Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. For detailed information on data protection, please refer to our Privacy Policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact information in the “Information on the Responsible Party” section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website via our IT systems. This primarily consists of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time with future effect. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this matter or any other questions about data protection.

Analytics Tools and Third-Party Tools

When you visit this website, your browsing behavior may be statistically analyzed. This is primarily done using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following providers:

All-Inkl

The provider is ALL-INKL.COM - Neue Medien Münnich, owned by René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). For details, please refer to All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Art. 6(1)(f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Data Processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may primarily include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website visits, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following hosting provider(s):

ALL-INKL.COM - Neue Medien Münnich
Hauptstraße 68
D-02742 Friedersdorf

Data Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this privacy policy.

When you use this website, various types of personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.

Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Information on the Data Controller

The controller responsible for data processing on this website is:

Waterproof Web Wizard GmbH
Schmiduzweg 4
88255 Baienfurt

Phone: 075195899217
Email: hey@waterproof-web-wizard.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a more specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, provided that special categories of data pursuant to Art. 9(1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) TDDDG. Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The legal bases applicable in each individual case are described in the following sections of this Privacy Policy.

Recipients of Personal Data

As part of our business activities, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(e) E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) OF THE GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

Access, Rectification, and Erasure

Within the scope of applicable legal provisions, you have the right at any time to receive, free of charge, information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as, where applicable, the right to have this data corrected or erased. You may contact us at any time regarding this matter or any other questions about personal data.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this matter. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests against ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data—apart from its storage—may only be processed with your consent or for the purpose of asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of a substantial public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

We hereby object to the use of contact information published in accordance with the legal notice requirement for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited transmission of advertising information, such as via spam emails.

4. Data collection on this website

Cookies

Our website uses so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the execution of the electronic communication process, for the provision of specific functions you have requested (e.g., the shopping cart function), or for the optimization of the website (e.g., cookies for measuring website traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be revoked at any time.

You can configure your browser to be notified when cookies are set and to allow cookies only on a case-by-case basis, to exclude the acceptance of cookies for specific cases or generally, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

If additional cookies and services are used on this website, you can find this information in this privacy policy.

CCM19

Our website uses CCM19 to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter “CCM19”).

When you visit our website, a connection is established with CCM19’s servers to obtain your consents and other declarations regarding cookie usage. CCM19 then stores a cookie in your browser to associate the consents you have given or their revocation with you. The data collected in this manner is stored until you request its deletion, delete the CCM19 cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

CCM19 is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Data Processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

This data is not combined with other data sources.

The collection of this data is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, the server log files must be collected.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form—including the contact information you provided there—will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all personal data contained therein (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be revoked at any time.

The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among other tools, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (e.g., sender, recipient, and time). We also note that, according to its own statements, WhatsApp shares its users’ personal data with its parent company Meta, which is based in the United States. Further details on data processing can be found in WhatsApp’s Privacy Policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, prospective customers, and other business and contractual partners (Art. 6(1)(f) GDPR). If consent has been requested, data processing is based exclusively on that consent; this consent may be revoked at any time with future effect.

The content of communications exchanged between you and us on WhatsApp remains with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.

We use the “WhatsApp Business” version of WhatsApp.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have configured our WhatsApp accounts so that there is no automatic data synchronization with the address book on the smartphones in use.

We have entered into a Data Processing Agreement (DPA) with the aforementioned provider.

Google Calendar

On our website, you have the option to schedule appointments with us. We use Google Calendar for scheduling. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

To book an appointment, you enter the requested data and your preferred date into the form provided. The data you enter is used for planning, conducting, and, if necessary, following up on the appointment. The appointment data is stored for us on Google Calendar’s servers; you can view their privacy policy here: https://policies.google.com/privacy.

The data you enter will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies. Mandatory legal provisions—in particular retention periods—remain unaffected.

The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a legitimate interest in making it as easy as possible for prospective clients and customers to schedule appointments. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://workspace.google.com/terms/dpa_terms.html and here: https://cloud.google.com/terms/sccs.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Data Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Comment function on this website

For the comment function on this site, in addition to your comment, information regarding the time the comment was created, your email address, and—if you are not posting anonymously—the username you selected will be stored.

Storage of IP addresses

Our comment function stores the IP addresses of users who post comments. Since we do not review comments on this website before they are published, we require this data to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribing to comments

As a user of the site, you can subscribe to comments after logging in. You will receive a confirmation email to verify that you are the owner of the provided email address. You can unsubscribe from this feature at any time via a link in the informational emails. The data entered when subscribing to comments will be deleted in this case; however, if you have provided this data to us for other purposes or elsewhere (e.g., newsletter subscription), we will retain this data.

Retention Period for Comments

The comments and associated data are stored and remain on this website until the commented-on content has been completely deleted or the comments must be deleted for legal reasons (e.g., offensive comments).

Legal basis

Comments are stored based on your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time. To do so, simply send us an informal email. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.

5. Social Media

Facebook

Elements of the Facebook social network are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook, the collected data is also transferred to the United States and other third countries.

You can find an overview of Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s Privacy Policy at: https://de-de.facebook.com/privacy/explanation.

Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information regarding the use of the Facebook tool and for ensuring the tool is implemented on our website in compliance with data protection laws. Facebook is responsible for the data security of Facebook products. You can exercise your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.

X (formerly Twitter)

This website incorporates features of the X service (formerly Twitter). These features are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for data processing for individuals residing outside the United States.

When the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) thereby receives information that you have visited this website. By using X (formerly Twitter) and the “Retweet” or “Repost” function, the websites you visit are linked to your X (formerly Twitter) account and disclosed to other users. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by X (formerly Twitter). Further information on this can be found in X’s (formerly Twitter’s) privacy policy at: https://x.com/de/privacy.

Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.

You can change your privacy settings on X (formerly Twitter) in the account settings at https://x.com/settings/account.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/2710.

Instagram

This website incorporates features of the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information that you have visited this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can exercise your data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you exercise your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.

Further information on this can be found in Instagram’s Privacy Policy: https://privacycenter.instagram.com/policy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time you access a page on this website that contains LinkedIn elements, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited this website using your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn can associate your visit to this website with you and your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user’s origin. This data is aggregated into a user ID and assigned to the website visitor’s respective device.

Furthermore, we can use Google Analytics to track your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the United States and stored there.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymization

Google Analytics IP anonymization is enabled. This means that your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please refer to Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalized advertising. The data is also used to create anonymized statistics on our users’ behavior.

Data Processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities regarding the use of Google Analytics.

Google Analytics E-commerce Tracking

This website uses the “E-commerce Tracking” feature of Google Analytics. With the help of E-commerce Measurement, the website operator can analyze the purchasing behavior of website visitors to improve their online marketing campaigns. In this process, information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is collected. This data may be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Microsoft Advertising

The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising program provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising enables us to display advertisements in the Bing search engine or on third-party websites when the user enters specific search terms into Bing (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Microsoft (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

We use Microsoft Advertising’s Universal Event Tracking (UET) on this site. This involves collecting pseudonymized data to track the actions you take on our websites after clicking on an ad on Microsoft Advertising. In this process, UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which sections of the website were accessed, which ad brought you to the website, and the clicked keyword.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/6474.

Data Processing

Microsoft Clarity

This website uses Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://learn.microsoft.com/en-us/clarity/faq (hereinafter “Microsoft Clarity”).

Microsoft Clarity is a tool for analyzing user behavior on this website. In particular, Microsoft Clarity tracks mouse movements and creates a graphical representation of which parts of the website users scroll to most frequently (heatmaps). Microsoft Clarity can also record sessions, allowing us to view page usage in the form of videos. Additionally, we receive information about general user behavior within our website.

Microsoft Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the United States.

Where consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be revoked at any time. Where consent has not been obtained, the use of this service is based on Article 6(1)(f) of the GDPR; the website operator has a legitimate interest in effective user analysis.

Further details on Microsoft Clarity’s data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Data Processing

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Ads Remarketing

This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them on the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device features. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and browsing behavior on one device (e.g., a mobile phone) can also be displayed on another of your devices (e.g., a tablet or PC).

If you have a Google account, you can opt out of personalized advertising via the following link: https://adssettings.google.com/anonymous?hl=de.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Further information and the privacy policy can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Target audience creation using customer matching

For audience targeting, we use, among other things, Google Ads Remarketing’s customer matching. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, relevant advertising messages will be displayed to them within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can determine whether the user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

For more information on Google Conversion Tracking, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Meta Pixel (formerly Facebook Pixel)

This website uses Meta’s visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland. However, according to Meta, the collected data is also transferred to the U.S. and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Meta ad. This enables the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, making it possible to link it to the respective user profile on Facebook or Instagram, and allowing Meta to use the data for its own advertising purposes in accordance with the Meta Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Meta to display advertisements on Facebook or Instagram pages and other advertising channels. As the website operator, we have no influence over this use of the data.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be revoked at any time.

We use the extended matching feature within the Meta Pixel.

Extended matching allows us to transmit various types of data (e.g., city, state, ZIP code, hashed email addresses, names, gender, date of birth, or phone number) about our customers and prospects that we collect via our website to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offerings. In addition, extended matching improves the attribution of website conversions and expands Custom Audiences.

To the extent that personal data is collected on our website and forwarded to Meta using the tool described here, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Meta tool and for ensuring the tool is implemented on our website in compliance with data protection laws. Meta is responsible for the data security of Meta products. You can exercise your data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obligated to forward them to Meta.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Meta’s privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the “Custom Audiences” remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.

Meta Conversion API

We have integrated the Meta Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland. However, according to Meta, the collected data is also transferred to the United States and other third countries.

The Meta Conversion API enables us to track website visitors’ interactions with our website and share this data with Meta to improve advertising performance on Facebook and Instagram.

In particular, the time of the visit, the webpage accessed, your IP address, and your user agent, as well as any other specific data (e.g., products purchased, shopping cart value, and currency), are collected. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Meta tool and for ensuring the tool is implemented on our website in compliance with data protection laws. Meta is responsible for the data security of Meta products. You can exercise your data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obligated to forward them to Meta.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Meta’s privacy policy: https://de-de.facebook.com/about/privacy/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.

Data Processing

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us, or interact with our company’s Facebook or Instagram content, we collect your personal data. If you grant us consent to use Meta Custom Audiences, we will transmit this data to Meta, which Meta can then use to display relevant advertisements to you. Furthermore, your data can be used to define target groups (Lookalike Audiences).

Meta processes this data as our data processor. Details can be found in Meta’s Terms of Service: https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing via the LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze, among other things, the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take another action (conversion tracking). Conversion tracking can also be performed across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to display targeted ads to our website visitors outside the website; however, according to LinkedIn, the recipient of the ad is not identified.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

As the website operator, we cannot associate the data collected by LinkedIn with specific individuals. LinkedIn will store the collected personal data of website visitors on its servers in the U.S. and use it for its own advertising purposes. For details, please refer to LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal Basis

To the extent that consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be revoked at any time. Where consent has not been obtained, the use of this service is based on Article 6(1)(f) of the GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.

Objecting to the use of the LinkedIn Insight Tag

Object to the analysis of usage behavior and targeted advertising by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data Processing

7. Newsletter

Newsletter Data

If you would like to subscribe to the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of your data and email address, as well as their use for sending the newsletter, at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the revocation.

The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after you unsubscribe or once the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist, if necessary, to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited. You may object to the storage provided that your interests outweigh our legitimate interest.

8. Plugins and Tools

YouTube with enhanced privacy

This website embeds videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites that incorporates YouTube, a connection is established to YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize the browsing experience on YouTube. Ads displayed in enhanced privacy mode are also not personalized. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data similar to cookies and can be used for recognition purposes. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.

In some cases, additional data processing operations may be triggered after a YouTube video is activated, over which we have no control.

The use of YouTube is in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages featuring Vimeo videos, a connection is established with Vimeo’s servers. In doing so, the Vimeo server is informed which of our pages you have visited. Additionally, Vimeo obtains your IP address. However, we have configured Vimeo so that it does not track your user activities and does not set cookies.

The use of Vimeo is in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR; consent may be revoked at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses and, according to Vimeo, on “legitimate business interests.” Details can be found here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5711.

Google Fonts (local hosting)

This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection to Google’s servers is established in this process.

For more information about Google Fonts, visit https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Font Awesome (locally hosted)

This site uses Font Awesome to ensure consistent font display. Font Awesome is installed locally. No connection to servers operated by Fonticons, Inc. is established.

For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed map content on our website.

To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the U.S. and stored there. The provider of this site has no influence over this data transmission. When Google Maps is activated, Google may use Google Fonts for the purpose of uniformly displaying fonts. When you access Google Maps, your browser loads the required web fonts into its cache to display text and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and to make it easy to find the locations we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on the handling of user data, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Bing Maps

We have integrated Bing Maps into this website. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States (hereinafter “Bing Maps”). This service allows us to embed map content on our website.

To use the features of Bing Maps, it is necessary to store your IP address. This information is generally transmitted to a Microsoft server in the U.S. and stored there. The provider of this site has no influence over this data transmission.

The use of Bing is in the interest of presenting our online offerings in an appealing manner and ensuring that the locations listed on our website are easy to find. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

For further details, please refer to the provider’s privacy policy at https://www.microsoft.com/en-us/maps/bing-maps/product.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/6474.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is designed to verify whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the website visitor’s behavior based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the duration of the website visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

In this context, Google acts solely as a data processor within the meaning of Art. 28 GDPR and will not use the data collected in this manner for its own purposes. The use of the tool is based on a Data Processing Agreement (DPA) with Google.

The storage and analysis of the data are based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, provided that the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Leadinfo

We have integrated Leadinfo into this website. The provider is Leadinfo / Team.Blue GmbH, Bunsenstr. 19, 40215 Düsseldorf (hereinafter “Leadinfo”).

Leadinfo enables us to track visits to our website by employees of other companies. For this purpose, the website visitor’s IP address is compared with the company IP addresses stored in Leadinfo’s database. If this is the IP address of a company, this visit and the user’s behavior are recorded. IP addresses not present in Leadinfo’s database are immediately deleted, so that website visits by private individuals are ignored by Leadinfo.

The use of Leadinfo is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in recording corporate visits to our website and their user behavior. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

For further details, please refer to the provider’s privacy policy at https://www.leadinfo.com/de/datenschutz/.

Data Processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

9. E-commerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, define the content of, and modify our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

The collected customer data will be deleted upon completion of the order or termination of the business relationship and after the expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

10. Audio and Video Conferences

Data Processing

We use online conference tools, among other means, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide or use to access the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the tool provider processes all technical data necessary for handling the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, as well as the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options depend largely on the corporate policies of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer specific services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Where consent has been requested, the use of the relevant tools is based on this consent; consent may be revoked at any time with future effect.

Retention Period

The data collected directly by us via the video and conferencing tools is deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details on this, please contact the operators of the conference tools directly.

Conference Tools Used

We use the following conference tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on data processing, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Marketing Architecture

SEO

CMS

White Label SEO

1. Privacy at a Glance

General Information

Data Collection on This Website

Who is responsible for data collection on this website?

How do we collect your data?

What do we use your data for?

What rights do you have regarding your data?

Analytics Tools and Third-Party Tools

2. Hosting

All-Inkl

Data Processing

External Hosting

Data Processing

3. General Information and Mandatory Disclosures

Data Protection

Information on the Data Controller

Retention Period

General Information on the Legal Basis for Data Processing on This Website

Recipients of Personal Data

Withdrawal of Your Consent to Data Processing

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

Right to lodge a complaint with the competent supervisory authority

Right to data portability

Access, Rectification, and Erasure

Right to Restriction of Processing

SSL or TLS Encryption

Objection to Promotional Emails

4. Data collection on this website

Cookies

CCM19

Data Processing

Server Log Files

Contact form

Inquiries via Email, Phone, or Fax

Communication via WhatsApp

Google Calendar

Data Processing

Comment function on this website

Storage of IP addresses

Subscribing to comments

Retention Period for Comments

Legal basis

5. Social Media

Facebook

X (formerly Twitter)

Instagram

LinkedIn

6. Analytics Tools and Advertising

Google Tag Manager

Google Analytics

IP Anonymization

Browser Plugin

Google Signals

Data Processing

Google Analytics E-commerce Tracking

Microsoft Advertising

Data Processing

Microsoft Clarity

Data Processing

Google Ads

Google Ads Remarketing

Target audience creation using customer matching

Google Conversion Tracking

Meta Pixel (formerly Facebook Pixel)

Meta Conversion API

Data Processing

Meta Custom Audiences

LinkedIn Insight Tag

Data Processing via the LinkedIn Insight Tag

Legal Basis

Objecting to the use of the LinkedIn Insight Tag

Data Processing

7. Newsletter

Newsletter Data

8. Plugins and Tools

YouTube with enhanced privacy