Preamble

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Last Update: 7. December 2023

 

Table of Contents

• Preamble
• Data Controller
• Contact Data Protection Officer
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Transmission of Personal Data
• International Data Transfers
• Data Deletion
• Rights of Data Subjects
• Use of Cookies
• Provision of Online Offering and Web Hosting
• Contact and Inquiry Management
• Contests and Competitions
• Web Analysis, Monitoring, and Optimization
• Online Marketing
• Presence on Social Networks (Social Media)
• Plugins and Embedded Functions and Content
• Amendment and Update of the Privacy Policy
• Definitions

 

Data Controller

Fischer Panda GmbH Otto-Hahn-Str. 40 D-33104 Paderborn Germany

Managing Directors: Dipl.-Ing. Stephan Backes Dr.-Ing. Sven Soetebier

Registered Office: Paderborn, Germany

Email: info@fischerpanda.de Phone: +49 5254 - 9202-0

Imprint: www.onefischerpanda.com/legal-terms

 

Contact Data Protection Officer

Michael Suermann S&S Strategie und Struktur GmbH Otto-Hahn-Str. 9 33104 Paderborn

Email: ms@susstrategie.de Phone: 0177 977 6112

 

Overview of processing operations

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the affected individuals.

Types of Processed Data:

• Inventory Data
• Location Data
• Contact Data
• Content Data
• Usage Data
• Meta-, Communication, and Process Data
• Contact Information (Facebook)
• Event Data (Facebook)
• Categories of Data Subjects:
• Communication Partners
• Users
• Contest and Competition Participants
• Purposes of Processing:
• Provision of Contractual Services and Fulfillment of Contractual Obligations
• Contact Inquiries and Communication
• Security Measures
• Reach Measurement
• Tracking
• Remarketing
• Conversion Measurement
• Click Tracking
• Audience Targeting
• Management and Response to Inquiries
• Conducting Contests and Competitions
• Feedback
• Marketing
• Profiles with User-Related Information
• Provision of Our Online Offering and User-Friendliness
• Information Technology Infrastructure

 

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1) lit. a) GDPR) - The data subject has given consent to the processing of their personal data for a specific purpose or purposes.
• Contract Performance and Pre-contractual Inquiries (Art. 6(1) lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject.
• Legitimate Interests (Art. 6(1) lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the data controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail.

National Data Protection Regulations in Germany: In addition to the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains special regulations regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Relevant Legal Bases according to Swiss Data Protection Law: If you are in Switzerland, we process your data based on the Federal Data Protection Act (Schweizer DSG). This applies even if our processing of your data concerns you in Switzerland, and you are affected by the processing. Unlike the GDPR, the Swiss DSG generally does not require a legal basis to be named for the processing of personal data. We process personal data only if the processing is lawful, conducted in good faith, and proportionate (Art. 6(1) and (2) of the Swiss DSG). Furthermore, we obtain personal data only for specific and recognizable purposes and process it only in a way that is compatible with these purposes (Art. 6(3) of the Swiss DSG).

Note on the Applicability of GDPR and Swiss DSG: These data protection notices serve both to provide information under the Swiss Federal Data Protection Act (Schweizer DSG) and the General Data Protection Regulation (GDPR). For the sake of broader spatial application and understanding, please be aware that the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DSG, such as "processing" of "personal data," "predominant interest," and "particularly sensitive personal data," the terms used in the GDPR, such as "processing" of "personal data," "legitimate interest," and "special categories of data," are used. However, the legal meaning of the terms continues to be determined within the scope of the applicability of the Swiss DSG.

 

Security Measures

In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data through the control of physical and electronic access to the data, as well as access, input, disclosure, availability, and separation of data. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, data deletion, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design, and through privacy-friendly default settings.

IP Address Truncation: If IP addresses are processed by us or by the services and technologies employed, and the processing of a full IP address is not necessary, the IP address is truncated (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a dot are removed or replaced with placeholders. Truncating the IP address is intended to prevent or significantly impede the identification of a person based on their IP address.

TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

 

Transmission of Personal Data

In the course of processing personal data, it may happen that data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Transfer of Data within the Corporate Group: We may transfer personal data to other companies within our corporate group or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business and economic interests or takes place if necessary to fulfill our contractual obligations or if there is consent from the data subjects or a legal permission.

 

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if the processing takes place as part of the use of third-party services or the disclosure or transmission of data to other individuals, entities, or companies, this only happens in accordance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise ensured, especially through standard contractual clauses (Art. 46(2) lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49(1) GDPR). Additionally, we inform you about the basis for third-country transfers with each provider from the third country, with adequacy decisions taking precedence as the basis. Information on third-country transfers and existing adequacy decisions can be found on the EU Commission's information page: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection as safe for certain companies from the USA within the framework of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at www.dataprivacyframework.gov. We inform you in the context of data protection notices which service providers certified under the Data Privacy Framework we use.

Disclosure of Personal Data Abroad: According to the Swiss Data Protection Act (DSG), we only disclose personal data abroad if adequate protection of the data subjects is ensured (Art. 16 Swiss DSG). If the Federal Council has not established adequate protection (list: www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or company-internal data protection regulations pre-approved by the FDPIC or a competent data protection authority in another country.

According to Art. 16 of the Swiss DSG, exceptions for the disclosure of data abroad can be allowed if certain conditions are met, including the consent of the data subject, contract fulfillment, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures always comply with legal requirements.

 

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as the consent granted for processing is revoked or other permissions expire (e.g., if the purpose of processing such data ceases to exist or they are no longer required for the purpose). If the data is not deleted because it is necessary for other legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. In our privacy policy, we can provide users with additional information about deletion and retention of data, specifically applicable to each processing process.

 

Rights of Data Subjects

Rights of data subjects under the GDPR: You, as data subjects, have various rights under the GDPR, particularly derived from Articles 15 to 21 of the GDPR:

• Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, including profiling, to the extent that it is related to such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw consent at any time.
• Right to Information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this data and further information and a copy of the data in accordance with legal requirements.
• Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of your personal data or the correction of your inaccurate data.
• Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to demand that data concerning you be deleted immediately, or alternatively, according to legal requirements, to demand a restriction on the processing of the data.
• Right to Data Portability: You have the right to receive your data, which you have provided to us, in accordance with legal requirements, in a structured, common, and machine-readable format or to request the transmission of it to another responsible party.
• Complaint to Supervisory Authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to file a complaint with a supervisory authority, in particular in the Member State where you are staying, working, or where the alleged infringement occurred, if you believe that the processing of personal data concerning you violates the GDPR.

Rights of Data Subjects under the Swiss Data Protection Act (DSG):

• You, as a data subject under the Swiss Data Protection Act (DSG), have the following rights in accordance with the provisions of the Swiss DSG:
• Right to Information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary for you to exercise your rights under this law and to ensure transparent data processing.
• Right to Data Disclosure or Transfer: You have the right to request the disclosure of your personal data that you have provided to us in a common electronic format.
• Right to Correction: You have the right to request the correction of your inaccurate personal data.
• Right to Objection, Deletion, and Destruction: You have the right to object to the processing of your data and to request the deletion or destruction of your personal data.

 

Use of Cookies

Cookies are small text files or other storage methods that store information on end devices and retrieve information from end devices. For example, they may be used to store login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as ensuring functionality, security, and convenience of online offerings, as well as creating analyses of visitor flows.

Consent Information: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is not typically necessary when storing and retrieving information, including cookies, is strictly required to provide users with a telemedia service explicitly requested by them (i.e., our online offering). Essential cookies usually include functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences, and choices or similar purposes related to providing the main and ancillary functions of the online offering requested by users. Revocable consent is clearly communicated to users and includes information about the specific use of cookies.

Notes on Data Protection Legal Bases: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the stated consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the operational management of our online offering and improving its usability), or, if it occurs within the fulfillment of our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. The purposes for which we process cookies will be explained in the course of this privacy policy or as part of our consent and processing procedures.

Storage Duration: In terms of storage duration, the following types of cookies are distinguished:

• Temporary Cookies (Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the closure of the device. For example, login status or preferred content can be stored and displayed directly when the user revisits a website. Additionally, data collected from users through cookies can be used for measuring reach. If we do not provide users with explicit information regarding the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent, and the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-Out): Users can revoke their given consents at any time and object to the processing in accordance with legal requirements. Users can, among other things, restrict the use of cookies in their browser settings (although this may also limit the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be declared via the websites optout.aboutads.info and https://www.youronlinechoices.com/ .

• Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness.
• Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Additional Notes on Processing Procedures, Methods, and Services:

• Processing of Cookie Data Based on Consent: We use a cookie consent management process in which user consents to the use of cookies, as well as the processing and providers mentioned in the context of the cookie consent management process, can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove the consent in accordance with legal obligations. Storage can be done server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to associate the consent with a user or their device. Subject to individual information about cookie management service providers, the following information applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is created, and information about the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used, is stored along with the time of consent; Legal Bases: Consent (Art. 6(1)(a) GDPR).
• Cookie Opt-Out: In the footer of our website, you will find a link that allows you to change your cookie settings and revoke corresponding consents; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

 

Provision of the Online Offering and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Processed Data Types: Usage Data (e.g., visited websites, interest in content, access times) Meta-, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status)
• Data Subjects: Users (e.g., website visitors, users of online services)
• Purposes of Processing: Provision of our online offering and user-friendliness, Information technology infrastructure (operation and provision of information systems and technical devices, such as computers, servers, etc.), Security measures
• Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR)

Additional Notes on Processing Procedures, Methods, and Services:

• Provision of Online Offering on Rented Storage Space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as "web hoster"). Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR)
• Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used, on the one hand, for security purposes, e.g., to avoid overloading servers (especially in the case of abusive attacks, so-called DDoS attacks), and, on the other hand, to ensure the load and stability of the servers. Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR) Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
• Mittwald: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacities); Service provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.mittwald.de ; Privacy Policy: https://www.mittwald.de/datenschutz ; Data Processing Agreement: https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo .
• OpenStreetMap: We integrate the maps of the "OpenStreetMap" service, which are offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). OpenStreetMap uses user data exclusively for the purpose of displaying map functions and caching selected settings. This data may include IP addresses and location data of users, but it is not collected without their consent (usually through the settings of their end devices or browsers). Service provider: OpenStreetMap Foundation (OSMF); Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.openstreetmap.de ; Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy .

 

Contact and Inquiry Management

When users contact us (e.g., by post, contact form, email, phone, or via social media) or within existing user and business relationships, the information of the inquiring individuals is processed to the extent necessary to respond to contact inquiries and any requested measures.

• Processed Data Types: Contact Data (e.g., email, phone numbers), Content Data (e.g., entries in online forms)
• Usage Data (e.g., visited websites, interest in content, access times) Meta-, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status)
• Data Subjects: Communication partners
• Purposes of Processing: Contact inquiries and communication, Management and response to inquiries, Feedback (e.g., collecting feedback via online forms), Provision of our online offering and user-friendliness
• Legal Bases:, Legitimate interests (Art. 6(1)(f) GDPR), Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)

Additional Notes on Processing Procedures, Methods, and Services:

• Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data communicated to us in this context to handle the stated concerns. Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

 

Competitions and Contests

We process personal data of participants in competitions and contests only in compliance with the relevant data protection regulations. Processing is carried out to the extent contractually required for the provision, implementation, and execution of the competition, participants have consented to the processing, or the processing serves our legitimate interests (e.g., in the security of the competition or protection of our interests against misuse by possible capture of IP addresses when submitting competition entries).

If contributions of participants are published within the scope of competitions (e.g., in the context of voting or presentation of competition entries or winners, or in the reporting on the competition), we point out that the names of the participants may also be published in this context. Participants can object to this at any time.

If the competition takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as "online platform"), the terms of use and data protection regulations of the respective platforms also apply. In these cases, we point out that we are responsible for the information provided by participants in the context of the competition, and inquiries regarding the competition should be directed to us.

The data of the participants will be deleted as soon as the competition or contest is ended, and the data is no longer needed to inform the winners or because no further inquiries about the competition are to be expected. In general, participant data will be deleted no later than 6 months after the end of the competition. Data of the winners may be retained longer to answer inquiries about the prizes or to fulfill the prize services; in this case, the storage period depends on the nature of the prize and may be, for example, up to three years for goods or services, to handle warranty cases. Furthermore, participant data may be stored for a longer period, e.g., in the form of reporting on the competition in online and offline media.

• Processed Data Types:, Master Data (e.g., names, addresses)
• Content Data (e.g., entries in online forms) Meta-, Communication, and Process Data (e.g., IP addresses, time stamps, identification numbers, consent status)
• Data Subjects: Competition and contest participants
• Purposes of Processing: Implementation of competitions and contests
• Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR)

 

Web Analysis, Monitoring, and Optimization

Web analysis, also referred to as "reach measurement," serves to evaluate the visitor flows on our online platform and can include pseudonymous values related to user behavior, interests, or demographic information, such as age or gender. Through reach analysis, we can, for example, identify the times when our online platform or its features and content are most frequently used or invite reuse. Additionally, we can understand which areas require optimization.

In addition to web analysis, we may use testing procedures to, for instance, test and optimize different versions of our online platform or its components.

Unless stated otherwise below, profiles—meaning data combined for a usage event—are created for these purposes, and information is stored in a browser or end device and read from it. The collected information includes, in particular, visited web pages and used elements, as well as technical details such as the browser used, the computer system used, and information about usage times. If users have agreed to the collection of their location data to us or to the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, clear data of users (such as email addresses or names) is not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms are used. This means that we, as well as the providers of the software used, do not know the actual identity of users, only the information stored in their profiles for the purposes of the respective procedures.

• Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Remarketing; Audience targeting; Reach measurement (e.g., access statistics, recognition of recurring visitors); Creating profiles with user-related information (creating user profiles); Providing our online offering and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Additional information on processing procedures, procedures, and services:

Google Analytics 4: We use Google Analytics to measure and analyze the usage of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. Its purpose is to associate analytical information with an end device to identify which content users have accessed during one or multiple usage sessions, which search terms they have used, revisited, or interacted with our online offering. Additionally, the time of usage and its duration, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers, are stored. Pseudonymous user profiles with information from the usage of different devices may be created, and cookies may be used in this process. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides approximate geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). In the case of EU data traffic, IP address data is exclusively used for this derivation of geolocation data before being immediately deleted. It is not logged, inaccessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before the traffic is forwarded to Analytics servers for processing. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/ ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms ); Opt-out option: Opt-Out Plugin: tools.google.com/dlpage/gaoptout, Ad display settings: https://adssettings.google.com/authenticated . More information: https://business.safety.google/adsservices/  (Types of processing and processed data).

Audience building with Google Analytics: We use Google Analytics to display ads within Google's advertising services and its partners only to users who have shown an interest in our online offering or exhibit certain characteristics (e.g., interests in specific topics or products determined based on visited websites), which we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also aim to ensure that our ads align with the potential interests of users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: marketingplatform.google.com; Legal basis: https://business.safety.google/adsprocessorterms/ ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms/ ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); More information: Types of processing and processed data: https://business.safety.google/adsservices/ . Data processing terms for Google advertising products and Standard Contractual Clauses for third-country transfers of data: https://business.safety.google/adsprocessorterms .

Google Analytics in consent mode: In consent mode, Google processes user personal data for measurement and advertising purposes based on user consent. Users provide their consent within the scope of our online services. If user consent is entirely absent, data is processed only on an aggregated (i.e., not individually assigned and summarized) level. If consent includes only statistical measurement, no user personal data is processed for ad display or measurement of advertising success (so-called "conversion"); Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Website: https://support.google.com/analytics/answer/9976101?hl=de.

Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags through an interface and integrate other services into our online offering (additional information is referred to in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the user's IP address, which is necessary to execute Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Data processing agreement: https://business.safety.google/adsprocessorterms . Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms ).

 

Online Marketing

We process personal data for the purpose of online marketing, including the marketing of advertising space or the display of promotional and other content (referred to collectively as "content") based on potential user interests, as well as the measurement of its effectiveness.

For these purposes, user profiles are created and stored in a file (known as a "cookie"), or similar methods are used to store information relevant to the user for displaying the aforementioned content. This information may include viewed content, visited websites, used online networks, as well as communication partners and technical details such as the used browser, the computer system used, usage times, and utilized functions. If users have consented to the collection of their location data, this data may also be processed.

The IP addresses of users are also stored. However, we use available IP masking methods (i.e., pseudonymization through shortening the IP address) to protect users. Generally, clear user data (such as email addresses or names) is not stored within the framework of online marketing procedures, but pseudonyms are used. This means that neither we nor the providers of online marketing procedures know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in cookies or similar methods. These cookies can also be read on other websites that use the same online marketing procedures, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing procedure provider.

In exceptional cases, clear data can be assigned to the profiles. This occurs when users are, for example, members of a social network whose online marketing procedures we use, and the network links the profiles of users with the aforementioned information. Please note that users can make additional agreements with the providers, for example, through consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion measurements, we can check which of our online marketing procedures have led to a conversion, i.e., for example, a contract conclusion with us. Conversion measurement is solely used for analyzing the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

• Processed data types: Content data (e.g., inputs in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, consent status); Event data (Facebook) ("Event data" are data that can be transmitted to Facebook, e.g., via Facebook Pixel (via apps or other means) by us and relate to individuals or their actions; Data includes, for example, information about visits to websites, interactions with content, features, app installations, product purchases, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (e.g., written comments), login information, and contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from them are deleted when our Facebook account is deleted); Contact information (Facebook) ("Contact information" is data that clearly identifies individuals, such as names, email addresses, and phone numbers, which can be transmitted to Facebook, e.g., via Facebook Pixel or upload for comparison purposes for the purpose of creating Custom Audiences. After the comparison for the formation of target groups, the contact information is deleted).
• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); Audience targeting; Marketing; Profiles with user-related information (creation of user profiles); Providing our online offering and user-friendliness; Remarketing; Click tracking.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Opt-out options: We refer to the privacy policies of the respective providers and the opt-out options provided by the providers (so-called "opt-out"). If no explicit opt-out option is specified, there is the possibility to disable cookies in the settings of your browser. However, this may restrict the functionality of our online offering. We also recommend the following opt-out options, which are summarized for each respective area:
  • a) Europe: https://www.youronlinechoices.eu .
  • b) Canada: https://www.youradchoices.ca/choices .
  • c) USA: https://www.aboutads.info/choices .
  • d) Cross-region: https://optout.aboutads.info .

Further information on processing processes, methods, and services:

Meta Pixel and Audience Targeting (Custom Audiences): With the help of the Meta Pixel (or comparable functions for transmitting event data or contact information through interfaces in apps), Meta is able to determine visitors to our online offering as a target audience for displaying ads (so-called "Meta-Ads"). Accordingly, we use the Meta Pixel to display the Meta-Ads we place only to users on Meta platforms and within the services of Meta-cooperating partners (the so-called "Audience Network" at https://www.facebook.com/audiencenetwork/ ) who have shown an interest in our online offering or exhibit certain characteristics (e.g., interest in specific topics or products evident from visited websites) that we transmit to Meta (so-called "Custom Audiences"). With the help of the Meta Pixel, we also aim to ensure that our Meta-Ads align with users' potential interests and do not appear intrusive. Additionally, the Meta Pixel allows us to track the effectiveness of Meta-Ads for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Meta-Ad (so-called "conversion measurement"); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.com ; Privacy policy: https://www.facebook.com/about/privacy ; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum ); Additional information: Event data of users, i.e., behavioral and interest-related information, are processed for the purposes of targeted advertising and audience targeting based on the Agreement on Joint Controllership ("Controller Addendum," https://www.facebook.com/legal/controller_addendum ).

Enhanced Matching for the Meta Pixel: In addition to processing event data as part of using the Meta Pixel (or comparable functions, e.g., in apps), Meta also collects or receives contact information (individually identifiable data, such as names, email addresses, and phone numbers) within our online offering. The processing of contact information aims at forming target groups (so-called "Custom Audiences") for displaying content and advertising information tailored to the presumed interests of users. The collection, transmission, and matching with data existing at Meta are done not in plain text but as so-called "hash values," i.e., mathematical representations of the data (this method is, for example, used in password storage). After matching for the purpose of forming target groups, the contact information is deleted; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Privacy policy: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum ); Additional information: https://www.facebook.com/legal/terms/data_security_terms .

• Facebook Advertisements: Placement of advertisements within the Facebook platform and evaluation of ad results; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com ; Privacy policy: https://www.facebook.com/about/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); Opt-out option: We refer to the privacy and advertising settings in the user's profile on the Facebook platform as well as in Facebook's consent process and Facebook's contact options for exercising information and other data subject rights in Facebook's privacy policy; Additional information: Event data of users, i.e., behavioral and interest-related information, are processed for the purposes of targeted advertising and audience targeting based on the Agreement on Joint Controllership ("Controller Addendum," https://www.facebook.com/legal/controller_addendum ).
• Google Ads and Conversion Tracking: Online marketing procedures for the purpose of placing content and ads within the service provider's advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. Additionally, we measure the conversion of ads, i.e., whether users have taken the ads as an opportunity to interact with them and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com ; Privacy policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); Additional information: Types of processing and processed data: https://business.safety.google/adsservices/ . Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms .
• Google Ads Remarketing: Google Remarketing, also called retargeting, is a technology that includes users who use an online service in a pseudonymous remarketing list, allowing users to be shown ads on other online offerings based on their visit to the online service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); Additional information: Types of processing and processed data: https://business.safety.google/adsservices/ . Data processing terms between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms .
• LinkedIn Insights Tag: Code that is loaded when a user visits our online offering and tracks the user's behavior and conversions, storing them in a profile (possible purposes: measuring campaign performance, optimizing ad delivery, building custom and similar audiences); Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.linkedin.com ; Privacy policy: https://www.linkedin.com/legal/privacy-policy , Cookie policy: https://www.linkedin.com/legal/cookie_policy ; Basis for third-country transfer: Standard contractual clauses (https://legal.linkedin.com/dpa ). Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
• UTM Parameters: Analysis of sources and user actions based on an extension of web addresses referring to us with an additional parameter, the "UTM" parameter. For example, a UTM parameter such as "utm_source=platformX &utm_medium=video" can inform us that a person clicked the link on platform X within a video. UTM parameters provide information about the source of the link, the medium used (e.g., social media, website, newsletter), the type of campaign, or the content of the campaign (e.g., post, link, image, and video). With this information, we can, for instance, assess our visibility on the internet or the effectiveness of our campaigns; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

 

Social Media Presence:

We maintain online presences within social networks and process user data within this context to communicate with active users or provide information about us.

Please note that user data may be processed outside the European Union in the course of these activities. This may pose risks for users, as the enforcement of user rights could be more challenging.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, user behavior and resulting interests can be used to create user profiles. These profiles, in turn, can be used to display advertisements within and outside the networks that presumably correspond to the users' interests. Cookies are usually stored on users' computers for these purposes, storing user behavior and interests. Additionally, data in user profiles may be stored independently of the devices users use, especially if users are members of the respective platforms and logged into them.

For a detailed presentation of the respective processing methods and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of information requests and the exercise of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take corresponding measures and provide information. If you still need assistance, you can contact us.

Processed data types: Contact details (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).

• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online forms); Marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional information on processing processes, procedures, and services:

• Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com ; Privacy policy: https://instagram.com/about/legal/privacy .
• Facebook Pages: Profiles within the Facebook social network - We, together with Meta Platforms Ireland Limited, are responsible for the collection (but not further processing) of data from visitors to our Facebook Page (so-called "Fanpage"). This data includes information about the types of content users view or interact with, or actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy ), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy ). As explained in the Facebook Data Policy under "How do we use this information?" Facebook also collects and uses information to provide analytics services, so-called "Page Insights," for page operators to understand how people interact with their pages and associated content. We have entered into a specific agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum ), which regulates the security measures Facebook must adhere to, and in which Facebook has agreed to fulfill data subject rights (i.e., users can direct inquiries or deletion requests directly to Facebook). The rights of users (especially regarding information, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with Facebook. Further information can be found in the "Page Insights Information" (https://www.facebook.com/legal/terms/information_about_page_insights_data ); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum ). Additional information: Agreement on joint responsibility: https://www.facebook.com/legal/terms/information_about_page_insights_data . Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of data is the sole responsibility of Meta Platforms Ireland Limited, particularly concerning the transfer of data to the parent company Meta Platforms, Inc. in the USA (based on the Standard Contractual Clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
• LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com ; Privacy policy: https://www.linkedin.com/legal/privacy-policy ; Data processing agreement: https://legal.linkedin.com/dpa ; Basis for third-country transfer: Standard Contractual Clauses (https://legal.linkedin.com/dpa ). Opt-out possibility: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Opt-out possibility: https://adssettings.google.com/authenticated .

 

Plugins and Embedded Functions as well as Content:

We integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the display of these contents or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may contain technical information about the browser and operating system, referring websites, visit times, as well as other information about the use of our online offering, and may also be linked with such information from other sources.

• Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Location data (information about the geographical position of a device or a person).
• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Provision of contractual services and fulfillment of contractual obligations. Profiles with user-related information (creation of user profiles).
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods, and services:

• Google Fonts (Hosted on our own server): Provision of font files for a user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Google Fonts (Fetched from the Google server): Acquisition of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to freshness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When users visit our online offering, their browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and tightly controlled. The requested URL identifies the font families the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must customize the font for the respective browser type. The user agent is primarily logged for debugging and is used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. According to Google's own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/ ; Privacy policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Additional information: https://developers.google.com/fonts/faq/privacy 
• Google Maps: We integrate the maps of the "Google Maps" service provided by Google. Processed data may include IP addresses and user location data; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy Policy: https://policies.google.com/privacy . Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
• Google Maps APIs and SDKs: Interfaces to Google's maps and location services, allowing, for example, address completion, location determination, distance calculations, or provision of additional information about locations; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://mapsplatform.google.com/ ; Privacy Policy: https://policies.google.com/privacy . Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
• OpenStreetMap: We integrate the maps of the "OpenStreetMap" service, offered by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). User data is used by OpenStreetMap exclusively for the purpose of displaying map functions and caching selected settings. This data may include, in particular, IP addresses and user location data, which, however, will not be collected without their consent (usually as part of the settings of their end devices or browsers); Service provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://www.openstreetmap.de . Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy .
• reCAPTCHA: We integrate the "reCAPTCHA" function to determine whether inputs (e.g., in online forms) are made by humans and not by automatically acting machines (so-called "bots"). Processed data may include IP addresses, information about operating systems, devices, or browsers used, language settings, location, mouse movements, keyboard inputs, time spent on websites, previously visited websites, interactions with reCaptcha on other websites, possibly cookies, and results of manual recognition processes (e.g., answering questions posed or selecting objects in images). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://www.google.com/recaptcha/ ; Privacy Policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en , Settings for displaying advertisements: https://adssettings.google.com/authenticated .
• YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://www.youtube.com ; Privacy Policy: https://policies.google.com/privacy ; Basis for third-country transfer: EU-US Data Privacy Framework (DPF). Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en , Settings for displaying advertisements: https://adssettings.google.com/authenticated .
• YouTube Videos (Extended Privacy Mode): YouTube videos are embedded using a special domain (identified by the "youtube-nocookie" component) in the so-called "Extended Privacy Mode," which prevents cookies from being collected to personalize video playback. However, information about user interactions with the video (e.g., remembering the last playback position) may still be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://www.youtube.com ; Privacy Policy: https://policies.google.com/privacy . Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
• Vimeo Video Player: Integration of a video player; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); Website: https://vimeo.com ; Privacy Policy: https://vimeo.com/privacy ; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa . Basis for third-country transfer: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa ).

 

Change and Update of the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to check the information before contacting.

 

Definition of Terms

In this section, you will find an overview of the terms used in this privacy policy. If the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to facilitate understanding.

• Click Tracking: Click tracking allows monitoring user movements within an entire online offering. Since the results of these tests are more accurate when user interaction can be tracked over a certain period (e.g., to determine if a user returns), cookies are usually stored on users' computers for these test purposes.
• Conversion Measurement: Conversion measurement (also referred to as "visit action evaluation") is a procedure to determine the effectiveness of marketing measures. Usually, a cookie is stored on users' devices within the web pages where the marketing measures take place and is then retrieved again on the target website. For example, this allows us to track whether the ads we placed on other websites were successful.
• Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Profiles with User-Related Information: The processing of "profiles with user-related information" or simply "profiles" includes any form of automated processing of personal data involving the use of such personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may involve different information regarding demographics, behavior, and interests, such as interaction with websites and their content, etc.). Cookies and web beacons are often used for profiling purposes.
• Reach Measurement: Reach measurement (also known as web analytics) serves to evaluate visitor flows of an online offering and can include the behavior or interests of visitors in specific information, such as content of web pages. With the help of reach analysis, operators of online offerings can, for example, recognize when users visit their websites and what content interests them. This allows them to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for reach analysis to recognize returning visitors and obtain more precise analyses of the use of an online offering.
• Remarketing: "Remarketing" or "retargeting" occurs when, for advertising purposes, it is noted for which products a user has shown interest on a website to remind the user of these products on other websites, e.g., in advertisements.
• Location Data: Location data is generated when a mobile device (or another device with the technical prerequisites for location determination) connects to a cell, Wi-Fi, or similar technical means and functions of location determination. Location data indicates the geographically determinable position on Earth where the respective device is located. Location data can be used, for example, to display map functions or other location-dependent information.
• Tracking: "Tracking" refers to the monitoring of user behavior across multiple online offerings. Typically, in terms of the used online offerings, behavioral and interest information is stored in cookies or on servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to display users advertisements that are likely to match their interests.
• Controller: The "controller" is the natural or legal person, authority, agency, or other body that alone or jointly with others decides on the purposes and means of processing personal data.
• Processing: "Processing" is any operation or set of operations, whether or not by automated means, performed on personal data. The term is broad and includes practically any handling of data, whether it be collecting, evaluating, storing, transmitting, or deleting.
• Target Audience Formation: Target audience formation (English "Custom Audiences") refers to the determination of target groups for advertising purposes, e.g., displaying advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be inferred that the user is interested in advertisements for similar products or the online shop where they viewed the products. "Lookalike Audiences," on the other hand, refers to the display of content deemed suitable to users whose profiles or interests presumably correspond to those for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating Custom Audiences and Lookalike Audiences.