data protection

Table of Contents

• Introduction and overview
• Scope of application
• legal bases
• Contact details of the controller
• storage period
• Rights under the General Data Protection Regulation
• cookies
• customer data
• registration
• Web hosting introduction
• Website construction kits Introduction
• Web Analytics Introduction
• Email Marketing Introduction
• Online Marketing Introduction
• Cookie Consent Management Platform Introduction
• Payment providers Introduction
• Explanation of terms used
• closing remarks

Introduction and overview

We have drafted this privacy policy (version 04.12.2023-312683272) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws. In short, we provide you with comprehensive information about the data we process about you. In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We use clear and simple language to inform you that we only process personal data in the course of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if you provide explanations that are as concise, unclear, and legally technical as possible, as is often the standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information that you did not know before.
If you still have questions, please contact the responsible office listed below or in the legal notice, follow the links provided, and view further information on third-party websites. You will also find our contact details in the legal notice.

Scope of application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy covers:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

legal bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically. This processing is therefore a legitimate interest.

Other conditions, such as the perception of recordings in the public interest and the exercise of public authority, as well as the protection of vital interests, do not generally apply in our case. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act( BDSG) applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, please find the contact details of the responsible person or department below:
Kingtyre Deutschland GmbH
Schulstraße 33, 71155 Altdorf, Germany

Email: info@kingtyre-deutschland.de
Phone: 0151 –17276569
Legal notice: https://kingtyre-shop.de/impressum/

storage period

It is our general policy to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer applies. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we hereby inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to know whether we process your data. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
  • the purpose for which we process the data;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data, if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to have your data corrected, which means that we must correct any data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but may not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 of the GDPR, you have a right to object, which, once enforced, will result in a change in the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing purposes.
  • If data is used for profiling purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling purposes.
• Under Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
• You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights – don't hesitate to contact the responsible department listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Baden-Württemberg Data Protection Authority

State Commissioner for Data Protection: Prof. Dr. Tobias Keber
Address: Lautenschlagerstraße 20, 70173 Stuttgart
Phone number: 07 11/61 55 41-0
Email address: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

cookies

Cookies Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie. 📓 Processed data: Depends on the respective cookie used. More details can be found below or from the manufacturer of the software that sets the cookie. 📅 Storage period: depends on the respective cookie, can vary from hours to years ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware." Cookies also cannot access information on your PC.

Cookie data may look like this, for example:

Name: _ga
Value:GA1.2.1326744211.152312683272-9
Purpose: Distinguishing website visitors
Expiration date:After 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages and only proceeds to checkout later. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, they store locations, font sizes, or form data that you have entered.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalized advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which types of cookies you want to allow. And, of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) entitled "HTTP State Management Mechanism."

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Cookie storage duration

The storage period depends on the cookie in question and is specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over how long cookies are stored. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies that are based on consent will be deleted at the latest after you revoke your consent, whereby the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether to accept or reject each individual cookie. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

legal basis

The so-called "cookie guidelines" have been in place since 2009. These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different responses to these guidelines within EU countries. In Austria, however, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).

There are legitimate interests (Article 6(1)(f) GDPR) for strictly necessary cookies, even if no consent has been given, which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this will only happen with your consent. The legal basis for this is Art. 6 (1) (a) GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software used employs cookies.

customer data

Customer data summary 👥 Data subjects: Customers or business and contractual partners 🤝 Purpose: Provision of contractually or pre-contractually agreed services, including related communication 📓 Processed data: Name, address, contact details, email address, telephone number, payment information (such as invoices and bank details), contract data (such as the term and subject matter of the contract), IP address, order data 📅 Storage period: the data will be deleted as soon as it is no longer required for the fulfillment of our business purposes and there is no legal obligation to retain it. ⚖️ Legal basis: legitimate interest (Art. 6 (1) (f) GDPR), contract (Art. 6 (1) (b) GDPR)

What is customer data?

In order to offer our services and contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data refers to all information that is processed on the basis of a contractual or pre-contractual collaboration in order to be able to provide the services offered. Customer data is therefore all information that we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important one is that we simply need various data to provide our services. Sometimes your email address is sufficient, but if you purchase a product or service, we also need data such as your name, address, bank details, or contract details. We also use the data for marketing and sales optimization so that we can improve our overall service to our customers. Another important point is our customer service, which is always very important to us. We want you to be able to contact us at any time with questions about our offers, and for this we need at least your email address.

What data is processed?

At this point, we can only provide a general overview of the data that is stored, as this always depends on the services you purchase from us. In some cases, you only provide us with your email address so that we can contact you or answer your questions, for example. In other cases, you purchase a product or service from us, and we require significantly more information, such as your contact details, payment details, and contract details.

Here is a list of possible data that we receive from you and process:

• Name
• contact address
• email address
• phone number
• date of birth
• Payment data (invoices, bank details, payment history, etc.)
• Contract details (term, content)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent.

legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests), and in special cases (e.g., medical services) Art. 9 (2) (a) GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special categories of data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.

registration

Registration Summary 👥 Affected persons: All persons who register, create an account, log in, and use the account. 📓 Processed data: Email address, name, password, and other data collected during registration, login, and account use. 🤝 Purpose: Provision of our services. Communication with customers in connection with the services. 📅 Storage period:As long as the company account associated with the texts exists and thereafter, as a rule, 3 years. ⚖️ Legal basis: Art. 6 (1) (b) GDPR (contract), Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

When you register with us, personal data may be processed if you enter personal information or if data such as your IP address is collected during processing. You can read more about what we mean by the rather cumbersome term "personal data" below.

Please only enter data that we require for registration and for which you have the consent of a third party if you are registering on behalf of a third party. If possible, use a secure password that you do not use anywhere else and an email address that you check regularly.

Below, we provide information about the exact nature of data processing, because we want you to feel comfortable with us!

What is registration?

When you register, we collect certain data from you and enable you to easily log in online later and use your account with us. Having an account with us has the advantage that you do not have to re-enter everything each time. This saves time and effort and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us.
If we didn't do this, you would have to enter all your data every time, wait for us to approve it, and then enter everything again. We and many, many customers would not like that. How would you feel about it?

What data is processed?

All data that you provided during registration, enter when logging in, or enter when managing your data in your account.

When you register, we process the following types of data: 

• First name
• last name
• email address
• company name
• Street + house number
• place of residence
• postal code
• country

When you register, we process the data you enter during registration, such as your username and password, as well as data collected in the background, such as device information and IP addresses.

When you use your account, we process data that you enter during account use and that is created in the course of using our services.

storage period

We store the data entered at least for as long as the account linked to the data exists and is used by us, as long as contractual obligations between us exist and, if the contract ends, until the respective claims arising from it have become time-barred. In addition, we store your data for as long as and to the extent that we are subject to legal obligations to store it. We then retain booking documents relating to the contract (invoices, contract documents, account statements, etc.) and other relevant business documents for the legally prescribed period (usually several years).

right of objection

You have registered, entered data, and would like to revoke the processing? No problem. As you can read above, according to the General Data Protection Regulation, you also have these rights during and after registration, login, or account creation with us. Contact the data protection officer listed above to exercise your rights. If you already have an account with us, you can easily view and manage your data and texts in your account.

legal basis

By completing the registration process, you are entering into a pre-contractual agreement with us to conclude a user agreement for our platform (even if this does not automatically result in a payment obligation). Youinvest time in entering data and registering, and we offer you our services after you have logged into our system and can view your customer account. We also fulfill our contractual obligations. Finally, we must keep registered users informed of important changes by email. This means that Art. 6 (1) (b) GDPR (implementation of pre-contractual measures, performance of a contract) applies.

Where applicable, we will also obtain your consent, e.g. if you voluntarily provide more than the absolutely necessary data or if we are allowed to send you advertising. Art. 6 (1) (a) GDPR (consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in certain cases. In addition, we need to know who is using our services and whether they are being used in accordance with our terms of use, so Article 6(1)(f) GDPR (legitimate interests) applies.

Note: Users should check the following sections (as needed):

Registration with real name

Since we need to know who we are dealing with in business, registration is only possible with your real name (legal name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms can be used during registration, which means you do not have to register with us using your real name. This ensures that your name cannot be processed by us. 

Storage of IP address

During registration, login, and account use, we store the IP address in the background for security reasons in order to verify lawful use.

Public profile

User profiles are publicly visible, i.e., parts of the profile can be viewed on the Internet without entering a username and password.

Two-factor authentication (2FA)

Two-factor authentication (2FA) provides additional security when logging in, as it prevents you from logging in without your smartphone, for example. This technical measure to secure your account protects you from data loss or unauthorized access even if your username and password are known. You can find out which 2FA is used during registration, login, and in the account itself.

Web hosting introduction

Web hosting summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Professional hosting of the website and securing its operation 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider. 📅 Storage period: Depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 (1) (f) GDPR (legitimate interests)

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only when justified. By website, we mean all web pages on a domain, i.e., everything from the home page to the very last subpage (like this one). By domain, we mean, for example, example.com or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them simply as browsers or web browsers.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data. That's a lot of technical terms, but please stay with us, it gets even better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offering and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even as you visit our website right now, our web server, which is the computer on which this website is stored, automatically stores data such as

• the complete Internet address (URL) of the website accessed
• Browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• the host name and IP address of the device from which access is being made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, known as web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out the possibility that it may be accessed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not pass on your data without your consent!

legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), as the use of professional hosting by a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue any attacks and claims arising from this.

We generally have a contract with the hosting provider for order processing in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.

Website construction kits Introduction

Website construction kit systems Privacy policy summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as technical usage information such as browser activity, clickstream activities, session heat maps, contact details, IP address, or your geographic location. More details can be found below in this privacy policy and in the providers' privacy policies. 📅 Storage period: depends on the provider ⚖️ Legal basis: Art. 6 (1) (f) GDPR (legitimate interests), Art. 6 (1) (a) GDPR (consent)

What are website builder systems?

We use a website builder system for our website. Website builder systems are special forms of content management systems (CMS). With a website builder system, website operators can create a website very easily and without any programming knowledge. In many cases, web hosts also offer website builder systems. When using a website builder system, your personal data may also be collected, stored, and processed. In this privacy policy, we provide you with general information about data processing by website builder systems. For more detailed information, please refer to the provider's privacy policy.

Why do we use website builder systems for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple, and well-organized website that we can easily operate and maintain ourselves—without external support. Modular systems now offer many helpful functions that we can use even without programming knowledge. This allows us to design our website according to our wishes and offer you an informative and enjoyable experience on our website.

What data is stored by a modular system?

Exactly which data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit is usually collected. Tracking data (e.g., browser activity, clickstream activities, session heat maps, etc.) may also be processed. In addition, personal data may also be collected and stored. This usually includes contact details such as email address, phone number (if you have provided it), IP address, and geographic location data. You can find out exactly what data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website construction system used, provided we have further information on this. You will find detailed information on this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own criteria, over which we have no influence.

right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party for the website template system used at any time. You can find contact details either in our privacy policy or on the website of the relevant provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

legal basis

We have a legitimate interest in using a website construction kit system to optimize our online service and present it to you in an efficient and user-friendly manner. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the construction kit if you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis for this is Art. 6 (1) (a) GDPR.

This privacy policy provides you with the most important general information about data processing. If you would like more detailed information on this subject, you will find further information—if available—in the following section or in the provider's privacy policy.

WordPress.com Privacy Policy

WordPress.com Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as technical usage information such as browser activity, clickstream activities, session heat maps, contact details, IP address, or your geographic location. More details can be found further down in this privacy policy. 📅 Storage period: This depends primarily on the type of data stored and the specific settings. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was founded in 2003 and quickly became one of the best-known content management systems (CMS) worldwide. A CMS is a software that helps us design our website and present content in an attractive and organized manner. The content can be text, audio, or video.
When using WordPress, your personal data may also be collected, stored, and processed. As a rule, mainly technical data such as operating system, browser, screen resolution, or hosting provider is stored. However, personal data such as IP address, geographical data, or contact details may also be processed.

Why do we use WordPress on our website?

We have many strengths, but real programming is not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. With a website builder or content management system such as WordPress, this is exactly what we can do. With WordPress, we don't need to be programming experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily, even without any prior technical knowledge. If technical problems arise or we have special requests for our website, we still have our specialists who are at home with HTML, PHP, CSS, and the like.

Thanks to WordPress's ease of use and comprehensive features, we can design our website according to our preferences and offer you a user-friendly experience.

What data is processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activity, session heat maps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, Internet service provider, and date of page visit.

In addition, personal data is also collected. This primarily includes contact details (email address or phone number, if you provide them), IP address, or your geographic location.

WordPress may also use cookies to collect data. These often collect data about your behavior on our website. For example, it may record which subpages you particularly like to view, how long you stay on individual pages, when you leave a page (bounce rate), or which preferences (e.g., language selection) you have set. Based on this data, WordPress can also better tailor its own marketing measures to your interests and user behavior. The next time you visit our website, it will therefore be displayed to you as you have previously set it up.

WordPress may also use technologies such as pixel tags (web beacons) to clearly identify you as a user and potentially offer interest-based advertising.

How long and where is the data stored?

How long the data is stored depends on various factors. It depends primarily on the type of data stored and the specific settings of the website. In principle, WordPress deletes data when it is no longer needed for its own purposes. There are, of course, exceptions, especially if legal obligations require the data to be stored for longer. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyze traffic on its own websites (e.g., all WordPress sites) and to fix any potential problems. Deleted content on WordPress websites is also stored in the trash for 30 days to allow for recovery, after which it may remain in backups and caches until they are deleted. The data is stored on Automattic's American servers.

How can I delete my data or prevent data storage?

You have the right and the option to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a state supervisory authority at any time.

You also have the option of managing, deleting, or deactivating cookies individually in your browser. However, please note that deactivated or deleted cookies may have a negative impact on the functionality of our WordPress site. Depending on which browser you use, managing cookies works slightly differently. Under the "Cookies" section, you will find the corresponding links to the respective instructions for the most popular browsers.

legal basis

If you have consented to the use of WordPress, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent forms the legal basis for the processing of personal data as may occur during collection by WordPress.

We also have a legitimate interest in using WordPress to optimize our online service and present it to you in an attractive way. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use WordPress if you have given your consent.

WordPress and Automattic also process your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses standard contractual clauses (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more details on the privacy policy and what data is processed by WordPress and how, please visit https://automattic.com/privacy/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used. 📅 Storage period: Depends on the web analytics tool used. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is web analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This involves collecting data that is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website and made available to us as the website operator. In addition, most tools offer various testing options. This allows us to test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content while also ensuring that you feel completely at home on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our website for you and us accordingly. For example, we can see the average age of our visitors, where they come from, when our website is most visited, and which content or products are particularly popular. All this information helps us to optimize the website and thus tailor it to your needs, interests, and wishes.

What data is processed?

Exactly which data is stored depends, of course, on the analysis tools used. However, as a rule, the following information is stored: what content you view on our website, which buttons or links you click on, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you use. If you have agreed to the collection of location data, this data may also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymized form (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All such data, if collected, is stored in pseudonymized form. This means that you cannot be identified as an individual.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded.

right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering both technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). However, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Facebook Conversions API Privacy Policy

We use Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes your data in the US, among other places. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the US. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

For more information about the data processed through the use of Facebook Conversions API, please refer to the Privacy Policy at https://www.facebook.com/about/privacy.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, and click behavior. More details can be found further down in this privacy policy. 📅 Storage period: individually adjustable; by default, Google Analytics stores data for 14 months ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is Google Analytics?

We use the Google Analytics 4 (GA4) analysis tracking tool from the American company Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and service to your needs. Below, we will discuss the tracking tool in more detail and, above all, inform you about what data is processed and how you can prevent this.

Google Analytics is a tracking tool used to analyze traffic on our website. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as name or address, but is used to assign events to a device. GA4 uses an event-based model that collects detailed information about user interactions such as page views, clicks, scrolling, and conversion events. In addition, various machine learning functions have been built into GA4 to better understand user behavior and certain trends. GA4 relies on modeling with the help of machine learning functions. This means that, based on the data collected, missing data can also be extrapolated in order to optimize the analysis and also to be able to make forecasts.

In order for Google Analytics to function, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on our website. With GA4's event-based data model, we as website operators can define and track specific events to obtain analyses of user interactions. This means that, in addition to general information such as clicks or page views, specific events that are important to our business can also be tracked. Such specific events can be, for example, submitting a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behavior. These reports may include the following:

• Target group reports: Target group reports help us get to know our users better and gain a more accurate understanding of who is interested in our service.
• Advertising reports: Advertising reports make it easier for us to analyze and improve our online advertising.
• Acquisition reports: Acquisition reports provide us with helpful information on how we can get more people excited about our service.
• Behavior reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click on.
• Conversion reports: Conversion refers to a process in which you perform a desired action based on a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing measures are received by you. This is how we aim to increase our conversion rate.
• Real-time reports: Here, we always find out immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features, among others:

• Event-based data model: This model records very specific events that may occur on our website. For example, playing a video, purchasing a product, or subscribing to our newsletter.
• Advanced analytics: These features help us better understand your behavior on our website or certain general trends. For example, we can segment user groups, perform comparative analyses of target groups, or track your path on our website.
• Predictive modeling: Based on collected data, machine learning can be used to extrapolate missing data that predicts future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: Data can be collected and analyzed from both websites and apps. This allows us to analyze user behavior across platforms, provided you have consented to data processing, of course.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is easier for interested people to find on Google. On the other hand, the data helps us to better understand you as a visitor. This means we know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to tailor our advertising and marketing activities more effectively and cost-efficiently. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Your interactions are measured across platforms using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, provided you have given your consent. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur if required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google uses IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
Value: 2 .1326744211.152312683272-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish between website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2 .1687193234.152312683272-1
Purpose:This cookie is also used to distinguish between website visitors
Expiration date:after 24 hours

Name: _gat_gtag_UA_<property-id>
Wert: 1
Verwendungszweck: Wird zum Senken der Anforderungsrate verwendet. Wenn Google Analytics über den Google Tag Manager bereitgestellt wird, erhält dieser Cookie den Namen _dc_gtm_ <property-id>.
Ablaufdatum: nach 1 Minute

Note:This list cannot claim to be exhaustive, as Google constantly changes its choice of cookies. GA4 also aims to improve data protection. The tool therefore offers a number of options for controlling data collection. For example, we can specify the storage period ourselves and also control data collection.

Here we provide an overview of the most important types of data collected by Google Analytics:

Heat maps: Google creates so-called heat maps. Heat maps show exactly which areas you click on. This gives us information about where you are "traveling" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations are used for location data.

Technical information: Technical information includes, among other things, your browser type, your Internet service provider, and your screen resolution.

Source: Google Analytics. We are also interested in which website or advertisement brought you to our site.

Other data includes contact details, any ratings, media playback (e.g., if you play a video via our site), sharing content via social media, or adding it to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has servers all over the world. You can find out exactly where Google's data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. Every Google data center has appropriate emergency programs for your data. If, for example, Google's hardware fails or natural disasters cripple servers, the risk of service interruption at Google remains low.

The storage period for the data depends on the properties used. The storage period is always specified separately for each individual property. Google Analytics offers us four options for controlling the storage period:

• 2 months: this is the shortest storage period.
• 14 months: By default, data is stored for 14 months in GA4.
• 26 months: you can also store the data for 26 months.
• Data is only deleted when we delete it manually.

Additionally, there is also the option that data will only be deleted if you do not visit our website again within the period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a combination of individual data into a larger unit.

How can I delete my data or prevent it from being stored?

Under European Union data protection law, you have the right to obtain information about your data, to update it, to delete it, or to restrict its use. You can prevent Google Analytics 4 from using your data by using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you want to disable, delete, or manage cookies, you will find the relevant links to the respective instructions for the most popular browsers in the "Cookies" section.

legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our offering both technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses standard contractual clauses (SCCs) (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you would like to learn more about data processing, please refer to Google's privacy policy at https://policies.google.com/privacy?hl=de.

Order Processing Agreement (OPA) Google Analytics

We have concluded a data processing agreement (DPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section "Data Processing Agreement (DPA)".

This contract is required by law because Google processes personal data on our behalf. It clarifies that Google may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the data processing terms and conditions can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Google Analytics reports on demographic characteristics and interests

We have enabled advertising reporting features in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender, and interests. This allows us to gain a better understanding of our users without being able to assign this data to individual persons. You can find out more about the advertising features athttps://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can opt out of the use of your Google Account activity and information by checking the box under "Advertising settings" at https://adssettings.google.com/authenticated.

Google Analytics e-commerce measurement

We also use the e-commerce measurement feature of the Google Analytics web analysis tool for our website. This allows us to analyze very precisely how you and all our other customers interact with our website. E-commerce measurement is primarily concerned with purchasing behavior. Based on the data obtained, we can tailor and optimize our service to your wishes and expectations. We can also use our online advertising measures in a more targeted manner so that our advertising is only seen by people who are interested in our products or services. E-commerce measurement records, for example, which orders were placed, how long it took you to purchase the product, the average order value, and the shipping costs. All this data can be recorded and stored under a specific ID.

Google Analytics in consent mode

Depending on your consent, your personal data will be processed by Google Analytics in what is known as consent mode. You can choose whether or not to accept Google Analytics cookies. In doing so, you also choose which data Google Analytics is allowed to process about you. This collected data is mainly used to measure user behavior on the website, to display targeted advertising, and to provide us with web analytics reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be assigned to individual users and therefore no user profile of you will be created. You can also consent to statistical measurement only. In this case, no personal data will be processed and therefore not used for advertising or advertising success.

Google Analytics IP anonymization

We have implemented IP address anonymization from Google Analytics on this website. This feature was developed by Google so that this website can comply with applicable data protection regulations and recommendations from local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP address takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed.

For more information on IP anonymization, please visithttps://support.google.com/analytics/answer/2763052?hl=de.

Email Marketing Introduction

Email marketing summary 👥 Data subjects: Newsletter subscribers 🤝 Purpose: Direct marketing via email, notification of system-relevant events 📓 Processed data: Data entered during registration, but at least the email address. More details can be found in the respective email marketing tool used. 📅 Storage period: Duration of the subscription ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is email marketing?

We also use email marketing to keep you up to date. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. It involves sending news or general information about a company, products, or services by email to a specific group of people who are interested in it.

If you would like to participate in our email marketing (usually via newsletter), you normally only need to register with your email address. To do so, simply fill out an online form and submit it. However, we may also ask you for your title and name so that we can address you personally.

Basically, newsletter registration works using the "double opt-in" procedure. After you have registered for our newsletter on our website, you will receive an email asking you to confirm your newsletter registration. This ensures that the email address belongs to you and that no one else has registered with someone else's email address. We or a notification tool we use logs each individual registration. This is necessary so that we can verify that the registration process was legally correct. The time of registration, the time of registration confirmation, and your IP address are usually stored. In addition, any changes you make to your stored data are also logged.

Why do we use email marketing?

We naturally want to stay in touch with you and keep you up to date with the most important news about our company. To this end, we use email marketing—often referred to simply as "newsletters"—as an essential part of our online marketing strategy. If you agree to this or if it is legally permitted, we will send you newsletters, system emails, or other notifications by email. When we use the term "newsletter" in the following text, we mainly mean regularly sent emails. Of course, we do not want to bother you with our newsletters in any way. That is why we always strive to provide only relevant and interesting content. For example, you can learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed about any news or special, lucrative promotions we may be offering. If we commission a service provider that offers a professional mailing tool for our email marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to bring us closer to our business goals.

What data is processed?

If you subscribe to our newsletter via our website, you confirm your membership in an email list by email. In addition to your IP address and email address, your title, name, address, and telephone number may also be stored. However, this will only happen if you consent to this data storage. The data marked as such is necessary for you to participate in the service offered. Providing this information is voluntary, but failure to do so will result in you being unable to use the service. In addition, information about your device or your preferred content on our website may also be stored. For more information about data storage when you visit a website, please refer to the section "Automatic data storage." We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe from our email/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently revoke your consent, we reserve the right to store your email address in a block list. As long as you have voluntarily subscribed to our newsletter, we will of course retain your email address.

right of objection

You can unsubscribe from our newsletter at any time. All you need to do is revoke your consent to subscribe to the newsletter. This usually takes just a few seconds or one or two clicks. In most cases, you will find a link at the end of each email to unsubscribe from the newsletter. If you really cannot find the link in the newsletter, please contact us by email and we will unsubscribe you from the newsletter immediately.

legal basis

Our newsletter is sent on the basis of your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing purposes.

Information about specific email marketing services and how they process personal data can be found in the following sections, if available.

CleverReach Privacy Policy

We use the email marketing tool from CleverReach on our website. The service provider is the German company CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.

What is CleverReach?

The company was founded in 2007 and now serves over 320,000 customers worldwide. In addition to traditional newsletter distribution, CleverReach also offers us further integrations and plugins for CRM, CMS, and shop systems.

Why do we use CleverReach?

The tool is designed in such a way that we can create attractive newsletters very easily and quickly without needing any special web design skills. With CleverReach, we can develop target group-oriented newsletter campaigns and inform you about news in our company. In addition, we also get to know your needs and interests better. For example, if we send out a newsletter that you hardly pay any attention to, we will tailor our offerings better to your needs in the future.

What data is processed?

When you sign up for our newsletter, personal data such as your email address, name, date of birth, and place of residence will also be requested and processed during the registration process. In addition to the time and date of registration, your IP address will also be recorded and stored on CleverReach servers. Web analysis data on your usage behavior with the newsletter (e.g., whether you click on a link) may also be processed.
Data security is a top priority at CleverReach. That is why all systems are regularly maintained and renewed when necessary. In this way, CleverReach can guarantee high stability, performance, and maximum security.

You can find out more about the data processed through the use of CleverReach in the privacy policy at https://www.cleverreach.com/de-de/datenschutz/.

Order Processing Agreement (OPA) CleverReach

We have concluded a data processing agreement (DPA) with CleverReach in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read about what exactly a DPA is and, above all, what must be included in a DPA in our general section "Data Processing Agreement (DPA)".

This contract is required by law because CleverReach processes personal data on our behalf. It clarifies that CleverReach may only process data received from us in accordance with our instructions and must comply with the GDPR.

Online Marketing Introduction

Online Marketing Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Processed data: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found in the respective online marketing tool used. 📅 Storage period: Depends on the online marketing tools used. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is online marketing?

Online marketing refers to all measures carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures aim to draw people's attention to our website. We therefore use online marketing to show our offerings to as many interested people as possible. This usually involves online advertising, content marketing, or search engine optimization. In order to use online marketing efficiently and in a targeted manner, we also store and process personal data. On the one hand, this data helps us to show our content only to those people who are actually interested in it, and on the other hand, it allows us to measure the advertising success of our online marketing measures.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in what we have to offer. We are aware that this is not possible without deliberate measures. That is why we do online marketing. There are various tools that make our online marketing work easier and also provide us with suggestions for improvement based on data. This allows us to target our campaigns more precisely to our target group. The purpose of these online marketing tools is ultimately to optimize our offerings.

What data is processed?

To ensure that our online marketing works and that the success of our measures can be measured, user profiles are created and data is stored in cookies (small text files), for example. With the help of this data, we can not only place advertisements in the traditional sense, but also display our content directly on our website in the way that you prefer. There are various third-party tools that offer these functions and also collect and store data from you accordingly. The cookies mentioned store information such as which pages you have visited on our website, how long you have viewed these pages, which links or buttons you have clicked, or which website you came to us from. Technical information may also be stored. This includes your IP address, which browser you use, which device you use to visit our website, or the time at which you accessed our website and when you left it. If you have consented to us determining your location, we may also store and process this information.

Your IP address is stored in pseudonymized form (i.e., shortened). Unique data that directly identifies you as a person, such as your name, address, or email address, is also only stored in pseudonymized form as part of advertising and online marketing processes. This means that we cannot identify you as a person; we only have the pseudonymized, stored information in the user profiles.

The cookies may also be used, analyzed, and utilized for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (names, email addresses, etc.) may also be stored in user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing activities and the network links data previously collected with the user profile.

For all advertising tools we use that store your data on their servers, we only ever receive summarized information and never data that identifies you as an individual. The data only shows how well advertising measures worked. For example, we can see which measures prompted you or other users to visit our website and purchase a service or product there. Based on the analyses, we can improve our advertising offerings in the future and tailor them even more precisely to the needs and wishes of interested parties.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years. The respective privacy policies of the individual providers usually provide detailed information about the individual cookies used by the provider.

right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The legality of the processing until revocation remains unaffected.

Since online marketing tools typically use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed, you should read the privacy policies of the respective tools.

legal basis

If you have consented to the use of third-party providers, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent forms the legal basis for the processing of personal data, as may occur when collected by online marketing tools.

We also have a legitimate interest in measuring online marketing measures in anonymized form in order to optimize our offerings and measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). However, we only use the tools if you have given your consent.

Information on specific online marketing tools can be found in the following sections, where available.

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook also processes your data in the US, among other places. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the US. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

For more information about the data processed through the use of Facebook Custom Audiences, please refer to the Privacy Policy at https://www.facebook.com/about/privacy. . 

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected parties: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Processed data: Data for managing cookie settings, such as IP address, time of consent, type of consent, individual consents. More details can be found in the tool used. 📅 Storage period: Depends on the tool used; you should expect periods of several years. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is a cookie consent management platform?

We use consent management platform (CMP) software on our website, which makes it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with the cookie consent required by data protection law, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with information about them in accordance with the GDPR. You can then accept or reject cookies via the consent system.

What data is processed?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we do not have to ask for it every time you visit our website and so that we can prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (such as pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years. The exact duration of data processing depends on the tool used, but in most cases you should expect a storage period of several years. The respective privacy policies of the individual providers usually provide detailed information about the duration of data processing.

right of objection

You also have the right and the option to revoke your consent to the use of cookies at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

legal basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies with your consent (Article 6(1)(a) GDPR), this consent also constitutes the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and to enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Article 6(1)(f) GDPR).

Payment providers Introduction

Payment provider privacy policy summary 👥 Data subjects: Visitors to the website 🤝 Purpose: To enable and optimize the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data You can find more details on this in the respective payment provider tool. 📅 Storage period: Depends on the payment provider used ⚖️ Legal basis: Art. 6 (1) (b) GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make secure and smooth payments. This may involve personal data being sent to the respective payment provider, stored, and processed there. Payment providers are online payment systems that enable you to place an order via online banking. The payment is processed by the payment provider you have selected. We then receive information about the payment made. Any user who has an active online banking account with a PIN and TAN can use this method. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and take advantage of our offers. We know that your time is precious and that payment transactions in particular must be quick and smooth. For these reasons, we offer you a variety of payment providers. You can choose your preferred payment provider and pay in the usual manner.

What data is processed?

Exactly which data is processed depends, of course, on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary in order to carry out a transaction. In addition, any contract data and user data, such as when you visit our website, what content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is usually stored and processed on the servers of the payment providers. We, as the website operator, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authority. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the general terms and conditions and the privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are incurred.

right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible party at the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, deactivate, or manage cookies used by payment providers for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

legal basis

We therefore offer other payment service providersin addition totraditional banks/credit institutions for the purpose of processing contractual or legal relationships (Art. 6 (1) (b) GDPR). The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a detailed overview of data processing and data storage. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions about data protection issues.

Information about specific payment providers can be found in the following sections, where available.

PayPal Privacy Policy

PayPal Privacy Policy Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Optimization of the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data may be processed. You can find more details on this further down in this privacy policy. 📅 Storage period: Data is generally stored until the cooperation with PayPal is terminated. ⚖️ Legal basis: Art. 6 (1) (b) GDPR (contract processing), Art. 6 (1) (a) GDPR (consent)

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and now has over 325 million active customers, making it one of the best-known and largest online payment service providers worldwide.

Why do we use PayPal for our website?

There are several reasons why we use PayPal and offer it on our website. As PayPal is one of the best-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data in the best possible way. We also appreciate PayPal's ease of use and the option of making international payments in different currencies. Transactions are usually completed very quickly, which is another advantage for both us and you as a customer.

What data is processed by PayPal?

In its privacy policy, PayPal distinguishes between different categories of personal data that may be processed when using the service. These include registration and contact details, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. This refers to information that can be derived from transactions or other data. This can include purchasing habits, behavior patterns, creditworthiness, or personal preferences.

Then there is also personal data collected by third parties (such as identity verifiers, fraud detection providers, or your bank). This data includes information from credit bureaus, transaction data, information on legal requirements, technical usage data, location data, and also derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, customize content, and perform analytics for interest-based advertising.

How long and where is the data stored?

PayPal generally stores data for as long as necessary to fulfill its obligations and for the purposes for which it was collected. Personal data that is necessary for the customer relationship is stored for up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g., insolvency law). PayPal also stores personal data for as long as necessary if storage is advisable in view of legal disputes.

Since PayPal is a global company, the service also has data centers around the world where your data can be stored. This means that your data may also be stored on PayPal servers outside your country and outside the scope of the GDPR.

How can I delete my data or prevent it from being stored?

You have the right to access, correct, or delete your personal data and restrict its processing at any time. You can also revoke your consent to the processing of your data at any time.

If you want to disable, delete, or manage cookies, you will find the relevant links to the respective instructions for the most popular browsers in the "Cookies" section.

legal basis

We have a legitimate interest in integrating an external payment service such as PayPal in order to make our offering more attractive and to improve it both technically and economically.  The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. This may require you to provide further data protection and contractual declarations (e.g., consent).

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses standard contractual clauses (SCC) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular, the USA) or for data transfers to such countries (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of PayPal, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal issues. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have covered sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations where necessary.

processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be service providers such as tax advisors, but also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Relevant supervisory authority

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"supervisory authority concerned" means a supervisory authority that is concerned by the processing of personal data because

a)

the controller or processor is established in the territory of the Member State of that supervisory authority,

b)

this processing has or may have a significant impact on data subjects residing in the Member State of this supervisory authority, or

c)

a complaint has been filed with this supervisory authority;

Explanation: In Germany, each federal state has its own supervisory authority for data protection. If your company headquarters (main office) is located in Germany, the respective supervisory authority of the federal state is generally your point of contact. In Austria, there is only one supervisory authority for data protection for the entire country.

 

third

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Third party" means a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Explanation: The GDPR basically only explains what a "third party" is not. In practice, any "third party" who also has an interest in the personal data but does not belong to the above-mentioned persons, authorities, or institutions is considered a third party. For example, a parent company can act as a "third party." In this case, the subsidiary is the controller and the parent company is the "third party." However, this does not mean that the parent company is automatically allowed to view, collect, or store the personal data of the subsidiary.

consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually given via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not give your consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

recipient

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Recipient" means a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those authorities shall be carried out in compliance with the applicable data protection rules according to the purposes of the processing;

Explanation: Every person and every company that receives personal data is considered a recipient. This means that we and our processors are also considered recipients. Only authorities that have an investigative mandate are not considered recipients.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Personal data" any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Explanation: Personal data is therefore any data that can be used to identify you as a person. This usually includes data such as:

• Name
• Address
• email address
• mailing address
• phone number
• date of birth
• Identification numbers such as social security number, tax identification number, ID card number, or student ID number
• Bank details such as account numbers, credit information, account balances, and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the connection owner. Therefore, storing an IP address also requires a legal basis in accordance with the GDPR. There are also so-called "special categories" of personal data that are particularly worthy of protection. These include:

• racial and ethnic origin
• political views
• religious or ideological beliefs
• union membership
• genetic data, such as data obtained from blood or saliva samples
• Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• Data on sexual orientation or sex life

person in charge

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "controller." If we pass on collected data to other service providers for processing, they are "processors." A "processing agreement" must be signed for this purpose.

 

processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"Processing" Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

representative

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

"representative" means a natural or legal person established in the Union who has been appointed in writing by the controller or processor in accordance with Article 27 and who represents the controller or processor with regard to their respective obligations under this Regulation;

Explanation: A "representative" can therefore be any person who has been appointed in writing by us (controller) or one of our service providers (processor). Companies outside the EU that process data belonging to EU citizens must appoint a representative within the EU. For example, if a web analytics provider has its headquarters in the US, it must appoint a "representative" within the European Union to represent its data processing obligations.

closing remarks

Congratulations! If you are reading this, you have really "fought your way through" our entire privacy policy, or at least scrolled down to this point. As you can see from the scope of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we don't just want to tell you what data is processed, we also want to explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the nature of the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the privacy policy generator from AdSimple