privacy policy

Preamble

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. This data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Stand: 08. November 2025

table of contents

Preamble
responsible person
Overview of processing
Relevant legal bases
security measures
transmission of personal data
International data transfers
General information on data storage and deletion
rights of the data subjects
Business Services
business processes and procedures
Use of online platforms for offer and sales purposes
Providers and services used in the course of business activities
payment methods
provision of the online offer and web hosting
use of cookies
Blogs and publication media
contact and inquiry management
communication via messenger
chatbots and chat functions
push notifications
Artificial Intelligence (AI)
video conferences, online meetings, webinars and screen sharing
Audio content
Cloud Services
newsletters and electronic notifications
web analysis, monitoring and optimization
online marketing
affiliate programs and affiliate links
customer reviews and rating processes
Presence in social networks (Social Media)
Plug-ins and embedded functions and content

responsible person

Rolf Messmer / M*I*S*T – Meßmer Innovation Services & Technology GmbH

Huettenstrasse 205

50170 Kerpen, Germany

Authorized representatives: Rolf Messmer (Managing Director)

E-Mail-Address: info@mist.com

Imprint: https://m-i-s-t.com/de/inprint

Overview of processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the persons concerned.

types of data processed

inventory data.
employee data.
payment details.
location data.
contact details.
content data.
contract data.
usage data.
Meta-, communication- and procedural data.
Image and/or video recordings.
sound recordings.
log data.

purposes of processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
security measures.
direct marketing.
reach measurement.
Tracking.
office and organizational procedures.
Remarketing.
Conversion measurement.
Click tracking.
target group formation.
affiliate tracking
organizational and administrative procedures.
Content Delivery Network (CDN).
Feedback.
Marketing.
Profiles with user-related information.
Cross-Device Tracking.
Provision of our online offering and user-friendliness.
Information technology infrastructure.
public relations.
sales promotion.
business processes and business management procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Article 6, Paragraph 1, Sentence 1, Letter a) of GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Article 6 (1) sentence 1 lit. c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR) - processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject which require protection of personal data do not prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. In addition, state data protection laws of the individual federal states may apply.

Relevant legal bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Data Protection Act (in short "Swiss DSG"). Unlike the GDPR, for example, the Swiss DSG does not generally stipulate that a legal basis for the processing of personal data must be stated and that the processing of personal data is carried out in good faith, is lawful and proportionate (Art. 6 para. 1 and 2 of the Swiss DSG). In addition, we only collect personal data for a specific purpose that is recognizable to the data subject and only process it in a way that is compatible with this purpose (Art. 6 para. 3 of the Swiss DSG).

Reference to the validity of GDPR and Swiss DSG: This data protection notice serves to provide information in accordance with both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to the broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "personal data requiring particular protection" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the validity of the Swiss DSG.

security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability and separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

transmission of personal data

As part of our processing of personal data, it may happen that these are transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the group of companies: Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to it. This data transfer is based on our legitimate business and commercial interests. For example, we understand this to mean improving business processes, ensuring efficient and effective internal communication, making optimal use of our human and technological resources and the ability to make informed business decisions. In certain cases, the data transfer may also be necessary to fulfil our contractual obligations or it may be based on the consent of the data subject or legal permission.

Data transfer within the organization: We may transfer personal data to other departments or units within our organization or grant them access to it. If the data is transferred for administrative purposes, it is based on our legitimate business and commercial interests or if it is necessary to fulfill our contractual obligations or if there is consent from the data subject or legal permission.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies (which can be identified by the postal address of the respective provider or if the data transfer to third countries is expressly referred to in the data protection declaration), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission dated July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: The DPF forms the primary layer of protection, while the standard contractual clauses serve as an additional safeguard. Should changes occur within the framework of the DPF, the standard contractual clauses act as a reliable fallback option. This ensures that your data always remains adequately protected, even in the event of any political or legal changes.

For each service provider, we will inform you whether they are certified under the Data Privacy Framework and whether they have standard contractual clauses in place. Further information on the Data Privacy Framework and a list of certified companies can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/.

Appropriate security measures apply to data transfers to other third countries, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the EU Commission's information offering: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act, we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 Swiss Data Protection Act). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection rules approved in advance by the FDPIC or a competent data protection authority in another country. According to Art. 16 of the Swiss DSG, exceptions to the disclosure of data abroad may be permitted if certain conditions are met, including consent of the data subject, contract execution, public interest, protection of life or physical integrity, data made public or data from a legally provided register. These disclosures are always made in accordance with the legal requirements. As part of the so-called "Data Privacy Framework" (DPF), the Swiss has recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of June 7, 2024. The list of certified companies and further information on the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). In the privacy policy, we inform you about which service providers we use are certified under the Data Privacy Framework. https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by a Swiss adequacy decision dated June 7, 2024. In addition, we have concluded standard data protection clauses with the respective providers, which have been approved by the Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations to protect your data.

This dual protection ensures comprehensive protection of your data: The DPF forms the primary layer of protection, while the standard data protection clauses serve as an additional safeguard. Should changes occur within the framework of the DPF, the standard data protection clauses act as a reliable fallback option. This ensures that your data always remains adequately protected, even in the event of any political or legal changes.

For each service provider, we will inform you whether they are certified under the Data Privacy Framework and whether they have standard data protection clauses in place. The list of certified companies and further information on the Data Privacy Framework can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/.

For data transfers to other third countries, appropriate safeguards apply, including international treaties, specific guarantees, standard data protection clauses approved by the FDPIC or internal company data protection rules approved in advance by the FDPIC or a competent data protection authority in another country.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original processing purpose no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require the data to be stored or archived for a longer period.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there are several specifications regarding the retention period or deletion period for a date, the longest period always applies.

If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the time at which the termination or other termination of the legal relationship takes effect.

We process data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons, only for the reasons that justify its storage.

Further information on processing procedures, methods and services:

Storage and deletion of data: The following general time limits apply to storage and archiving under German law:
10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents, accounting documents and invoices required for their understanding (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 1, 4 and 4a AO, Section 14b Paragraph 1 UStG, Section 257 Paragraph 1 Nos. 1 and 4, Paragraph 4 HGB).
8 years - accounting documents, such as invoices and cost receipts (Section 147 Paragraph 1 No. 4 and 4a in conjunction with Paragraph 3 Sentence 1 AO and Section 257 Paragraph 1 No. 4 in conjunction with Paragraph 4 HGB).
6 years - Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents, insofar as they are relevant for taxation, e.g. hourly wage slips, operating statements, calculation documents, price labels, but also payroll documents, insofar as they are not already accounting documents and cash register slips (§ 147 Abs. 3 i. V. m. Abs. 1 Nr. 2, 3, 5 i.V.m. Abs. 3 AO, § 257 Abs. 1 Nr. 2 u. 3, i.V.m. Abs. 4 HGB).
3 years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights as well as to process related inquiries based on previous business experience and standard industry practices will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Storage and deletion of data: The following general time limits apply to storage and archiving under Swiss law:

10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as to process related requests, based on previous business experience and standard industry practices, are stored for the statutory limitation period of ten years, unless a shorter period of five years applies, which is applicable in specific cases (Art. 127, 130 OR). After five years, claims for rent, lease and capital interest as well as other periodic payments, from the delivery of food, for catering and for innkeeper's debts, as well as from craft work, retail sales of goods, medical care, professional work by lawyers, legal agents, procurators and notaries and from the employment relationship of employees expire (Art. 128 OR).

rights of the data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
Right of revocation for consents: You have the right to revoke your consent at any time.
Right to information: You have the right to request confirmation as to whether or not data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
Right to rectification: In accordance with the statutory provisions, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to request that data concerning you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the statutory provisions.
Right to data portability: You have the right to receive the data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another controller.
Complaint to the supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you are habitually resident, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Rights of the data subjects under the Swiss DSG:

As a data subject, you have the following rights in accordance with the provisions of the Swiss Data Protection Act:

Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to exercise your rights under this law and to ensure transparent data processing.
Right to data disclosure or transfer: You have the right to request that we provide you with the personal data you have provided to us in a common electronic format.
Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
Right to object, deletion and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed.

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and associated measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and company organization. In addition, we process the data on the basis of our legitimate interests in both proper and economical business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners are informed about other forms of processing, for example for marketing purposes, in this data protection declaration.

We inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and similar obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. for as long as it must be kept for legal archiving reasons (e.g. for tax purposes, usually ten years). We delete data that was disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Service recipients and clients; interested parties. Business and contractual partners.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures.Business processes and business management procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase or order the selected products, goods and associated services, as well as to pay for and deliver or execute them. If necessary to execute an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the order or comparable purchase process and includes the information required for delivery, provision and billing, as well as contact information in order to be able to hold any consultations; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).
Coaching: We process the data of our clients as well as interested parties and other clients or contractual partners (collectively referred to as "clients") in order to be able to provide our services to them. The procedures carried out as part of and for the purposes of coaching include: contacting and communicating with clients, needs analysis to determine suitable coaching measures, planning and conducting coaching sessions, documenting coaching progress, collecting and managing client-specific information and data, scheduling and organizing appointments, providing coaching materials and resources, billing and payment management, follow-up and follow-up to coaching sessions, quality assurance and feedback processes.
The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship.
If it is necessary for our contract performance, to protect vital interests or legally, or if the client has given their consent, we will disclose or transmit client data to third parties or agents, such as authorities, accounting offices, and in the area of IT, office or similar services, in compliance with professional regulations; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).
Consulting: We process the data of our clients, interested parties and other clients or contractual partners (collectively referred to as "clients") in order to be able to provide our services to them. The procedures that are part of and for the purposes of consulting include: contacting and communicating with clients, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, collecting and managing client-specific information and data, scheduling and organizing appointments, providing consulting resources and materials, billing and payment management, post-processing and follow-up of consulting projects, quality assurance and feedback processes. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and client relationship.
If it is necessary for our contract performance, to protect vital interests or legally, or if the client has given their consent, we will disclose or transmit client data to third parties or agents, such as authorities, subcontractors or in the area of IT, office or similar services, in compliance with professional regulations; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).
Marketing and advertising: We process the data of our customers and clients (hereinafter referred to as "customers") in order to offer marketing services such as market research, advertising campaigns, content creation and social media management. The required information is marked as such when the order is placed and includes the information required to provide the service and billing as well as contact information in order to be able to hold any consultations. To the extent that we receive access to information from end customers, employees or other persons, we process this in accordance with the legal and contractual requirements.
Procedures required as part of marketing and advertising measures include creating marketing strategies and campaigns, designing advertising materials and content, selecting advertising channels and platforms, conducting market analyses and target group surveys, and measuring the success and analysis of marketing measures. In addition, they include managing and maintaining customer and prospect data, segmenting target groups, sending newsletters and promotional emails, tracking online marketing activities and working with external service providers in the field of marketing and advertising.
These procedures are used to develop effective marketing strategies for our customers, to tailor advertising measures to target groups, to measure and analyze the success of marketing activities and to ensure efficient management of customer contacts and information; Legal basis: Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR), legal obligation (Article 6 (1) sentence 1 lit. c) GDPR), legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
IT services: We process the data of our customers and clients to enable them to plan, implement and support IT solutions and related services. The required information is marked as such in the context of the order, project or similar contract conclusion and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. If we receive access to information from end customers, employees or other persons, we process this in accordance with the legal and contractual requirements.
The processing processes include project management and documentation, which cover all phases from the initial requirements analysis to the completion of the project. This includes the creation and management of project schedules, budgets and resource allocations. Data processing also supports change management, in which changes in the project process are documented and tracked to ensure compliance and transparency.
Another process is customer relationship management (CRM), which involves recording and analyzing customer interactions and feedback to improve service quality and efficiently address individual customer needs. Additionally, the processing process includes technical support and troubleshooting, which includes recording and processing support requests, troubleshooting, and regular maintenance.
Furthermore, reporting and performance analysis are carried out, whereby key performance indicators are recorded and evaluated in order to evaluate and continuously optimize the effectiveness of the IT solutions provided. All of these processes are geared towards ensuring high levels of customer satisfaction and compliance with all relevant specifications; Legal basis: Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR), legal obligation (Article 6 (1) sentence 1 lit. c) GDPR), legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
Management Consulting: We process the data of our customers, clients, interested parties and other clients or contractual partners (collectively referred to as "customers") in order to be able to provide them with our contractual or pre-contractual services, in particular consulting services. The data processed, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and business relationship.
If it is necessary for our contract performance or is legally required, or if the customer has given their consent, we will disclose or transmit customer data to third parties or agents, such as authorities, courts or in the area of IT, office or similar services, in compliance with professional regulations; Legal basis:Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

business processes and procedures

Personal data of service recipients and clients - including customers, clients or, in special cases, clients, patients or business partners as well as other third parties - are processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting and project management.

The data collected is used to fulfill contractual obligations and to make operational processes efficient. This includes processing business transactions, managing customer relationships, optimizing sales strategies and ensuring internal accounting and financial processes. In addition, the data supports the protection of the rights of the person responsible and promotes administrative tasks and the organization of the company.

Personal data may be passed on to third parties if this is necessary to fulfil the stated purposes or legal obligations. After the statutory retention periods have expired or if the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored for longer due to tax and legal proof obligations.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); contract data (e.g. subject matter of the contract, term, customer category); protocol data (e.g. log files relating to logins or the retrieval of data or access times); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved). Employee data (information about employees and other people in an employment relationship).
Affected persons: Service recipients and clients; interested parties; communication partners; business and contractual partners; third parties; users (e.g. website visitors, users of online services). Customers.
Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; office and organisational procedures; business processes and commercial procedures; communication; marketing; sales promotion; security measures. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.).).
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR).

Further information on processing procedures, methods and services:

Customer management and customer relationship management (CRM): Procedures required within the framework of customer management and customer relationship management (CRM) (e.g. customer acquisition in compliance with data protection requirements, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, administration of CRM systems, secure account management, customer segmentation and target group formation); Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Contact management and contact maintenance: Procedures required to organize, maintain and secure contact information (e.g. setting up and maintaining a central contact database, regularly updating contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and restores of contact data, training employees in the effective use of contact management software, regularly reviewing communication history and adjusting contact strategies); Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Shopping: Procedures required when procuring goods, raw materials or services (e.g. supplier selection and evaluation, price negotiations, order placement and monitoring, verification and control of deliveries, invoice verification, order management, warehouse management, creation and maintenance of purchasing policies); Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Distribution: Procedures required for the planning, implementation and control of measures for the marketing and sale of products or services (e.g. customer acquisition, offer creation and tracking, order processing, customer advice and support, sales promotion, product training, sales controlling and analysis, management of sales channels); Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Marketing, advertising and sales promotion: Procedures required within the framework of marketing, advertising and sales promotion (e.g. market analysis and target group determination, development of marketing strategies, planning and implementation of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
Guest WiFi: Procedures involved in setting up, operating, maintaining and monitoring a wireless network for guests (e.g., installing and configuring wireless access points, creating and managing guest accounts, monitoring network connectivity, ensuring network security, troubleshooting connectivity issues, updating network software, complying with data protection regulations); Legal basis: Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR), legal obligation (Article 6 (1) sentence 1 lit. c) GDPR), legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Use of online platforms for offer and sales purposes

We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the execution of the payment process and the methods used on the platforms for range measurement and interest-based marketing.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Service recipients and clients; business and contractual partners. Interested parties.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; marketing; business processes and commercial procedures; conversion measurement (measurement of the effectiveness of marketing measures). Provision of our online offering and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Further information on processing procedures, methods and services:

Spreadshirt: As a global creative platform for self-designed clothing and accessories, we are the central point of contact for everyone who wants to put their creative ideas on textiles. Everyone can let their inspiration run wild - whether with their own designs or with motifs from our community. T-shirts, sweaters, bags, aprons and much more can be easily designed and personalised with text. Spreadshirt also stands for individual merchandising: from YouTube stars to really big companies and brands, we make everyone happy - especially the happy customer who gets to enjoy our high print quality and our award-winning service. Service provider: sprd.net AG
Gießerstraße 27
04229 Leipzig
Germany; Website: https://www.spreadshirt.de. Privacy Policy: https://www.spreadshirt.de/datenschutz-C3928.
Digistore24: Automating sales and billing processes, providing affiliate marketing tools, managing customer relationships, processing payments; Service provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.digistore24.com/; Privacy Policy:https://www.digistore24.com/de/home/extern/cms/page/frontend/legal/privacy. Basis for third country transfers: Switzerland - adequacy decision (Germany).
Wondrai: Wondr AI is an AI platform that automatically creates print-on-demand products, social media posts and marketplace listings; Service provider: Wondr, LLC
Address: 6110 SW 24th Pl #308, Davie, FL 33314, USA; Website: https://www.wondrai.com. Privacy Policy:https://www.wondrai.com/policies/privacy-policy.

Providers and services used in the course of business activities

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers ("services" for short) in compliance with legal requirements. Their use is based on our interest in the proper, lawful and economical management of our business operations and our internal organization.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation). Contract data (e.g. subject matter of the contract, term, customer category).
Affected persons: Service recipients and clients; interested parties. Business and contractual partners.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures. Business processes and commercial procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

OrgaMax: Cloud-based accounting, ERP, document management and HR platform

With orgaMAX you will find the right solutions for your company;

Service provider: deltra Business Software GmbH & Co. KG

Gildestraße 9

D-32760 Detmold; Website: https://www.orgamax.de.

Privacy Policy: https://www.orgamax.de/datenschutz/.

Make.com: Automation of workflows, integration of different applications, data transfer between platforms, creation of custom processes, synchronization of information across multiple systems; Service provider: Celonis SE, Theresienstr. 6, 80333 Munich, Germany; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR);

Website: https://www.make.com.

Privacy Policy: https://www.make.com/en/privacy-notice.

payment methods

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, use other service providers for this purpose (collectively "payment service providers").

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information confirming or rejecting the payment. The payment service providers may transmit the data to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert revocation, information and other rights of those affected.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Service recipients and clients; business and contractual partners. Interested parties.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and commercial procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).

Further information on processing procedures, methods and services:

PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis:Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

provision of the online offer and web hosting

We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved); protocol data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
Affected persons: Users (e.g. website visitors, users of online services). Business and contractual partners.
Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Content Delivery Network (CDN). Provision of contractual services and fulfillment of contractual obligations.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity, and software that we rent from a corresponding server provider (also called a "web host") or obtain from other sources; legal basis: legitimate interests (Art. 6 (1) (f) GDPR).
Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files can include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
Content-Delivery-Network: We use a "content delivery network" (CDN). A CDN is a service that enables the content of an online offering, particularly large media files such as graphics or program scripts, to be delivered more quickly and securely using regionally distributed servers connected via the Internet. Legal basis:Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).
Amazon Web Services (AWS): Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/; Privacy Policy: https://aws.amazon.com/de/privacy/; Data processing agreement: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for third country transfers:EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Luxembourg).
1&1 IONOS: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy; Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/. Basis for third country transfers: Switzerland - adequacy decision (Germany).
WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://wordpress.com; Privacy Policy: https://automattic.com/de/privacy/; Data processing agreement:https://wordpress.com/support/data-processing-agreements/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
Cloudflare: Content Delivery Network (CDN) - service that enables the faster and more secure delivery of the content of an online offering, particularly large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy/; Data processing agreement: https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third country transfers:EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
gstatic.com: Content Delivery Network (CDN) - service that enables the faster and more secure delivery of the content of an online offering, particularly large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://www.google.de/. Privacy Policy: https://policies.google.com/privacy.
Jetpack Site Accelerator: Content Delivery Network (CDN) - service that enables the faster and more secure delivery of the content of an online offering, particularly large media files such as graphics or program scripts, using regionally distributed servers connected via the Internet;Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://jetpack.com/features/design/content-delivery-network/; Privacy Policy:https://automattic.com/privacy/; Data processing agreement: Provided by the service provider. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).
Britzy: AI Website Builder

Your Business, Your Website – Built In Seconds. No coding. No stress. Just AI magic;

Service provider:ProWebCraft LTD

1-75 Shelton Street Covent Garden

London, WC2H 9JQ

England;

Website: https://www.brizy.io/.

Privacy Policy: https://www.brizy.io/privacy-policy.

use of cookies

The term "cookies" refers to functions that store information on users' end devices and read it from them. Cookies can also be used for various purposes, such as for the purposes of the functionality, security and convenience of online services and the creation of analyses of visitor flows. We use cookies in accordance with legal regulations. To do so, we obtain the user's consent in advance if necessary. If consent is not necessary, we rely on our legitimate interests. This applies if the storage and reading of information is essential in order to be able to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online service. Consent can be revoked at any time. We provide clear information about the scope of this and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests explained above in this section and in the context of the relevant services and procedures.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed his or her device (e.g. browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also object to the processing in accordance with the legal requirements, including by means of the privacy settings of their browser.

Types of data processed: Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved).
Affected persons: Users (e.g. website visitors, users of online services).
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers named in the consent management solution. This procedure is used to obtain, log, manage and revoke consent, in particular with regard to the use of cookies and comparable technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing and providers named in the consent management procedure. Users also have the option of managing and revoking their consent. The consent declarations are stored in order to avoid repeated queries and to be able to provide evidence of consent in accordance with legal requirements. The data is stored on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information is available about the providers of consent management services, the following general information applies: The consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of the consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
Cookiebot: Consent management: procedures for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark; Website: https://www.cookiebot.com/de; Privacy Policy:https://www.cookiebot.com/de/privacy-policy/; Data processing agreement: Provided by the service provider; Further information: Stored data (on the service provider's server): The user's IP number in anonymized form (the last three digits are set to 0), the date and time of consent, browser details, the URL from which the consent was sent, an anonymous, random and encrypted key value, the user's consent status.
Cookie Consent Manager CCM19: Consent management: procedures for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website: https://www.ccm19.de/; Privacy Policy: https://www.ccm19.de/datenschutzerklaerung.html; Basis for third country transfers: Switzerland - adequacy decision (Germany). Further information: A pseudonymous user ID with the consent status is stored.

CookiePal: Cookiepal is a lightweight and lightning-fast consent management

Platform (CMP) designed to make your website fully compliant with GDPR,

Google Consent Mode v2 and other privacy policies without the

operations. Whether you use WordPress, Shopify, Webflow or even

created websites, Cookiepal can be integrated in a few minutes and just works.

Our easy-to-use scanner helps detect tracking technologies on your website, and the consent banner is fully customizable so you can tailor it to your brand style. Cookiepal supports multiple languages, regions, and consent types right out of the box.

Service provider: CookiePal Limited

10 Orange Street

WC2H 7DQ

UK. Company no. 15835702; Website: https://cookiepal.io. Privacy Policy:https://cookiepal.io/privacy-policy.

contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the person making the inquiry will be processed to the extent that this is necessary to answer the contact inquiries and any requested measures.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: communication partner.
Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data sent to us in order to answer and process the respective request. This usually includes details such as name, contact information and, if applicable, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
HubSpot CRM: Managing customer contacts, tracking sales activities, automating marketing campaigns, analyzing sales data, creating and managing email campaigns, integrating with other tools and platforms, managing customer support requests, AI-powered content generation, personalized email creation, predictive sales forecasting, automated workflow descriptions and AI chatbots for customer interaction; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR), legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.hubspot.de; Privacy Policy:https://legal.hubspot.com/de/privacy-policy; Data processing agreement: https://legal.hubspot.com/dpa. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

Blogs and publication media

We use blogs or similar means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers, or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium in this privacy policy.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Feedback (e.g., collecting feedback via online forms); provision of our online offering and user-friendliness; security measures; organizational and administrative procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments or contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves may be held liable for the comment or contribution and are therefore interested in the identity of the author.
Furthermore, we reserve the right to process user information for the purpose of spam detection based on our legitimate interests.
On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies to avoid multiple voting.
The personal information, any contact and website information as well as the content information provided in the comments and contributions will be stored by us permanently until the user objects; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Gravatar profile pictures: Profile pictures - We use the Gravatar service within our online offering and especially in the blog.

Gravatar is a service that allows users to register and upload profile pictures and email addresses. When users post or comment on other online sites (especially blogs) using their email address, their profile pictures may be displayed next to the posts or comments. For this purpose, the email address provided by the user is transmitted in encrypted form to Gravatar to check whether a profile has been saved for that user. This is the sole purpose of transmitting the email address. It will not be used for any other purpose and will be deleted afterward.

The use of Gravatar is based on our legitimate interests, as with the help of Gravatar we offer the authors of posts and comments the opportunity to personalise their posts with a profile picture.

By displaying the images, Gravatar obtains the user's IP address, as this is necessary for communication between a browser and an online service.

If users do not want a user image linked to their Gravatar email address to appear in comments, they should use an email address that is not stored with Gravatar. We also point out that it is also possible to use an anonymous email address or no email address at all if users do not wish their email address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system; Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy; Data processing agreement: Provided by the service provider. Basis for third country transfers:EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).

contact and inquiry management

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: communication partner.
Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms). Provision of our online offering and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

Further information on processing procedures, methods and services:

Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data sent to us in order to answer and process the respective request. This usually includes details such as name, contact information and, if applicable, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
HubSpot CRM: Managing customer contacts, tracking sales activities, automating marketing campaigns, analyzing sales data, creating and managing email campaigns, integrating with other tools and platforms, managing customer support requests, AI-powered content generation, personalized email creation, predictive sales forecasting, automated workflow descriptions and AI chatbots for customer interaction; Service provider:HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA Irland Limited, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Irland; Legal basis: Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR), legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.hubspot.de;https://www.hubspot.de/pa/crm; Privacy Policy:https://legal.hubspot.com/de/privacy-policy;https://legal.hubspot.com/de/privacy-policy;Data processing agreement: https://legal.hubspot.com/dpa.https://legal.hubspot.com/dpa. Basis for third country transfers: EU/EWR - Data Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa).

By mail:

Postaga is an all-in-one tool that quickly builds links and increases traffic to a website by creating custom, automated campaigns.
Key Elemente sind: Postaga Content Hub and Campaign Generator, Opportunity Finder, Content Analyzer, Contact Finder, Automatically Personalized Emails, Outreach Assistant, Email Automator;

Service provider: Postaga LLC, 297 Larkfield Rd. #1180, East Northport, NY 11731, United States;

Website: https://postaga.com.

Privacy Policy: https://postaga.com/privacy-policy/

FATHOM.Video: A premium version of Fathom that includes advanced AI features such as AI-generated action items and 12 different meeting summary templates. We also offer the Fathom Team Edition, which provides additional features for teams and managers using Fathom.

Service provider:DataRep, The Cube, Monahan Road, Cork, T12 H1XY,Republic of Ireland;

Website: https://fathom.video/.

Privacy Policy: https://fathom.video/privacy.

Jotform: Creation, publication and integration of online forms, AI agents, and data collection; Standard contractual clauses: Provided by the service provider; Data processing agreement: https://eu.jotform.com/gdpr-compliance/; Service provider: Jotform Inc., 4 Embarcadero Center, Suite 78, San Francisco CA 9411 USA; Website: https://www.jotform.com/. Privacy Policy:https://www.jotform.com/privacy/.

communication via messenger

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of the messengers, encryption, the use of communication metadata and your options for objection.

You can also contact us in alternative ways, e.g. by telephone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption activated to ensure that the message content is encrypted.

However, we would also like to point out to our communication partners that although the providers of the messengers cannot see the content, they can find out that and when communication partners communicate with us, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata) are also processed.

Notes on legal basis: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communicating via messenger. We would also like to point out that we will not transmit the contact details provided to us to the messenger for the first time without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and there are no statutory retention periods that prevent deletion.

Subject to reference to other communication channels: To ensure your security, we ask for your understanding that we may not be able to respond to requests via messenger for certain reasons. This applies to situations in which, for example, contract details must be treated with particular confidentiality or a response via messenger does not meet formal requirements. In these cases, we recommend that you use more suitable communication channels.

Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: communication partner.
Purposes of processing: Communication. Direct marketing (e.g. by email or post).
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Apple iMessage: Send and receive text messages, voice messages and video calls. Have group conversations. Share files, photos, videos and locations. Secure communication through end-to-end encryption. Synchronize messages across multiple devices; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website:https://www.apple.com/de/. Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
Instagram: Sending messages via the social network Instagram; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/.
Facebook Messenger: Send and receive text messages, make voice and video calls, create group chats, share files and media, transmit location information, sync contacts, encrypt messages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/;Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing.Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
Microsoft Teams: Chat, audio and video conferencing, file sharing, integration with Office 365 applications, real-time collaboration on documents, calendar functions, task management, screen sharing, optional recording; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: ;https://www.microsoft.com/de-de/microsoft-365;Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Switzerland - Adequacy Decision (IrelandData Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
WhatsApp: Text messages, voice and video calls, sending pictures, videos and documents, group chat function, end-to-end encryption for increased security; Service provider: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland.; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal. Basis for third country transferers:EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).

chatbots and chat functions

We offer online chats and chatbot functions as a means of communication (collectively referred to as "chat services"). A chat is an online conversation that takes place with a certain degree of real-time proximity. A chatbot is software that answers users' questions or informs them about messages. If you use our chat functions, we may process your personal data.

If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We can also collect information about which users interact with our chat services and when. We also store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove these in accordance with legal requirements.

We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services, as well as collect technical information about the device used by the user and, depending on the settings of their device, also location information (so-called metadata) for the purposes of optimizing the respective services and for security purposes. Likewise, the metadata of communication via chat services (i.e., the information about who communicated with whom) may be used by the respective platform provider in accordance with their provisions, to which we refer for further information, for marketing purposes or to display advertising tailored to users.

If users agree to activate information with regular messages to a chatbot, they have the option of unsubscribing from the information for the future at any time. The chatbot advises users how and with which terms they can unsubscribe from the messages. When the chatbot messages are unsubscribing, the user's data is deleted from the list of message recipients.

We use the aforementioned information to operate our chat services, e.g. to address users personally, to answer their inquiries, to transmit any requested content and also to improve our chat services (e.g. to "teach" chatbots answers to frequently asked questions or to identify unanswered inquiries).

Notes on legal basis: We use chat services on the basis of consent if we have previously obtained permission from users to process their data as part of our chat services (this applies to cases in which users are asked for consent, e.g. so that a chatbot can send them regular messages). If we use chat services to answer user inquiries about our services or our company, this is done for contractual and pre-contractual communication. Otherwise, we use chat services on the basis of our legitimate interests in optimizing the chat services, their economic efficiency and increasing the positive user experience.

Revocation, objection and deletion: You can revoke your consent at any time or object to the processing of your data as part of our chat services.

Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Affected persons: communication partner.
Purposes of processing: Communication.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR). Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

OnlySocial: OnlySocial offers an all-in-one social marketing solution for all your needs. Organize your social media content, optimize conversations with chatbots, set up a profitable online store, create an eye-catching link in the bio page and discover many more features!; Service provider: Onlysocial LTD, registered at Office 7236, 182 High St N, London, United Kingdom, E6 2JA; Website: https://onlysocial.io. Privacy Policy: https://onlysocial.io/privacy-policy.

push notifications

With the consent of the users, we can send users so-called "push notifications". These are messages that are displayed on the screens, devices or browsers of the users, even if our online service is not currently being actively used.

To register for push notifications, users must confirm the request from their browser or device to receive push notifications. This consent process is documented and saved. Storage is necessary to identify whether users have consented to receive push notifications and to be able to prove consent. For these purposes, a pseudonymous browser identifier (so-called "push token") or the device ID of a device is saved.

The push messages may be necessary for the fulfillment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offer) and are otherwise sent on the basis of the user's consent, unless specifically stated below. Users can change the receipt of push messages at any time using the notification settings of their respective browsers or devices.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: communication partner.
Purposes of processing: Communication; provision of our online offering and user-friendliness; reach measurement (e.g. access statistics, recognition of returning visitors). Direct marketing (e.g. by email or post).
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Deletion after termination.
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Push messages with advertising content: The push notifications we send may contain advertising information. The advertising push messages are processed based on the user's consent. If the content of the advertising push messages is specifically described as part of the consent to receive them, the descriptions are decisive for the user's consent. In addition, our newsletters contain information about our services and us; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
Analysis and success measurement: We statistically evaluate push messages and can thus determine whether and when push messages were displayed and clicked. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or retrieval times. This analysis also includes determining whether the push messages are opened, when they are opened and whether users interact with their content or buttons. For technical reasons, this information can be assigned to the individual push message recipients. However, it is neither our aim nor that of the push message service provider, if used, to observe individual users. Rather, the evaluations help us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users.
The analysis of push messages and the measurement of success are based on the express consent of the user, which is given with the agreement to receive push messages. Users can object to the analysis and measurement of success by unsubscribing from the push messages. A separate revocation of the analysis and measurement of success is unfortunately not possible; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
Claspo: Claspo is a code-free pop-up builder that offers over 700 templates, advanced targeting and trigger features, and seamless integrations; Service provider: CLASPO INC., WILMINGTON, DE, USA duly represented by Andrii Ryzhokhin with due power and authority for the purposes hereof, having its principal office 3524 SILVERSIDE RD STE 35B, WILMINGTON, DE 19810, USA; Website: https://claspo.io. Privacy Policy: https://claspo.io/privacy-policy/?_gl=1*1tgar7h*_up*MQ.*_ga*MTMyMjQxNjQwMi4xNzMwODA0MzYw*_ga_YRJY9YS0YQ*MTczMDgwNDM2MC4xLjAuMTczMDgwNDM2MC4wLjAuMA...

Artificial Intelligence (AI)

We use artificial intelligence (AI), which involves processing personal data. The specific purposes and our interest in using AI are set out below. In accordance with the definition of an "AI system" pursuant to Article 3 (1) of the AI Regulation, we define AI as a machine-based system designed for varying degrees of autonomous operation, capable of adapting after its introduction, and capable of generating results such as predictions, content, recommendations, or decisions from the inputs received that can influence physical or virtual environments.

Our AI systems are deployed in strict compliance with legal requirements. These include both specific regulations for artificial intelligence and data protection requirements. In particular, we adhere to the principles of lawfulness, transparency, fairness, human control, purpose limitation, data minimization, integrity, and confidentiality. We ensure that the processing of personal data always takes place on a legal basis. This can be either the consent of the data subject or legal permission.

When using external AI systems, we carefully select their providers (hereinafter "AI providers"). In accordance with our legal obligations, we ensure that the AI providers comply with applicable regulations. We also observe our obligations when using or operating the purchased AI services. The processing of personal data by us and the AI providers is carried out exclusively on the basis of consent or legal authorization. We attach particular importance to transparency, fairness, and maintaining human control over AI-supported decision-making processes.

To protect the data we process, we implement appropriate and robust technical and organizational measures. These ensure the integrity and confidentiality of the data we process and minimize potential risks. Through regular audits of AI providers and their services, we ensure ongoing compliance with current legal and ethical standards.

Types of data processed: Content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation). Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and features).
Affected persons: Users (e.g., website visitors, users of online services). Third parties.
Purposes of processing: Artificial Intelligence (AI).
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

ChatGPT: AI-based service designed to understand natural language and its

understand and generate related inputs and data, information

analyze and make predictions ("AI", ie "Artificial Intelligence", is in the respective

applicable legal sense of the term);

Service provider:

OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Irland;

Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);

Website: https://openai.com/product;

Privacy Policy: https://openai.com/de/policies/eu-privacy-policy.

Opt-out option:https://docs.google.com/forms/d/e/1FAIpQLSevgtKyiSWIOj6CV6XWBHl1daPZSOcIWzcUYUXQ1xttjBgDpA/viewform.

Microsoft Copilot: Microsoft Copilot: Support for creating and editing texts, spreadsheets, and presentations, data analysis, task automation, and integration with Office applications. Content data (files, conversations, metadata) and employee credentials (Org-ID/Entra-ID) are processed for the purposes of increasing efficiency and productivity, cost efficiency, flexibility, mobility, and integration with M365. Chat histories are stored for up to 30 days, and content is retained until deleted by the user. Diagnostic data is also collected for product stability and improvement. Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://www.microsoft.com/de-de/microsoft-copilot/organizations; Privacy Policy:https://www.microsoft.com/de-de/privacy/privacystatement; Data processing agreement:https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

OpenAI API: An API (Application Programming Interface) for artificial intelligence that provides developers with access to language and image models such as GPT and DALL·E. It enables the integration of functions like automatic text generation, natural language processing (NLP), translation, code creation, image generation, and image analysis into custom applications. Standardized interfaces allow for the integration of complex AI functions and the automation of processes. Service provider: OpenAI Ireland Ltd, 117-126 Sheriff Street Upper, D01 YC43 Dublin 1, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://openai.com/; Privacy Policy: https://openai.com/de/policies/eu-privacy-policy;Data processing agreement: https://openai.com/policies/data-processing-addendum; Basis for third country transfers: EU/EEA - Standard Contractual Clauses (https://openai.com/policies/data-processing-addendum), Switzerland - Standard Contractual Clauses (https://openai.com/policies/data-processing-addendum).Opt-out option: https://privacy.openai.com/policies?modal=select-subject.

Fathom: Fathom records, transcribes, highlights, and summarises your meetings so you can focus on the conversation;

Service provider:

Fathom Video Inc.

2261 Market Street, Suite 4156

San Francisco, CA 94114

United States.

Website: https://fathom.video/.

Privacy Policy: https://fathom.video/privacy.

video conferences, online meetings, webinars and screen sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purposes of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "conferences"). When selecting the conference platforms and their services, we observe the legal requirements.

Data processed by conference platforms: When participating in a conference, the conference platforms process the participants' personal data as listed below. The extent of the processing depends on which data is required for a specific conference (e.g. providing access data or real names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' data can also be processed by the conference platforms for security purposes or service optimization. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants' end devices, their operating system, the browser and its technical and language settings, information on the content of the communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users on the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recording: If text entries, participation results (e.g. from surveys) and video or audio recordings are logged, this will be communicated transparently to the participants in advance and they will be asked for their consent, if necessary.

Participants’ data protection measures: Please refer to the conference platforms' data protection notices for details of how your data is processed by them and select the security and data protection settings that are best for you in the settings of the conference platforms. Please also ensure that data and personal information is protected in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using the function to blur the background, if technically possible). Links to the conference rooms and access data must not be passed on to unauthorized third parties.

Notes on legal basis: If, in addition to the conference platforms, we also process user data and ask users for their consent to use the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g. in participant lists, in the case of processing discussion results, etc.). In addition, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g. photographs or video recordings of a person); sound recordings. Protocol data (e.g. log files relating to logins or the retrieval of data or access times).
Affected persons: Communication partners; users (e.g. website visitors, users of online services). Persons depicted.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication. Office and organizational procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications, real-time collaboration on documents, calendar functions, task management, screen sharing, optional recording; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-teams/;Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
Slack: Messenger and conference software; Service provider: Slack Technologies Limited, Level 1, Block A Nova Atria North, Sandyford Business District, Dublin 18, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://slack.com/intl/de-de/; Privacy Policy:https://slack.com/intl/de-de/legal; Data processing agreement: https://slack.com/intl/de-de/terms-of-service/data-processing. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://slack.com/intl/de-de/terms-of-service/data-processing), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://slack.com/intl/de-de/terms-of-service/data-processing).

Audio content

We use hosting services from service providers to offer our audio content for listening and downloading. We use platforms that enable the uploading, storage and distribution of audio material.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved). Protocol data (e.g. log files relating to logins or the retrieval of data or access times).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offer and user-friendliness.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

LetsCast: Simple and elegant podcast hosting for your content. Your podcast on Apple Podcasts, Spotify, YouTube & Co. One price, all features: Welcome to our podcast family! Service provider: Produktgenuss GmbH, Vereinsstraße 51, 20357 Hamburg; Website: https://letscast.fm. Privacy Policy: https://letscast.fm/privacy.

Cloud Services

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).

In this context, personal data may be processed and stored on the providers' servers if they are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their contents. The providers of the cloud services also process usage data and metadata, which they use for security purposes and to optimize the service.

If we use cloud services to provide forms, documents, and content to other users or publicly accessible websites, the providers may store cookies on users' devices for web analysis purposes or to remember users' settings (e.g. in the case of media control).

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details of authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Affected persons: Interested parties; communication partners; business and contractual partners.
Purposes of processing: Office and organizational procedures. Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.).).
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Apple iCloud: cloud storage service; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.apple.com/de/. Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
Google Cloud Storage: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Legal basis:Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://cloud.google.com/; Privacy Policy:https://policies.google.com/privacy; Data processing agreement: https://cloud.google.com/terms/data-processing-addendum; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Standard Contractual Clauses (https://cloud.google.com/terms/eu-model-contract-clause), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://cloud.google.com/terms/eu-model-contract-clause). Further information:https://cloud.google.com/privacy.https://cloud.google.com/privacy.
Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Irland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Irland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPRTHE); Website: https://microsoft.com/de-de;https://microsoft.com/de-de; Privacy Policy:https://privacy.microsoft.com/de-de/privacystatement,https://privacy.microsoft.com/de-de/privacystatement,Sicherheitshinweise: https://www.microsoft.com/de-de/trustcenter;https://www.microsoft.com/de-de/trustcenter;Data processing agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).
Breezedoc: BreezeDoc is a document signing solution that makes it easy to collect signatures for contracts and agreements. With just one click, you can upload your contracts and agreements to BreezeDoc's simple interface, ready for instant signing. Mark the places on the contract where you need signatures, initials, date fields, and more so your prospects can easily fill out the required information. Because you can create documents for a single recipient or multiple signers, you can manage all your digital signature needs with this one tool; Service provider: BreezeDoc is part of the AppSumo family. AppSumo’s designated copyright agent to receive DMCA Notices is: Ilona Abramova, 1305 E 6th street unit 3, Austin, TX 78702; Website: https://breezedoc.com. Privacy Policy: https://breezedoc.com/privacy.
Tidycal: TidyCal is a scheduling app that helps you easily manage your calendar and get more bookings for any type of meeting; Service provider: Sumo Group, Inc., 1345 E. 6th Street Suite 125 Austin, TX 78702 USA; Website: https://tidycal.com. Privacy Policy:https://tidycal.com/privacy-policy.

newsletters and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipient or on the basis of a legal basis. If the contents of the newsletter are mentioned when registering for the newsletter, these contents are decisive for the consent of the user. To register for our newsletter, it is usually sufficient to provide your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name so that we can address you personally in the newsletter or for further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list (so-called "block list") for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers.

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
Affected persons: communication partner.
Purposes of processing: Direct marketing (e.g. by email or post).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).
Opt-out option: You can cancel your subscription to our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing procedures, methods and services:

SendFox: SendFox is an end-to-end system that allows you to grow your email list and schedule, automate and track emails to them; Service provider: Sumo Group Inc. (d/b/a "AppSumo","SumoMe","Sumo.com")
1305 E. 6th St #3
Austin, TX 78702; Website: https://sendfox.com. Privacy Policy: https://sendfox.com/privacy.
Measuring open and click rates: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server or its server when the newsletter is opened, if we use a shipping service provider. As part of this retrieval, technical information, such as details about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations are used to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the opening and click rates as well as the storage of the measurement results in the user profiles and their further processing are based on the consent of the users. Unfortunately, it is not possible to revoke the performance measurement separately. In this case, the entire newsletter subscription must be cancelled or revoked. In this case, the stored profile information will be deleted; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Surveys and polls

We conduct surveys and questionnaires to collect information for the respective communicated survey or questionnaire purpose. The surveys and questionnaires we conduct (hereinafter "surveys") are evaluated anonymously. Personal data is processed only to the extent necessary for the provision and technical implementation of the surveys (e.g., processing the IP address to display the survey in the user's browser or to enable resumption of the survey using a cookie).

Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts as well as the information relating to them, such as details of authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).

Affected persons: Participant.

Purposes of processing: Feedback (e.g., collecting feedback via an online form). Surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).

Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".

Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

MetaSurvey: With MetaSurvey, data collection is easy and fun.

Create card-like surveys, quizzes, and forms to quickly collect feedback, capture leads, and gain insights.

Say goodbye to boring questionnaires and hello to elegant, modern interactions that your audience will love!

Service provider: MetaSurvey represented by individual entrepreneur KIRILL TERESHCHENK registered in Georgia, registered office at Georgia, Akhaltsikhe district, Abi

VAT number is 324081916

Website: https://getmetasurvey.com/.

Privacy Policy:https://getmetasurvey.com/privacy-policy.

web analysis, monitoring and optimization

Web analysis (also known as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, identify at what time our online offering or its functions or content are used most frequently, or encourage reuse. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to us or the providers of the services we use collecting their location data, the processing of location data is also possible.

In addition, the IP addresses of the users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest/behavior-related profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing. Provision of our online offer and user-friendliness.
Storage and deletion: Deletion as described in the "General information on data storage and deletion" section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
Safety measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

1&1 IONOS WebAnalytics: reach measurement and web analysis; Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/; Data processing agreement:https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/; Further information: The data is collected either by a pixel or by a log file, without the use of cookies; the visitor's IP address is transmitted when a page is accessed, immediately anonymized after transmission and further processed without personal reference. The data is processed on the basis of a contract for data processing.
Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they have used, accessed these again or interacted with our online offering. The time of use and its duration are also stored, as are the sources of users who refer to our online offering and technical aspects of their devices and browsers.
This involves creating pseudonymous profiles of users with information from their use of different devices and may use cookies. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics does provide rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used solely for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis:Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website:https://marketingplatform.google.com/intl/de/about/analytics/;https://marketingplatform.google.com/intl/de/about/analytics/;Safety measures: IP masking (pseudonymization of the IP address); Privacy Policy:https://policies.google.com/privacy;https://policies.google.com/privacy; Data processing agreement:https://business.safety.google/adsprocessorterms/;https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/https://business.safety.google/adsservices/ (Types of processing and data processed).
Google as recipient of the consent: The consent given by users as part of a consent dialog (also known as "cookie opt-in/consent", 'cookie banner', etc.) serves several purposes. On the one hand, it helps us to fulfill our obligation to obtain consent to the storage and reading of information on and from the user's device (in accordance with ePrivacy guidelines). On the other hand, it covers the processing of users' personal data in accordance with data protection requirements. In addition, this consent also applies to Google, as the company is obliged to obtain consent for personalized services under the Digital Markets Act. We therefore share the status of consents given by users with Google. Our consent management software informs Google whether consents have been given or not. The aim is to ensure that the consents given or not given by users are taken into account when using Google Analytics and when integrating functions and external services. In this way, user consents and their revocation within the framework of Google Analytics and other Google services in our online offering can be adapted dynamically and depending on the user's selection; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://support.google.com/analytics/answer/9976101?hl=de; Privacy Policy: https://policies.google.com/privacy.
Jetpack (WordPress Stats): Jetpack provides analytics capabilities for WordPress software; Service provider:Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal basis:Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://automattic.com;https://automattic.com;Privacy Policy: https://automattic.com/privacy.https://automattic.com/privacy; Data processing agreement: Provided by the service provider. Basis for third country transfers:EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).
Sitebehaviour: SiteBehaviour is a cookie-less, Google Analytics alternative that helps marketers and agencies track campaigns in easy mode. Analytics Toolbox: Click Heatmap, Scroll Heatmap, Hover Heatmap, Areas of Friction, Funnel Drop-Offs, Conversion per Device / Traffic Channel, Flexible Filters, Navigation Paths; Service provider: SiteBehaviour Inc. Toronto, ON,Canada, Phone: 4372391838 , contact@sitebehaviour.com; Website: https://www.sitebehaviour.com. Privacy Policy:https://docs.sitebehaviour.com/privacy/privacy-policy.

online marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

In addition, the IP addresses of the users are stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing processes know the actual user identity, only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or using similar processes. These cookies can generally also be read later on other websites that use the same online marketing process and analyzed for the purpose of displaying content, supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, it is possible to assign clear data to profiles, primarily if the users are, for example, members of a social network whose online marketing processes we use and the network links the user profiles with the aforementioned information. Please note that users can make additional agreements with the providers, for example by giving their consent during registration.

In principle, we only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, ie for example to the conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Information on revocation and objection:

We refer to the data protection information of the respective providers and the objection options specified for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you can deactivate cookies in your browser settings. However, this may restrict functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:

a) Europa: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved). Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavior-related profiling, use of cookies); target group formation; marketing; profiles with user-related information (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures); provision of our online offer and user-friendliness; remarketing; click tracking. Cross-device tracking (cross-device processing of user data for marketing purposes).
Storage and deletion: Deletion as described in the "General information on data storage and deletion" section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
Safety measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Facebook Ads: Placing advertisements within the Facebook platform and evaluating the advertising results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF); Opt-out option: We refer to the data protection and advertising settings in the user profile on the Facebook platforms as well as to Facebook's consent procedures and contact options for exercising information and other data subject rights, as described in Facebook's privacy policy; Further information: Event data of users, i.e. behavioral and interest information, are processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility ("Addendum for Responsible Persons", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Google Ad Manager: We use the "Google Ad Manager" service to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.). The Google Ad Manager is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to show ads for our online offering to users who could have a potential interest in our offering or who have previously shown an interest in it, as well as to measure the success of the ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/; Data processing terms for Google advertising products: Information about the services Data processing terms between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms. if Google acts as a processor, data processing conditions for Google advertising products and standard contractual clauses for third country transfers of data: https://business.safety.google/adsprocessorterms.
Google Ads and conversion measurement: Online marketing processes for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on web pages, etc.) so that they are displayed to users who are likely to be interested in the advertisements. In addition, we measure the conversion of the advertisements, i.e. whether users have taken them as an opportunity to interact with the advertisements and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR), Legitimate Interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy:https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.
LinkedIn Insight Tag: Code that is loaded when a user visits our website and tracks the user's behavior and conversions and stores them in a profile (possible uses: measuring campaign performance, optimizing ad delivery, building custom and similar audiences); Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website:https://www.linkedin.com;https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy,https://www.linkedin.com/legal/privacy-policy, Cookie-Policy: https://www.linkedin.com/legal/cookie_policy;https://www.linkedin.com/legal/cookie_policy;Data processing agreement: https://www.linkedin.com/legal/l/dpa;https://www.linkedin.com/legal/l/dpa;Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out option:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest Tag: Interest- and behavior-based measurement and analysis of user interaction with our online services (in particular page visits, searches, transactions, video and page views, and time and period) for the purpose of creating target groups for the display of content and advertising content within the Pinterest platform and the partners involved in its advertising network; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Irland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://help.pinterest.com/en/business/article/track-conversions-with-pinterest-tag;Privacy Policy: https://policy.pinterest.com/de/privacy-policy; Opt-out option:https://help.pinterest.com/de/article/personalized-ads-on-pinterest. Further information: Agreement on joint responsibility in the "Pinterest Advertising Services Agreement, Appendix B: Pinterest Appendix for Joint Controllers" https://business.pinterest.com/de/pinterest-advertising-services-agreement/.

SiteBehaviour: SiteBehaviour is a cookie-free Google Analytics alternative that helps marketers and agencies track campaigns in simple mode.

All data on one dashboard. SiteBehaviour lets you track traffic and conversions in real time on a comprehensive, user-friendly dashboard.

Filter data based on button clicks, countries, and traffic sources to gain key insights. Create custom charts that visualize clicks, page views, and custom events;

Service provider:SiteBehaviour Inc a company registered in Ontario , Canada, Toronto, Canada;

Website: https://www.sitebehaviour.com.

Privacy Policy:https://docs.sitebehaviour.com/privacy/privacy-policy.

Nytro: Nytro SEO is an AI-powered SEO tool that automatically generates and optimizes meta tags for your website. Auto-generate SEO meta tags. NytroSEO's AI allows you to automatically generate and optimize meta tags for all pages on your website in record time. Generate page titles, meta descriptions, image alt text, and link anchor title text optimized for important search terms. Automatically insert relevant keywords into your meta tags to improve your search rankings.

Service provider: Nytro Systems LLC, 26 Broadway, Suite 934. New York, NY 10004; Website: https://nytroseo.com.

Privacy Policy:https://nytroseo.com/nytro-systems-privacy-policy/.

affiliate programs and affiliate links

In our online offering, we include so-called affiliate links or other references (which may include search masks, widgets or discount codes, for example) to the offers and services of third-party providers (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to be able to track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party providers to know that users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g. purchases) serves solely the purpose of commission settlement and is canceled as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links can be supplemented with certain values that are part of the link or can be stored elsewhere, e.g. in a cookie. The values can include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Types of data processed: Contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Interested parties. Users (e.g. website visitors, users of online services).
Purposes of processing: affiliate tracking
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Digistore24 partner program: affiliate marketing partner program; Service provider: Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.digistore24.com; Privacy Policy: https://www.digistore24.com/page/privacy.

customer reviews and rating processes

We participate in review and rating processes to evaluate, optimize and promote our services. If users rate us via the participating rating platforms or processes or otherwise provide feedback, the general terms and conditions or terms of use and the data protection notices of the providers also apply. As a rule, the rating also requires registration with the respective providers.

In order to ensure that the people providing the reviews have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective review platform (including name, email address and order number or item number) with the customer's consent. This data is used solely to verify the authenticity of the user.

Types of data processed: Contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Service recipients and clients. Users (e.g. website visitors, users of online services).
Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Socialjuice: Socialjuice is a video customer review platform that allows you to easily collect and share written or video testimonials; Service provider: Socialjuice: Jan Tooropstraat, 1061 AE Amsterdam, Netherlands; Website: https://socialjuice.io. Privacy Policy:https://socialjuice.io/privacy.

Presence in social networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user's usage behavior and the resulting interests. The latter can then be used, for example, to place advertisements within and outside the networks that presumably correspond to the user's interests. Cookies are therefore usually stored on users' computers in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective processing methods and the options for objection (opt-out), please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Communication; feedback (e.g. collecting feedback via online form). Public relations.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR). Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Further information on processing procedures, methods and services:

Instagram: Social network, allows sharing photos and videos, commenting and favorite posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook data policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights", to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information", https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis:Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy:https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF).
LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for collecting (but not further processing) visitor data that is used to create the "Page Insights" (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with, and the actions they take. In addition, details about the devices used are collected, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from user profiles, such as job function, country, industry, hierarchy level, company size and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to comply with the rights of those affected (i.e. users can, for example, address requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transmission of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
TikTok: Social network, allows sharing photos and videos, commenting and favorite posts, sending messages, subscribing to accounts; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland und TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://www.tiktok.com; Privacy Policy: https://www.tiktok.com/de/privacy-policy. Basis for third country transfers: EU/EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms), Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
X: social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://x.com; Privacy Policy: https://x.com/de/privacy. Basis for third country transfers: Switzerland - Data Privacy Framework (DPF).
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Privacy Policy:https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). Opt-out option:https://myadcenter.google.com/personalizationoff.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos or city maps (hereinafter referred to uniformly as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, since without an IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, the time of the visit and other information about the use of our online offering, but can also be linked to such information from other sources.

Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved); inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation). Location data (information on the geographical position of a device or person).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness. Reach measurement (e.g. access statistics, recognition of recurring visitors); tracking (e.g. interest/behavior-based profiling, use of cookies); target group formation; marketing inheritanceprovision of contractual services and fulfilment of contractual obligations.
Storage and deletion: Deletion as described in the "General information on data storage and deletion" section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR). Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

Google Fonts (sourced from Google Server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the provider of the fonts in the USA - When visiting our online offer, the user's browser sends their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, and the referring URL (i.e., the web page where the Google font should be displayed). IP addresses are not logged or stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to customize the font that is generated for the respective browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts Analytics page. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report of top integrations based on the number of font requests. Google says it does not use any of the information collected by Google Fonts to build profiles of end users or to target ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website:https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers:EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Further information:https://developers.google.com/fonts/faq/privacy?hl=de.
Google Maps: We integrate the maps of the "Google Maps" service provided by Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
reCAPTCHA: We integrate the "reCAPTCHA" function to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called "bots"). The data processed can include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis:Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). Opt-out option: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.
YouTube-Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Data Privacy Framework (DPF). Opt-out option: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff.

privacy policy

types of data processed

categories of data subjects

purposes of processing