Privacy Policy

Introduction and Overview

We have prepared this Privacy Policy (Version 02/26/2026-113107545) to explain to you, in accordance with the requirements ofthe General Data Protection Regulation (EU) 2016/679and applicable national laws, which personal data (hereinafter “data”) we, as the data controller—and the processors we have commissioned (e.g., service providers)—process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short:We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, is designed to explain the most important points to you as simply and transparently as possible. Wherever it helps with transparency, technicalterms areexplained in a reader-friendly way, links to further information are provided, andgraphicsare used. We use clear and simple language to inform you that, in the course of our business activities, we process personal data only when there is a corresponding legal basis for doing so. This certainly isn’t possible if we provide explanations that are as brief, unclear, and legally technical as those often found online when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you were not yet aware of.
If you still have questions, we ask that you contact the responsible body listed below or in the legal notice, follow the provided links, and review further information on third-party websites. You can, of course, also find our contact details in the legal notice.

Scope of Application

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies we have commissioned (processors). By “personal data,” we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, and mailing address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

• all online platforms (websites, online stores) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short:This Privacy Policy applies to all areas within the company where personal data is processed in a structured manner through the channels listed above. Should we enter into a legal relationship with you outside of these channels, we will notify you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information regarding the legal principles and regulations—that is, the legal basis under the General Data Protection Regulation—that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the portal for EU law, athttps://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

1. Consent(Article 6(1)(a) of the GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract(Article 6(1)(b) of the GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we need certain personal information in advance.
3. Legal obligation(Article 6(1)(c) of the GDPR): We process your data when we are subject to a legal obligation to do so. For example, we are legally required to retain invoices for accounting purposes. These invoices typically contain personal data.
4. Legitimate interests(Article 6(1)(f) of the GDPR): In cases where legitimate interests do not override your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and cost-effectively. This processing therefore constitutes a legitimate interest.

Other conditions, such as the processing of data in the public interest, the exercise of official authority, or the protection of vital interests, do not generally apply to us. However, if such a legal basis were to apply, it will be indicated in the relevant section.

In addition to the EU regulation, national laws also apply:

• InAustria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act), orDSG for short.
• InGermany, theFederal Data Protection Act(BDSG) applies.

If additional regional or national laws apply, we will provide you with information about them in the following sections.

Retention period

It is our general policy to retain personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.

We will provide you with information below regarding the specific duration of each data processing activity, provided we have further details on this matter.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure that your data is processed fairly and transparently:

• Under Article 15 of the GDPR, you have the right to request information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following:
  
  • for what purpose we process the data;
  • the categories, i.e., the types of data that are processed;
  • who receives this data, and if the data is transferred to third countries, how security can be ensured;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing;
  • that you can file a complaint with a supervisory authority (links to these authorities are provided below);
  • the source of the data, if we did not collect it from you;
  • whether profiling is carried out—that is, whether data is automatically analyzed to create a personal profile of you.
• Under Article 16 of the GDPR, you have the right to have your data corrected, which means that we must correct any errors you find.
• Under Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the erasure of your data.
• Under Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but may not use it further.
• Under Article 20 of the GDPR, you have the right to data portability, which means that, upon request, we will provide you with your data in a commonly used format.
• Under Article 21 of the GDPR, you have the right to object, which, once exercised, will result in a change to the processing.
  
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then review your objection as soon as possible to determine whether we can legally comply with it.
  • If your data is used for direct marketing purposes, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If your data is used for profiling, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• Under Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (such as profiling).
• Under Article 77 of the GDPR, you have the right to lodge a complaint. This means that you may lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short:You have rights—don’t hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection laws or that your data protection rights have been infringed in any other way, you may file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found athttps://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact theFederal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Dr. Matthias Schmidl
Address: Barichgasse40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email:dsb@dsb.gv.at
Website:https://www.dsb.gv.at/

Data transfers to third countries

We transfer or process data to countries outside the scope of the GDPR (third countries) only if you consent to such processing or if there is another legal basis for doing so. This applies in particular when the processing is required by law or necessary to fulfill a contractual relationship, and in any case only to the extent that it is generally permitted. In most cases, your consent is the primary reason we process data in third countries. The processing of personal data in third countries such as the United States, where many software providers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly note that, according to the European Court of Justice, an adequate level of protection for data transfers to the United States currently exists only if a U.S. company that processes personal data of EU citizens in the United States is an active participant in the EU-U.S. Data Privacy Framework. For more information, please visit:https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by U.S. services that are not active participants in the EU-U.S. Data Privacy Framework may result in data being processed and stored without anonymization. Furthermore, U.S. government authorities may access specific data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Whenever possible, we strive to use server locations within the EU, if such options are available.
We provide more detailed information about data transfers to third countries in the relevant sections of this Privacy Policy, where applicable.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. In this way, we do everything in our power to make it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection through technology design and privacy-friendly default settings,” meaning that security must always be a priority—whether in software (e.g., forms) or hardware (e.g., access to the server room)—and appropriate measures must be implemented. Below, we will discuss specific measures where necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS sound very technical—and they are. We use HTTPS (which stands for “Hypertext Transfer Protocol Secure”) to transmit data over the internet in a way that prevents eavesdropping.
This means that the entire transmission of all data from your browser to our web server is secure—no one can “eavesdrop.”

This allows us to add an extra layer of security and ensure data protection through design (Article 25(1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol designed to ensure secure data transmission over the Internet, we can guarantee the protection of confidential data.
You can tell that this data transmission security feature is in use by the small padlock icon  in the top-left corner of the browser, to the left of the web address (e.g., examplepage.com) and the use of the https protocol (instead of http) as part of our web address.
If you’d like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.

Communication

When you contact us and communicate with us by phone, email, or through our online form, we may process your personal data.

The data is processed for the purpose of handling and addressing your inquiry and the related business transaction. The data will be stored for as long as necessary or as required by law.

Affected individuals

These changes affect everyone who contacts us through the communication channels we provide.

Phone

When you call us, the call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. In addition, data such as your name and phone number may subsequently be sent via email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business matter has been resolved and legal requirements permit.

Email

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted as soon as the matter has been resolved and legal requirements permit.

Online Forms

When you contact us via the online form, your data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data will be deleted as soon as the matter has been resolved and legal requirements permit.

Legal Basis

The processing of data is based on the following legal grounds:

• Art. 6(1)(a) GDPR (Consent): You give us your consent to store your data and to use it for purposes related to the business transaction;
• Art. 6(1)(b) of the GDPR (Contract): It is necessary for the performance of a contract with you or a processor, such as a telephone service provider, or we need to process the data for pre-contractual activities, such as preparing a quote;
• Art. 6(1)(f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communications in a professional manner. To do so, certain technical systems—such as email programs, Exchange servers, and mobile network operators—are necessary to ensure efficient communication.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a web browser. Some well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as your language or personal page settings. When you visit our site again, your browser sends this “user-specific” information back to our site. Thanks to cookies, our website recognizes you and provides you with the settings you’re accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following diagram illustrates a possible interaction between a web browser, such as Chrome, and a web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser uses again the next time a different page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your computer.

Here's an example of what cookie data might look like:

Name:_ga
Value:GA1.2.1326744211.152113107545-9
Purpose:To distinguish between website visitors
Expiration date:After 2 years

A browser should be able to support these minimum sizes:

• At least 4,096 bytes per cookie
• At least 50 cookies per domain
• At least 3,000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services we employ and are explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies
These cookiesare necessary to ensure the website’s basic functionality. For example, these cookies are needed when a user adds a product to their shopping cart, then browses other pages, and only proceeds to checkout later. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They are also used to measure the website’s loading time and performance across different browsers.

Functional cookies
These cookies improve the user experience. For example, they save locations, font sizes, or form data that you have entered.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalized ads to users. This can be very convenient, but it can also be very annoying.

Usually, when you visit a website for the first time, you’ll be asked which of these types of cookies you’d like to allow. And, of course, this decision is also stored in a cookie.

If you’d like to learn more about cookies and don’t mind reading technical documentation, we recommendhttps://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments titled “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. You can find more details below or by contacting the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it is not possible to generalize about what data is stored in cookies, but we will inform you about the data that is processed or stored in the following privacy policy.

How long cookies are stored

The duration for which cookies are stored depends on the specific cookie and is explained in more detail below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.

You also have control over how long cookies are stored. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies that are based on your consent will be deleted at the latest upon withdrawal of your consent, although the lawfulness of their storage up to that point remains unaffected.

Right to object – how can I delete cookies?

You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or allow only certain cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find these options in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing Cookies and Website Data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you do not want to accept cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide on a case-by-case basis whether to accept each cookie or not. The procedure varies depending on the browser. If you are using Chrome, we recommend searching for instructions on Google using the search terms “delete cookies Chrome” or “disable cookies Chrome.”

Legal basis

The so-called “Cookie Directive” has been in effect since 2009. It stipulates that the storage of cookies requires yourconsent(Article 6(1)(a) of the GDPR). However, reactions to this directive still vary widely among EU countries. In Austria, however, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directive was not implemented as national law. Instead, the directive was largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, even in the absence of consent, there arelegitimate interests(Article 6(1)(f) of the GDPR), which are typically of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often essential to achieve this.

Unless strictly necessary cookies are used, this will only occur with your consent. The legal basis for this is Article 6(1)(a) of the GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software in question uses cookies.

Which cookie management plugin do we use?

Zur Verwaltung der eingesetzten Cookies und ähnlichen Technologien (Tracking-Pixel, Web-Beacons etc.) und diesbezüglicher Einwilligungen setzen wir das Consent Tool „Real Cookie Banner“ ein. Details zur Funktionsweise von „Real Cookie Banner“ findest du unter <a href=“https://devowl.io/de/rcb/datenverarbeitung/“ rel=“noreferrer“ target=“_blank“>https://devowl.io/de/rcb/datenverarbeitung/</a>.

The legal basis for the processing of personal data in this context is Article 6(1)(c) of the GDPR and Article 6(1)(f) of the GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

Providing your personal data is neither required by contract nor necessary for entering into a contract. You are not obligated to provide your personal data. If you do not provide your personal data, we will not be able to manage your consents.

Web Hosting Introduction

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, and this applies to this website as well. This data should be processed as sparingly as possible and only for legitimate reasons. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the home page to the very last subpage (such as this one). By “domain,” we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We often just call them browsers or web browsers.

To display a website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it is typically handled by professional providers. These providers offer web hosting services, ensuring that website data is stored reliably and without errors. That’s a lot of technical terms, but please stick with it—it gets even better!

When your browser establishes a connection on your computer (desktop, laptop, tablet, or smartphone) and during the transfer of data to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time to ensure proper operation.

A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and ensuring smooth operation
2. to maintain operational and IT security
3. Anonymous analysis of user behavior to improve our services and, if necessary, for law enforcement purposes or to pursue claims

What data is processed?

Even as you are visiting our website right now, our web server—the computer on which this website is hosted—typically automatically stores data such as

• the full web address (URL) of the webpage being viewed
• Browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g.,https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which the request is being made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• in files known as web server log files

How long is data stored?

As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data with third parties; however, we cannot rule out the possibility that government authorities may access this data in the event of unlawful conduct.

In short:Your visit is logged by our provider (the company that hosts our website on special computers called servers), but we will not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Article 6(1)(f) of the GDPR (protection of legitimate interests), as the use of professional hosting services from a provider is necessary to present the company on the internet in a secure and user-friendly manner and, if necessary, to investigate any attacks or claims arising therefrom.

We generally have a contract with the hosting provider regarding data processing in accordance with Article 28 et seq. of the GDPR, which ensures compliance with data protection regulations and guarantees data security.

Website Builder Systems: Introduction

What are website builders?

We use a website builder for our website. Website builders are a specific type of content management system (CMS). With a website builder, website operators can create a website very easily and without any programming knowledge. In many cases, web hosting providers also offer website builders. When using a website builder, your personal data may be collected, stored, and processed. In this privacy notice, we provide you with general information about data processing by website builders. For more detailed information, please refer to the provider’s privacy policy.

Why do we use website builders for our website?

The biggest advantage of a modular system is its ease of use. We want to provide you with a clear, simple, and user-friendly website that we can easily manage and maintain ourselves—without any external assistance. Modular systems now offer many helpful features that we can use even without programming knowledge. This allows us to design our website exactly as we want and ensure that your visit is both informative and enjoyable.

What data is stored by a modular system?

Exactly what data is stored naturally depends on the website builder system used. Each provider processes and collects different types of data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your visit to the website is typically collected. In addition, tracking data (e.g., browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Furthermore, personal data may also be collected and stored. This usually includes contact information such as email address, phone number (if you have provided it), IP address, and geographic location data. You can find out exactly what data is stored in the provider’s privacy policy.

How long and where will the data be stored?

We provide further information below regarding the duration of data processing in connection with the website builder system used, to the extent that we have additional information on this matter. You can find detailed information on this in the provider’s privacy policy. In general, we process personal data only for as long as is strictly necessary to provide our services and products. The provider may store your data according to its own policies, over which we have no control.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the administrators of the website builder system used at any time. You can find their contact information either in our Privacy Policy or on the provider’s website.

You can delete, disable, or manage cookies that websites use for their functions in your browser. The process varies depending on which browser you use. Please note, however, that this may prevent some features from working as usual.

Legal basis

We have a legitimate interest in using a website builder to optimize our online service and present it to you in an efficient and user-friendly manner. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we will only use the website builder if you have given your consent.

Unless the processing of data is strictly necessary for the operation of the website, data will be processed only with your consent. This applies in particular to tracking activities. The legal basis for this is Article 6(1)(a) of the GDPR.

In this privacy policy, we have provided you with the most important general information regarding data processing. If you would like more detailed information on this topic, you can find additional details—where available—in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was founded in 2003 and, in a relatively short time, grew to become one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content in an attractive and organized manner. This content can include text, audio, and video.
By using WordPress, your personal data may also be collected, stored, and processed. Generally, mainly technical data such as operating system, browser, screen resolution, or hosting provider is stored. However, personal data such as IP address, geographic data, or contact information may also be processed.

Why do we use WordPress on our website?

We have many strengths, but actual programming isn't really one of our core competencies.

Still, we want a high-performance, visually appealing website that we can manage and maintain ourselves. With a website builder or a content management system like WordPress, that’s exactly what’s possible. With WordPress, we don’t need to be programming experts to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily even without any prior technical knowledge. If technical issues ever arise or we have specific requests for our website, we still have our specialists who are well-versed in HTML, PHP, CSS, and more.

Thanks to WordPress’s user-friendly interface and extensive features, we can design our website to meet your needs and provide you with a great user experience.

What data does WordPress process?

Non-personal data includes, for example, technical usage information such as browser activity, clickstream activity, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet service provider, and the date of your visit to the site.

In addition, personal data is also collected. This primarily includes contact information (email address or phone number, if you provide it), your IP address, or your geographic location.

WordPress may also use cookies to collect data. These cookies often track information about your behavior on our website. For example, they may track which pages you visit most frequently, how long you stay on individual pages, when you leave a page (bounce rate), or which preferences (e.g., language selection) you have set. Based on this data, WordPress can also better tailor its own marketing efforts to your interests and user behavior. Consequently, the next time you visit our website, it will be displayed exactly as you previously configured it.

WordPress may also use technologies such as pixel tags (web beacons) to, for example, clearly identify you as a user and potentially serve you interest-based ads.

How long and where will the data be stored?

How long the data is stored depends on various factors. Specifically, it depends primarily on the type of data stored and the website’s specific settings. Generally, WordPress deletes the data once it is no longer needed for its own purposes. There are, of course, exceptions, especially when legal obligations require data to be retained for a longer period. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. Until then, Automattic uses the data to analyze traffic on its own websites (such as all WordPress sites) and to resolve any potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for restoration; after that, it may remain in backups and caches until they are deleted. The data is stored on Automattic’s servers in the United States.

How can I delete my data or prevent it from being stored?

You have the right and the option to access your personal data at any time and to object to its use and processing. You may also file a complaint with a government regulatory authority at any time.

In your browser, you also have the option to manage, delete, or disable cookies individually. Please note, however, that disabling or deleting cookies may have a negative impact on the functionality of our WordPress site. Depending on which browser you use, the process for managing cookies works slightly differently. Under the “Cookies” section, you will find links to the relevant instructions for the most popular browsers.

Legal basis

If you have consented to the use of WordPress, this consent serves as the legal basis for the corresponding data processing. Pursuant to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during collection by WordPress.

We also have a legitimate interest in using WordPress to optimize our online service and present it to you in an appealing way. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use WordPress if you have given your consent.

WordPress and Automattic process your data in the United States, among other places. Automattic is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data belonging to EU citizens to the United States. For more information, please visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more details about the privacy policy and what data is processed by WordPress and how, please visithttps://automattic.com/privacy/.

Introduction to Web Analytics

What is web analytics?

We use software on our website to analyze the behavior of website visitors, commonly referred to as web analytics. This process involves the collection of data, which is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to generate analyses of user behavior on our website, which are then made available to us as the website operator. In addition, most tools offer various testing options. For example, this allows us to test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles may also be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to provide the best online experience in our industry. To achieve this goal, we aim to offer the best and most engaging content while ensuring that you feel completely at home on our website. Using web analytics tools, we can closely examine the behavior of our website visitors and then improve our website for both you and us accordingly. For example, we can determine the average age of our visitors, where they come from, when our website receives the most traffic, or which content or products are particularly popular. All of this information helps us optimize the website and tailor it to best meet your needs, interests, and preferences.

What data is processed?

Exactly what data is stored depends, of course, on the analytics tools used. However, as a rule, the following information is stored: what content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use to visit the website, and what operating system you use. If you have consented to the collection of location data, this information may also be processed by the web analytics tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally stored in a pseudonymized form (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analytics, and web optimization, no direct data—such as your name, age, address, or email address—is stored. All such data, if collected, is stored in pseudonymized form. This ensures that you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-side web tracking using JavaScript code.

How long the data is stored depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details on this matter. In general, we process personal data only for as long as is strictly necessary to provide our services and products. If required by law—as is the case with accounting, for example—this retention period may be extended.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained via our cookie pop-up. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for the processing of personal data, such as that collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our services both technically and economically. Using web analytics, we detect website errors, identify attacks, and improve cost-effectiveness. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should review the privacy policies of the respective tools.

Information about specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

What is Google Analytics?

We use the Google Analytics tracking tool, specifically Google Analytics 4 (GA4), on our website. This tool is provided by the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your activities on our website. However, by combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across different devices. This allows your activities to be analyzed across platforms.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us tailor our website and services to better meet your needs. Below, we’ll go into more detail about this tracking tool and, most importantly, explain what data is processed and how you can prevent this.

Google Analytics is a tracking tool used to analyze traffic on our website. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as a name or address, but is used to associate events with a device. GA4 uses an event-based model that captures detailed information about user interactions, such as page views, clicks, scrolling, and conversion events. In addition, various machine learning functions have been integrated into GA4 to better understand user behavior and certain trends. GA4 relies on modeling using machine learning functions. This means that, based on the collected data, missing data can also be extrapolated to optimize the analysis and enable forecasting.

For Google Analytics to function properly, a tracking code is embedded in our website’s code. When you visit our website, this code records various actions you perform on our site. With GA4’s event-based data model, we as website operators can define and track specific events to analyze user interactions. This allows us to track not only general information such as clicks or page views, but also specific events that are important to our business. Such specific events could include, for example, submitting a contact form or purchasing a product.

As soon as you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data and provides us with reports on your user behavior. These reports may include, among other things:

• Target Audience Reports: Target audience reports help us get to know our users better and gain a clearer understanding of who is interested in our service.
• Ad reports: Ad reports help us analyze and improve our online advertising.
• Acquisition reports: Acquisition reports provide us with helpful insights into how we can attract more people to our service.
• Behavioral reports: These reports show us how you interact with our website. We can track your path through our site and see which links you click on.
• Conversion Reports: A conversion is a process in which you take a desired action in response to a marketing message. For example, when you go from being a casual website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are resonating with you. Our goal is to increase our conversion rate.
• Real-time reports: Here, we always know immediately what’s happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features, among others:

• Event-based data model: This model tracks very specific events that can occur on our website. For example, playing a video, purchasing a product, or signing up for our newsletter.
• Advanced analytics features: These features allow us to gain a deeper understanding of your behavior on our website and identify general trends. For example, we can segment user groups, conduct comparative analyses of target audiences, or track your journey or path through our website.
• Predictive modeling: Using machine learning, missing data can be extrapolated based on collected data to predict future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: We can collect and analyze data from both websites and apps. This allows us to analyze user behavior across platforms, provided, of course, that you have consented to the processing of your data.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of our website’s strengths and weaknesses. On the one hand, this allows us to optimize our site so that interested people can find it more easily on Google. On the other hand, the data helps us better understand you as a visitor. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also helps us tailor our advertising and marketing efforts to be more personalized and cost-effective. After all, it only makes sense to showcase our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to generate a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored along with this user ID. This is what makes it possible to analyze pseudonymous user profiles.

To analyze our website using Google Analytics, a property ID must be included in the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is selected by default. Depending on the property used, data is stored for varying lengths of time.

Using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are tracked across platforms, provided you have given your consent. Interactions include all types of actions you perform on our website. If you also use other Google systems (such as a Google Account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may apply if required by law.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses IP address data to determine location information and deletes it immediately afterward. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies than earlier versions (such as Google Universal Analytics). However, there are still some specific cookies used by GA4. These include, for example:

Name:_ga
Value: 2.1326744211.152113107545-5
Purpose:By default, analytics.js uses the _ga cookie to store the user ID. Its primary purpose is to distinguish between website visitors.
Expiration date:after 2 years

Name:_gid
Value: 2.1687193234.152113107545-1
Purpose:This cookie is also used to distinguish between website visitors
Expiration date:after 24 hours

Name: _gat_gtag_UA_<property-id>
Wert: 1
Verwendungszweck: Wird zum Senken der Anforderungsrate verwendet. Wenn Google Analytics über den Google Tag Manager bereitgestellt wird, erhält dieser Cookie den Namen _dc_gtm_ <property-id>.
Ablaufdatum: nach 1 Minute

Note:This list is not exhaustive, as Google frequently updates its cookie settings. One of GA4’s goals is to improve data protection. As a result, the tool offers several options for controlling data collection. For example, we can specify the retention period ourselves and also manage data collection.

Here is an overview of the main types of data collected by Google Analytics:

Heatmaps:Google creates heatmaps. Heatmaps show exactly which areas you click on. This gives us information about where you are navigating on our site.

Session duration:Google defines session duration as the amount of time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave the site.

Account creation:When you create an account or place an order on our website, Google Analytics collects this data.

Location:IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, it is used to derive location data.

Technical information:Technical information includes, among other things, your browser type, your internet service provider, and your screen resolution.

Source:Google Analytics; of course, we are also interested in knowing which website or advertisement brought you to our site.

Other data includes contact information, any reviews, media playback (e.g., when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and is intended only as a general guide to the data collected by Google Analytics.

How long and where will the data be stored?

Google has servers located all over the world. You can find out exactly where Google's data centers are located here:https://datacenters.google/

Your data is distributed across various physical storage devices. This has the advantage of making the data more readily accessible and better protected against tampering. Every Google data center has appropriate contingency plans in place for your data. For example, even if Google’s hardware fails or natural disasters bring servers to a standstill, the risk of a service interruption at Google remains low.

The retention period for the data depends on the properties used. The retention period is always set individually for each property. Google Analytics offers four options for controlling the retention period:

• 2 months: that is the shortest retention period.
• 14 months: By default, data is stored in GA4 for 14 months.
• 26 months: You can also store the data for 26 months.
• Data is only deleted when we delete it manually

Additionally, there is also the option to have your data deleted only after you have not visited our website for the period we have selected. In this case, the retention period is reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data associated with cookies, user identification, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored separately from user data. Aggregated data is a combination of individual data points into a larger unit.

How can I delete my data or prevent it from being stored?

Under European Union data protection law, you have the right to access, update, delete, or restrict the use of your data. By using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download and install the browser add-on athttps://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you wish to disable, delete, or manage cookies, you will find links to the relevant instructions for the most popular browsers in the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained via our cookie pop-up. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for the processing of personal data, such as that collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our services both technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks, and improve cost-effectiveness. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Google Analytics to the extent that you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data from EU citizens to the United States. For more information, please visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found athttps://business.safety.google/intl/de/adsprocessorterms/.

We hope we’ve been able to provide you with the most important information about how Google Analytics processes data. If you’d like to learn more about this tracking service, we recommend these two links:https://marketingplatform.google.com/about/analytics/terms/de/andhttps://support.google.com/analytics/answer/6004245?hl=de.

If you would like to learn more about data processing, please refer to Google's Privacy Policy athttps://policies.google.com/privacy?hl=de.

Google Analytics reports on demographic characteristics and interests

We have enabled advertising reporting features in Google Analytics. The reports on demographic characteristics and interests include information on age, gender, and interests. This allows us to gain a better understanding of our users—without being able to link this data to specific individuals. You can learn more about the advertising features athttps://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can opt out of the use of your Google Account activity and information by checking the box under “Ad Settings” athttps://adssettings.google.com/authenticated.

Google Analytics in consent mode

Depending on your consent, your personal data will be processed by Google Analytics in what is known as “Consent Mode.” You can choose whether or not to consent to Google Analytics cookies. By doing so, you also choose which data Google Analytics is permitted to process about you. This collected data is primarily used to measure user behavior on the website, display targeted advertising, and provide us with web analytics reports. Typically, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be attributed to individual users, and therefore no user profile of you will be created. You may also consent only to statistical measurement. In this case, no personal data is processed and consequently not used for advertising or to measure advertising success.

Email Marketing Introduction

What is email marketing?

To keep you up to date, we also use email marketing. In this context, provided you have consented to receiving our emails or newsletters, we will process and store your data. Email marketing is a subset of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested in them.

If you would like to subscribe to our email marketing (usually via newsletter), you typically just need to sign up with your email address. To do so, simply fill out an online form and submit it. However, we may also ask for your title and name so that we can address you personally.

Generally, newsletter subscriptions work using the so-called “double opt-in process.” After you subscribe to our newsletter on our website, you will receive an email asking you to confirm your subscription. This ensures that the email address belongs to you and that no one has subscribed using someone else’s email address. We, or a notification tool we use, log every single subscription. This is necessary so that we can verify that the subscription process was carried out in accordance with legal requirements. Typically, the time of subscription, the time of confirmation, and your IP address are stored. Additionally, any changes you make to your stored data are also logged.

Why do we use email marketing?

Of course, we want to stay in touch with you and keep you updated on the most important news about our company. To this end, we use email marketing—often simply referred to as “newsletters”—as a key component of our online marketing strategy. Provided you consent or it is permitted by law, we will send you newsletters, system emails, or other notifications via email. When we use the term “newsletter” in the following text, we mainly refer to emails sent on a regular basis. Of course, we do not want to bother you in any way with our newsletters. That is why we always strive to provide only relevant and interesting content. For example, you can learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed whenever there is news or when we are currently offering special, lucrative promotions. If we engage a service provider that offers a professional mailing tool for our email marketing, we do so to ensure we can deliver newsletters to you quickly and securely. The primary purpose of our email marketing is to inform you about new offers and to help us achieve our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your subscription to an email list via email. In addition to your IP address and email address, your title, name, address, and phone number may also be stored. However, this will only occur if you consent to the storage of this data. The data marked as such is necessary for you to use the service we offer. Providing this information is voluntary; however, failure to do so will prevent you from using the service. Additionally, information about your device or your preferred content on our website may also be stored. You can find more information about data storage when you visit a website in the section “Automatic Data Storage.” We record your declaration of consent so that we can always demonstrate that it complies with our laws.

Duration of data processing

If you unsubscribe from our email/newsletter mailing list, we may retain your email address for up to three years based on our legitimate interests, so that we can still demonstrate your prior consent. We may only process this data if we need to defend ourselves against any potential claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you may submit a request to have your data deleted at any time. If you permanently revoke your consent, we reserve the right to add your email address to a block list. As long as you have voluntarily subscribed to our newsletter, we will, of course, continue to retain your email address.

Right to object

You can unsubscribe from our newsletter at any time. To do so, simply revoke your consent to receive the newsletter. This usually takes just a few seconds or one or two clicks. You’ll usually find a link to unsubscribe from the newsletter right at the bottom of each email. If you really can’t find the link in the newsletter, please contact us by email and we’ll cancel your newsletter subscription immediately.

Legal basis

We send our newsletter based on your consent (Article 6(1)(a) of the GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you promotional messages if you have become a customer and have not objected to the use of your email address for direct marketing.

Information about specific email marketing services and how they process personal data—where available—can be found in the following sections.

Messaging & Communication Introduction

What are messaging and communication features?

We offer various ways to contact us on our website (such as messaging and chat features, online and contact forms, email, and phone). In doing so, we process and store your data to the extent necessary to respond to your inquiry and take subsequent action.

In addition to traditional communication channels such as email, contact forms, and the phone, we also use chat and messaging apps. The most commonly used messaging app at present is WhatsApp, but there are, of course, many different providers that offer messaging features specifically for websites. If content is end-to-end encrypted, this is noted in the individual privacy notices or in the privacy policy of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Why do we use messaging and communication features?

We place great importance on being able to communicate with you. After all, we want to talk to you and answer any questions you may have about our service as best as possible. Effective communication is an essential part of our service. With our convenient messenger and communication features, you can always choose the method you prefer. However, in rare cases, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when internal contractual matters are involved. In such instances, we recommend alternative communication methods such as email or phone.

We generally assume that we remain the data controller under data protection law, even when we use the services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 of the GDPR. Where this is the case, we will make a separate note of it and operate on the basis of a relevant agreement. The key terms of the agreement are set out below for the relevant platform.

Please note that when you use our integrated features, your data may be processed outside the European Union, as many providers—such as Facebook Messenger or WhatsApp—are U.S. companies. As a result, you may find it more difficult to exercise or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the specific provider of the messaging and communication features. Generally, this includes data such as your name, address, phone number, and email address, as well as content data—for example, any information you enter into a contact form. In most cases, information about your device and your IP address is also stored. Data collected through a messaging and communication feature is also stored on the providers’ servers.

If you want to know exactly what data is stored and processed by each provider and how you can object to the processing of your data, you should carefully read the company’s privacy policy.

How long is data stored?

How long data is processed and stored depends primarily on the tools we use. Below, you can learn more about how each tool processes data. The providers’ privacy policies typically specify exactly which data is stored and processed, and for how long. As a general rule, personal data is processed only for as long as is necessary to provide our services. When data is stored in cookies, the retention period varies significantly. The data may be deleted immediately after leaving a website, but it may also remain stored for several years. Therefore, you should examine each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative details about individual cookies in the privacy policies of the respective providers.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser. For more information, please refer to the section on consent.

Since cookies may be used in messenger and communication features, we also recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, please read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through integrated messenger and communication features, this consent serves as the legal basis for data processing(Art. 6(1)(a) GDPR). We process your request and manage your data within the framework of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to respond to inquiries. The basis for this isArt. 6(1)(b) GDPR. In principle, if consent has been given, your data is also stored and processed on the basis of our legitimate interest(Art. 6(1)(f) GDPR)in fast and effective communication with you or other customers and business partners.

Telegram Privacy Policy

What is Telegram?

We also use the instant messaging service Telegram. The service is provided by the international company Telegram Messenger LLP, which is registered at a London address (71-75 Shelton Street, Covent Garden, London, United Kingdom) and was developed in Russia.

Telegram was founded in 2013 by Nikolai and Pavel Durov. Since the Telegram team considers itself to be “digital nomads,” it’s never quite clear where they’re working. The Telegram website also lacks a legal notice.
Similar to other messaging services, such as WhatsApp, Telegram allows you to send messages, photos, videos, and other files, as well as make phone calls. This messaging service has grown increasingly popular in recent years. By 2022, it already had over 700 million users.
When you use Telegram, personal data is processed and stored on Telegram’s servers. In addition to chat messages, this includes sent photos, videos, and profile data, IP addresses, and synced contacts. While Telegram encrypts data between the server and your device, it can only offer end-to-end encryption for secret chats. Data stored in the cloud is accessible to the company and third-party providers.

Why do we use Telegram?

Many people now use Telegram as an alternative to other messaging services, such as WhatsApp. We want to stay in touch with you, and the best way to do that is through an instant messaging service that many of our customers also use. The service works flawlessly, is convenient, and makes it easy for us to communicate with you.

What data does Telegram process?

When you use Telegram, various types of data—including personal data—may be processed. This includes account information such as your phone number, profile picture, username, or other information you provide to Telegram when creating and managing your account. Of course, Telegram also stores the content of your messages (text, photos, videos, voice messages). Telegram also stores so-called metadata, such as the date and time a message was sent or received. Telegram can also access your contacts to enable communication with them. Additionally, technical data such as device type, operating system, or location data is stored.

How long and where will the data be stored?

In general, Telegram stores data for as long as necessary to fulfill its legitimate purposes and comply with legal obligations. It is not possible to provide a specific answer here regarding exactly how long the data is stored, as this depends heavily on the type of data. According to Telegram, data is stored for up to 12 months. The data is stored on Telegram’s own servers, which are located around the world. Unfortunately, the exact locations of these servers are not known.

How can I delete my data or prevent it from being stored?

You have the right to access, correct, or delete your personal data, as well as to restrict its processing, at any time. You may also withdraw your consent to the processing of your data at any time. You can delete individual messages and entire chat histories directly within Telegram. Additionally, you can deactivate or delete your account in the settings. Initially, a copy of the data will be deleted, and it may take some time for the data to be deleted from the Telegram servers as well.

Legal basis

The use of Telegram requires your consent, which we have obtained via our consent tool (pop-up). Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may be collected by Telegram.

In addition to your consent, we have a legitimate interest in improving our communication services. With the help of Telegram, we can respond to your inquiries more quickly and effectively, share important updates with you, and thereby take our service to the next level. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Telegram if you have given your consent.

For more information about the data processed when using Telegram, please see the Privacy Policy athttps://telegram.org/privacy.

WhatsApp Privacy Policy

What is WhatsApp?

We use the instant messaging service WhatsApp on our website. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. (formerly Facebook Inc. until October 2021). For the European region, the company responsible is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We probably don’t need to introduce WhatsApp to you in detail. The likelihood that you yourself use this well-known messaging service on your smartphone is quite high. For many years, there have been voices criticizing WhatsApp—or rather its parent company, Meta Platforms—regarding its handling of personal data. In recent years, the main criticism has centered on the merging of WhatsApp user data with Facebook. In response, Facebook took action in 2021 and updated its Terms of Service. In the update, Facebook stated that currently (as of 2021), no personal data from WhatsApp users is shared with Facebook.
Nevertheless, WhatsApp naturally processes a significant amount of your personal data, provided you use WhatsApp and have consented to data processing. In addition to your phone number and chat messages, this includes photos, videos, and profile data you’ve sent. However, photos and videos are only temporarily stored, and all messages and phone calls are protected by end-to-end encryption. This means they shouldn’t be accessible even to Meta itself. Additionally, information from your address book and other metadata are also stored by WhatsApp.

Why do we use WhatsApp?

We want to stay in touch with you, and WhatsApp is the best way to do that. For one thing, the service works flawlessly; for another, WhatsApp is still the most widely used instant messaging tool worldwide. The service is convenient and allows us to communicate with you quickly and easily.

What data does WhatsApp process?

When you use WhatsApp, various types of data—including personal data—may be processed. This includes account information such as your phone number, profile picture, username, or other information you provide to WhatsApp when creating and managing your WhatsApp account. Of course, WhatsApp also stores the content of your messages (text, photos, videos, voice messages). WhatsApp also stores so-called metadata, such as the date and time a message was sent or received. It also stores the phone numbers of the people involved and technical data such as device type, operating system, or location data.

How long and where will the data be stored?

In general, WhatsApp stores data for as long as necessary to fulfill its legitimate purposes and legal obligations. It is not possible to provide a specific answer here regarding exactly how long the data is stored, as this depends heavily on the type of data. As a rule, messages are stored in encrypted form on WhatsApp only during delivery and are deleted from the servers as soon as a message has been delivered. Beyond that, messages are stored only on your own device. When media files are sent, WhatsApp stores this data in encrypted form for up to 30 days to optimize delivery. Account data is stored for as long as you have an active WhatsApp account. If you delete or deactivate the account, your account data is normally deleted as well. The data stored by WhatsApp is kept on the company’s own servers, which are distributed around the world. To operate the web-based WhatsApp services, data is also collected using cookies.

How can I delete my data or prevent it from being stored?

You have the right at any time to access, correct, or delete your personal data, or to restrict its processing. You may also withdraw your consent to the processing of your data at any time.

If you do not want cookies to be set and data to be stored when using the desktop version, you can prevent cookies from being set in your browser. You can manage, disable, or delete cookies in your browser. The process varies slightly depending on your browser. For more information, please see our section on cookies.

Legal basis

The use of WhatsApp requires your consent, which we have obtained via our consent tool (pop-up). Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may be collected by WhatsApp.

In addition to your consent, we have a legitimate interest in improving our communication channels. With the help of WhatsApp, we can respond to your inquiries more quickly and effectively, share important updates with you, and thereby take our service to the next level. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use WhatsApp if you have given your consent.

WhatsApp processes your data in the United States, among other places. WhatsApp is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data belonging to EU citizens to the United States. For more information, visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, WhatsApp uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, WhatsApp commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For information on data transfers via WhatsApp that comply with the Standard Contractual Clauses, please visithttps://www.whatsapp.com/legal/business-data-transfer-addendum-20210927

We hope we’ve helped you understand the key information about how WhatsApp uses and processes data. You can learn more about the data processed when using WhatsApp in the Privacy Policy athttps://www.whatsapp.com/privacy.

Introduction to Social Media

What is social media?

In addition to our website, we are also active on various social media platforms. In doing so, we may process user data so that we can target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a so-called social media button on our website and are redirected directly to our social media presence. The term “social media” refers to websites and apps through which registered members can create content, share content publicly or within specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Through our social media presence, we can introduce our products and services to potential customers. The social media elements integrated into our website allow you to quickly and easily access our social media content.

The data stored and processed through your use of a social media platform is primarily intended to enable web analytics. The goal of these analytics is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are placed in your browser for this purpose to store data about your usage behavior.

We generally assume that we remain the data controller under data protection law, even when we use the services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 of the GDPR. Where this is the case, we will make a separate note of it and operate on the basis of a relevant agreement. The key terms of the agreement are then set out below for the relevant platform.

Please note that when you use social media platforms or our embedded features, your data may also be processed outside the European Union, as many social media channels—such as Facebook or Twitter—are U.S.-based companies. As a result, you may find it more difficult to exercise or enforce your rights regarding your personal data.

What data is processed?

Exactly what data is stored and processed depends on the specific social media platform provider. However, it typically includes data such as phone numbers, email addresses, information you enter into a contact form, user data (such as which buttons you click, who you like or follow, and when you visited which pages), information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media platform you’re visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data social media providers store and process, and how you can object to this data processing, you should carefully read the company’s privacy policy. If you have questions about data storage and processing or wish to exercise your rights in this regard, we recommend that you contact the provider directly.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with your own user data is deleted within two days. In general, we process personal data only for as long as is strictly necessary to provide our services and products. If required by law—as is the case with accounting, for example—this retention period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers, such as embedded social media elements, at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing(Art. 6(1)(a) GDPR). In principle, if consent has been given, your data is also stored and processed on the basis of our legitimate interest(Art. 6(1)(f) GDPR)in maintaining fast and effective communication with you or other customers and business partners. However, we only use these tools to the extent that you have given your consent. Most social media platforms also place cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific social media platforms—if available—can be found in the following sections.

Blogs and Publications Introduction

What are blogs and publishing platforms?

We use blogs and other communication tools on our website that allow us to communicate with you and you to communicate with us. In doing so, we may store and process your data. This may be necessary to ensure that content is displayed correctly, communication functions properly, and security is enhanced. Our privacy policy provides a general overview of what data from you may be processed. Specific details regarding data processing always depend on the tools and features used. You can find detailed information about data processing in the privacy policies of the individual providers.

Why do we use blogs and other publishing platforms?

Our main goal with this website is to provide you with interesting and engaging content, and we also value your opinions and contributions. That’s why we want to foster a meaningful interactive exchange between us and you. With a variety of blogs and opportunities to contribute, we can achieve exactly that. For example, you can leave comments on our content, respond to other comments, or, in some cases, write your own posts.

What data is processed?

Exactly which data is processed depends on the communication features we use. Very often, we store your IP address, username, and the content you post. We do this primarily to ensure security, prevent spam, and take action against illegal content. Cookies may also be used for data storage. These are small text files that are stored in your browser along with information. You can find more details about the data collected and stored in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We provide further information below regarding the duration of data processing, to the extent that we have additional details. For example, post and comment features store data until you revoke your consent to data storage. In general, personal data is stored only for as long as is strictly necessary to provide our services.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party communication tools at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may also be used by publishing platforms, we recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, please read the privacy policies of the respective tools.

Legal basis

We use these communication tools primarily on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in maintaining prompt and effective communication with you or other customers, business partners, and visitors. To the extent that such use serves to fulfill contractual obligations or to initiate contractual relationships, the legal basis is also Art. 6(1)(b) GDPR.

Certain processing activities, in particular the use of cookies and the use of comment or messaging features, require your consent. If and to the extent that you have consented to the processing and storage of your data by embedded publishing platforms, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the communication features we use place cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools—if available—can be found in the following sections.

Blog Posts and Comment Features Privacy Policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment features. This gives you the opportunity to comment on content or write posts. If you use this feature, your IP address may be stored for security reasons. This helps us protect against illegal content such as insults, unauthorized advertising, or prohibited political propaganda. To determine whether comments are spam, we may also store and process user data based on our legitimate interest. If we launch a survey, we will also store your IP address for the duration of the survey to ensure that all participants vote only once. Cookies may also be used for storage purposes. All data we store about you (such as content or personal information) will remain stored until you object.

Cookie Consent Management Platform Introduction

What is a cookie consent management platform?

We use a Consent Management Platform (CMP) on our website that makes it easier for both us and you to manage the scripts and cookies used correctly and securely. The software automatically displays a cookie pop-up, scans and monitors all scripts and cookies, provides the cookie consent required by data protection laws, and helps both us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following diagram illustrates the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to provide you with the highest possible level of transparency regarding data protection. We are also legally required to do so. We want to inform you as clearly as possible about all the tools and cookies that may store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies are present on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Using our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. Your consent is stored so that we do not have to ask for it every time you visit our website and so that we can provide proof of your consent if required by law. This information is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (such as a pseudonymous user ID, the time of consent, details regarding cookie categories or tools, browser, and device information) is stored for up to two years.

Duration of data processing

We provide information below regarding the duration of data processing, provided we have further details on this matter. In general, we process personal data only for as long as is strictly necessary to provide our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. You can usually find detailed information about the duration of data processing in the respective privacy policies of the individual providers.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

You can find information about specific cookie management tools—if available—in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies based on yourconsent(Article 6(1)(a) of the GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. To manage consent for cookies and enable you to provide consent, we use cookie consent management platform software. The use of this software allows us to operate the website efficiently and in compliance with the law, which constitutes alegitimate interest(Article 6(1)(f) GDPR).

Security & Anti-Spam

What is security and anti-spam software?

With security and anti-spam software, you and we can protect ourselves from various spam and phishing emails, as well as other potential cyberattacks. Spam refers to unsolicited bulk promotional emails that you did not request. Such emails are also known as junk mail and can incur costs. Phishing emails, on the other hand, are messages designed to build trust through fake messages or websites in order to obtain personal data. Anti-spam software generally protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security and anti-spam software?

We place a particularly high priority on security on our website. After all, it’s not just about our security, but above all about yours. Unfortunately, cyber threats have become an everyday reality in the world of IT and the internet. Hackers often attempt to steal personal data from IT systems through cyberattacks. That is why a robust defense system is absolutely essential. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater protection against cyberattacks, we use additional external security services in addition to the standard security systems on our computers. This helps prevent unauthorized data traffic, thereby protecting us from cybercrime.

What data is processed by security and anti-spam software?

Exactly what data is collected and stored naturally depends on the specific service. However, we always strive to use only programs that collect data sparingly or store only the data necessary to provide the service offered. In general, the service may store data such as your name, address, IP address, email address, and technical data such as browser type or browser version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. This data is processed within the scope of the services and in compliance with applicable laws. This includes the GDPR for U.S. providers (via the Standard Contractual Clauses). In some cases, these security services also collaborate with third-party providers who may store and/or process data under instruction and in accordance with the privacy policy and other security measures. Data storage is typically carried out via cookies.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details. For example, security programs store data until you or we revoke consent for data storage. In general, personal data is stored only for as long as is strictly necessary to provide the services. Unfortunately, in many cases, we do not receive precise information from providers regarding the duration of storage.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party security software at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since such security services may also use cookies, we recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

We use these security services primarily on the basis of our legitimate interests (Art. 6(1)(f) of the GDPR) in maintaining a robust security system against various cyberattacks.

Certain processing activities, in particular the use of cookies and security features, require your consent. If you have consented to the processing and storage of your data by integrated security services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use place cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools—if available—can be found in the following sections.

Google reCAPTCHA Privacy Policy

What is reCAPTCHA?

Our primary goal is to secure and protect our website as effectively as possible for both you and us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can verify that you are indeed a real person and not a robot or other spam software. By spam, we mean any unsolicited information sent to us electronically without our request. With traditional CAPTCHAs, you usually had to solve text or image puzzles for verification. With Google’s reCAPTCHA, we usually don’t have to bother you with such puzzles. In most cases, it’s enough for you to simply check a box to confirm that you’re not a bot. With the new Invisible reCAPTCHA version, you don’t even have to check a box anymore. You’ll learn exactly how this works and, most importantly, what data is used for this purpose in the course of this privacy policy.

reCAPTCHA is a free CAPTCHA service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when filling out forms online. A CAPTCHA service is a type of automated Turing test designed to ensure that an action on the internet is performed by a human and not by a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the difference between a bot and a human. With CAPTCHAs, this task is performed by a computer or software program. Classic CAPTCHAs use simple tasks that are easy for humans to solve but pose significant difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk assessment techniques to distinguish humans from bots. Here, you only need to check the “I’m not a robot” box—or, with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is embedded in the source code, and the tool then runs in the background, analyzing your user behavior. Based on these user actions, the software calculates a so-called Captcha score. Google uses this score to calculate, even before you enter the CAPTCHA, how likely it is that you are a human. reCAPTCHA—and CAPTCHAs in general—are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome real people to our site. Bots and spam software of any kind are welcome to stay home. That’s why we’re doing everything we can to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This allows us to be fairly certain that our website remains “bot-free.” By using reCAPTCHA, data is transmitted to Google to verify that you are indeed a human. reCAPTCHA thus serves to ensure the security of our website and, consequently, your security as well. For example, without reCAPTCHA, a bot could register as many email addresses as possible during the registration process and then “spam” forums or blogs with unwanted advertising content. With reCAPTCHA, we can prevent such bot attacks.

What data does reCAPTCHA store?

reCAPTCHA collects personal data from users to determine whether the actions on our website are actually performed by humans. This means that the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always truncated within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data reaches a server in the United States. The IP address is not combined with other data from Google unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already present in your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data is not intended to be exhaustive. Rather, it consists of examples of data that, to the best of our knowledge, is processed by Google.

• Referrer URL (the address of the page the visitor came from)
• IP address (e.g., 256.123.123.1)
• Information about the operating system (the software that enables your computer to run. Common operating systems include Windows, Mac OS X, and Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard activity (every action you perform with the mouse or keyboard is recorded)
• Date and language settings (the language and date format you have set as default on your PC will be saved)
• All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can group all kinds of data under a single name)
• Screen resolution (indicates the number of pixels that make up the image)

It is undisputed that Google uses and analyzes this data even before you click the “I’m not a robot” checkbox. With the Invisible reCAPTCHA version, you don’t even have to check the box—the entire verification process takes place in the background. Google does not provide detailed information about exactly how much data it stores or what specific data it collects.

The following cookies are used by reCAPTCHA: We are referring here to Google’s reCAPTCHA demo version athttps://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA sets in the demo version:

Name:IDE
Value:WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-113107545-8
Purpose:This cookie is set by DoubleClick (which is owned by Google) to track and report a user’s interactions with advertisements on the website. This allows advertising effectiveness to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date:after one year

Name:1P_JAR
Value:2019-5-14-12
Purpose:This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie prevents a user from seeing the same ad more than once.
Expiration date:after one month

Name:ANID
Value:U7j1v3dZa1131075450xgZFmiqWppRWKOr
Purpose:We were unable to find much information about this cookie. In Google’s Privacy Policy, the cookie is mentioned in connection with “advertising cookies” such as “DSID,” “FLC,” “AID,” and “TAID.” ANID is stored under the domain google.com.
Expiration date:after 9 months

Name:CONSENT
Value: YES+AT.de+20150628-20-0
Purpose:This cookie stores the status of a user's consent to use various Google services. CONSENT also serves security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date:after 19 years

Name:NID
Value:0WmuWqy113107545zILzqV_nmt3sDXwPeM5Q
Purpose:NID is used by Google to tailor ads to your Google searches. With the help of this cookie, Google “remembers” your most frequently entered search queries or your previous interactions with ads. This ensures you always receive personalized ads. The cookie contains a unique ID to collect the user’s personal settings for advertising purposes.
Expiration date:after 6 months

Name:DV
Value:gEAABBCjJMXcI0dSAAAANbqc113107545-4
Purpose:This cookie is set as soon as you check the “I’m not a robot” box. This cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymized form and is also used to distinguish between users.
Expiration date:after 10 minutes

Note: Thislist is not exhaustive, as Google has a history of periodically changing the cookies it uses.

How long and where will the data be stored?

When you use reCAPTCHA, your data is transmitted to Google’s servers. Even after repeated inquiries, Google has not clearly specified exactly where this data is stored. In the absence of confirmation from Google, it can be assumed that data such as mouse interactions, time spent on the website, or language settings are stored on Google’s European or U.S. servers. The IP address that your browser transmits to Google is generally not combined with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plugin, the data will be combined.In this case, Google’s separate privacy policy applies.

How can I delete my data or prevent it from being stored?

If you do not want any data about you or your behavior to be transmitted to Google, you must completely log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. Generally, data is automatically transmitted to Google as soon as you visit our site. To delete this data, you must contact Google Support athttps://support.google.com/?hl=de&tid=113107545.

Therefore, by using our website, you agree that Google LLC and its affiliates may automatically collect, process, and use data.

Please note that when using this tool, your data may be stored and processed outside the EU. Under current European data protection law, most third countries (including the United States) are considered unsafe. Data may therefore not simply be transferred to, stored in, or processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) in place between us and the non-European service provider.

Legal basis

If you have consented to the use of Google reCAPTCHA, this consent serves as the legal basis for the corresponding data processing. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during collection by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Google reCAPTCHA if you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data from EU citizens to the United States. For more information, please visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found athttps://business.safety.google/intl/de/adsprocessorterms/.

You can learn more about reCAPTCHA on Google’s web developer page athttps://developers.google.com/recaptcha/. While Google provides a detailed overview of the technical aspects of reCAPTCHA there, you won’t find specific information about data storage or privacy-related issues. You can find a good overview of Google’s general use of data in its privacy policy athttps://policies.google.com/privacy.

Payment Providers: Introduction

What is a payment provider?

We use online payment systems on our website that enable us and you to complete the payment process securely and smoothly. In doing so, personal data may be sent to, stored by, and processed by the respective payment provider. Payment providers are online payment systems that allow you to place an order via online banking. In this process, payment processing is carried out by the payment provider you have selected. We then receive notification of the completed payment. This method can be used by any user who has an active online banking account with a PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

Of course, we want our website and integrated online store to provide the best possible service so that you feel comfortable browsing our site and taking advantage of our offers. We know that your time is valuable and that payment processing, in particular, needs to be quick and seamless. For these reasons, we offer a variety of payment providers. You can choose your preferred payment provider and pay in the way you’re used to.

What data is processed?

Exactly which data is processed naturally depends on the specific payment provider. However, in general, data such as your name, address, and banking information (account number, credit card number, passwords, TANs, etc.) is stored. This data is necessary to carry out a transaction at all. In addition, any contract data and user data—such as when you visit our website, what content you are interested in, or which subpages you click on—may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is generally stored and processed on the payment providers’ servers. As the website operator, we do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. The terms and conditions and privacy policies of the respective provider always apply to all payment transactions. Therefore, please always review the payment provider’s Terms and Conditions and Privacy Policy. You also have the right at any time to have data deleted or corrected, for example. Please contact the respective service provider regarding your rights (right of withdrawal, right to information, and right to object).

Duration of data processing

We provide information below regarding the duration of data processing, provided we have further details on this matter. In general, we process personal data only for as long as is strictly necessary to provide our services and products. If required by law, such as in the case of accounting, this retention period may be exceeded. For example, we retain accounting documents related to a contract (invoices, contract documents, bank statements, etc.) for 10 years (Section 147 of the German Fiscal Code) and other relevant business documents for 6 years (Section 247 of the German Commercial Code) from the date they are generated.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the data controller of the payment provider used at any time. You can find their contact information either in our specific privacy policy or on the payment provider’s website.

You can delete, disable, or manage cookies used by payment providers for their functions in your browser. The process varies depending on which browser you use. Please note, however, that this may prevent the payment process from working properly.

Legal basis

We therefore offer other payment service providersin addition totraditional banks and credit institutions for the purpose of managing contractual or legal relationships(Art. 6(1)(b) GDPR). The privacy policies of the individual payment providers (such asAmazon Payments,Apple Pay, orDiscover) provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions regarding data protection.

You can find information about specific payment providers—if available—in the following sections.

eps Transfer Privacy Policy

We use eps-Überweisung, an online payment service, on our website. The service provider is the Austrian company Stuzza GmbH, located at Frankgasse 10/8, 1090 Vienna, Austria.

Mehr über die Daten, die durch die Verwendung von eps-Überweisung verarbeitet werden, erfahren Sie in der Datenschutzerklärung auf https://eservice.psa.at/de/datenschutzerklaerung.html.

Klarna Checkout Privacy Policy

What is Klarna Checkout?

We use the online payment system Klarna Checkout, provided by the Swedish company Klarna Bank AB, on our website. Klarna Bank is headquartered at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose this service, personal data, among other things, will be sent to, stored by, and processed by Klarna. In this privacy policy, we would like to provide you with an overview of Klarna’s data processing.

Klarna Checkout is a payment system for orders placed in an online store. The user selects the payment method, and Klarna Checkout handles the entire payment process. Once a user has made a payment through the Checkout system and provided the necessary information, future online purchases can be completed even faster and more easily. The Klarna system then recognizes the existing customer as soon as the email address and ZIP code are entered.

Why do we use Klarna Checkout on our website?

Our goal with our website and integrated online store is to provide you with the best possible service. In addition to the overall website experience and our product offerings, this includes ensuring a smooth, fast, and secure payment process for your orders. To ensure this, we use the Klarna Checkout payment system.

What data does Klarna Checkout store?

As soon as you choose the Klarna payment service and pay via the Klarna Checkout payment method, you also provide personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our website address, date and time, language settings, time zone settings, and IP address are collected from you and transmitted to Klarna’s servers, where they are stored. This data is stored even if you have not yet completed an order.

When you order a product or service through our store, you must enter your personal information in the designated fields. This information is processed by Klarna for payment processing. In particular, Klarna may store and process the following personal data (as well as general product information) for the purpose of credit and identity verification:

• Contact information: name, date of birth, national ID number, title, billing and shipping addresses, email address, phone number, nationality, or salary.
• Payment information, such as credit card details or your account number
• Product information such as tracking number, item type, and product price

In addition, there is also data that can be collected on an optional basis, provided you consciously choose to do so. This includes, for example, political, religious, or philosophical beliefs, as well as various health-related data.

In addition to the data mentioned above, Klarna may also collect data—either directly or through third parties (such as us or public databases)—regarding the goods or services you purchase or order. This may include, for example, the tracking number or the type of item ordered, as well as information about your creditworthiness, income, or credit history. Klarna may also share your personal data with service providers such as software providers, data storage providers, or us as a merchant.

When data is automatically entered into a form, cookies are always involved. If you do not wish to use this feature, you can disable these cookies at any time. Further down in this text, you will find instructions on how to delete, disable, or manage cookies in your browser. Our tests have shown that Klarna does not set any cookies directly. If you select the “Klarna Sofort” payment method and click “Order,” you will be redirected to the Sofort website. After successful payment, you will be taken to our thank-you page. There, sofort.com sets the following cookie:

Name: SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7113107545-4
Purpose:This cookie stores your session ID.
Expiration date:When the browser session ends

How long and where will the data be stored?

Klarna strives to store your data only within the EU or the European Economic Area (EEA). However, data may occasionally be transferred outside the EU/EEA. If this occurs, Klarna ensures that data protection complies with the GDPR and that the third country is covered by an adequacy decision issued by the European Union. Data is always stored for as long as Klarna needs it for the purpose of processing.

How can I delete my data or prevent it from being stored?

You may withdraw your consent for Klarna to process your personal data at any time. You also have the right to access, correct, and delete your personal data at any time. To do so, simply contact the company or its data protection team by email atdatenschutz@klarna.de. You can also contact Klarna directly viathe “My Data Protection Request” sectionon the Klarna website.

You can delete, disable, or manage the cookies that Klarna may use for its features in your browser. The process varies depending on which browser you use. Under the “Cookies” section, you’ll find links to the relevant instructions for the most popular browsers.

Legal basis

In addition totraditional banks and credit institutions, we also offer the payment service provider Klarna Checkout for the purpose of managing contractual and legal relationships(Art. 6(1)(b) GDPR).

We hope we have provided you with a clear overview of how Klarna processes your data. If you would like to learn more about how your data is handled, we recommend that you review Klarna’s Privacy Policy athttps://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.

PayPal Privacy Policy

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. In Europe, the company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and, with over 325 million active customers, is now one of the best-known and largest online payment service providers in the world.

Why do we use PayPal on our website?

There are several reasons why we use PayPal and offer it on our website. Since PayPal is one of the most well-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data as effectively as possible. We also appreciate PayPal’s ease of use and the ability to make international payments in various currencies. Transactions are typically processed very quickly, which is another advantage for both us and you as a customer.

What data does PayPal process?

In its Privacy Policy, PayPal distinguishes between various categories of personal data that may be processed through the use of the service. These include registration and contact information, identification and signature data, payment information, information about imported contacts, data from your account profile, device data such as your IP address, location data, and so-called derived data. This refers to information that can be derived from transactions or other data. This may include purchasing habits, behavioral patterns, creditworthiness, or personal preferences.

There is also personal data collected by third parties (such as identity verification providers, fraud detection providers, or your bank). This data includes information from credit bureaus, transaction data, information regarding legal requirements, technical usage data, location data, and derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize you as a user, personalize content, and conduct analytics for interest-based advertising.

How long and where will the data be stored?

In general, PayPal retains data for as long as necessary to fulfill its obligations and for the purposes for which it was collected. Personal data necessary for the customer relationship is retained for up to 10 years after the relationship ends. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g., insolvency law). PayPal also stores personal data for as long as necessary if retention is advisable in light of potential legal disputes.

Since PayPal is a global company, it operates data centers around the world where your data may be stored. This means that your data may be stored on PayPal servers outside your country and outside the scope of the GDPR.

How can I delete my data or prevent it from being stored?

You have the right at any time to access, correct, or delete your personal data, or to restrict its processing. You may also withdraw your consent to the processing of your data at any time.

If you wish to disable, delete, or manage cookies, you will find links to the relevant instructions for the most popular browsers in the “Cookies” section.

Legal basis

We have a legitimate interest in integrating PayPal as an external payment service to make our offering more attractive and to improve it both technically and economically.  The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. In this case, it may be necessary to provide additional data protection and contractual declarations (e.g., consent).

PayPal processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

PayPal uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to those countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, PayPal commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed when using PayPal, please refer to the Privacy Policy athttps://www.paypal.com/webapps/mpp/ua/privacy-full.

Visa Privacy Policy

We use Visa, a global payment provider, on our website. The service provider is the U.S.-based company Visa Inc. For the European region, the company Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom) is responsible.

Visa processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

Visa uses so-called Standard Contractual Clauses (SCCs) (Article 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, Visa commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about Visa’s standard contractual clauses, visithttps://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information about the data processed when using Visa, please see the Privacy Policy athttps://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Web Design Introduction

What is web design?

We use various tools on our website to support our web design. Contrary to popular belief, web design isn’t just about making our website look nice; it’s also about functionality and performance. But of course, creating the right visual appeal for a website is also one of the main goals of professional web design. Web design is a subset of media design and deals with both the visual and the structural and functional aspects of a website. The goal is to use web design to enhance your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience encompasses all the impressions and experiences a website visitor has while on a website. A subcategory of user experience is usability. This refers to the user-friendliness of a website. The primary focus here is on ensuring that content, subpages, or products are clearly structured so that you can find what you’re looking for quickly and easily. To provide you with the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category “Web Design” therefore includes all services that enhance the design of our website. These may include, for example, fonts, various plugins, or other integrated web design features.

Why do we use web design tools?

How you take in information on a website depends heavily on the site’s structure, functionality, and visual appeal. That is why high-quality, professional web design has become increasingly important to us. We are constantly working to improve our website and view this as an added service for you, our visitors. Furthermore, a beautiful and functional website also offers economic benefits for us. After all, you will only visit us and take advantage of our offerings if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. Exactly what data is involved depends, of course, largely on the tools used. Below, you can see exactly which tools we use for our website. For more detailed information about data processing, we also recommend that you read the respective privacy policy of the tools used. There, you will usually find out what data is processed, whether cookies are used, and how long the data is retained. For example, fonts such as Google Fonts automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers.

Duration of data processing

How long data is processed varies greatly and depends on the web design elements used. For example, when cookies are used, the retention period can range from just one minute to several years. Please educate yourself on this matter. We recommend consulting both our general section on cookies and the privacy policies of the tools used. There you will generally find out exactly which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve a website’s loading time. In principle, data is only retained for as long as necessary to provide the service. Data may also be stored for longer periods if required by law.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. You can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser. However, some data within web design elements (most commonly fonts) cannot be deleted quite so easily. This is the case when data is automatically collected directly upon page view and transmitted to a third-party provider (such as Google). In such cases, please contact the support team of the respective provider. In the case of Google, you can reach support athttps://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when data is collected by web design tools. We also have a legitimate interest in improving the web design of our website. After all, this is the only way we can provide you with an attractive and professional website. The corresponding legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). However, we only use web design tools to the extent that you have given your consent. We would like to emphasize this point once again here.

Information about specific web design tools—if available—can be found in the following sections.

Font Awesome Privacy Policy

What is Font Awesome?

We use Font Awesome on our website, which is provided by the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). When you visit one of our web pages, the Font Awesome web font (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This ensures that text, fonts, and icons are displayed correctly on every device. In this privacy policy, we provide further details regarding data storage and processing by this service.

Icons are playing an increasingly important role on websites. Font Awesome is a web font designed specifically for web designers and developers. With Font Awesome, icons can be scaled and colored as desired using the CSS stylesheet language. They thus replace old image icons. Font Awesome CDN is the easiest way to load the icons or fonts onto your website. To do this, we only had to embed a small line of code into our website.

Why do we use Font Awesome on our website?

Font Awesome helps us present content on our website more effectively. This makes it easier for you to navigate our site and understand the content. In some cases, the icons can even replace entire words, saving space. This is especially useful when we optimize content specifically for smartphones.  These icons are inserted as HTML code rather than as images. This allows us to style the icons exactly as we want using CSS. At the same time, Font Awesome also improves our loading speed because they are HTML elements rather than icon images. All these benefits help us make the website even clearer, fresher, and faster for you.

What data does Font Awesome store?

The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers distributed worldwide that enable files to be loaded quickly from nearby locations. This means that as soon as you visit one of our pages, the corresponding Font Awesome icons are delivered.

In order for the web fonts to load, your browser must connect to the servers of Fonticons, Inc. During this process, your IP address is detected. Font Awesome also collects data on which icon files are downloaded and when. Additionally, technical data such as your browser version, screen resolution, and the time the page was accessed are transmitted.

This data is collected and stored for the following reasons:

• to optimize content delivery networks
• to identify and resolve technical issues
• to protect CDNs from abuse and attacks
• in order to be able to charge fees to Font Awesome Pro customers
• to find out how popular icons are
• to find out what computer and software you are using

If your browser does not support web fonts, your computer’s default font will be used automatically. To the best of our knowledge, no cookies are set. We are in contact with Font Awesome’s privacy department and will let you know as soon as we have more information.

How long and where will the data be stored?

Font Awesome stores data regarding the use of its Content Delivery Network on servers located in the United States of America. However, the CDN servers are located worldwide and store user data based on the user’s location. The data is generally stored in an identifiable form for only a few weeks. Aggregated statistics regarding the use of the CDNs may be stored for a longer period. This data does not contain any personal information.

How can I delete my data or prevent it from being stored?

To the best of our knowledge, Font Awesome does not store any personal data via content delivery networks. If you do not want data about the icons you use to be stored, you will unfortunately not be able to visit our website. If your browser does not support web fonts, no data will be transmitted or stored. In this case, your computer’s default font will simply be used.

Legal basis

If you have consented to the use of Font Awesome, the legal basis for the corresponding data processing is this consent. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by Font Awesome.

We also have a legitimate interest in using Font Awesome to optimize our online services. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Font Awesome if you have given your consent.

Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. Data processing is primarily carried out by Font Awesome. This may result in data being processed and stored without being anonymized. Furthermore, U.S. government authorities may access certain data. It is also possible that this data may be linked to data from other Font Awesome services where you have a user account.

If you would like to learn more about Font Awesome and how it handles data, we recommend reviewing the privacy policy athttps://fontawesome.com/privacyand the help page athttps://fontawesome.com/support.

Google Fonts Privacy Policy

What are Google Fonts?

We use Google Fonts on our website. These are the “Google fonts” provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

You do not need to sign in or provide a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google tracks the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We’ll take a closer look at exactly how this data is stored.

Google Fonts (formerly Google Web Fonts) is a collection of over 800 fonts thatGooglemakes available to its users for free.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our website without having to upload them to our own server. Google Fonts is a key component in maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data and is a major advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Differences in rendering systems across various browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes cause text or entire web pages to appear distorted. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data does Google store?

When you visit our website, the fonts are loaded via a Google server. This external request transmits data to Google’s servers. This allows Google to recognize that you—or rather, your IP address—are visiting our website. The Google Fonts API was developed to limit the use, storage, and collection of end-user data to what is necessary for the proper delivery of fonts. By the way, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts securely stores CSS and font requests on Google, ensuring they are protected. By analyzing the collected usage data, Google can determine how well individual fonts are performing. Google publishes the results on internal analytics pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Business owners and developers use the Google web service BigQuery to analyze and process large amounts of data.

However, it is important to note that every Google Font request automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers. It is not clear whether this data is also stored, nor does Google provide clear information on this matter.

How long and where will the data be stored?

Google stores requests for CSS assets on its servers—which are primarily located outside the EU—for one day. This allows us to use the fonts via a Google stylesheet. A stylesheet is a template that makes it easy and quick to change, for example, the design or font of a website.

Google stores font files for one year. Google’s goal is to improve website loading times across the board. When millions of websites reference the same fonts, they are cached after the first visit and appear immediately on all other websites visited later. Google sometimes updates font files to reduce file size, expand language coverage, and improve design.

How can I delete my data or prevent it from being stored?

Data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when you visit the page. To have this data deleted early, you must contact Google Support athttps://support.google.com/?hl=de&tid=113107545. In this case, you can only prevent data storage by not visiting our site.

Unlike other web fonts, Google gives us unrestricted access to all fonts. This means we can access an unlimited selection of fonts and thus get the most out of our website. You can find more information about Google Fonts and other questions athttps://developers.google.com/fonts/faq?tid=113107545. While Google addresses privacy-related issues there, the site does not contain truly detailed information about data storage. It is relatively difficult to obtain truly precise information from Google regarding stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimize our online services. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Google Fonts if you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data from EU citizens to the United States. For more information, please visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found athttps://business.safety.google/intl/de/adsprocessorterms/.

You can also read about what data Google generally collects and how it is used athttps://www.google.com/intl/de/policies/privacy/.

Google Fonts Local Privacy Policy

On our website, we use Google Fonts provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e., on our web server—not on Google’s servers. As a result, there is no connection to Google’s servers and, therefore, no data transmission or storage.

What are Google Fonts?

Google Fonts used to be known as Google Web Fonts. It is an interactive directory containing over 800 fonts thatGoogleprovides free of charge. With Google Fonts, you can use fonts without uploading them to your own server. However, to prevent any data from being transmitted to Google’s servers, we have downloaded the fonts to our server. In this way, we comply with data protection regulations and do not forward any data to Google Fonts.

Online Map Services: Introduction

What are online map services?

As an added service, we also use online map services on our website. Google Maps is likely the service you are most familiar with, but there are other providers that specialize in creating digital maps. These services allow us to display locations, route maps, or other geographic information directly on our website. Thanks to an integrated map service, you no longer need to leave our website to view, for example, the route to a location. To ensure the online map works on our website, map sections are embedded using HTML code. These services can then display road maps, the Earth’s surface, or aerial and satellite images. When you use the integrated map service, data is also transmitted to and stored in the tool being used. This data may include personal information.

Why do we use online map services on our website?

Generally speaking, our goal is to ensure you have a pleasant experience on our website. And, of course, your experience will only be pleasant if you can easily navigate our website and find all the information you need quickly and easily. That’s why we thought an online map system could significantly improve our website service. Without leaving our website, you can easily view route descriptions, locations, or even points of interest using the map system. It’s also super convenient that you can see at a glance where our headquarters are located, so you can find us quickly and easily. As you can see, there are simply many advantages, and we clearly view online map services on our website as part of our customer service.

What data do online map services store?

When you open a page on our website that includes an online map feature, personal data may be transmitted to the respective service and stored there. In most cases, this involves your IP address, which can also be used to determine your approximate location. In addition to your IP address, data such as search terms you’ve entered, as well as latitude and longitude coordinates, are also stored. For example, if you enter an address for route planning, this data is also stored. The data is not stored by us, but on the servers of the integrated tools. You can think of it like this: Although you are on our website, when you interact with a map service, this interaction actually takes place on their website. To ensure the service functions properly, at least one cookie is typically set in your browser. Google Maps, for example, also uses cookies to track user behavior in order to optimize its own service and display personalized ads. You can learn more about cookies in our “Cookies” section.

How long and where will the data be stored?

Each online map service processes different types of user data. If we have additional information, we will provide details on the duration of data processing below in the relevant sections for each tool. As a general rule, personal data is only retained for as long as necessary to provide the service. Google Maps, for example, stores certain data for a specified period, while other data must be deleted by you. With Mapbox, for instance, the IP address is retained for 30 days and then deleted. As you can see, each tool stores data for different lengths of time. We therefore recommend that you carefully review the privacy policies of the tools used.

Providers also use cookies to store data about your usage of the map service. You can find more general information about cookies in our “Cookies” section, but you can also check the privacy policies of individual providers to see which cookies may be used. In most cases, however, these are merely illustrative lists and are not exhaustive.

Right to object

You always have the option and the right to access your personal data and to object to its use and processing. You may also withdraw the consent you have given us at any time. The easiest way to do this is usually via the cookie consent tool. However, there are also other opt-out tools you can use. You can also manage, delete, or disable cookies set by the providers we use with just a few clicks. However, this may result in some features of the service no longer functioning as usual. How you manage cookies in your browser depends on the browser you are using. In the “Cookies” section, you will also find links to instructions for the most popular browsers.

Legal basis

If you have consented to the use of an online map service, this consent serves as the legal basis for the corresponding data processing. Pursuant to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when data is collected by an online map service.

We also have a legitimate interest in using an online map service to optimize the functionality of our website. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use an online map service if you have given your consent. We want to make this point absolutely clear here.

Information about specific online map services is provided in the following sections, where available.

Google Maps Privacy Policy

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Maps allows us to better display locations and thus tailor our service to your needs. When you use Google Maps, data is transmitted to Google and stored on Google’s servers. Here, we’d like to explain in more detail what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an online mapping service provided by Google. With Google Maps, you can search online via a computer, tablet, or app for the exact locations of cities, landmarks, accommodations, or businesses. If a business is listed on Google My Business, additional information about the company is displayed alongside its location. To show directions, map sections of a location can be embedded into a website using HTML code. Google Maps displays the Earth’s surface as a street map or as an aerial or satellite image. Thanks to Street View images and high-quality satellite imagery, highly accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page are aimed at ensuring you have a useful and meaningful experience on our website. By integrating Google Maps, we can provide you with key information about our various locations. You can see at a glance where our headquarters are located. The directions always show you the best or fastest way to get here. You can view directions for routes by car, public transportation, on foot, or by bike. For us, providing Google Maps is part of our customer service.

What data does Google Maps store?

In order for Google Maps to provide its full service, the company must collect and store data from you. This includes, among other things, the search terms you enter, your IP address, and your latitude and longitude coordinates. If you use the route planner feature, the starting address you enter is also stored. However, this data is stored on Google Maps’ websites. We can only inform you about this; we have no control over it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide you with individualized, personalized advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name:NID
Value:188=h26c1Ktha7fCQTx8rXgLyATyITJ113107545-5
Purpose:NID is used by Google to tailor ads to your Google searches. With the help of this cookie, Google “remembers” your most frequently entered search queries or your previous interactions with ads. This ensures you always receive personalized ads. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration date:after 6 months

Note:We cannot guarantee that the information regarding the stored data is complete. Changes can never be ruled out, particularly when cookies are used. To identify the NID cookie, a separate test page was created that embedded only Google Maps.

How long and where will the data be stored?

Google's servers are located in data centers around the world. However, most of them are in the United States. For this reason, your data is increasingly stored in the U.S. You can find out exactly where Google's data centers are located here:https://datacenters.google/

Google distributes the data across various storage devices. This makes the data more accessible and better protects it from any attempts at tampering. Each data center also has special contingency plans. For example, if there are problems with Google’s hardware or a natural disaster takes the servers offline, the data is still quite likely to remain protected.

Google stores some data for a specified period of time. For other data, Google only offers the option to delete it manually. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months, respectively.

How can I delete my data or prevent it from being stored?

With the automatic deletion feature for location and activity data introduced in 2019, information about your location and web/app activity is stored for either 3 or 18 months—depending on your choice—and then deleted. You can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent location tracking, you must pause the “Web & App Activity” section in your Google Account. Click “Data & personalization” and then select the “Activity settings” option. Here, you can turn the activity on or off.

You can also disable, delete, or manage individual cookies in your browser. The process varies slightly depending on which browser you use. Under the “Cookies” section, you’ll find links to the instructions for the most popular browsers.

If you do not want to accept cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide whether to accept each individual cookie or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during collection by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online services. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use Google Maps if you have given your consent.

Google processes your data in the United States, among other places. Google is an active participant in the EU-U.S. Data Privacy Framework, which governs the proper and secure transfer of personal data from EU citizens to the United States. For more information, please visithttps://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here:https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found athttps://business.safety.google/intl/de/adsprocessorterms/.

If you would like to learn more about how Google processes data, we recommend reviewing the company’s privacy policy athttps://policies.google.com/privacy?hl=de.

OpenStreetMap Privacy Policy

What is OpenStreetMap?

We have integrated map sections from the online mapping tool “OpenStreetMap” into our website. This is a so-called open-source mapping service that we access via an API (application programming interface). This feature is provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. When you use this map feature, your IP address is transmitted to OpenStreetMap. In this privacy policy, you will learn why we use features of the OpenStreetMap tool, where specific data is stored, and how you can prevent this data storage.

The OpenStreetMap project was launched in 2004. The goal of the project has always been to create a free world map. Users around the world collect data on buildings, forests, rivers, and roads. Over the years, this has resulted in a comprehensive, user-generated digital world map. Of course, the map is not complete, but it contains a wealth of data for most regions.

Why do we use OpenStreetMap on our website?

Our website is designed first and foremost to be helpful to you. And in our view, it succeeds in doing so whenever you can find information quickly and easily. Of course, this applies to our services and products, but we also want to provide you with other useful information. That’s why we use the OpenStreetMap mapping service. This allows us, for example, to show you exactly how to find our office. The map shows you the best route to us, making your trip a breeze.

What data does OpenStreetMap store?

When you visit one of our websites that uses OpenStreetMap, user data is transmitted to the service and stored there. OpenStreetMap collects information such as your interactions with the digital map, your IP address, data about your browser, device type, operating system, and the date and time you used the service. Tracking software is also used to record user interactions. The company specifies the analytics tool “Piwik” in its own privacy policy.

The collected data is subsequently made available to the relevant working groups of the OpenStreetMap Foundation. According to the company, personal data is not shared with other individuals or companies unless required by law. The third-party provider Piwik does store your IP address, but in a truncated form.

The following cookie may be set in your browser when you interact with OpenStreetMap on our website:

Name:_osm_location
Value:9.63312°C52.41500°C17°CM
Purpose:This cookie is required to unlock OpenStreetMap content.
Expiration date:after 10 years

If you want to view the map in full-screen mode, you will be redirected to the OpenStreetMap website. There, the following cookies, among others, may be stored in your browser:

Name:_osm_totp_token
Value:148253113107545-2
Purpose:This cookie is used to ensure the map section functions properly.
Expiration date:after one hour

Name:_osm_session
Value:1d9bfa122e0259d5f6db4cb8ef653a1c
Purpose:This cookie is used to store session information (i.e., user behavior).
Expiration date:at the end of the session

Name:_pk_id.1.cf09
Value:4a5.1593684142.2.1593688396.1593688396113107545-9
Purpose:This cookie is set by Piwik to store and measure user data, such as click behavior.
Expiration date:after one year

How long and where will the data be stored?

The API servers, databases, and support service servers are currently located in the United Kingdom (Great Britain and Northern Ireland) and the Netherlands. Your IP address and user information, which are stored in anonymized form by the web analytics tool Piwik, are deleted after 180 days.

How can I delete my data or prevent it from being stored?

You have the right to access your personal data at any time and to object to its use and processing. You can manage, delete, or disable cookies that may be set by OpenStreetMap in your browser at any time. However, this will prevent the service from functioning to its full extent. The process for managing, deleting, or disabling cookies varies slightly from browser to browser. Under the “Cookies” section, you will find links to the relevant instructions for the most popular browsers.

Legal basis

If you have consented to the use of OpenStreetMap, this consent serves as the legal basis for the corresponding data processing. Pursuantto Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by OpenStreetMap.

We also have a legitimate interest in using OpenStreetMap to optimize our online services. The legal basis for this isArticle 6(1)(f) of the GDPR (legitimate interests). However, we only use OpenStreetMap if you have given your consent.

If you would like to learn more about how OpenStreetMap processes data, we recommend reviewing the company’s privacy policy athttps://wiki.osmfoundation.org/wiki/Privacy_Policy.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as “personal data”) or specific technical terms (such as “cookies” or “IP address”). However, we do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used that we may not have addressed sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the relevant GDPR text here and, where necessary, add our own explanations.

Data processor

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Processor” meansa natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation:As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors may therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Consent”of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation:On websites, this consent is typicallyobtained through a cookie consent tool. You’re probably familiar with this. Whenever you visit a website for the first time, you’re usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust individual settings and thus decide for yourself which data processing you allow and which you don’t. If you do not consent, no personal data about you may be processed. Of course, consent can also be given in writing, i.e., not via a tool.

Personal data

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“personal data” any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation:Personal data is any information that can be used to identify you as an individual. This typically includes information such as:

• Name
• Address
• Email address
• Mailing address
• phone number
• Date of Birth
• Identification numbers such as Social Security number, tax identification number, ID card number, or student ID number
• Banking information such as account numbers, credit information, account balances, and much more.

According to the European Court of Justice (ECJ), yourIP address is alsoconsidered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called“special categories”of personal data that require special protection. These include:

• racial and ethnic background
• political views
• religious or ideological beliefs
• union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• Information about sexual orientation or sex life

Profiling

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Profiling” meansany form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation:Profiling involves gathering various pieces of information about a person in order to learn more about them. On the web, profiling is often used for advertising purposes or for credit checks. For example, web analytics and advertising analytics programs collect data about your behavior and interests on a website. This results in a specific user profile that can be used to deliver targeted advertising to a specific audience.

Person in charge

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Controller” meansthe natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation:In our case, we are responsible for processing your personal data and are therefore the “data controller.” If we share collected data with other service providers for processing, they are “data processors.” A “Data Processing Agreement (DPA)” must be signed for this purpose.

Processing

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Processing” any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or any other form of making available, the alignment or combination, the restriction, erasure, or destruction;

Note: Whenwe refer to "processing" in our Privacy Policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source:Privacy Policycreated using the Privacy Policy Generator for Austria by AdSimple