region.

Below, we will explain in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos themselves for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. So that we can display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Warum verwenden wir YouTube-Videos auf unserer Website?

YouTube is the most visited video platform with the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos shouldn't be missing. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. Furthermore, our website is more easily found on the Google search engine thanks to the embedded videos. Even when we advertise through Google Ads, Google – thanks to the data collected – can really only show these ads to people who are interested in our offers.

Welche Daten werden von YouTube gespeichert?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Further data can include contact details, any ratings, sharing content via social media, or adding to your favourites on YouTube.

If you are not signed into a Google Account or YouTube account, Google stores data associated with a unique identifier linked to your device, browser, or app. For example, this keeps your preferred language setting. However, many interaction data cannot be saved because fewer cookies are being set.

In the following list, we show cookies that were set in a browser test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be exhaustive, as user data always depends on interactions on YouTube.

Name: YSC
Value b9-CV6ojI5Y312557314-1
Purpose: This cookie registers a unique ID to store statistics of the videos watched.
Expiry date after the meeting has ended

Name: PREF
Value f1=50000000
Purpose: This cookie also registers your unique ID. Through PREF, Google receives statistics on how you use YouTube videos on our website.
Expiry date after 8 months

Name: GPS
Value 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date after 30 minutes

Name: VISITOR_INFO1_LIVE
Value 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube videos).
Expiry date after 8 months

Further cookies set when you are logged in with your YouTube account:

Name: APISID
Value zILlvClZSkqGsSwI/AU1aZI6HY7312557314-
Purpose: This cookie is used to build a profile of your interests, with the data being used for personalised advertisements.
Expiry date after 2 years

Name: CONSENT
Value YES+AT.de+20150628-20-0
Purpose: The cookie stores a user's consent status for the use of various Google services. CONSENT also serves security purposes, to verify users and protect user data from unauthorised attacks.
Expiry date after 19 years

Name: HSID
Value AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalised advertising.
Expiry date after 2 years

Name: Login Information
Value AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login details.
Expiry date after 2 years

Name: SAPISID
Value 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie uniquely identifies your browser and device. It is used to build a profile of your interests.
Expiry date after 2 years

Name: SID
Value oQfNKjAsI312557314-
Purpose: This cookie stores your Google Account ID and the time of your last sign-in in digitally signed and encrypted form.
Expiry date after 2 years

Name: SIDCC
Value AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information on how you use the website and what advertising you may have seen before visiting our site.
Expiry date after 3 months

How long and where will the data be stored?

The data that YouTube receives and processes from you is stored on Google's servers. Most of these servers are located in America. Under https://www.google.com/about/datacenters/locations/?hl=de See exactly where the Google data centres are located. Your data is distributed across servers. This way, data can be accessed more quickly and is better protected against manipulation.

Google stores the data it collects for different lengths of time. Some data can be deleted at any time, other data is automatically deleted after a limited time, and some data is stored by Google for longer periods. Some data (such as items from „My Activity“, photos or documents, products) stored in your Google Account remain until you delete them. You can also delete some data linked to your device, browser, or app, even if you're not signed in to a Google Account.

How can I delete my data or prevent data storage?

Fundamentally, you can manually delete data in your Google Account. With the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Whether or not you have a Google account, you can configure your browser to delete or disable Google cookies. The method for doing this varies depending on the browser you use. In the „Cookies“ section below, you'll find relevant links to instructions for the most popular browsers.

If you do not want cookies at all, you can configure your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to data about you being processed and stored by embedded YouTube elements, this consent is considered the legal basis for data processing. (Art. 6(1)(a) GDPR). In principle, your data will also be processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) stored and processed for quick and good communication with you or other customers and business partners. We only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and consult the data protection declaration or the cookie guidelines of the respective service provider.

YouTube processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and therefore particularly in the USA) or for data transfers there, YouTube uses standard contractual clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses oblige YouTube to maintain the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.

Webdesign Introduction

Web Design Privacy Policy Summary
Website Visitors
Purpose: Improving user experience
Processed Data: The data that is processed depends heavily on the services used. This usually includes the IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found on the respective web design tools used.
📅 Retention period: depends on the tools used
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Webdesign ist der Prozess des Planens und Erstellens von Websites. Es ist die Gestaltung der visuellen und funktionalen Aspekte einer Website, einschliesslich Layout, Farben, Typografie, Navigation und Benutzererfahrung.

We use various tools on our website that serve our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course the right look of a website is also one of the major goals of professional web design. Web design is a branch of media design and deals with the visual as well as the structural and functional design of a website. The aim of web design is to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. Usability is a sub-item of user experience. This refers to the user-friendliness of a website. The main focus here is on ensuring that content, subpages or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use third-party web design tools. The „web design“ category in this privacy policy therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on the structure, functionality, and visual perception of the site. Therefore, good and professional web design has become increasingly important for us. We are constantly working on improving our website and also see this as an extended service for you as a website visitor. Furthermore, an attractive and functional website also has economic advantages for us. Ultimately, you will only visit us and use our services if you feel completely comfortable.

Which data are stored by web design tools?

When you visit our website, web design elements may be embedded in our pages which can also process data. The exact type of data processed naturally depends heavily on the tools used. Further down, you will see precisely which tools we use for our website. For more information on data processing, we also recommend reading the respective privacy policies of the tools used. You will usually find out there what data is processed, whether cookies are used, and how long the data is stored. For example, fonts such as Google Fonts automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.

Duration of data processing

The length of time data is processed is highly individual and depends on the web design elements used. If cookies are used, for example, the retention period can be as short as one minute or as long as a few years. Please familiarise yourself with this. For this, we recommend our general text section on cookies and the privacy policies of the tools used. They usually tell you exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is intended to improve a website's loading time. In principle, data is always stored only for as long as is necessary to provide the service. Data may also be stored for longer periods due to legal requirements.

Right of objection

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. However, with web design elements (mostly fonts), there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is accessed and transmitted to a third-party provider (such as Google). In such cases, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the relevant data processing is this consent. According to Art. 6 (1) (a) GDPR (Consent), this consent forms the legal basis for the processing of personal data, as may occur when collected by web design tools. Furthermore, we have a legitimate interest in improving the web design on our website. After all, this is the only way we can provide you with an attractive and professional web offering. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). We only use web design tools to the extent that you have given your consent. We would like to emphasise this again here in any case.

Information about special web design tools can be found in the following sections, if available.

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary
Website Visitors
Purpose: Optimisation of our service performance
Processed data: Data such as IP address and CSS and font requests
You can find more details about this further down in this privacy policy.
📅 Storage duration: Font files are stored with Google for one year
Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

Was sind Google Fonts?

On our website, we use Google Fonts. These are the “Google fonts” from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to log in or provide a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't need to worry about your Google account data being transmitted to Google while using Google Fonts. Google collects data on the use of CSS (Cascading Style Sheets) and the fonts used, and stores this data securely. We will look at the exact nature of data storage in more detail.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provide to your users free of charge.

Many of these fonts are released under the SIL Open Font License, while others have been released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimised for the web and this saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

Welche Daten werden von Google gespeichert?

When you visit our website, the fonts are loaded via a Google server. This external call transmits data to Google's servers. This way, Google also recognises that you, or rather your IP address, have visited our website. The Google Fonts API was developed to reduce the use, storage and collection of end-user data to what is necessary for the proper provision of fonts. incidentally, API stands for „Application Programming Interface“ and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely with Google, making it protected. The usage figures collected allow Google to determine how well individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Furthermore, Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in Google Fonts' BigQuery database. Businesses and developers use the Google web service BigQuery to examine and move large amounts of data.

However, it should also be borne in mind that every Google Font request automatically transfers information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where will the data be stored?

Google stores requests for CSS assets on its servers, which are mainly located outside the EU, for one day. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a style template that allows you to easily and quickly change, for example, the design or font of a website.

The font files are stored by Google for one year. Google's aim with this is to fundamentally improve the loading times of websites. If millions of websites refer to the same fonts, they will be cached after the first visit and will immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is called up. To delete this data prematurely, you must contact Google Support. https://support.google.com/?hl=de&tid=312557314 Contact us. You can only prevent data storage in this case by not visiting our site.

Unlike other web fonts, Google grants us unrestricted access to all fonts. This allows us to tap into a sea of fonts without limitation and make the most of our website. You can find more information about Google Fonts and other queries at https://developers.google.com/fonts/faq?tid=312557314. Google does address data protection matters there, but really detailed information about data storage is not included. It is relatively difficult to get really precise information from Google about stored data.

Legal basis

If you have consented to Google Fonts being used, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (Consent) the legal basis for processing personal data, as may occur when collected by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimise our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use Google Fonts if you have given your consent.

Google processes data from you in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the lawfulness and security of data processing.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for transfers of data there, Google uses so-called Standard Contractual Clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the Standard Contractual Clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

Welche Daten grundsätzlich von Google erfasst werden und wofür diese Daten verwendet werden, können Sie auch auf https://www.google.com/intl/de/policies/privacy/ read up.

Closing remarks

Congratulations! If you're reading these lines, you've really „battled“ your way through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we don't take the protection of your personal data lightly.
It is important to us to inform you about the processing of personal data to the best of our knowledge and belief. In doing so, we do not only want to tell you what data is processed, but also to explain the reasons for the use of various software programmes. Usually, data privacy policies sound very technical and legal. However, since most of you are neither web developers nor lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained at the end of the data privacy policy.
Should you have any questions regarding data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with Privacy Policy Generator from AdSimple