Table of contents

Pri­vacy Policy

We have writ¬≠ten this pri¬≠vacy pol¬≠icy (ver¬≠sion 09.09.2021-311826578) in order to explain to you, in accor¬≠dance with the pro¬≠vi¬≠sions of the Gen¬≠eral Data Pro¬≠tec¬≠tion Reg¬≠u¬≠la¬≠tion (EU) 2016/679 and applic¬≠a¬≠ble national laws, which per¬≠sonal data (data for short) we as the con¬≠troller ‚Äď and the proces¬≠sors com¬≠mis¬≠sioned by us (e.g. providers) ‚Äď process, will process in the future and what legal options you have. The terms used are to be con¬≠sid¬≠ered as gen¬≠der-neu¬≠tral.
In short: We pro¬≠vide you with com¬≠pre¬≠hen¬≠sive infor¬≠ma¬≠tion about any per¬≠sonal data we process about you.

Pri¬≠vacy poli¬≠cies usu¬≠ally sound very tech¬≠ni¬≠cal and use legal ter¬≠mi¬≠nol¬≠ogy. How¬≠ever, this pri¬≠vacy pol¬≠icy is intended to describe the most impor¬≠tant things to you as sim¬≠ply and trans¬≠par¬≠ently as pos¬≠si¬≠ble. So long as it aids trans¬≠parency, tech¬≠ni¬≠cal terms are explained in a reader-friendly man¬≠ner, links to fur¬≠ther infor¬≠ma¬≠tion are pro¬≠vided and graph¬≠ics are used. We are thus inform¬≠ing in clear and sim¬≠ple lan¬≠guage that we only process per¬≠sonal data in the con¬≠text of our busi¬≠ness activ¬≠i¬≠ties if there is a legal basis for it. This is cer¬≠tainly not pos¬≠si¬≠ble with brief, unclear and legal-tech¬≠ni¬≠cal state¬≠ments, as is often stan¬≠dard on the Inter¬≠net when it comes to data pro¬≠tec¬≠tion. I hope you find the fol¬≠low¬≠ing expla¬≠na¬≠tions inter¬≠est¬≠ing and infor¬≠ma¬≠tive. Maybe you will also find some infor¬≠ma¬≠tion that you have not been famil¬≠iar with.
If you still have ques­tions, we would like to ask you to con­tact the respon­si­ble body named below or in the imprint, to fol­low the exist­ing links and to look at fur­ther infor­ma­tion on third-party sites. You can of course also find our con­tact details in the imprint.

Scope

This pri¬≠vacy pol¬≠icy applies to all per¬≠sonal data processed by our com¬≠pany and to all per¬≠sonal data processed by com¬≠pa¬≠nies com¬≠mis¬≠sioned by us (proces¬≠sors). With the term per¬≠sonal data, we refer to infor¬≠ma¬≠tion within the mean¬≠ing of Arti¬≠cle 4 No. 1 GDPR, such as the name, email address and postal address of a per¬≠son. The pro¬≠cess¬≠ing of per¬≠sonal data ensures that we can offer and invoice our ser¬≠vices and prod¬≠ucts, be it online or offline. The scope of this pri¬≠vacy pol¬≠icy includes:

  • all online pres¬≠ences (web¬≠sites, online shops) that we operate
  • Social media pres¬≠ences and email communication
  • mobile apps for smart¬≠phones and other devices

In short: This pri¬≠vacy pol¬≠icy applies to all areas in which per¬≠sonal data is processed in a struc¬≠tured man¬≠ner by the com¬≠pany via the chan¬≠nels men¬≠tioned. Should we enter into legal rela¬≠tions with you out¬≠side of these chan¬≠nels, we will inform you sep¬≠a¬≠rately if necessary.

Legal bases

In the fol­low­ing pri­vacy pol­icy, we pro­vide you with trans­par­ent infor­ma­tion on the legal prin­ci­ples and reg­u­la­tions, i.e. the legal bases of the Gen­eral Data Pro­tec­tion Reg­u­la­tion, which enable us to process per­sonal data.
When­ever EU law is con­cerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access the Gen­eral Data Pro­tec­tion Reg­u­la­tion of the EU online at EUR-Lex, the gate­way to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the fol­low­ing con­di­tions applies:

  1. Con¬≠sent (Arti¬≠cle 6 Para¬≠graph 1 lit. a GDPR): You have given us your con¬≠sent to process data for a spe¬≠cific pur¬≠pose. An exam¬≠ple would be the stor¬≠age of data you entered into a con¬≠tact form.
  2. Con¬≠tract (Arti¬≠cle 6 Para¬≠graph 1 lit. b GDPR): We process your data in order to ful¬≠fill a con¬≠tract or pre-con¬≠trac¬≠tual oblig¬≠a¬≠tions with you. For exam¬≠ple, if we con¬≠clude a sales con¬≠tract with you, we need per¬≠sonal infor¬≠ma¬≠tion in advance.
  3. Legal oblig¬≠a¬≠tion (Arti¬≠cle 6 Para¬≠graph 1 lit. c GDPR): If we are sub¬≠ject to a legal oblig¬≠a¬≠tion, we will process your data. For exam¬≠ple, we are legally required to keep invoices for our book¬≠keep¬≠ing. These usu¬≠ally con¬≠tain per¬≠sonal data.
  4. Legit¬≠i¬≠mate inter¬≠ests (Arti¬≠cle 6 Para¬≠graph 1 lit. f GDPR): In the case of legit¬≠i¬≠mate inter¬≠ests that do not restrict your basic rights, we reserve the right to process per¬≠sonal data. For exam¬≠ple, we have to process cer¬≠tain data in order to be able to oper¬≠ate our web¬≠site securely and eco¬≠nom¬≠i¬≠cally. There¬≠fore, the pro¬≠cess¬≠ing is a legit¬≠i¬≠mate interest.

Other con¬≠di¬≠tions such as mak¬≠ing record¬≠ings in the inter¬≠est of the pub¬≠lic, the exer¬≠cise of offi¬≠cial author¬≠ity as well as the pro¬≠tec¬≠tion of vital inter¬≠ests do not usu¬≠ally occur with us. Should such a legal basis be rel¬≠e¬≠vant, it will be dis¬≠closed in the appro¬≠pri¬≠ate place.

In addi¬≠tion to the EU reg¬≠u¬≠la¬≠tion, national laws also apply:

  • In Aus¬≠tria this is the Aus¬≠trian Data Pro¬≠tec¬≠tion Act (Daten¬≠schutzge¬≠setz), in short DSG.
  • In Ger¬≠many this is the Fed¬≠eral Data Pro¬≠tec¬≠tion Act (Bun¬≠des¬≠daten¬≠schutzge¬≠setz), in short BDSG.

Should other regional or national laws apply, we will inform you about them in the fol­low­ing sections.

Con­tact details of the data pro­tec­tion controller

If you have any ques­tions about data pro­tec­tion, you will find the con­tact details of the respon­si­ble per­son or con­troller below:
Vul­vani UG (haf­tungs­beschränkt)
Duls¬≠berg-S√ľd 4
22049 Ham­burg
Autho¬≠rised to represent: 

Email: hello@vulvani.com

Phone: +49 40 52473445
Com­pany details: https://www.vulvani.com/impressum

Stor­age Period

It is a gen¬≠eral cri¬≠te¬≠rion for us to store per¬≠sonal data only for as long as is absolutely nec¬≠es¬≠sary for the pro¬≠vi¬≠sion of our ser¬≠vices and prod¬≠ucts. This means that we delete per¬≠sonal data as soon as any rea¬≠son for the data pro¬≠cess¬≠ing no longer exists. In some cases, we are legally obliged to keep cer¬≠tain data stored even after the orig¬≠i¬≠nal pur¬≠pose no longer exists, such as for account¬≠ing purposes.

If you want your data to be deleted or if you want to revoke your con­sent to data pro­cess­ing, the data will be deleted as soon as pos­si­ble, pro­vided there is no oblig­a­tion to con­tinue its storage.

We will inform you below about the spe­cific dura­tion of the respec­tive data pro­cess­ing, pro­vided we have fur­ther information.

Rights in accor­dance with the Gen­eral Data Pro­tec­tion Regulation

You are granted the fol­low­ing rights in accor­dance with the pro­vi­sions of the GDPR (Gen­eral Data Pro­tec­tion Reg­u­la­tion) and the Aus­trian Data Pro­tec­tion Act (DSG):

  • right to rec¬≠ti¬≠fi¬≠ca¬≠tion (arti¬≠cle 16 GDPR)
  • right to era¬≠sure (‚Äúright to be for¬≠got¬≠ten‚Äú) (arti¬≠cle 17 GDPR)
  • right to restrict pro¬≠cess¬≠ing (arti¬≠cle 18 GDPR)
  • righ to noti¬≠fi¬≠ca¬≠tion ‚Äď noti¬≠fi¬≠ca¬≠tion oblig¬≠a¬≠tion regard¬≠ing rec¬≠ti¬≠fi¬≠ca¬≠tion or era¬≠sure of per¬≠sonal data or restric¬≠tion of pro¬≠cess¬≠ing (arti¬≠cle 19 GDPR)
  • right to data porta¬≠bil¬≠ity (arti¬≠cle 20 GDPR)
  • Right to object (arti¬≠cle 21 GDPR)
  • right not to be sub¬≠ject to a deci¬≠sion based solely on auto¬≠mated pro¬≠cess¬≠ing ‚Äď includ¬≠ing pro¬≠fil¬≠ing ‚Äď (arti¬≠cle 22 GDPR)

If you think that the pro¬≠cess¬≠ing of your data vio¬≠lates the data pro¬≠tec¬≠tion law, or that your data pro¬≠tec¬≠tion rights have been infringed in any other way, you can lodge a com¬≠plaint with your respec¬≠tive reg¬≠u¬≠la¬≠tory author¬≠ity. For Aus¬≠tria this is the data pro¬≠tec¬≠tion author¬≠ity, whose web¬≠site you can access at https://www.data-protection-authority.gv.at/.

Ham­burg Data pro­tec­tion authority

State Com­mis­sioner for Data Pro­tec­tion: Prof. Dr. Johannes Cas­par
E-mail address: Lud­wig-Erhard-Str. 22 7.OG, 20459 Ham­burg
Phone num­ber: 040/428 54-40 40
E-mail address: mailbox@datenschutz.hamburg.de
Web­site:
https://datenschutz-hamburg.de/

Data trans­fer to third countries

We only trans­fer or process data to coun­tries out­side the EU (third coun­tries) if you con­sent to this pro­cess­ing, if this is required by law or if it is con­trac­tu­ally nec­es­sary. In any case, we gen­er­ally only do so to the per­mit­ted extent. In most cases, your con­sent is the most impor­tant rea­son for data being processed in third coun­tries. When per­sonal data is being processed in third coun­tries such as the USA, where many soft­ware man­u­fac­tur­ers offer their ser­vices and have their servers located, your per­sonal data may be processed and stored in unex­pected ways.

We want to expressly point out, that accord¬≠ing to the Euro¬≠pean Court of Jus¬≠tice, there is cur¬≠rently no ade¬≠quate level of pro¬≠tec¬≠tion for data trans¬≠fer to the USA. Data pro¬≠cess¬≠ing by US ser¬≠vices (such as Google Ana¬≠lyt¬≠ics) may result in data pro¬≠cess¬≠ing and reten¬≠tion with¬≠out the data hav¬≠ing under¬≠gone anonymi¬≠sa¬≠tion processes. Fur¬≠ther¬≠more, US gov¬≠ern¬≠ment author¬≠i¬≠ties may be able to access indi¬≠vid¬≠ual data. The col¬≠lected data may also get linked to data from other ser¬≠vices of the same provider, should you have a user account with the respec¬≠tive provider. We try to use server loca¬≠tions within the EU, when¬≠ever this is offered and possible.

We will pro­vide you with more details about data trans­fer to third coun­tries in the appro­pri­ate sec­tions of this pri­vacy pol­icy, when­ever applicable.

Secu­rity of data pro­cess­ing operations

In order to pro¬≠tect per¬≠sonal data, we have imple¬≠mented both tech¬≠ni¬≠cal and organ¬≠i¬≠sa¬≠tional mea¬≠sures. We encrypt or pseu¬≠do¬≠nymise per¬≠sonal data wher¬≠ever this is pos¬≠si¬≠ble. Thus, we make it as dif¬≠fi¬≠cult as we can for third par¬≠ties to extract per¬≠sonal infor¬≠ma¬≠tion from our data.

Arti¬≠cle 25 of the GDPR refers to ‚Äúdata pro¬≠tec¬≠tion by tech¬≠ni¬≠cal design and by data pro¬≠tec¬≠tion-friendly default‚ÄĚ which means that both soft¬≠ware (e.g. forms) and hard¬≠ware (e.g. access to server rooms) appro¬≠pri¬≠ate safe¬≠guards and secu¬≠rity mea¬≠sures shall always be placed. If applic¬≠a¬≠ble, we will out¬≠line the spe¬≠cific mea¬≠sures below.

TLS encryp¬≠tion with https

The terms TLS, encryp­tion and https sound very tech­ni­cal, which they are indeed. We use HTTPS (Hyper­text Trans­fer Pro­to­col Secure) to securely trans­fer data on the Inter­net.
This means that the entire trans¬≠mis¬≠sion of all data from your browser to our web server is secured ‚Äď nobody can ‚Äúlis¬≠ten in‚ÄĚ.

We have thus intro¬≠duced an addi¬≠tional layer of secu¬≠rity and meet pri¬≠vacy require¬≠ments through tech¬≠nol¬≠ogy design Arti¬≠cle 25 Sec¬≠tion 1 GDPR). With the use of TLS (Trans¬≠port Layer Secu¬≠rity), which is an encryp¬≠tion pro¬≠to¬≠col for safe data trans¬≠fer on the inter¬≠net, we can ensure the pro¬≠tec¬≠tion of con¬≠fi¬≠den¬≠tial infor¬≠ma¬≠tion.
You can recog¬≠nise the use of this safe¬≠guard¬≠ing tool by the lit¬≠tle lock-sym¬≠bol , which is sit¬≠u¬≠ated in your browser‚Äôs top left cor¬≠ner in the left of the inter¬≠net address (e.g. examplepage.uk), as well as by the dis¬≠play of the let¬≠ters https (instead of http) as a part of our web address.
If you want to know more about encryp¬≠tion, we rec¬≠om¬≠mend you to do a Google search for ‚ÄúHyper¬≠text Trans¬≠fer Pro¬≠to¬≠col Secure wiki‚ÄĚ to find good links to fur¬≠ther information.

Com­mu­ni­ca­tions

Com­mu­ni­ca­tions Overview

ūüĎ• Affected par¬≠ties: Any¬≠one who com¬≠mu¬≠ni¬≠cates with us via phone, email or online form
ūüďď Processed data: e. g. tele¬≠phone num¬≠ber, name, email address or data entered in forms. You can find more details on this under the respec¬≠tive form of con¬≠tact
ūü§Ě Pur¬≠pose: han¬≠dling com¬≠mu¬≠ni¬≠ca¬≠tion with cus¬≠tomers, busi¬≠ness part¬≠ners, etc.
ūüďÖ Stor¬≠age dura¬≠tion: for the dura¬≠tion of the busi¬≠ness case and the legal require¬≠ments
‚öĖÔłŹ Legal basis: Arti¬≠cle 6 (1) (a) GDPR (con¬≠sent), Arti¬≠cle 6 (1) (b) GDPR (con¬≠tract), Arti¬≠cle 6 (1) (f) GDPR (legit¬≠i¬≠mate interests)

If you con­tact us and com­mu­ni­cate with us via phone, email or online form, your per­sonal data may be processed.

The data will be processed for han­dling and pro­cess­ing your request and for the related busi­ness trans­ac­tion. The data is stored for this period of time or for as long as is legally required.

Affected per­sons

The above-men­tioned processes affect all those who seek con­tact with us via the com­mu­ni­ca­tion chan­nels we provide.

Tele­phone

When you call us, the call data is stored in a pseu¬≠do¬≠nymised form on the respec¬≠tive ter¬≠mi¬≠nal device, as well as by the telecom¬≠mu¬≠ni¬≠ca¬≠tions provider that is being used. In addi¬≠tion, data such as your name and tele¬≠phone num¬≠ber may be sent via email and stored for answer¬≠ing your inquiries. The data will be erased as soon as the busi¬≠ness case has ended and the legal require¬≠ments allow for its erasure.

Email

If you com­mu­ni­cate with us via email, your data is stored on the respec­tive ter­mi­nal device (com­puter, lap­top, smart­phone, …) as well as on the email server. The data will be deleted as soon as the busi­ness case has ended and the legal require­ments allow for its erasure.

Online forms

If you com­mu­ni­cate with us using an online form, your data is stored on our web server and, if nec­es­sary, for­warded to our email address. The data will be erased as soon as the busi­ness case has ended and the legal require­ments allow for its erasure.

Legal bases

Data pro¬≠cess¬≠ing is based on the fol¬≠low¬≠ing legal bases:

  • Art. 6 para. 1 lit. a GDPR (con¬≠sent): You give us your con¬≠sent to store your data and to con¬≠tinue to use it for the pur¬≠poses of the busi¬≠ness case;
  • Art. 6 para. 1 lit. b GDPR (con¬≠tract): For the per¬≠for¬≠mance of a con¬≠tract with you or a proces¬≠sor such as a tele¬≠phone provider, or if we have to process the data for pre-con¬≠trac¬≠tual activ¬≠i¬≠ties, such as prepar¬≠ing an offer;
  • Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests): We want to con¬≠duct our cus¬≠tomer inquiries and busi¬≠ness com¬≠mu¬≠ni¬≠ca¬≠tion in a pro¬≠fes¬≠sional man¬≠ner. Thus, cer¬≠tain tech¬≠ni¬≠cal facil¬≠i¬≠ties such email pro¬≠grams, Exchange servers and mobile net¬≠work oper¬≠a¬≠tors are nec¬≠es¬≠sary to effi¬≠ciently oper¬≠ate our communications.

Cook­ies

Cook¬≠ies Overview 

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: depend¬≠ing on the respec¬≠tive cookie. You can find out more details below or from the soft¬≠ware man¬≠u¬≠fac¬≠turer that sets the cookie.
ūüďď Processed data: Depend¬≠ing on the cookie used. More details can be found below or from the man¬≠u¬≠fac¬≠turer of the soft¬≠ware that sets the cookie.
ūüďÖ Stor¬≠age dura¬≠tion: can vary from hours to years, depend¬≠ing on the respec¬≠tive cookie
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What are cookies?

Our web­site uses HTTP-cook­ies to store user-spe­cific data.
In the fol­low­ing we explain what cook­ies are and why they are used, so that you can bet­ter under­stand the fol­low­ing pri­vacy policy.

When¬≠ever you surf the Inter¬≠net, you are using a browser. Com¬≠mon browsers are for exam¬≠ple, Chrome, Safari, Fire¬≠fox, Inter¬≠net Explorer and Microsoft Edge. Most web¬≠sites store small text-files in your browser. These files are called cookies.

It is impor¬≠tant to note that cook¬≠ies are very use¬≠ful lit¬≠tle helpers. Almost every web¬≠site uses cook¬≠ies. More pre¬≠cisely, these are HTTP cook¬≠ies, as there are also other cook¬≠ies for other uses. HTTP cook¬≠ies are small files that our web¬≠site stores on your com¬≠puter. These cookie files are auto¬≠mat¬≠i¬≠cally placed into the cookie-folder, which is the ‚Äúbrain‚ÄĚ of your browser. A cookie con¬≠sists of a name and a value. More¬≠over, to define a cookie, one or mul¬≠ti¬≠ple attrib¬≠utes must be specified.

Cook¬≠ies store cer¬≠tain user data about you, such as lan¬≠guage or per¬≠sonal page set¬≠tings. When you re-open our web¬≠site to visit again, your browser sub¬≠mits these ‚Äúuser-related‚ÄĚ infor¬≠ma¬≠tion back to our site. Thanks to cook¬≠ies, our web¬≠site knows who you are and offers you the set¬≠tings you are famil¬≠iar to. In some browsers, each cookie has its own file, while in oth¬≠ers, such as Fire¬≠fox, all cook¬≠ies are stored in one sin¬≠gle file.

The fol¬≠low¬≠ing graphic shows a pos¬≠si¬≠ble inter¬≠ac¬≠tion between a web browser such as Chrome and the web server. The web browser requests a web¬≠site and receives a cookie back from the server. The browser then uses this again as soon as another page is requested.

HTTP cookie interaction between browser and web server

There are both first-party cook¬≠ies and third-party cook¬≠ies. First-party cook¬≠ies are cre¬≠ated directly by our site, while third-party cook¬≠ies are cre¬≠ated by part¬≠ner-web¬≠sites (e.g. Google Ana¬≠lyt¬≠ics). Each cookie must be eval¬≠u¬≠ated indi¬≠vid¬≠u¬≠ally, as each cookie stores dif¬≠fer¬≠ent data. The expiry time of a cookie also varies from a few min¬≠utes to a few years. Cook¬≠ies are not soft¬≠ware pro¬≠grams and do not con¬≠tain viruses, tro¬≠jans or other mal¬≠ware. Cook¬≠ies also can¬≠not access your PC‚Äôs information.

This is an exam¬≠ple of how cookie-files can look:

Name: _ga
Value: GA1.2.1326744211.152311826578-9
Pur­pose: Dif­fer­en­ti­a­tion between web­site vis­i­tors
Expiry date: after 2 years

A browser should sup¬≠port these min¬≠i¬≠mum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cook¬≠ies per domain
  • At least 3000 cook¬≠ies in total

Which types of cook¬≠ies are there?

The exact cook­ies that we use, depend on the used ser­vices, which will be out­lined in the fol­low­ing sec­tions of this pri­vacy pol­icy. Firstly, we will briefly focus on the dif­fer­ent types of HTTP-cookies.

There are 4 dif¬≠fer¬≠ent types of cookies:

Essen­tial cook­ies
These cook¬≠ies are nec¬≠es¬≠sary to ensure the basic func¬≠tions of a web¬≠site. They are needed when a user for exam¬≠ple puts a prod¬≠uct into their shop¬≠ping cart, then con¬≠tin¬≠ues surf¬≠ing on dif¬≠fer¬≠ent web¬≠sites and comes back later in order to pro¬≠ceed to the check¬≠out. These cook¬≠ies ensure the shop¬≠ping cart does not get deleted, even if the user closes their browser window.

Pur­po­sive cook­ies
These cook­ies col­lect infor­ma­tion about user behav­iour and whether the user receives any error mes­sages. Fur­ther­more, these cook­ies record the website’s load­ing time as well as its behav­iour in dif­fer­ent browsers.

Tar­get-ori­en­tated cook­ies
These cook­ies ensure bet­ter user-friend­li­ness. Thus, infor­ma­tion such as pre­vi­ously entered loca­tions, fonts sizes or data in forms stay stored.

Adver­tis­ing cook­ies
These cook­ies are also known as tar­get­ing cook­ies. They serve the pur­pose of deliv­er­ing cus­tomised adver­tise­ments to the user. This can be very prac­ti­cal, but also rather annoying.

Upon your first visit to a web¬≠site you are usu¬≠ally asked which of these cookie-types you want to accept. Fur¬≠ther¬≠more, this deci¬≠sion will of course also be stored in a cookie.

If you want to learn more about cook¬≠ies and do not mind tech¬≠ni¬≠cal doc¬≠u¬≠men¬≠ta¬≠tion, we rec¬≠om¬≠mend https://tools.ietf.org/html/rfc6265, the Request for Com¬≠ments of the Inter¬≠net Engi¬≠neer¬≠ing Task Force (IETF) called ‚ÄúHTTP State Man¬≠age¬≠ment Mechanism‚ÄĚ.

Pur­pose of pro­cess­ing via cookies

The pur­pose ulti­mately depends on the respec­tive cookie. You can find out more details below or from the soft­ware man­u­fac­turer that sets the cookie.

Which data are processed?

Cook¬≠ies are lit¬≠tle helpers for a wide vari¬≠ety of tasks. Unfor¬≠tu¬≠nately, it is not pos¬≠si¬≠ble to tell which data is gen¬≠er¬≠ally stored in cook¬≠ies, but in the pri¬≠vacy pol¬≠icy below we will inform you on what data is processed or stored.

Stor­age period of cookies

The stor¬≠age period depends on the respec¬≠tive cookie and is fur¬≠ther spec¬≠i¬≠fied below. Some cook¬≠ies are erased after less than an hour, while oth¬≠ers can remain on a com¬≠puter for sev¬≠eral years.

You can also influ¬≠ence the stor¬≠age dura¬≠tion your¬≠self. You can man¬≠u¬≠ally erase all cook¬≠ies at any time in your browser (also see ‚ÄúRight of objec¬≠tion‚ÄĚ below). Fur¬≠ther¬≠more, the lat¬≠est instance cook¬≠ies based on con¬≠sent will be erased is after you with¬≠draw your con¬≠sent. The legal¬≠ity of stor¬≠age will remain unaf¬≠fected until then.

Right of objec¬≠tion ‚Äď how can I erase cookies?

You can decide for your­self how and whether you want to use cook­ies. Regard­less of which ser­vice or web­site the cook­ies orig­i­nate from, you always have the option of eras­ing, deac­ti­vat­ing or only par­tially accept­ing cook­ies. You can for exam­ple block third-party cook­ies but allow all other cookies.

If you want to find out which cook­ies have been stored in your browser, or if you want to change or erase cookie set­tings, you can find this option in your browser settings:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

If you gen¬≠er¬≠ally do not want cook¬≠ies, you can set up your browser in a way to notify you when¬≠ever a cookie is about to be set. This gives you the oppor¬≠tu¬≠nity to man¬≠u¬≠ally decide to either per¬≠mit or deny the place¬≠ment of every sin¬≠gle cookie. This pro¬≠ce¬≠dure varies depend¬≠ing on the browser. There¬≠fore, it might be best for you to search for the instruc¬≠tions in Google. If you are using Chrome, you could for exam¬≠ple put the search term ‚Äúdelete cook¬≠ies Chrome‚ÄĚ or ‚Äúdeac¬≠ti¬≠vate cook¬≠ies Chrome‚ÄĚ into Google.

Legal basis

The so-called ‚Äúcookie direc¬≠tive‚ÄĚ has existed since 2009. It states that the stor¬≠age of cook¬≠ies requires your con¬≠sent (Arti¬≠cle 6 Para¬≠graph 1 lit. a GDPR). Within coun¬≠tries of the EU, how¬≠ever, the reac¬≠tions to these guide¬≠lines still vary greatly. In Aus¬≠tria, how¬≠ever, this direc¬≠tive was imple¬≠mented in Sec¬≠tion 96 (3) of the Telecom¬≠mu¬≠ni¬≠ca¬≠tions Act (TKG). In Ger¬≠many, the cookie guide¬≠lines have not been imple¬≠mented as national law. Instead, this guide¬≠line was largely imple¬≠mented in Sec¬≠tion 15 (3) of the Tele¬≠me¬≠dia Act (TMG).

For absolutely nec¬≠es¬≠sary cook¬≠ies, even if no con¬≠sent has been given, there are legit¬≠i¬≠mate inter¬≠ests (Arti¬≠cle 6 (1) (f) GDPR), which in most cases are of an eco¬≠nomic nature. We want to offer our vis¬≠i¬≠tors a pleas¬≠ant user expe¬≠ri¬≠ence on our web¬≠site. For this, cer¬≠tain cook¬≠ies often are absolutely necessary.

This is exclu¬≠sively done with your con¬≠sent, unless absolutely nec¬≠es¬≠sary cook¬≠ies are used. The legal basis for this is Arti¬≠cle 6 (1) (a) of the GDPR.

In the fol­low­ing sec­tions you will find more detail on the use of cook­ies, pro­vided the used soft­ware does use cookies.

Web host­ing

Web host­ing Overview

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: pro¬≠fes¬≠sional host¬≠ing of the web¬≠site and secu¬≠rity of oper¬≠a¬≠tions
ūüďď Processed data: IP address, time of web¬≠site visit, browser used and other data. You can find more details on this below or at the respec¬≠tive web host¬≠ing provider.
ūüďÖ Stor¬≠age period: depen¬≠dent on the respec¬≠tive provider, but usu¬≠ally 2 weeks
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is web hosting?

Every time you visit a web¬≠site nowa¬≠days, cer¬≠tain infor¬≠ma¬≠tion ‚Äď includ¬≠ing per¬≠sonal data ‚Äď is auto¬≠mat¬≠i¬≠cally cre¬≠ated and stored, includ¬≠ing on this web¬≠site. This data should be processed as spar¬≠ingly as pos¬≠si¬≠ble, and only with good rea¬≠son. By web¬≠site, we mean the entirety of all web¬≠sites on your domain, i.e. every¬≠thing from the home¬≠page to the very last sub¬≠page (like this one here). By domain we mean example.uk or examplepage.com.

When you want to view a web¬≠site on a screen, you use a pro¬≠gram called a web browser. You prob¬≠a¬≠bly know the names of some web browsers: Google Chrome, Microsoft Edge, Mozilla Fire¬≠fox, and Apple Safari.

The web browser has to con¬≠nect to another com¬≠puter which stores the website‚Äôs code: the web server. Oper¬≠at¬≠ing a web server is com¬≠pli¬≠cated and time-con¬≠sum¬≠ing, which is why this is usu¬≠ally done by pro¬≠fes¬≠sional providers. They offer web host¬≠ing and thus ensure the reli¬≠able and flaw¬≠less stor¬≠age of web¬≠site data.

When¬≠ever the browser on your com¬≠puter estab¬≠lishes a con¬≠nec¬≠tion (desk¬≠top, lap¬≠top, smart¬≠phone) and when¬≠ever data is being trans¬≠ferred to and from the web server, per¬≠sonal data may be processed. After all, your com¬≠puter stores data, and the web server also has to retain the data for a period of time in order to ensure it can oper¬≠ate properly.

Illus­tra­tion:

Browser and web server

Why do we process per¬≠sonal data?

The pur¬≠poses of data pro¬≠cess¬≠ing are:

  1. Pro­fes­sional host­ing of the web­site and oper­a­tional security
  2. To main­tain the oper­a­tional as well as IT security
  3. Anony­mous eval­u­a­tion of access pat­terns to improve our offer, and if nec­es­sary, for pros­e­cu­tion or the pur­suit of claims.li>

Which data are processed?

Even while you are vis¬≠it¬≠ing our web¬≠site, our web server, that is the com¬≠puter on which this web¬≠site is saved, usu¬≠ally auto¬≠mat¬≠i¬≠cally saves data such as

  • the full address (URL) of the accessed web¬≠site (e. g. https://www.examplepage.uk/examplesubpage.html?tid=311826578)
  • browser and browser ver¬≠sion (e.g. Chrome 87)
  • the oper¬≠at¬≠ing sys¬≠tem used (e.g. Win¬≠dows 10)
  • the address (URL) of the pre¬≠vi¬≠ously vis¬≠ited page (refer¬≠rer URL) (e. g. https://www.examplepage.uk/icamefromhere.html/)
  • the host name and the IP address of the device from the web¬≠site is being accessed from (e.g. COMPUTERNAME and 194.23.43.121)
  • date and time
  • in so-called web server log files

How long is the data stored?

Gen­er­ally, the data men­tioned above are stored for two weeks and are then auto­mat­i­cally deleted. We do not pass these data on to oth­ers, but we can­not rule out the pos­si­bil­ity that this data may be viewed by the author­i­ties in the event of ille­gal conduct.

In short: Your visit is logged by our provider (com­pany that runs our web­site on spe­cial com­put­ers (servers)), but we do not pass on your data with­out your consent!

Legal basis

The law¬≠ful¬≠ness of pro¬≠cess¬≠ing per¬≠sonal data in the con¬≠text of web host¬≠ing is jus¬≠ti¬≠fied in Art. 6 para. 1 lit. f GDPR (safe¬≠guard¬≠ing of legit¬≠i¬≠mate inter¬≠ests), as the use of pro¬≠fes¬≠sional host¬≠ing with a provider is nec¬≠es¬≠sary to present the com¬≠pany in a safe and user-friendly man¬≠ner on the inter¬≠net, as well as to have the abil¬≠ity to track any attacks and claims, if necessary.

Ama­zon Web Ser­vices (AWS) Pri­vacy Policy

We use Ama¬≠zon Web Ser¬≠vices (AWS) for our web¬≠site, which is a web host¬≠ing provider, among other things. The provider of this ser¬≠vice is the Amer¬≠i¬≠can com¬≠pany Ama¬≠zon Web Ser¬≠vices, Inc., 410 Terry Avenue North, Seat¬≠tle WA 98109, USA.

Ama­zon Web Ser­vices (AWS) also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Ama¬≠zon Web Ser¬≠vices (AWS) uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Ama¬≠zon Web Ser¬≠vices (AWS) to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that are processed through the use of Ama­zon Web Ser­vices (AWS) in their Pri­vacy Pol­icy at https://aws.amazon.com/privacy/?nc1=h_ls.

1&1 IONOS Web­host­ing Pri­vacy Policy

We use IONOS by 1&1 to host our web¬≠site. In Ger¬≠many, 1&1 IONOS SE is located at Elgen¬≠dor¬≠fer Str. 57, 56410 Montabaur, in Aus¬≠tria you can find 1&1 IONOS SE at Gumpen¬≠dor¬≠fer Stra√üe 142/PF 266, 1060 Vienna. IONOS offers the fol¬≠low¬≠ing web host¬≠ing ser¬≠vices: Domain, Web¬≠site & Shop, Host¬≠ing & Word¬≠Press, Mar¬≠ket¬≠ing, Email & Office, IONOS Cloud and Server.

As explained in the ‚ÄúAuto¬≠matic Data Stor¬≠age‚ÄĚ sec¬≠tion, web servers, like those of IONOS, store data of every web¬≠site visit.

If you would like to learn more about IONOS web­site pri­vacy, please visit the pri­vacy pol­icy at ionos.com.

Face­book Pixel Pri­vacy Policy

We use Facebook‚Äôs Face¬≠book pixel on our web¬≠site. For that, we have imple¬≠mented a code on our web¬≠site. The Face¬≠book pixel is a seg¬≠ment of a JavaScript code, which, in case you came to our web¬≠site via Face¬≠book ads, loads an array or func¬≠tions that enable Face¬≠book to track your user actions. For exam¬≠ple, if you buy a prod¬≠uct on our web¬≠site, the Face¬≠book pixel is trig¬≠gered and stores your actions on our web¬≠site in one or more cook¬≠ies. These cook¬≠ies enable Face¬≠book to match your user data (cus¬≠tomer data such as IP address, user ID) with the data of your Face¬≠book account. After that, Face¬≠book deletes your data again. The col¬≠lected data is anony¬≠mous as well as inac¬≠ces¬≠si¬≠ble and can only be used for ad place¬≠ment pur¬≠poses. If you are a Face¬≠book user and you are logged in, your visit to our web¬≠site is auto¬≠mat¬≠i¬≠cally assigned to your Face¬≠book user account.

We exclu­sively want to show our prod­ucts or ser­vices to per­sons, who are inter­ested in them. With the aid of the Face­book pixel, our adver­tis­ing mea­sures can get bet­ter adjusted to your wishes and inter­ests. There­fore, Face­book users get to see suit­able adver­tise­ment (if they allowed per­son­alised adver­tise­ment). More­over, Face­book uses the col­lected data for ana­lyt­i­cal pur­poses and for its own advertisements.

In the fol¬≠low¬≠ing we will show you the cook¬≠ies, which were set on a test page with the Face¬≠book pixel inte¬≠grated to it. Please con¬≠sider that these cook¬≠ies are only exam¬≠ples. Depend¬≠ing on the inter¬≠ac¬≠tion that is made on our web¬≠site, dif¬≠fer¬≠ent cook¬≠ies are set.

Name: _fbp
Value: fb.1.1568287647279.257405483-6311826578-7
Pur­pose: Face­book uses this cookie to dis­play adver­tis­ing prod­ucts.
Expi¬≠ra¬≠tion date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Pur­pose: This cookie is used for Face­book pix­els to func­tion prop­erly.
Expi¬≠ra¬≠tion date: after 3 months

Name: com­men­t_au­thor_50ae8267e2bd­f1253ec1a5769f48e062311826578-3
Value: Name of the author
Pur¬≠pose: This cookie saves the text and name of a user who e.g. leaves a com¬≠ment.
Expi­ra­tion date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author)
Pur¬≠pose: This cookie saved the URL of the web¬≠site that the user types into a text box on our web¬≠site.
Expi­ra­tion date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: email address of the author
Pur­pose: This cookie saves the email address of the user, if they pro­vided it on the web­site.
Expi­ra­tion date: after 12 months

Note: The above-men¬≠tioned cook¬≠ies relate to an indi¬≠vid¬≠ual user behav¬≠iour. More¬≠over, espe¬≠cially con¬≠cern¬≠ing the usage of cook¬≠ies, changes at Face¬≠book can never be ruled out.

If you are reg¬≠is¬≠tered on Face¬≠book, you can change the set¬≠tings for adver¬≠tise¬≠ments your¬≠self at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Face¬≠book user, you can man¬≠age your user based online adver¬≠tis¬≠ing at https://www.youronlinechoices.com/uk/your-ad-choices. You have the option to acti¬≠vate or deac¬≠ti¬≠vate any providers there.

We would like to note, that accord¬≠ing to the Euro¬≠pean Court of Jus¬≠tice, there is cur¬≠rently no ade¬≠quate level of pro¬≠tec¬≠tion for data trans¬≠fer to the USA. Data pro¬≠cess¬≠ing is done mainly through Face¬≠book Pixel. This may lead to data not being anony¬≠mously processed and stored. Fur¬≠ther¬≠more, US gov¬≠ern¬≠ment author¬≠i¬≠ties may get access to indi¬≠vid¬≠ual data. The data may also get linked to data from other Face¬≠book ser¬≠vices you have a user account with.

If you want to learn more about Facebook’s data pro­tec­tion, we rec­om­mend you the view the company’s in-house data poli­cies at https://www.facebook.com/policy.php.

Pri¬≠vacy Pol¬≠icy for Facebook‚Äės Auto¬≠matic Advanced Matching

Along with Facebook’s pixel func­tion, we have also acti­vated Auto­matic Advanced Match­ing. This func­tion allows us to send hashed emails, names, gen­ders, cities, states, post­codes and dates of birth or tele­phone num­bers as addi­tional infor­ma­tion to Face­book, pro­vided you have made them avail­able to us. This acti­va­tion gives us the oppor­tu­nity to cus­tomise adver­tis­ing cam­paigns even bet­ter to per­sons who are inter­ested in our ser­vices or products.

Google Ana­lyt­ics Pri­vacy Policy

Google Ana¬≠lyt¬≠ics Pri¬≠vacy Pol¬≠icy Overview 

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: Eval¬≠u¬≠a¬≠tion of vis¬≠i¬≠tor infor¬≠ma¬≠tion to opti¬≠mise the web¬≠site.
ūüďď Processed data: Access sta¬≠tis¬≠tics that con¬≠tain data such as the loca¬≠tion of access, device data, access dura¬≠tion and time, nav¬≠i¬≠ga¬≠tion behav¬≠iour, click behav¬≠iour and IP addresses. You can find more details on this in the pri¬≠vacy pol¬≠icy below.
ūüďÖ Stor¬≠age period: depend¬≠ing on the prop¬≠er¬≠ties used
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Google Analytics?

We use the track¬≠ing and analy¬≠sis tool Google Ana¬≠lyt¬≠ics (GA) of the US-Amer¬≠i¬≠can com¬≠pany Google LLC (1600 Amphithe¬≠atre Park¬≠way Moun¬≠tain View, CA 94043, USA). Google Ana¬≠lyt¬≠ics col¬≠lects data on your actions on our web¬≠site. When¬≠ever you click a link for exam¬≠ple, this action is saved in a cookie and trans¬≠ferred to Google Ana¬≠lyt¬≠ics. With the help of reports which we receive from Google Ana¬≠lyt¬≠ics, we can adapt our web¬≠site and our ser¬≠vices bet¬≠ter to your wishes. In the fol¬≠low¬≠ing, we will explain the track¬≠ing tool in more detail, and most of all, we will inform you what data is saved and how you can pre¬≠vent this.

Google Ana¬≠lyt¬≠ics is a track¬≠ing tool with the pur¬≠pose of con¬≠duct¬≠ing data traf¬≠fic analy¬≠sis of our web¬≠site. For Google Ana¬≠lyt¬≠ics to work, there is a track¬≠ing code inte¬≠grated to our web¬≠site. Upon your visit to our web¬≠site, this code records var¬≠i¬≠ous actions you per¬≠form on your web¬≠site. As soon as you leave our web¬≠site, this data is sent to the Google Ana¬≠lyt¬≠ics server, where it is stored.

Google processes this data and we then receive reports on your user behav­iour. These reports can be one of the following:

  • Tar¬≠get audi¬≠ence reports: With the help of tar¬≠get audi¬≠ence reports we can get to know our users bet¬≠ter and can there¬≠fore bet¬≠ter under¬≠stand who is inter¬≠ested in our service.
  • Adver¬≠tis¬≠ing reports: Through adver¬≠tis¬≠ing reports we can analyse our online adver¬≠tis¬≠ing bet¬≠ter and hence improve it.
  • Acqui¬≠si¬≠tion reports: Acqui¬≠si¬≠tion reports pro¬≠vide us help¬≠ful infor¬≠ma¬≠tion on how we can get more peo¬≠ple enthu¬≠si¬≠as¬≠tic about our service.
  • Behav¬≠iour reports: With these reports, we can find out how you inter¬≠act with our web¬≠site. By the means of behav¬≠iour reports, we can under¬≠stand what path you go on our web¬≠site and what links you click.
  • Con¬≠ver¬≠sion reports: A con¬≠ver¬≠sion is the process of lead¬≠ing you to carry out a desired action due to a mar¬≠ket¬≠ing mes¬≠sage. An exam¬≠ple of this would be trans¬≠form¬≠ing you from a mere web¬≠site vis¬≠i¬≠tor into a buyer or a newslet¬≠ter sub¬≠scriber. Hence, with the help of these reports we can see in more detail, if our mar¬≠ket¬≠ing mea¬≠sures are suc¬≠cess¬≠ful with you. Our aim is to increase our con¬≠ver¬≠sion rate.
  • Real time reports: With the help of these reports we can see in real time, what hap¬≠pens on our web¬≠site. It makes us for exam¬≠ple see, we can see how many users are read¬≠ing this text right now.

Why do we use Google Ana­lyt­ics on our website?

The objec¬≠tive of our web¬≠site is clear: We want to offer you the best pos¬≠si¬≠ble ser¬≠vice. Google Ana¬≠lyt¬≠ics‚Äô sta¬≠tis¬≠tics and data help us with reach¬≠ing this goal.

Sta¬≠tis¬≠ti¬≠cally eval¬≠u¬≠ated data give us a clear pic¬≠ture of the strengths and weak¬≠nesses of our web¬≠site. On the one hand, we can opti¬≠mise our page in a way, that makes it eas¬≠ier to be found by inter¬≠ested peo¬≠ple on Google. On the other hand, the data helps us to get a bet¬≠ter under¬≠stand¬≠ing of you as our vis¬≠i¬≠tor. There¬≠fore, we can very accu¬≠rately find out what we must improve on our web¬≠site, in order to offer you the best pos¬≠si¬≠ble ser¬≠vice. The analy¬≠sis of that data also enables us to carry out our adver¬≠tis¬≠ing and mar¬≠ket¬≠ing mea¬≠sures in a more indi¬≠vid¬≠ual and more cost-effec¬≠tive way. After all, it only makes sense to show our prod¬≠ucts and ser¬≠vices exclu¬≠sively to peo¬≠ple who are inter¬≠ested in them.

What data is stored by Google Analytics?

With the aid of a track¬≠ing code, Google Ana¬≠lyt¬≠ics cre¬≠ates a ran¬≠dom, unique ID which is con¬≠nected to your browser cookie. That way, Google Ana¬≠lyt¬≠ics recog¬≠nises you as a new user. The next time you visit our site, you will be recog¬≠nised as a ‚Äúrecur¬≠ring‚ÄĚ user. All data that is col¬≠lected gets saved together with this very user ID. Only this is how it is made pos¬≠si¬≠ble for us to eval¬≠u¬≠ate and analyse pseu¬≠do¬≠ny¬≠mous user profiles.

To analyse our web¬≠site with Google Ana¬≠lyt¬≠ics, a prop¬≠erty ID must be inserted into the track¬≠ing code. The data is then stored in the cor¬≠re¬≠spond¬≠ing prop¬≠erty. Google Ana¬≠lyt¬≠ics 4-prop¬≠erty is stan¬≠dard for every newly cre¬≠ated prop¬≠erty. An alter¬≠na¬≠tive how¬≠ever, is the Uni¬≠ver¬≠sal Ana¬≠lyt¬≠ics Prop¬≠erty. Depend¬≠ing on the prop¬≠erty that is being used, data are stored for dif¬≠fer¬≠ent peri¬≠ods of time.

Your inter¬≠ac¬≠tions on our web¬≠site are mea¬≠sured by tags such as cook¬≠ies and app instance IDs. Inter¬≠ac¬≠tions are all kinds of actions that you per¬≠form on our web¬≠site. If you are also using other Google sys¬≠tems (such as a Google Account), data gen¬≠er¬≠ated by Google Ana¬≠lyt¬≠ics can be linked with third-party cook¬≠ies. Google does not pass on any Google Ana¬≠lyt¬≠ics data, unless we as the web¬≠site own¬≠ers autho¬≠rise it. In case it is required by law, excep¬≠tions can occur.

The fol­low­ing cook­ies are used by Google Analytics:

Name: _ga
Value:2.1326744211.152311826578-5
Pur­pose: By deaf­ault, analytics.js uses the cookie _ga, to save the user ID. It gen­er­ally serves the pur­pose of dif­fer­en­ti­at­ing between web­site vis­i­tors.
Expi¬≠ra¬≠tion date: After 2 years

Name: _gid
Value:2.1687193234.152311826578-1
Pur­pose: This cookie also serves the pur­pose of dif­fer­en­ti­at­ing between web­site users
Expi¬≠ra¬≠tion date: After 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Ver­wen­dungszweck: It is used for decreas­ing the demand rate. If Google Ana­lyt­ics is pro­vided via Google Tag Man­ager, this cookie gets the name _dc_gtm_ <prop­erty-id>.
Expi¬≠ra¬≠tion date: After 1 minute

Name: AMP_TOKEN
Value: No infor­ma­tion
Pur¬≠pose: This cookie has a token which is used to retrieve the user ID by the AMP Client ID Ser¬≠vice. Other pos¬≠si¬≠ble val¬≠ues sug¬≠gest a logoff, a request or an error.
Expi¬≠ra¬≠tion date: After 30 sec¬≠onds up to one year

Name: __utma
Value:1564498958.1564498958.1564498958.1
Pur­pose: With this cookie your behav­iour on the web­site can be tracked and the site per­for­mance can be mea­sured. The cookie is updated every time the infor­ma­tion is sent to Google Ana­lyt­ics.
Expi¬≠ra¬≠tion date: After 2 years

Name: __utmt
Value: 1
Pur­pose: Just like _gat_gtag_UA_<property-id> this cookie is used for keep­ing the require­ment rate in check.
Expi­ra­tion date: Afer 10 minutes

Name: __utmb
Value:3.10.1564498958
Pur­pose: This cookie is used to deter­mine new ses­sions. It is updated every time new data or infor­ma­tion gets sent to Google Ana­lyt­ics.
Expi­ra­tion date: After 30 minutes

Name: __utmc
Value: 167421564
Pur¬≠pose: This cookie is used to deter¬≠mine new ses¬≠sions for recur¬≠ring vis¬≠i¬≠tors. It is there¬≠fore a ses¬≠sion cookie, and only stays stored until you close the browser again.
Expi­ra­tion date: After clos­ing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Pur­pose: This cookie is used to iden­tify the source of the num­ber of vis­i­tors to our web­site. This means, that the cookie stored infor­ma­tion on where you came to our web­site from. This could be another site or an adver­tise­ment.
Expi¬≠ra¬≠tion date: After 6 months

Name: __utmv
Value: No infor­ma­tion
Pur­pose: The cookie is used to store cus­tom user data. It gets updated when­ever infor­ma­tion is sent to Google Ana­lyt­ics.
Expi¬≠ra¬≠tion date: After 2 years

Note: This list is by no means exhaus­tive, since Google are repeat­edly chang­ing the use of their cookies.

Below we will give you an overview of the most impor­tant data that can be eval­u­ated by Google Analytics:

Heatmaps: Google cre­ates so-called Heatmaps an. These Heatmaps make it pos­si­ble to see the exact areas you click on, so we can get infor­ma­tion on what routes you make on our website.

Ses­sion dura­tion: Google calls the time you spend on our web­site with­out leav­ing it ses­sion dura­tion. When­ever you are inac­tive for 20 min­utes, the ses­sion ends automatically.

Bounce rate If you only look at one page of our web¬≠site and then leave our web¬≠site again, it is called a bounce.

Account cre¬≠ation: If you cre¬≠ate an account or make an order on our web¬≠site, Google Ana¬≠lyt¬≠ics col¬≠lects this data.

IP-Address: The IP address is only shown in a short¬≠ened form, to make it impos¬≠si¬≠ble to clearly allo¬≠cate it.

Loca­tion: Your approx­i­mate loca­tion and the coun­try you are in can be defined by the IP address. This process is called IP loca­tion determination.

Tech­ni­cal infor­ma­tion: Infor­ma­tion about your browser type, your inter­net provider and your screen res­o­lu­tion are called tech­ni­cal information.

Source: Both, Google Ana¬≠lyt¬≠ics as well as our¬≠selves, are inter¬≠ested what web¬≠site or what adver¬≠tise¬≠ment led you to our site.

Fur¬≠ther pos¬≠si¬≠bly stored data include con¬≠tact data, poten¬≠tial reviews, play¬≠ing media (e.g. when you play a video on our site), shar¬≠ing of con¬≠tents via social media or adding our site to your favourites. This list is not exhaus¬≠tive and only serves as gen¬≠eral guid¬≠ance on Google Ana¬≠lyt¬≠ics‚Äô data retention.

How long and where is the data stored?

Google has servers across the globe. Most of them are in Amer­ica and there­fore your data is mainly saved on Amer­i­can servers. Here you can read detailed infor­ma­tion on where Google’s data cen­tres are located: https://www.google.com/about/datacenters/inside/locations/?hl=en

Your data is allo¬≠cated to var¬≠i¬≠ous phys¬≠i¬≠cal data medi¬≠ums. This has the advan¬≠tage of allow¬≠ing to retrieve the data faster, and of pro¬≠tect¬≠ing it bet¬≠ter from manip¬≠u¬≠la¬≠tion. Every Google data cen¬≠tre has respec¬≠tive emer¬≠gency pro¬≠grams for your data. Hence, in case of a hard¬≠ware fail¬≠ure at Google or a server error due to nat¬≠ural dis¬≠as¬≠ters, the risk for a ser¬≠vice inter¬≠rup¬≠tion stays rel¬≠a¬≠tively low.

The data reten¬≠tion period depends on the prop¬≠er¬≠ties used. When using the newer Google Ana¬≠lyt¬≠ics 4-prop¬≠er¬≠ties, the reten¬≠tion period of your user data is set to 14 months. For so-called event data, we have the option of choos¬≠ing a reten¬≠tion period of either 2 months or 14 months.

Google Ana¬≠lyt¬≠ics has a 26 months stan¬≠dard¬≠ised period of retain¬≠ing your user data. After this time, your user data is deleted. How¬≠ever, we have the pos¬≠si¬≠bil¬≠ity to choose the reten¬≠tion period of user data our¬≠selves. There are the fol¬≠low¬≠ing five options:

  • Dele¬≠tion after 14 months
  • Dele¬≠tion after 26 months
  • Dele¬≠tion after 38 months
  • Dele¬≠tion after 50 months
  • No auto¬≠mat¬≠i¬≠cal deletion

Addi¬≠tion¬≠ally, there is the option for data to be deleted only if you no longer visit our web¬≠site within a period deter¬≠mined by us. In this case, the reten¬≠tion period will be reset every time you revisit our web¬≠site within the spec¬≠i¬≠fied period.

As soon as the cho¬≠sen period is expired, the data is deleted once a month. This reten¬≠tion period applies to any of your data which is linked to cook¬≠ies, user iden¬≠ti¬≠fi¬≠ca¬≠tion and adver¬≠tise¬≠ment IDs (e.g. cook¬≠ies of the Dou¬≠bleClick domain). Any report results are based on aggre¬≠gated infor¬≠ma¬≠tion and are stored inde¬≠pen¬≠dently of any user data. Aggre¬≠gated infor¬≠ma¬≠tion is a merge of indi¬≠vid¬≠ual data into a sin¬≠gle and big¬≠ger unit.

How can I delete my data or pre¬≠vent data retention?

Under the pro¬≠vi¬≠sions of the Euro¬≠pean Union‚Äôs data pro¬≠tec¬≠tion law, you have the right to obtain infor¬≠ma¬≠tion on your data and to update, delete or restrict it. With the help of a browser add on that can deac¬≠ti¬≠vate Google Ana¬≠lyt¬≠ics‚Äô JavaScript (ga.js, analytics.js, dc.js), you can pre¬≠vent Google Ana¬≠lyt¬≠ics from using your data. You can down¬≠load this add on at https://tools.google.com/dlpage/gaoptout?hl=en-GB. Please con¬≠sider that this add on can only deac¬≠ti¬≠vate any data col¬≠lec¬≠tion by Google Analytics.

If you gen­er­ally want to deac­ti­vate, delete or man­age all cook­ies (inde­pen­dently of Google Ana­lyt­ics), you can use one of the guides that are avail­able for any browser:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

Legal basis

The use of Google Ana¬≠lyt¬≠ics requires your con¬≠sent, which we obtained via our cookie popup. Accord¬≠ing to Art. 6 para. 1 lit. a of the GDPR (con¬≠sent) , this is the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data when col¬≠lected via web ana¬≠lyt¬≠ics tools.

In addi¬≠tion to con¬≠sent, we have legit¬≠i¬≠mate inter¬≠est in analysing the behav¬≠iour of web¬≠site vis¬≠i¬≠tors, in order to tech¬≠ni¬≠cally and eco¬≠nom¬≠i¬≠cally improve our offer. With Google Ana¬≠lyt¬≠ics, we can recog¬≠nise web¬≠site errors, iden¬≠tify attacks and improve prof¬≠itabil¬≠ity. The legal basis for this is Art. 6 para. 1 lit. f of the GDPR (legit¬≠i¬≠mate inter¬≠ests) . Nev¬≠er¬≠the¬≠less, we only use Google Ana¬≠lyt¬≠ics if you have given your consent.

Google also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Google uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Google to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could pro­vide you with the most impor­tant infor­ma­tion about data pro­cess­ing by Google Ana­lyt­ics. If you want to find out more on the track­ing ser­vice, we rec­om­mend these two links: https://marketingplatform.google.com/about/analytics/terms/gb/ and https://support.google.com/analytics/answer/6004245?hl=en.

Google Ana­lyt­ics IP Anonymisation

We imple­mented Google Ana­lyt­ics’ IP address anonymi­sa­tion to this web­site. Google devel­oped this func­tion, so this web­site can com­ply with the applic­a­ble pri­vacy laws and the local data pro­tec­tion author­i­ties’ rec­om­men­da­tions, should they pro­hibit the reten­tion of any full IP addresses.
The anonymi­sa­tion or mask­ing of IP addresses takes place, as soon as they reach Google Ana­lyt­ics’ data col­lec­tion net­work, but before the data would be saved or processed.

You can find more infor­ma­tion on IP anonymi­sa­tion at https://support.google.com/analytics/answer/2763052?hl=en.

Google Ana­lyt­ics Reports on demo­graphic char­ac­ter­is­tics and interests

We have turned on Google Ana¬≠lyt¬≠ics‚Äô func¬≠tions for adver¬≠tis¬≠ing reports. These reports on demo¬≠graphic char¬≠ac¬≠ter¬≠is¬≠tics and inter¬≠ests con¬≠tain details about age, gen¬≠der and inter¬≠ests. Through them we can get a bet¬≠ter pic¬≠ture of our users ‚Äď with¬≠out being able to allo¬≠cate any data to indi¬≠vid¬≠ual per¬≠sons. You can learn more about adver¬≠tis¬≠ing func¬≠tions at auf https://support.google.com/analytics/answer/3450482?hl=en&amp%3Butm_id=ad.

You can ter¬≠mi¬≠nate the use of your Google Account‚Äôs activ¬≠i¬≠ties and infor¬≠ma¬≠tion in ‚ÄúAds Set¬≠tings‚ÄĚ at https://adssettings.google.com/authenticated via a checkbox.

Google Ana¬≠lyt¬≠ics‚Äė Data Pro¬≠cess¬≠ing Amendment

By accept¬≠ing the amend¬≠ment on data pro¬≠cess¬≠ing in Google Ana¬≠lyt¬≠ics, we entered a con¬≠tract with Google con¬≠cern¬≠ing the use of Google Analytics.

You can find out more about the amend­ment on data pro­cess­ing for Google Ana­lyt­ics here: https://support.google.com/analytics/answer/3379636?hl=en&utm_id=ad

Google Ana­lyt­ics Google Sig­nals Pri­vacy Policy

We have acti­vated Google sig­nals in Google Ana­lyt­ics. Through this, any exist­ing Google Ana­lyt­ics func­tions (adver­tis­ing reports, remar­ket­ing, cross-device reports and reports on inter­ests and demo­graphic char­ac­ter­is­tics) are updated, to result in the sum­mary and anonymi­sa­tion of your data, should you have per­mit­ted per­son­alised ads in your Google Account.

The spe¬≠cial aspect of this is that it involves cross-device track¬≠ing. That means your data can be analysed across mul¬≠ti¬≠ple devices. Through the acti¬≠va¬≠tion of Google sig¬≠nals, data is col¬≠lected and linked to the Google account. For exam¬≠ple, it enables Google to recog¬≠nise when you look at a prod¬≠uct on a smart¬≠phone and later buy the prod¬≠uct on a lap¬≠top. Due to acti¬≠vat¬≠ing Google sig¬≠nals, we can start cross-device remar¬≠ket¬≠ing cam¬≠paigns, which would oth¬≠er¬≠wise not be pos¬≠si¬≠ble to this extent. Remar¬≠ket¬≠ing means, that we can show you our prod¬≠ucts and ser¬≠vices across other web¬≠sites as well.

More¬≠over, fur¬≠ther vis¬≠i¬≠tor data such as loca¬≠tion, search his¬≠tory, YouTube his¬≠tory and data about your actions on our web¬≠site are col¬≠lected in Google Ana¬≠lyt¬≠ics. As a result, we receive improved adver¬≠tis¬≠ing reports and more use¬≠ful infor¬≠ma¬≠tion on your inter¬≠ests and demo¬≠graphic char¬≠ac¬≠ter¬≠is¬≠tics. These include your age, the lan¬≠guage you speak, where you live or what your gen¬≠der is. Cer¬≠tain social cri¬≠te¬≠ria such as your job, your mar¬≠i¬≠tal sta¬≠tus or your income are also included. All these char¬≠ac¬≠ter¬≠is¬≠tics help Google Ana¬≠lyt¬≠ics to define groups of per¬≠sons or tar¬≠get audiences.

Those reports also help us to bet¬≠ter assess your behav¬≠iour, as well as your wishes and inter¬≠ests. As a result, we can opti¬≠mise and cus¬≠tomise our prod¬≠ucts and ser¬≠vices for you. By default, this data expires after 26 months. Please con¬≠sider, that this data is only col¬≠lected if you have agreed to per¬≠son¬≠alised adver¬≠tise¬≠ment in your Google Account. The retained infor¬≠ma¬≠tion is always exclu¬≠sively sum¬≠marised and anony¬≠mous data, and never any data on indi¬≠vid¬≠ual per¬≠sons. You can man¬≠age or delete this data in your Google Account.

IONOS Web­An­a­lyt­ics Pri­vacy Policy

IONOS Web­An­a­lyt­ics Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: Eval¬≠u¬≠a¬≠tion of vis¬≠i¬≠tor infor¬≠ma¬≠tion to opti¬≠mise the web¬≠site.
ūüďď Processed data: Access sta¬≠tis¬≠tics that con¬≠tain data such as the access loca¬≠tion, device data, access dura¬≠tion and time and IP addresses in anonymised form.
ūüďÖ Stor¬≠age period: depend¬≠ing on the con¬≠tract period with IONOS Web¬≠An¬≠a¬≠lyt¬≠ics
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is IONOS WebAnalytics?

We use the analy¬≠sis tool IONOS Web¬≠An¬≠a¬≠lyt¬≠ics by the Ger¬≠man com¬≠pany 1&1 IONOS SE, Elgen¬≠dor¬≠fer Stra√üe 57, 56410 Montabaur, Ger¬≠many on our web¬≠site. The tool helps us to analyse our web¬≠site. For this, data is col¬≠lected and stored. How¬≠ever, this tool does not col¬≠lect any data that could iden¬≠tify you as a per¬≠son. Nev¬≠er¬≠the¬≠less, in this pri¬≠vacy pol¬≠icy we will give you more detailed infor¬≠ma¬≠tion on the pro¬≠cess¬≠ing and stor¬≠age of your data and explain why we use IONOS WebAnalytics.

As the name sug¬≠gests, IONOS Web¬≠An¬≠a¬≠lyt¬≠ics is a tool that is used to analyse our web¬≠site. The soft¬≠ware pro¬≠gram col¬≠lects data such as how long you have been on our web¬≠site, what but¬≠tons you click or which web¬≠site has led you to us. Frankly, this gives us a good overview of the user behav¬≠iour on our web¬≠site. This infor¬≠ma¬≠tion is fully anony¬≠mous. Mean¬≠ing, that with this data we can¬≠not iden¬≠tify you as a per¬≠son, and only receive gen¬≠eral usage infor¬≠ma¬≠tion and statistics.

Why do we use IONOS Web­An­a­lyt­ics on our website?

It is our goal to pro¬≠vide you the best pos¬≠si¬≠ble expe¬≠ri¬≠ence on our web¬≠site. We are con¬≠fi¬≠dent of our offers and want our web¬≠site to be a help¬≠ful and use¬≠ful place for you. To ensure this, we have to adapt our web¬≠site to your needs and wishes as well as we can. A web analy¬≠sis tool such as IONOS Web¬≠An¬≠a¬≠lyt¬≠ics and the data it pro¬≠vides can improve our web¬≠site accord¬≠ingly. Fur¬≠ther¬≠more, the col¬≠lected data can also be use¬≠ful to us for mak¬≠ing our adver¬≠tis¬≠ing and mar¬≠ket¬≠ing mea¬≠sures more indi¬≠vid¬≠ual. How¬≠ever, with all these web analy¬≠ses, the pro¬≠tec¬≠tion of your per¬≠sonal data is impor¬≠tant to us. Unlike other analy¬≠sis tools, IONOS Web¬≠An¬≠a¬≠lyt¬≠ics does not store or process any data that could iden¬≠tify you as a person.

Which data are stored by IONOS WebAnalytics?

Your data are col¬≠lected and stored using log files or a so-called pixel. A pixel is a snip¬≠pet of JavaScript code that loads var¬≠i¬≠ous func¬≠tions which can be used for track¬≠ing user behav¬≠iour. Web¬≠An¬≠a¬≠lyt¬≠ics delib¬≠er¬≠ately refrains from using cookies.

IONOS does not retain any of your per¬≠sonal data. When you access a page, your IP address is trans¬≠mit¬≠ted, but is then imme¬≠di¬≠ately anonymised and processed in a way that makes it impos¬≠si¬≠ble to iden¬≠tify you as a person.

The fol­low­ing data are stored by IONOS WebAnalytics:

  • Your browser type and version
  • which web¬≠site you vis¬≠ited before (refer¬≠rer)
  • which spe¬≠cific site you have accessed on our website
  • which oper¬≠at¬≠ing sys¬≠tem you are using
  • which device you are using (PC, tablet or smartphone)
  • when you accessed our site
  • Your anonymised IP address

These data are not for­warded to any third party providers and are only used for sta­tis­ti­cal evaluations.

How long and where are the data stored?

The data will be stored until our con¬≠tract with IONOS Web¬≠An¬≠a¬≠lyt¬≠ics expires. With a reg¬≠u¬≠lar web host¬≠ing tar¬≠iff, the data will be stored in our log direc¬≠tory, which will gen¬≠er¬≠ate graph¬≠i¬≠cal sta¬≠tis¬≠tics. These logs are deleted every 8 weeks. With a MyWeb¬≠site tar¬≠iff, the data is iden¬≠ti¬≠fied by a pixel. In this case, the data is only stored and processed inter¬≠nally at IONOS WebAnalytics.

How can I erase my data or pre¬≠vent data retention?

Gen¬≠er¬≠ally, you reserve the right to infor¬≠ma¬≠tion, cor¬≠rec¬≠tion or dele¬≠tion and restric¬≠tion of the pro¬≠cess¬≠ing of your per¬≠sonal data at any time. More¬≠over, you can revoke your con¬≠sent to the pro¬≠cess¬≠ing of your data any¬≠time. How¬≠ever, it is not pos¬≠si¬≠ble to delete this data since IONOS Web¬≠An¬≠a¬≠lyt¬≠ics nei¬≠ther stores or processes any of your per¬≠sonal data, nor any data that could be assigned to you as a person.

Legal basis

The use of IONOS Web¬≠An¬≠a¬≠lyt¬≠ics requires your con¬≠sent, which we obtained via our cookie popup. Accord¬≠ing to Art. 6 para. 1 lit. a GDPR (con¬≠sent) , this con¬≠sent is the legal basis for per¬≠sonal data pro¬≠cess¬≠ing, such as when it is col¬≠lected by web ana¬≠lyt¬≠ics tools.

In addi¬≠tion to con¬≠sent, we have legit¬≠i¬≠mate inter¬≠est in analysing the behav¬≠iour of web¬≠site vis¬≠i¬≠tors and thus tech¬≠ni¬≠cally and eco¬≠nom¬≠i¬≠cally improv¬≠ing our offer. With the help of IONOS Web¬≠An¬≠a¬≠lyt¬≠ics, we can recog¬≠nise web¬≠site errors, iden¬≠tify attacks and improve prof¬≠itabil¬≠ity. The legal basis for this is Art. 6 para. 1 lit.f  GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use IONOS Web¬≠An¬≠a¬≠lyt¬≠ics if you have given us your consent.

We hope we could pro­vide you with the most impor­tant infor­ma­tion on IONOS Web­An­a­lyt­ics’ rather spar­ing data pro­cess­ing. If you want to learn more about the track­ing ser­vice, we rec­om­mend you to read the company’s pri­vacy pol­icy at https://www.ionos.co.uk/help/online-marketing/siteanalytics/information-collected-in-siteanalytics/?tid=311826578.

Email-Mar­ket­ing

Email Mar­ket­ing Overview

ūüĎ• Affected par¬≠ties: newslet¬≠ter sub¬≠scribers
ūü§Ě Pur¬≠pose: direct mar¬≠ket¬≠ing via email, noti¬≠fi¬≠ca¬≠tion of events that are rel¬≠e¬≠vant to the sys¬≠tem
ūüďď Processed data: data entered dur¬≠ing reg¬≠is¬≠tra¬≠tion, but at least the email address. You can find more details on this in the respec¬≠tive email mar¬≠ket¬≠ing tool used.
ūüďÖ Stor¬≠age dura¬≠tion: for the dura¬≠tion of the sub¬≠scrip¬≠tion
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Email-Marketing?

We use email mar¬≠ket¬≠ing to keep you up to date. If you have agreed to receive our emails or newslet¬≠ters, your data will be processed and stored. Email mar¬≠ket¬≠ing is a part of online mar¬≠ket¬≠ing. In this type of mar¬≠ket¬≠ing, news or gen¬≠eral infor¬≠ma¬≠tion about a com¬≠pany, prod¬≠uct or ser¬≠vice are emailed to a spe¬≠cific group of peo¬≠ple who are inter¬≠ested in it.

If you want to par­tic­i­pate in our email mar­ket­ing (usu­ally via newslet­ter), you usu­ally just have to reg­is­ter with your email address. To do this, you have to fill in and sub­mit an online form. How­ever, we may also ask you for your title and name, so we can address you per­son­ally in our emails.

The reg¬≠is¬≠tra¬≠tion for newslet¬≠ters gen¬≠er¬≠ally works with the help of the so-called ‚Äúdou¬≠ble opt-in pro¬≠ce¬≠dure‚ÄĚ. After you have reg¬≠is¬≠tered for our newslet¬≠ter on our web¬≠site, you will receive an email, via which you can con¬≠firm the newslet¬≠ter reg¬≠is¬≠tra¬≠tion. This ensures that you own the email address you signed up with, and pre¬≠vents any¬≠one to reg¬≠is¬≠ter with a third-party email address. We or a noti¬≠fi¬≠ca¬≠tion tool we use, will log every sin¬≠gle reg¬≠is¬≠tra¬≠tion. This is nec¬≠es¬≠sary so we can ensure and prove, that reg¬≠is¬≠tra¬≠tion processes are done legally and cor¬≠rectly. In gen¬≠eral, the time of reg¬≠is¬≠tra¬≠tion and reg¬≠is¬≠tra¬≠tion con¬≠fir¬≠ma¬≠tion are stored, as well as your IP address. More¬≠over, any change you make to your data that we have on file is also logged.

Why do we use Email-Marketing?

Of course, we want to stay in con¬≠tact with you and keep you in the loop of the most impor¬≠tant news about our com¬≠pany. For this, we use email mar¬≠ket¬≠ing ‚Äď often just referred to as ‚Äúnewslet¬≠ters‚ÄĚ ‚Äď as an essen¬≠tial part of our online mar¬≠ket¬≠ing. If you agree to this or if it is per¬≠mit¬≠ted by law, we will send you newslet¬≠ters, sys¬≠tem emails or other noti¬≠fi¬≠ca¬≠tions via email. When¬≠ever the term ‚Äúnewslet¬≠ter‚ÄĚ is used in the fol¬≠low¬≠ing text, it mainly refers to emails that are sent reg¬≠u¬≠larly. We of course don‚Äôt want to bother you with our newslet¬≠ter in any way. Thus, we gen¬≠uinely strive to offer only rel¬≠e¬≠vant and inter¬≠est¬≠ing con¬≠tent. In our emails you can e.g. find out more about our com¬≠pany and our ser¬≠vices or prod¬≠ucts. Since we are con¬≠tin¬≠u¬≠ously improv¬≠ing our offer, our newslet¬≠ter will always give you the lat¬≠est news, or spe¬≠cial, lucra¬≠tive pro¬≠mo¬≠tions. Should we com¬≠mis¬≠sion a ser¬≠vice provider for our email mar¬≠ket¬≠ing, who offers a pro¬≠fes¬≠sional mail¬≠ing tool, we do this in order to offer you fast and secure newslet¬≠ters. The pur¬≠pose of our email mar¬≠ket¬≠ing is to inform you about new offers and also to get closer to our busi¬≠ness goals.

Which data are processed?

If you sub¬≠scribe to our newslet¬≠ter via our web¬≠site, you then have to con¬≠firm your mem¬≠ber¬≠ship in our email list via an email that we will send to you. In addi¬≠tion to your IP and email address, your name, address and tele¬≠phone num¬≠ber may also be stored. How¬≠ever, this will only be done if you agree to this data reten¬≠tion. Any data marked as such are nec¬≠es¬≠sary so you can par¬≠tic¬≠i¬≠pate in the offered ser¬≠vice. Giv¬≠ing this infor¬≠ma¬≠tion is vol¬≠un¬≠tary, but fail¬≠ure to pro¬≠vide it will pre¬≠vent you from using this ser¬≠vice. More¬≠over, infor¬≠ma¬≠tion about your device or the type of con¬≠tent you pre¬≠fer on our web¬≠site may also be stored. In the sec¬≠tion ‚ÄúAuto¬≠matic data stor¬≠age‚ÄĚ you can find out more about how your data is stored when you visit a web¬≠site. We record your informed con¬≠sent, so we can always prove that it com¬≠plies with our laws.

Dura­tion of data processing

If you unsub­scribe from our e-mail/newslet­ter dis­tri­b­u­tion list, we may store your address for up to three years on the basis of our legit­i­mate inter­ests, so we can keep proof your con­sent at the time. We are only allowed to process this data if we have to defend our­selves against any claims.

How¬≠ever, if you con¬≠firm that you have given us your con¬≠sent to sub¬≠scribe to the newslet¬≠ter, you can sub¬≠mit an indi¬≠vid¬≠ual request for era¬≠sure at any time. Fur¬≠ther¬≠more, if you per¬≠ma¬≠nently object to your con¬≠sent, we reserve the right to store your email address in a black¬≠list. But as long as you have vol¬≠un¬≠tar¬≠ily sub¬≠scribed to our newslet¬≠ter, we will of course keep your email address on file.

With¬≠drawal ‚Äď how can I can¬≠cel my subscription?

You have the option to can¬≠cel your newslet¬≠ter sub¬≠scrip¬≠tion at any time. All you have to do is revoke your con¬≠sent to the newslet¬≠ter sub¬≠scrip¬≠tion. This usu¬≠ally only takes a few sec¬≠onds or a few clicks. Most of the time you will find a link at the end of every email, via which you will be able to can¬≠cel the sub¬≠scrip¬≠tion. Should you not be able to find the link in the newslet¬≠ter, you can con¬≠tact us by email and we will imme¬≠di¬≠ately can¬≠cel your newslet¬≠ter sub¬≠scrip¬≠tion for you.

Legal basis

Our newslet¬≠ter is sent on the basis of your con¬≠sent (Arti¬≠cle 6 (1) (a) GDPR). This means that we are only allowed to send you a newslet¬≠ter if you have actively reg¬≠is¬≠tered for it before¬≠hand. More¬≠over, we may also send you adver¬≠tis¬≠ing mes¬≠sages on the basis of Sec¬≠tion 7 (3) UWG (Unfair Com¬≠pe¬≠ti¬≠tion Act), pro¬≠vided you have become our cus¬≠tomer and have not objected to the use of your email address for direct mail.

If avail¬≠able ‚Äď you can find infor¬≠ma¬≠tion on spe¬≠cial email mar¬≠ket¬≠ing ser¬≠vices and how they process per¬≠sonal data, in the fol¬≠low¬≠ing sections.

Send­in­blue Pri­vacy Policy

Send­in­blue Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: newslet¬≠ter sub¬≠scribers
ūü§Ě Pur¬≠pose: direct mar¬≠ket¬≠ing via email, noti¬≠fi¬≠ca¬≠tion of rel¬≠e¬≠vant events to the sys¬≠tem
ūüďď Processed data: data that was entered dur¬≠ing reg¬≠is¬≠tra¬≠tion, but at least email addresses.
ūüďÖ Stor¬≠age dura¬≠tion: for sub¬≠scrip¬≠tion dura¬≠tion
‚öĖÔłŹ Legal bases: Art. 6 para¬≠graph 1 lit. a GDPR (con¬≠sent), Art. 6 para¬≠graph 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Sendinblue?

On our web¬≠site you can sub¬≠scribe to our newslet¬≠ter for free. For this to work, we use the Send¬≠in¬≠blue email ser¬≠vice for our newslet¬≠ter. This is a ser¬≠vice of the Ger¬≠man com¬≠pany Send¬≠in¬≠blue GmbH, K√∂penicker street 126, 10179 Berlin. Send¬≠in¬≠blue is an email mar¬≠ket¬≠ing tool, among other things, that we can use to send you cus¬≠tomised newslet¬≠ters. With Send¬≠in¬≠blue there is no need for us to install any¬≠thing, all while we can still draw on a pool of really use¬≠ful func¬≠tions. In the fol¬≠low¬≠ing we will go into more detail about this email mar¬≠ket¬≠ing ser¬≠vice and inform you on the most impor¬≠tant aspects that are rel¬≠e¬≠vant to data pro¬≠tec¬≠tion and privacy.

Why do we use Sendinblue?

The newslet¬≠ter ser¬≠vice also offers us help¬≠ful options for analy¬≠sis pur¬≠poses. This means that if we send a newslet¬≠ter, we can for exam¬≠ple find out whether and when you opened the newslet¬≠ter. The soft¬≠ware also detects and records which link you click in the newslet¬≠ter. This infor¬≠ma¬≠tion helps us enor¬≠mously to adapt and opti¬≠mise our ser¬≠vice to your wishes and con¬≠cerns. After all, we nat¬≠u¬≠rally want to offer you the best pos¬≠si¬≠ble ser¬≠vice. In addi¬≠tion to the data already men¬≠tioned above, data about your user behav¬≠iour is also stored.

Which data is processed by Sendinblue?

We are of course very pleased if you reg¬≠is¬≠ter for our newslet¬≠ter. That way we can always let you know first-hand¬≠edly what is going on in our com¬≠pany, so you can stay up to date. How¬≠ever, you should know that when you sign up for the newslet¬≠ter, all data you enter (such as your email address or your first and last name) will be retained and man¬≠aged on our server as well as at Send¬≠in¬≠blue. This also applies to per¬≠sonal data. For exam¬≠ple, in addi¬≠tion to the time and date of reg¬≠is¬≠tra¬≠tion, your IP address is also stored. Dur¬≠ing reg¬≠is¬≠tra¬≠tion, you also con¬≠sent to being sent our newslet¬≠ter. There will also be a ref¬≠er¬≠ence to this Pri¬≠vacy Pol¬≠icy. Fur¬≠ther¬≠more, data such as your click behav¬≠iour within the newslet¬≠ter may also be processed.

How long and where are the data retained?

The data for the newslet­ter tool are stored on servers in Ger­many. Any retained data that could be used to iden­tify you per­son­ally (i.e. per­sonal data), are gen­er­ally erased at Send­in­blue no later than two years after our con­trac­tual rela­tion­ship ends. You can also request the era­sure of your data indi­vid­u­ally and at any time. Requests are processed within 30 days. Data that we col­lect and trans­mit to Send­in­blue will be erased by us as soon as you unsub­scribe from our newsletter.

Right to object

You have the option to can¬≠cel your newslet¬≠ter sub¬≠scrip¬≠tion at any time. All you have to do is revoke your con¬≠sent to your newslet¬≠ter sub¬≠scrip¬≠tion. This nor¬≠mally only takes a few sec¬≠onds or one or two clicks. Usu¬≠ally you will find a link at the end of every email to unsub¬≠scribe from the newslet¬≠ter. If you gen¬≠uinely can¬≠not find the link in the newslet¬≠ter, please email us and we will can¬≠cel your newslet¬≠ter sub¬≠scrip¬≠tion imme¬≠di¬≠ately. After you unsub¬≠scribe, your per¬≠sonal data will be erased from our server as well as from Sendinblue‚Äôs servers located in Ger¬≠many. You have the right to receive free infor¬≠ma¬≠tion about your stored data and, where applic¬≠a¬≠ble, a right to era¬≠sure, restrict pro¬≠cess¬≠ing or rectification.

Legal basis

Our newslet¬≠ter is sent by Send¬≠in¬≠blue on the basis of your con¬≠sent (Arti¬≠cle 6 para¬≠graph 1 lit. a GDPR). Thus, we are only autho¬≠rised to send you a newslet¬≠ter if you have actively reg¬≠is¬≠tered for it before¬≠hand. If your con¬≠sent is not required, the newslet¬≠ter is sent to you on the basis of our  legit¬≠i¬≠mate inter¬≠est in direct mar¬≠ket¬≠ing (Arti¬≠cle 6 para¬≠graph 1 lit. f), pro¬≠vided this is legally per¬≠mit¬≠ted. We record your reg¬≠is¬≠tra¬≠tion process so we can prove com¬≠pli¬≠ance with the law at any time.

If you would like more infor­ma­tion about data pro­cess­ing, we rec­om­mend the company’s Pri­vacy Pol­icy at https://www.sendinblue.com/legal/privacypolicy/ along with the fol­low­ing infor­ma­tion page at https://www.sendinblue.com/information-for-email-recipients/.

Online Mar­ket­ing

Online Mar¬≠ket¬≠ing Pri¬≠vacy Pol¬≠icy Overview 

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: Eval¬≠u¬≠a¬≠tion of vis¬≠i¬≠tor infor¬≠ma¬≠tion for web¬≠site opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: Access sta¬≠tis¬≠tics con¬≠tain¬≠ing data such as access loca¬≠tion, device data, access dura¬≠tion and time, nav¬≠i¬≠ga¬≠tion behav¬≠iour, click behav¬≠iour and IP addresses. Per¬≠sonal data such as name or email address may also be processed. You can find more details on this from the respec¬≠tive Online Mar¬≠ket¬≠ing tool.
ūüďÖ Stor¬≠age period: depend¬≠ing on the Online Mar¬≠ket¬≠ing tools used
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Online Marketing?

Online Mar­ket­ing refers to all mea­sures that are car­ried out online to achieve mar­ket­ing goals, such as increas­ing brand aware­ness or doing busi­ness trans­ac­tions. Fur­ther­more, our Online Mar­ket­ing mea­sures aim to draw people’s atten­tion to our web­site. In order to be able to show our offer to many inter­ested peo­ple, we do Online Mar­ket­ing. It mostly is about online adver­tis­ing, con­tent mar­ket­ing or search engine opti­mi­sa­tion. For this, per­sonal data is also stored and processed, to enable us to use Online Mar­ket­ing effi­ciently and tar­geted. On the one hand, the data help us to only show our con­tent to peo­ple who are inter­ested in it. On the other hand, it helps us to mea­sure the adver­tis­ing suc­cess of our Online Mar­ket­ing measures.

Why do we use Online Mar¬≠ket¬≠ing tools?

We want to show our web¬≠site to every¬≠one who is inter¬≠ested in our offer. We are aware that this is not pos¬≠si¬≠ble with¬≠out con¬≠scious mea¬≠sures being taken. That is why we do Online Mar¬≠ket¬≠ing. There are var¬≠i¬≠ous tools that make work¬≠ing on our Online Mar¬≠ket¬≠ing mea¬≠sures eas¬≠ier for us. These also pro¬≠vide sug¬≠ges¬≠tions for improve¬≠ment via data. Thus, we can tar¬≠get our cam¬≠paigns more pre¬≠cisely to our tar¬≠get group. The ulti¬≠mate pur¬≠pose of these Online Mar¬≠ket¬≠ing tools is to opti¬≠mise our offer.

Which data are processed?

For our Online Mar­ket­ing to work and to mea­sure its suc­cess, user pro­files are cre­ated and data are e.g. stored in cook­ies (small text files). With the help of this data, we can not only adver­tise in the tra­di­tional way, but also present our con­tent directly on our web­site in the way you pre­fer. There are var­i­ous third-party tools that offer these func­tions and thus col­lect and store your data accord­ingly. The afore­men­tioned cook­ies e.g. store the pages you visit on our web­site, how long you view these pages, which links or but­tons you click or which web­site you came from. What is more, tech­ni­cal infor­ma­tion may also be stored. This may include e.g. your IP address, the browser and device you use to visit our web­site or the time you accessed our web­site as well as the time you left. If you have agreed for us to deter­mine your loca­tion, we can also store and process it.

Your IP address is stored in pseu¬≠do¬≠nymised form (i.e. short¬≠ened). What is more, dis¬≠tinct data that directly iden¬≠tify you as a per¬≠son, such as your name, address or email address, are only stored in pseu¬≠do¬≠nymised for adver¬≠tis¬≠ing and Online Mar¬≠ket¬≠ing pur¬≠poses. With this data we can¬≠not iden¬≠tify you as a per¬≠son and only retain the pseu¬≠do¬≠nymised infor¬≠ma¬≠tion that is stored in your user profile.

Under cer¬≠tain cir¬≠cum¬≠stances, cook¬≠ies may also be utilised, analysed and used for adver¬≠tis¬≠ing pur¬≠poses on other web¬≠sites that use the same adver¬≠tis¬≠ing tools. Thus, your data may then also be stored on the servers of the respec¬≠tive provider of the adver¬≠tis¬≠ing tool.

In rare excep¬≠tions, unique data (name, email address, etc.) may also be stored in the user pro¬≠files. This can hap¬≠pen, if you are for exam¬≠ple a mem¬≠ber of a social media chan¬≠nel that we use for our Online Mar¬≠ket¬≠ing mea¬≠sures and if the net¬≠work con¬≠nects pre¬≠vi¬≠ously received data with the user profile.

We only ever receive sum¬≠marised infor¬≠ma¬≠tion from the adver¬≠tis¬≠ing tools we use that do store data on their servers. We never receive data that can be used to iden¬≠tify you as an indi¬≠vid¬≠ual. What is more, the data only shows how well-placed adver¬≠tis¬≠ing mea¬≠sures have worked. For exam¬≠ple, we can see what mea¬≠sures have caused you or other users to visit our web¬≠site and pur¬≠chase a ser¬≠vice or prod¬≠uct. Based on these analy¬≠ses we can improve our adver¬≠tis¬≠ing offer in the future and adapt it more pre¬≠cisely to the needs and wishes of peo¬≠ple who are interested.

Dura­tion of data processing

Below we will inform you on the dura¬≠tion of data pro¬≠cess¬≠ing, pro¬≠vided we have this infor¬≠ma¬≠tion. In gen¬≠eral, we only process per¬≠sonal data for as long as is absolutely nec¬≠es¬≠sary to pro¬≠vide our ser¬≠vices and prod¬≠ucts. Data stored in cook¬≠ies are retained for dif¬≠fer¬≠ent lengths of time. Some cook¬≠ies are deleted after you leave a web¬≠site, while oth¬≠ers may be stored in your browser for a num¬≠ber of years. How¬≠ever, in the respec¬≠tive pri¬≠vacy poli¬≠cies of the respec¬≠tive provider, you will usu¬≠ally find detailed infor¬≠ma¬≠tion on the indi¬≠vid¬≠ual cook¬≠ies this provider uses.

Right of withdrawal

You also retain the right and the option to revoke your con­sent to the use of cook­ies or third-party providers at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can for exam­ple also pre­vent data col­lec­tion by cook­ies if you man­age, deac­ti­vate or erase cook­ies in your browser. The legal­ity of the pro­cess­ing remains unaf­fected to the point of revocation.

Since Online Mar¬≠ket¬≠ing tools usu¬≠ally use cook¬≠ies, we also rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy on cook¬≠ies. If you want to find out which of your data is stored and processed, you should read the pri¬≠vacy poli¬≠cies of the respec¬≠tive tools.

Legal basis

If you have con¬≠sented to the use of third-party providers, then this con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para. 1 lit. a GDPR (con¬≠sent) , this con¬≠sent is the legal basis for per¬≠sonal data pro¬≠cess¬≠ing, as may be done when data is col¬≠lected by online mar¬≠ket¬≠ing tools.

More¬≠over, we have a legit¬≠i¬≠mate inter¬≠est in mea¬≠sur¬≠ing our online mar¬≠ket¬≠ing activ¬≠i¬≠ties in anonymised form, in order to use this data for opti¬≠mis¬≠ing our offer and our Mar¬≠ket¬≠ing. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests) . Nev¬≠er¬≠the¬≠less, we only use these tools if you have given your consent.

Infor­ma­tion on spe­cial online mar­ket­ing tools can be found in the fol­low­ing sec­tions, pro­vided this infor­ma­tion is available.

Face­book Con­ver­sions API Pri­vacy Policy

On our web¬≠site we use Face¬≠book Con¬≠ver¬≠sions API, which is an event track¬≠ing tool. The provider of this ser¬≠vice is the Amer¬≠i¬≠can com¬≠pany Face¬≠book Inc. The com¬≠pany also has Irish head¬≠quar¬≠ters at 4 Grand Canal Square, Grand Canal Har¬≠bour, Dublin 2, Ireland.

Face­book also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Face¬≠book uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way, and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Face¬≠book to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that is processed by using Face­book in their Pri­vacy Pol­icy at https://www.facebook.com/about/privacy.

Face­book Cus­tom Audi­ences Pri­vacy Policy

On our web¬≠site we use Face¬≠book Cus¬≠tom Audi¬≠ences, a event track¬≠ing tool. The provider of this ser¬≠vice is the Amer¬≠i¬≠can com¬≠pany Face¬≠book Inc. The com¬≠pany also has Irish head¬≠quar¬≠ters at 4 Grand Canal Square, Grand Canal Har¬≠bour, Dublin 2, Irland.

Face­book also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Face¬≠book uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way, and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Face¬≠book to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that is processed by using Face­book in their Pri­vacy Pol­icy at https://www.facebook.com/about/privacy.

Pay­Pal Mar­ket­ing Solu­tions Pri­vacy Policy

On our web¬≠site, we use Pay¬≠Pal Mar¬≠ket¬≠ing Solu¬≠tions, which is a sales opti¬≠mi¬≠sa¬≠tion tool. The provider of this ser¬≠vice is the Amer¬≠i¬≠can com¬≠pany Pay¬≠Pal Pte. Ltd, 2211 North First Street, San Jose, Cal¬≠i¬≠for¬≠nia 95131, USA.

Pay­Pal also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Pay¬≠Pal uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way, and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Pay¬≠Pal to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about PayPal’s data pro­cess­ing in their pri­vacy pol­icy at https://www.paypal.com/c2/webapps/mpp/ua/privacy-full.

Tik­Tok Pixel Pri­vacy Policy

On our web¬≠site we use Tik¬≠Tok Pixel, which is a con¬≠ver¬≠sion track¬≠ing tool for adver¬≠tis¬≠ers. The provider of this ser¬≠vice is the Chi¬≠nese com¬≠pany Tik¬≠Tok. The respon¬≠si¬≠ble entity for the Euro¬≠pean region is the Irish com¬≠pany Tik¬≠Tok Tech¬≠nol¬≠ogy Lim¬≠ited (10 Earls¬≠fort Ter¬≠race, Dublin, D02 T380, Ireland).

Tik¬≠Tok uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion (= Art. 46, para¬≠graphs 2 and 3 of the GDPR) as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (which are out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein and Nor¬≠way) or for data trans¬≠fer there. These clauses oblige Tik¬≠Tok to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more on the data processed by using Tik­Tok in their Pri­vacy Pol­icy at https://www.tiktok.com/legal/privacy-policy?lang=de.

Ama­zon Asso­ciates Pro­gram Pri­vacy Policy

Ama¬≠zon Affil¬≠i¬≠ate Pro¬≠gram Pri¬≠vacy Pol¬≠icy Overview 

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: eco¬≠nomic suc¬≠cess and the opti¬≠mi¬≠sa¬≠tion of our ser¬≠vice.
ūüďď Processed data: Access sta¬≠tis¬≠tics that con¬≠tain data such as access loca¬≠tion, device data, access dura¬≠tion and time, nav¬≠i¬≠ga¬≠tion behav¬≠iour, click behav¬≠iour and IP addresses. Per¬≠sonal data such as name or email address can also be processed.
ūüďÖ Stor¬≠age period: per¬≠sonal data is stored by Ama¬≠zon until it is no longer needed
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit.f GDPR (legit¬≠i¬≠mate interests)

What is the Ama­zon Asso­ciates Program?

We use the Ama¬≠zon Asso¬≠ciates Pro¬≠gram of the com¬≠pany Amazon.com Inc on our web¬≠site. The respon¬≠si¬≠ble bod¬≠ies for the pri¬≠vacy state¬≠ment are Ama¬≠zon Europe Core S.√†.r.l., Ama¬≠zon EU S.√†.r.l, Ama¬≠zon Ser¬≠vices Europe S.√†.r.l. as well as Ama¬≠zon Media EU S.√†.r.l., which are based at 5, Rue Plaetis, L-2338 Lux¬≠em¬≠burg, along with Ama¬≠zon Instant Video Ger¬≠many Ltd., which is located at Domagk¬≠stra√üe 28, 80807 Munich. Thereby, Ama¬≠zon Ger¬≠many Ser¬≠vices Ltd. at Mar¬≠cel-Breuer-Stra√üe 12, 80807 Munich is respon¬≠si¬≠ble for data pro¬≠cess¬≠ing. Due to the use of the Ama¬≠zon Asso¬≠ciates Pro¬≠gram, Ama¬≠zon can receive, store and process your data.

In this pri­vacy state­ment we will inform you on what data this can be, why we use the pro­gram and how you can man­age or pre­vent the data transmission.

The Ama¬≠zon Asso¬≠ciates Pro¬≠gram is an affil¬≠i¬≠ate mar¬≠ket¬≠ing pro¬≠gram of the online ship¬≠ping com¬≠pany Amazon.co.uk. Like any affil¬≠i¬≠ate pro¬≠gram, the Ama¬≠zon Asso¬≠ciates Pro¬≠gram is also based on the prin¬≠ci¬≠ple of inter¬≠me¬≠di¬≠a¬≠tion com¬≠mis¬≠sions. Ama¬≠zon (or we) place adver¬≠tise¬≠ments or part¬≠ner links on our web¬≠site, which let us receive a reim¬≠burse¬≠ment of adver¬≠tis¬≠ing costs (com¬≠mis¬≠sion) if you click on them and buy a prod¬≠uct on Amazon.

Why do we use the Ama­zon Asso­ciates Pro­gram on our website?

Our aim is to pro¬≠vide you a pleas¬≠ant time with exten¬≠sive, help¬≠ful con¬≠tent. There¬≠fore, we put a lot of work and energy into the devel¬≠op¬≠ment of our web¬≠site. With the aid of the Ama¬≠zon Asso¬≠ciates Pro¬≠gram, we can receive a lit¬≠tle remu¬≠ner¬≠a¬≠tion for our work. Of course, every affil¬≠i¬≠ate link to Ama¬≠zon is related with our theme and shows offers that may inter¬≠est you.

What data is stored by the Ama­zon Asso­ciates Program?

As soon as you inter¬≠act with the prod¬≠ucts and ser¬≠vices of Ama¬≠zon, the com¬≠pany col¬≠lects your data. Ama¬≠zon dif¬≠fer¬≠en¬≠ti¬≠ates between infor¬≠ma¬≠tion you actively gave to the busi¬≠ness and infor¬≠ma¬≠tion that is col¬≠lected and retained auto¬≠mat¬≠i¬≠cally. ‚ÄúActive infor¬≠ma¬≠tion‚ÄĚ include name, email address, tele¬≠phone num¬≠ber, age, pay¬≠ment details or loca¬≠tion infor¬≠ma¬≠tion. So-called ‚Äúauto¬≠matic infor¬≠ma¬≠tion‚ÄĚ are pri¬≠mar¬≠ily saved by cook¬≠ies. This includes infor¬≠ma¬≠tion, user behav¬≠iour, IP address, device infor¬≠ma¬≠tion (browser type, oper¬≠at¬≠ing sys¬≠tems) or the URL. More¬≠over, Ama¬≠zon also saves the click¬≠stream, which is the path (order of pages) you make as a user in order to get to a prod¬≠uct. Ama¬≠zon also stores cook¬≠ies in your browser to retrace the ori¬≠gin of an order. This enables the com¬≠pany to iden¬≠tify if you clicked an Ama¬≠zon ad or an affil¬≠i¬≠ate link on our website.

If you have an Ama­zon account and are logged in to it while you surf our web­site, the col­lected data can be allo­cated to your account. You can pre­vent this by log­ging out of Ama­zon before surf­ing our website.

In the fol­low­ing we will show you exem­plary cook­ies that are placed in your browser when you click an Ama­zon link on our website.

Name: uid
Value: 3230928052675285215311826578-9
Pur¬≠pose: This cookie stores a unique user ID and col¬≠lects infor¬≠ma¬≠tion on your web¬≠site activ¬≠ity.
Expiry date: after 2 months

Name: ad-id
Value: AyDaIn­RV1k-Lk59xS­np7h5o
Pur­pose: This cookie is pro­vided by amazon-adsystem.com and serves the com­pany regard­ing var­i­ous adver­tis­ing pur­poses.
Expiry date: after 8 months

Name: uuid2
Value: 8965834524520213028311826578-2
Pur­pose: This cookie allows tar­geted and inter­est-based adver­tis­ing via the App­Nexus plat­form. By the IP address it col­lects and retains anony­mous data on what ads you clicked and which sites you opened.
Expiry date: after 3 months

Name: ses­sion-id
Value: 262-0272718-2582202311826578-1
Pur¬≠pose: This cookie stores a unique user ID that the server assigns to you for the dura¬≠tion of a web¬≠site visit (ses¬≠sion). If you visit the site again, the infor¬≠ma¬≠tion saved in there gets retrieved again.
Expiry date: after 15 years

Name: APID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Pur¬≠pose: This cookie stores infor¬≠ma¬≠tion on how you use a web¬≠site, and on what ads you looked at before your visit to the web¬≠site.
Expiry date: after one year

Name: ses­sion-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Pur¬≠pose: This cookie records the time you spend on a web¬≠site with a unique cookie ID.
Expiry date: after 2 years

Name: csm-hit
Value: 2082754801l
Pur­pose: We could not find any detailed infor­ma­tion on this cookie.
Expiry date: after 15 years

Note: Please note, that this list merely shows exam­ples of cook­ies and does not claim to be exhaustive.

Ama­zon use the obtained infor­ma­tion to bet­ter tai­lor their adver­tise­ments to their users’ interests.

How long and where is my data stored?

Ama­zon saves per­sonal data for as long as it is required for both Amazon’s busi­ness ser­vices, and for legal rea­sons. As the company’s head­quar­ters are in the USA, any col­lected data is stored on Amer­i­can servers.

How can I delete my data or pre¬≠vent data retention?

You always have the right to access your per­sonal data and clear it. If you have an Ama­zon account, you can man­age or delete many of the col­lected data.

Fur¬≠ther¬≠more, your browser offers another option for man¬≠ag¬≠ing Amazon‚Äôs pro¬≠cess¬≠ing and reten¬≠tion of data accord¬≠ing to your pref¬≠er¬≠ences. There you can man¬≠age, clear or delete cook¬≠ies. This works a lit¬≠tle dif¬≠fer¬≠ent on every browser. Here you can find instruc¬≠tions for the most com¬≠mon browsers:

Chrome: Clear, enable and man­age cook­ies in Chrome

Safari: Man­age cook­ies and web­site data in Safari

Fire­fox: Clear cook­ies and site data in Firefox

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge

Legal basis

If you have con¬≠sented to the use of the Ama¬≠zon Asso¬≠ciates Pro¬≠gram, then your con¬≠sent is the the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para. 1 lit. a GDPR (con¬≠sent) , this con¬≠sent rep¬≠re¬≠sents the legal basis for per¬≠sonal data pro¬≠cess¬≠ing, as may be done when it is col¬≠lected by the Ama¬≠zon Asso¬≠ciates program.

We also have legit¬≠i¬≠mate inter¬≠est in using the Ama¬≠zon Asso¬≠ciates Pro¬≠gram to opti¬≠mise our online ser¬≠vice and mar¬≠ket¬≠ing mea¬≠sures. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit.f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use the Ama¬≠zon Asso¬≠ciates Pro¬≠gram if you have con¬≠sented to it.

Ama­zon also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Ama¬≠zon uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Ama¬≠zon to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we have brought you the most impor­tant infor­ma­tion about data trans­fer by the Ama­zon Affil­i­ate Pro­gram. You can find more infor­ma­tion on this at https: // www.amazon.de/gp/help/customer/display.html?nodeId=201909010 .

Awin Affil­i­ate Pro­gram Pri­vacy Policy

Awin Affil­i­ate Pro­gram Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: eco¬≠nomic suc¬≠cess and the ser¬≠vice opti¬≠mi¬≠sa¬≠tion.
ūüďď Processed data: Access sta¬≠tis¬≠tics con¬≠tain¬≠ing data such as access loca¬≠tion, device data, access dura¬≠tion and time, nav¬≠i¬≠ga¬≠tion behav¬≠iour, click behav¬≠iour and IP addresses. Per¬≠sonal data such as name or email address can also be processed.
ūüďÖ Stor¬≠age period: Awin stores the data until the pur¬≠poses have been imple¬≠mented and account¬≠ing and report¬≠ing require¬≠ments have been met
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit.f GDPR (legit¬≠i¬≠mate interests)

What is the Awin affil­i­ate program?

We work with the affil¬≠i¬≠ate and adver¬≠tis¬≠ing com¬≠pany AWIN AG (Eich¬≠horn¬≠strasse 3, 10785 Berlin, Ger¬≠many). Awin uses track¬≠ing tools to per¬≠form its ser¬≠vices and to be able to save and trace a user action (e.g. the pur¬≠chase of a prod¬≠uct). This means that your data will also be sent to the com¬≠pany in pseu¬≠do¬≠nymised form where it will then be stored. In this pri¬≠vacy pol¬≠icy, we want to explain not only why we use this affil¬≠i¬≠ate pro¬≠gram, but also which of your data is stored, how it is stored and how you can pre¬≠vent this data retention.

Awin is an affil¬≠i¬≠ate mar¬≠ket¬≠ing net¬≠work. Its mem¬≠bers are adver¬≠tis¬≠ers and web¬≠site oper¬≠a¬≠tors who offer an adver¬≠tis¬≠ing plat¬≠form for the prod¬≠ucts or ser¬≠vices offered. In affil¬≠i¬≠ate mar¬≠ket¬≠ing, web¬≠site oper¬≠a¬≠tors are usu¬≠ally referred to as pub¬≠lish¬≠ers. They place adver¬≠tise¬≠ments for adver¬≠tis¬≠ers on their plat¬≠form (web¬≠site) and receive a com¬≠mis¬≠sion in the event of a click or sale.

Why do we use the Awin affil­i­ate pro­gram on our website?

In addi¬≠tion to our con¬≠tent, prod¬≠ucts or ser¬≠vices, we also want to pro¬≠vide you with inter¬≠est¬≠ing adver¬≠tise¬≠ments that fit our theme. We also offer our web¬≠site as adver¬≠tis¬≠ing space and the Awin affil¬≠i¬≠ate net¬≠work pro¬≠vides us with many con¬≠tacts to adver¬≠tis¬≠ers. This enables us to place selected adver¬≠tise¬≠ments on our web¬≠site and receive a com¬≠mis¬≠sion for suc¬≠cess¬≠ful trans¬≠ac¬≠tions (leads, sales).

What data is stored by the Awin affil­i­ate program?

Awin needs cer¬≠tain user data to be able to recon¬≠struct the path from us (pub¬≠lisher) to the adver¬≠tiser. This means that when you click on an adver¬≠tise¬≠ment on our web¬≠site and land on the advertiser‚Äôs web¬≠site, it will be doc¬≠u¬≠mented by cook¬≠ies. Awin also cre¬≠ates a restricted user pro¬≠file (with¬≠out your name and iden¬≠tity), which doc¬≠u¬≠ments the path from an adver¬≠tise¬≠ment to a sale.

In order to trace this path, Awin uses so-called track¬≠ing domain cook¬≠ies, jour¬≠ney tags and device fin¬≠ger¬≠print¬≠ing. The cook¬≠ies are set in your browser when you click on one of the ads on our web¬≠site. The jour¬≠ney tags are inte¬≠grated into the advertiser‚Äôs web¬≠site as JavaScript code so that Awin can receive trans¬≠ac¬≠tion data. More¬≠over, fin¬≠ger¬≠print¬≠ing enables Awin to uniquely iden¬≠tify a device by tak¬≠ing browser or device attrib¬≠utes into account. The cook¬≠ies for exam¬≠ple store which adver¬≠tis¬≠ing mate¬≠r¬≠ial was clicked on what web¬≠site and when it was clicked.

Below we will show you a list of exem¬≠plary cook¬≠ies that are set in your browser when you click on an adver¬≠tise¬≠ment on our website.

Name: AWSESS
Value: 360701:2483145311826578-1
Pur­pose: This cookie stores data on when you see or click an adver­tise­ment. This infor­ma­tion is then used to avoid show­ing you the same ads over and over again.
Expiry date: after end of the session

Name: aw11354
Value: 512465|0|0|1606813823||aw|24336851897
Pur¬≠pose: This cookie is set as soon as you click on a link that leads to the adver¬≠tiser. The ID stores our web address, the ad you clicked, the time, the ad type ID and the prod¬≠uct ID.
Expiry date: after 30 days

Name: bId
Value: HLEX_5fc6087ff90540.34189752311826578-8
Pur¬≠pose: This cookie sets a browser-spe¬≠cific ID to iden¬≠tify a new click on the same browser.
Expiry date: after one year

All this data is used only to under¬≠stand a publisher‚Äôs mar¬≠ket¬≠ing efforts and sales. Fur¬≠ther¬≠more, the mem¬≠bers of the net¬≠work are pro¬≠vided with an analy¬≠sis report based on the col¬≠lected data. This data is only ever passed on in sum¬≠marised form, which does not allow any con¬≠clu¬≠sions to be drawn about you as a per¬≠son. Accord¬≠ing to Awin, the col¬≠lected data are not used for users‚Äô inter¬≠est or per¬≠son¬≠al¬≠ity pro¬≠files. More¬≠over, for each trans¬≠ac¬≠tion Awin retains an indi¬≠vid¬≠ual sequence of num¬≠bers that con¬≠tains infor¬≠ma¬≠tion about the cam¬≠paign and the devices used. Awin only processes so-called ‚Äúpseu¬≠do¬≠ny¬≠mous‚ÄĚ user data, which can¬≠not iden¬≠tify you directly.

How long and where are the data stored?

Accord­ing to Awin, all data is saved until the des­ig­nated pur­poses have been imple­mented and the account­ing and report­ing require­ments no longer require it to be stored. There are no details avail­able on the company’s web­site. The data is stored on Euro­pean servers. Fur­ther­more, since Awin only processes pseu­do­ny­mous data, no infor­ma­tion can be given about per­sonal data such as IP addresses for example.

How can I erase my data or pre¬≠vent data retention?

Should any of your per¬≠sonal data be col¬≠lected, you of course reserve the right to access and delete them at any time. How¬≠ever, Awin usu¬≠ally only stores pseu¬≠do¬≠ny¬≠mous data that can¬≠not iden¬≠tify you as a per¬≠son. Nev¬≠er¬≠the¬≠less, data is of course col¬≠lected with cook¬≠ies. If you want to pre¬≠vent this, you have the option of man¬≠ag¬≠ing, deac¬≠ti¬≠vat¬≠ing or delet¬≠ing cook¬≠ies in your browser. This works a lit¬≠tle dif¬≠fer¬≠ently for each browser. Below you will find the instruc¬≠tions for the most com¬≠mon browsers:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

Legal basis

If you have agreed to the use of the Awin Part¬≠ner Pro¬≠gram, your con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para. 1 lit. a GDPR (con¬≠sent), this con¬≠sent is the legal basis for per¬≠sonal data pro¬≠cess¬≠ing, as it may be done when it is col¬≠lected by the Awin Part¬≠ner Program.

We also have legit¬≠i¬≠mate inter¬≠est in using the Awin Part¬≠ner Pro¬≠gram to opti¬≠mise our online ser¬≠vice and mar¬≠ket¬≠ing mea¬≠sures. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). We only use the Awin Part¬≠ner Pro¬≠gram track¬≠ing tool if you have con¬≠sented to it.

We hope we could pro¬≠vide you with the most impor¬≠tant infor¬≠ma¬≠tion about Awin and their data pro¬≠cess¬≠ing. If you would like more infor¬≠ma¬≠tion on Awin‚Äôs pri¬≠vacy guide¬≠lines, we rec¬≠om¬≠mend you to read their pri¬≠vacy pol¬≠icy at https://www.awin.com/gb/privacy. If you have any ques¬≠tions you can also send an email to global-privacy@awin.com at any time.

Google Ads (Google AdWords) Con­ver­sion Track­ing Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: eco¬≠nomic suc¬≠cess and ser¬≠vice opti¬≠mi¬≠sa¬≠tion.
ūüďď Processed data: Access sta¬≠tis¬≠tics that con¬≠tain data such as access loca¬≠tion, device data, access dura¬≠tion and time, nav¬≠i¬≠ga¬≠tion behav¬≠iour, click behav¬≠iour and IP addresses. Per¬≠sonal data such as name or email address may also be processed.
ūüďÖ Stor¬≠age period: Con¬≠ver¬≠sion cook¬≠ies usu¬≠ally expire after 30 days and do not trans¬≠mit any per¬≠sonal data
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit.f GDPR (legit¬≠i¬≠mate interests)

What is Google Ads con­ver­sion tracking?

We use Google Ads (pre¬≠vi¬≠ously Google AdWords) as an online mar¬≠ket¬≠ing mea¬≠sure, to adver¬≠tise our prod¬≠ucts and ser¬≠vices. Thus, we want to draw more people‚Äôs atten¬≠tion on the inter¬≠net to the high qual¬≠ity of our offers. As part of our adver¬≠tis¬≠ing mea¬≠sures with Google Ads, we use the con¬≠ver¬≠sion track¬≠ing of Google LLC., 1600 Amphithe¬≠atre Park¬≠way, Moun¬≠tain View, CA 94043, USA (‚ÄúGoogle‚ÄĚ) on our web¬≠site. With the aid of this free track¬≠ing tool we can tai¬≠lor our adver¬≠tis¬≠ing offer bet¬≠ter to your inter¬≠ests and needs. In the fol¬≠low¬≠ing arti¬≠cle we will explain, why we use con¬≠ver¬≠sion track¬≠ing, what data gets saved and how you can pre¬≠vent this data retention.

Google Ads (pre¬≠vi¬≠ously Google AdWords) is the inter¬≠nal online adver¬≠tis¬≠ing sxstem of the com¬≠pany Google LLC. We are con¬≠vinced of our offer‚Äės qual¬≠ity and would like as many peo¬≠ple as pos¬≠si¬≠ble to dis¬≠cover our web¬≠site. For this, Google Ads offers the best plat¬≠form within the online envi¬≠ron¬≠ment. Of course, we also want to get an overview of the cost-ben¬≠e¬≠fit fac¬≠tor of our adver¬≠tis¬≠ing cam¬≠paigns. Thence, we use Google Ads‚Äô con¬≠ver¬≠sion track¬≠ing tool.

But what is a con¬≠ver¬≠sion actu¬≠ally? A con¬≠ver¬≠sion occurs, when you turn from an inter¬≠ested vis¬≠i¬≠tor into an act¬≠ing web¬≠site vis¬≠i¬≠tor. This hap¬≠pens every time you click on our ad and then make another action, such as pay¬≠ing a visit to our web¬≠site. With Google‚Äôs con¬≠ver¬≠sion track¬≠ing tool, we can under¬≠stand what hap¬≠pens after a user clicks our Google ad. It shows us for instance if prod¬≠ucts get bought, ser¬≠vices are used or whether users have sub¬≠scribed to our newsletter.

Why do we use Google Ads con­ver­sion track­ing on our website?

We use Google Ads to show our offer also across other web¬≠sites. Our aim is for our adver¬≠tis¬≠ing cam¬≠paigns to reach only those peo¬≠ple, who are inter¬≠ested in our offers. With the con¬≠ver¬≠sion track¬≠ing tool, we see what key¬≠words, ads, ad groups and cam¬≠paigns lead to the desired cus¬≠tomer actions. We see how many cus¬≠tomers inter¬≠act with our ads on a device, to then con¬≠vert. With this data we can cal¬≠cu¬≠late our cost-ben¬≠e¬≠fit-fac¬≠tor, mea¬≠sure the suc¬≠cess of indi¬≠vid¬≠ual ad cam¬≠paigns and there¬≠fore opti¬≠mise our online mar¬≠ket¬≠ing mea¬≠sures. With the help of the obtained data we can give our web¬≠site a more inter¬≠est¬≠ing design and cus¬≠tomise our adver¬≠tis¬≠ing offer bet¬≠ter to your needs.

What data is stored with Google Ads con­ver­sion tracking?

For a bet¬≠ter analy¬≠sis of cer¬≠tain user actions, we have inte¬≠grated a con¬≠ver¬≠sion track¬≠ing tag, or code snip¬≠pet to our web¬≠site. There¬≠fore, if you click one of our Google ads, a Google domain stores the cookie ‚Äúcon¬≠ver¬≠sion‚ÄĚ on your com¬≠puter (usu¬≠ally in the browser) or on your mobile device. Cook¬≠ies are lit¬≠tle text files that save infor¬≠ma¬≠tion on your computer.

Here are data of the most sig­nif­i­cant cook­ies for Google’s con­ver­sion tracking:

Name: Con­ver­sion
Value: EhMI_ay­Suoyv4­gIVled3Ch0ll­w­eV­GAEgt-mr6aXd7dYl­SAGQ311826578-3
Pur¬≠pose: This cookie saves every con¬≠ver¬≠sion you make on our web¬≠site after you came to us via a Google ad.
Expiry date: after 3 months

Name: _gac
Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE
Pur¬≠pose: This is a clas¬≠sic Google Ana¬≠lyt¬≠ics Cookie that records var¬≠i¬≠ous actions on our web¬≠site.
Expiry date: after 3 months

Note: The cookie _gac only appears in con­nec­tion with Google Ana­lyt­ics. The above list does not claim to be exhaus­tive, as Google repeat­edly change the cook­ies they use for ana­lyt­i­cal evaluation.

As soon as you com¬≠plete an action on our web¬≠site, Google iden¬≠ti¬≠fies the cookie and saves your action as a so-called con¬≠ver¬≠sion. For as long as you surf our web¬≠site, pro¬≠vided the cookie has not expired, both Google and us can deter¬≠mine that you found your way to us via a Google ad. Then, the cookie is read and sent back to Google Ads, together with the con¬≠ver¬≠sion data. More¬≠over, other cook¬≠ies may also be used for mea¬≠sur¬≠ing con¬≠ver¬≠sions. Google Ads‚Äė con¬≠ver¬≠sion track¬≠ing can be fine-tuned and improved with the aid of Google Ana¬≠lyt¬≠ics. Fur¬≠ther¬≠more, ads which Google dis¬≠plays in var¬≠i¬≠ous places across the web, might be placed under our domain with the name ‚Äú__gads‚ÄĚ or ‚Äú_gac‚ÄĚ.
Since Sep¬≠tem¬≠ber 2017, analytics.js retains var¬≠i¬≠ous cam¬≠paign infor¬≠ma¬≠tion with the _gac cookie. This cookie stores data, as soon as you open one of our sites that has been set up for Google Ads‚Äô auto-tag¬≠ging. In con¬≠trast to cook¬≠ies that are placed for Google domains, Google can only read these con¬≠ver¬≠sion cook¬≠ies when you are on our web¬≠site. We do nei¬≠ther col¬≠lect nor receive any per¬≠sonal data. We do obtain a report with sta¬≠tis¬≠ti¬≠cal eval¬≠u¬≠a¬≠tions by Google. With the help thereof, we can not only see the total num¬≠ber of users who clicked our ad, but also what adver¬≠tis¬≠ing mea¬≠sures were well received.

How long and where is the data stored?

At this point we want to reit¬≠er¬≠ate, that we have no influ¬≠ence on how Google use the col¬≠lected data. Accord¬≠ing to Google, the data are encrypted and stored on a secure server. In most cases, con¬≠ver¬≠sion cook¬≠ies expire after 30 days, and do not trans¬≠mit any per¬≠son¬≠alised data. The cook¬≠ies named ‚Äúcon¬≠ver¬≠sion‚Äú and ‚Äú_gac‚Äú (which is used with Google Ana¬≠lyt¬≠ics) have an expiry date of 3 months.

How can I erase my data or pre¬≠vent data retention?

You have the pos¬≠si¬≠bil¬≠ity to opt out of Google Ads‚Äô con¬≠ver¬≠sion track¬≠ing. The con¬≠ver¬≠sion track¬≠ing can be blocked by deac¬≠ti¬≠vat¬≠ing the con¬≠ver¬≠sion track¬≠ing cookie via your browser. If you do this, you will not be con¬≠sid¬≠ered for the sta¬≠tis¬≠tic of the track¬≠ing tool. You can change the cookie set¬≠tings in your browser any¬≠time. Doing so, works a lit¬≠tle dif¬≠fer¬≠ent in every browser. Hence, in the fol¬≠low¬≠ing you will find an instruc¬≠tion on how to man¬≠age cook¬≠ies in your browser:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

If you gen¬≠er¬≠ally do not want to allow any cook¬≠ies at all, you can set up your browser to notify you when¬≠ever a poten¬≠tial cookie is about to be set. This lets you decide upon per¬≠mit¬≠ting or deny¬≠ing the cookie‚Äôs place¬≠ment. By down¬≠load¬≠ing and installing the browser plu¬≠gin at https://support.google.com/ads/answer/7395996 you can also deac¬≠ti¬≠vate all ‚Äúadver¬≠tis¬≠ing cook¬≠ies‚ÄĚ. Please con¬≠sider that by deac¬≠ti¬≠vat¬≠ing these cook¬≠ies, you can¬≠not pre¬≠vent all adver¬≠tise¬≠ments, only per¬≠son¬≠alised ads.

Legal basis

If you have con¬≠sented to the use of Google Ads Con¬≠ver¬≠sion Track¬≠ing, your con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para. 1 lit. a GDPR (con¬≠sent), this con¬≠sent is the legal basis for per¬≠sonal data pro¬≠cess¬≠ing, as may be done when col¬≠lected by Google Ads Con¬≠ver¬≠sion Tracking.

We also have legit¬≠i¬≠mate inter¬≠est in using Google Ads Con¬≠ver¬≠sion Track¬≠ing to opti¬≠mise our online ser¬≠vice and mar¬≠ket¬≠ing mea¬≠sures. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use Google Ads Con¬≠ver¬≠sion Track¬≠ing if you have con¬≠sented to it.

Google also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Google uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Google to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

If you would like to find out more about data pro­tec­tion at Google, we rec­om­mend Google’s pri­vacy pol­icy at: https://policies.google.com/privacy?hl=en-GB.

Con­tent Deliv­ery Networks

Con­tent Deliv­ery Net­works Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: Ser¬≠vice per¬≠for¬≠mance opti¬≠mi¬≠sa¬≠tion (to increase web¬≠site load¬≠ing speeds)
ūüďď Processed data: data such as your IP address
You can find more details on this below as well as in the indi­vid­ual Pri­vacy Poli­cies.
ūüďÖ Stor¬≠age period: most data is stored until it is no longer needed for the pro¬≠vi¬≠sion of the ser¬≠vice.
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is a Con¬≠tent Deliv¬≠ery Network?

On our web¬≠site we use a so-called con¬≠tent deliv¬≠ery net¬≠work or CDN. This helps to load our web¬≠site quickly and eas¬≠ily, regard¬≠less of your loca¬≠tion. More¬≠over, your per¬≠sonal data will also be stored, man¬≠aged and processed on the respec¬≠tive CDN provider‚Äôs servers. In the fol¬≠low¬≠ing, we will go into more gen¬≠eral detail on this ser¬≠vice and the data pro¬≠cess¬≠ing asso¬≠ci¬≠ated with it. You can find detailed infor¬≠ma¬≠tion on how your data is han¬≠dled in the provider‚Äôs Pri¬≠vacy Policy.

Each con¬≠tent deliv¬≠ery net¬≠work (CDN) is a net¬≠work of region¬≠ally dis¬≠trib¬≠uted servers that are con¬≠nected to each other via the inter¬≠net. Through this net¬≠work, web¬≠site con¬≠tent (espe¬≠cially very large files) can be deliv¬≠ered quickly and smoothly, even when large load¬≠ing peaks occur. To make this pos¬≠si¬≠ble, CDNs cre¬≠ate a copy of our web¬≠site on their servers. The web¬≠site can be deliv¬≠ered quickly because these servers are dis¬≠trib¬≠uted all around the world. Any data trans¬≠fer to your browser is there¬≠fore sig¬≠nif¬≠i¬≠cantly short¬≠ened by the CDN.

Why do we use a Con¬≠tent Deliv¬≠ery Net¬≠work for our website?

A fast load¬≠ing web¬≠site is part of our ser¬≠vice. Of course, we know how annoy¬≠ing it is when a web¬≠site loads at a snail‚Äôs pace. Most of the time, you lose your patience and click away before the web¬≠site is fully loaded. But of course we want to avoid that. There¬≠fore, to us a fast load¬≠ing web¬≠site is an oblig¬≠a¬≠tory part of our web¬≠site offer. With the use of a con¬≠tent deliv¬≠ery net¬≠work, our web¬≠site loads sig¬≠nif¬≠i¬≠cantly faster in your browser. Fur¬≠ther¬≠more, CDNs are par¬≠tic¬≠u¬≠larly help¬≠ful when you are abroad, as the web¬≠site is always deliv¬≠ered from a server in your area.

Which data are processed?

If you access a web¬≠site or its con¬≠tent and it gets cached in a CDN, the CDN for¬≠wards the request to the server clos¬≠est to you which then deliv¬≠ers the con¬≠tent. Con¬≠tent deliv¬≠ery net¬≠works are built in a way that JavaScript libraries can be down¬≠loaded and hosted on npm and Github servers. Alter¬≠na¬≠tively, Word¬≠Press plu¬≠g¬≠ins can also be loaded on most CDNs, pro¬≠vided they are hosted on WordPress.org. More¬≠over, your browser can send per¬≠sonal data to the con¬≠tent deliv¬≠ery net¬≠work we use. This includes data such as IP addresses, browser type, browser ver¬≠sion, the accessed web¬≠site or the time and date of the page visit. This data is col¬≠lected and stored by the CDN. Whether cook¬≠ies are used for data stor¬≠age depends on the net¬≠work that is being used. For more infor¬≠ma¬≠tion on this, please read the Pri¬≠vacy Pol¬≠icy of the respec¬≠tive service.

Right to object

If you want to pre¬≠vent this data trans¬≠fer alto¬≠gether, you can use a JavaScript blocker (see for exam¬≠ple https://noscript.net/) on your com¬≠puter. How¬≠ever, our web¬≠site can then of course no longer offer its usual ser¬≠vice (such as a fast load¬≠ing speeds).

Legal basis

If you have con¬≠sented to the use of a con¬≠tent deliv¬≠ery net¬≠work, your con¬≠sent rep¬≠re¬≠sents the the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para¬≠graph 1 lit. a (con¬≠sent) your con¬≠sent rep¬≠re¬≠sents the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data, as it can occur when col¬≠lected by a con¬≠tent deliv¬≠ery network.

We also have a legit¬≠i¬≠mate inter¬≠est in using a con¬≠tent deliv¬≠ery net¬≠work to opti¬≠mise our online ser¬≠vice and make it more secure. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use the tool if you have con¬≠sented to it.

Pro­vided this infor­ma­tion is avail­able, you can find out more about the par­tic­u­lar con­tent deliv­ery net­works in the fol­low­ing sections.

Cookie Con­sent Man­age­ment Plat­form Overview

ūüĎ• Affected par¬≠ties: Web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: Obtain¬≠ing and man¬≠ag¬≠ing con¬≠sent to cer¬≠tain cook¬≠ies and thus the use of cer¬≠tain tools
ūüďď Processed data: data for man¬≠ag¬≠ing cookie set¬≠tings such as IP address, time of con¬≠sent, type of con¬≠sent and indi¬≠vid¬≠ual con¬≠sent. You can find more details on this directly with the tool that is being used.
ūüďÖ Stor¬≠age period: depends on the tool used, peri¬≠ods of sev¬≠eral years can be assumed
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is a cookie con¬≠sent man¬≠age¬≠ment platform?

We use a Con¬≠sent Man¬≠age¬≠ment Plat¬≠form (CMP) soft¬≠ware on our web¬≠site that makes it eas¬≠ier for us and you to han¬≠dle the scripts and cook¬≠ies used cor¬≠rectly and securely. The soft¬≠ware auto¬≠mat¬≠i¬≠cally cre¬≠ates a cookie pop-up, scans and con¬≠trols all scripts and cook¬≠ies, pro¬≠vides you with the cookie con¬≠sent required under data pro¬≠tec¬≠tion law and helps you and us to keep track of all cook¬≠ies. Most cookie con¬≠sent man¬≠age¬≠ment tools iden¬≠tify and cat¬≠e¬≠go¬≠rize all exist¬≠ing cook¬≠ies. As a web¬≠site vis¬≠i¬≠tor, you then decide for your¬≠self whether and which scripts and cook¬≠ies you allow or not. The fol¬≠low¬≠ing graphic shows the rela¬≠tion¬≠ship between browser, web server and CMP.

Consent Management Platform overview

Why do we use a cookie man¬≠age¬≠ment tool?

Our goal is to offer you the best pos¬≠si¬≠ble trans¬≠parency in the area of ‚Äč‚Äčdata pro¬≠tec¬≠tion. We are also legally obliged to do so. We want to inform you as well as pos¬≠si¬≠ble about all tools and all cook¬≠ies that can save and process your data. It is also your right to decide for your¬≠self which cook¬≠ies you accept and which you do not. In order to grant you this right, we first need to know exactly which cook¬≠ies actu¬≠ally landed on our web¬≠site. Thanks to a cookie man¬≠age¬≠ment tool, which reg¬≠u¬≠larly scans the web¬≠site for all cook¬≠ies present, we know about all cook¬≠ies and can pro¬≠vide you with GDPR-com¬≠pli¬≠ant infor¬≠ma¬≠tion. You can then use the con¬≠sent sys¬≠tem to accept or reject cookies.

Which data are processed?

As part of our cookie man¬≠age¬≠ment tool, you can man¬≠age each indi¬≠vid¬≠ual cookie your¬≠self and have com¬≠plete con¬≠trol over the stor¬≠age and pro¬≠cess¬≠ing of your data. The dec¬≠la¬≠ra¬≠tion of your con¬≠sent is stored so that we do not have to ask you every time you visit our web¬≠site and we can also prove your con¬≠sent if required by law. This is saved either in an opt-in cookie or on a server. The stor¬≠age time of your cookie con¬≠sent varies depend¬≠ing on the provider of the cookie man¬≠age¬≠ment tool. Usu¬≠ally this data (e.g. pseu¬≠do¬≠ny¬≠mous user ID, time of con¬≠sent, detailed infor¬≠ma¬≠tion on the cookie cat¬≠e¬≠gories or tools, browser, device infor¬≠ma¬≠tion) is stored for up to two years.

Dura­tion of data processing

We will inform you below about the dura¬≠tion of the data pro¬≠cess¬≠ing if we have fur¬≠ther infor¬≠ma¬≠tion. In gen¬≠eral, we only process per¬≠sonal data for as long as is absolutely nec¬≠es¬≠sary for the pro¬≠vi¬≠sion of our ser¬≠vices and prod¬≠ucts. Data stored in cook¬≠ies are stored for dif¬≠fer¬≠ent lengths of time. Some cook¬≠ies are deleted after you leave the web¬≠site, oth¬≠ers may be stored in your browser for a few years. The exact dura¬≠tion of the data pro¬≠cess¬≠ing depends on the tool used, in most cases you should be pre¬≠pared for a stor¬≠age period of sev¬≠eral years. In the respec¬≠tive data pro¬≠tec¬≠tion dec¬≠la¬≠ra¬≠tions of the indi¬≠vid¬≠ual providers, you will usu¬≠ally receive pre¬≠cise infor¬≠ma¬≠tion about the dura¬≠tion of the data processing.

Right of objection

You also have the right and the option to revoke your con­sent to the use of cook­ies at any time. This works either via our cookie man­age­ment tool or via other opt-out func­tions. For exam­ple, you can also pre­vent data col­lec­tion by cook­ies by man­ag­ing, deac­ti­vat­ing or delet­ing cook­ies in your browser.

Infor¬≠ma¬≠tion on spe¬≠cial cookie man¬≠age¬≠ment tools can be found ‚Äď if avail¬≠able ‚Äď in the fol¬≠low¬≠ing sections.

Legal basis

If you agree to cook¬≠ies, your per¬≠sonal data will be processed and stored via these cook¬≠ies. If we are allowed to use cook¬≠ies with your con¬≠sent (Arti¬≠cle 6 para¬≠graph 1 lit. a GDPR), this con¬≠sent is also the legal basis for the use of cook¬≠ies and the pro¬≠cess¬≠ing of your data. In order to be able to man¬≠age the con¬≠sent to cook¬≠ies and to enable you to give your con¬≠sent, a cookie con¬≠sent man¬≠age¬≠ment plat¬≠form soft¬≠ware is used. The use of this soft¬≠ware enables us to oper¬≠ate the web¬≠site in an effi¬≠cient and legally com¬≠pli¬≠ant man¬≠ner, which is a legit¬≠i¬≠mate inter¬≠est (Arti¬≠cle 6 para¬≠graph 1 lit. f GDPR).

Pay­ment providers

Pay­ment Providers Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: vis¬≠i¬≠tors to the web¬≠site
ūü§Ě Pur¬≠pose: To enable and opti¬≠mise the pay¬≠ment process on our web¬≠site
ūüďď Processed data: data such as name, address, bank details (account num¬≠ber, credit card num¬≠ber, pass¬≠words, TANs, etc.), IP address and con¬≠tract data
You can find more details on this directly from the pay­ment provider tool that is being used.
ūüďÖ Stor¬≠age period: depend¬≠ing on the pay¬≠ment provider that is being used
‚öĖÔłŹ Legal basis: Art. 6 para¬≠graph 1 lit. b GDPR (per¬≠for¬≠mance of a contract)

What is a pay¬≠ment provider?

On our web¬≠site we use online pay¬≠ment sys¬≠tems, which enable us as well as you to have a secure and smooth pay¬≠ment process avail¬≠able. Among other things, per¬≠sonal data may also be sent to the respec¬≠tive pay¬≠ment provider, where it may also be stored and processed. Pay¬≠ment providers are online pay¬≠ment sys¬≠tems that enable you to place an order via online bank¬≠ing. The pay¬≠ment pro¬≠cess¬≠ing is car¬≠ried out by the pay¬≠ment provider of your choice. We will then receive infor¬≠ma¬≠tion about the pay¬≠ment. This method can be used by any user who has an active online bank¬≠ing account with a PIN and TAN. There are hardly any banks that do not offer or accept such pay¬≠ment methods.

Why do we use pay­ment providers on our website?

With both our web¬≠site and our embed¬≠ded online shop, we of course want to offer you the best pos¬≠si¬≠ble ser¬≠vice, so you can feel com¬≠fort¬≠able on our site and take advan¬≠tage of our offers. We know that your time is valu¬≠able and that pay¬≠ment pro¬≠cess¬≠ing in par¬≠tic¬≠u¬≠lar has to work quickly and smoothly. Thus, we offer var¬≠i¬≠ous pay¬≠ment providers. You can choose your pre¬≠ferred pay¬≠ment provider and pay in the usual way.

Which data are processed?

What exact data that is processed of course depends on the respec¬≠tive pay¬≠ment provider. How¬≠ever, gen¬≠er¬≠ally data such as name, address, bank details (account num¬≠ber, credit card num¬≠ber, pass¬≠words, TANs, etc.) do get stored. This data is nec¬≠es¬≠sary for car¬≠ry¬≠ing out any trans¬≠ac¬≠tions. In addi¬≠tion, any con¬≠tract data and user data, such as when you have vis¬≠ited our web¬≠site, what con¬≠tent you are inter¬≠ested in or which sub-pages you have clicked, may also be stored. Most pay¬≠ment providers also store your IP address and infor¬≠ma¬≠tion about the com¬≠puter you are using.

Your data is usu¬≠ally stored and processed on the pay¬≠ment providers‚Äô servers. We, so the web¬≠site oper¬≠a¬≠tor, do not receive this data. We only get infor¬≠ma¬≠tion on whether the pay¬≠ment has gone through or not. For iden¬≠tity and credit checks, it may hap¬≠pen for pay¬≠ment providers to for¬≠ward data to the appro¬≠pri¬≠ate body. The busi¬≠ness and pri¬≠vacy pol¬≠icy prin¬≠ci¬≠ples of the respec¬≠tive provider always apply to all pay¬≠ment trans¬≠ac¬≠tions. There¬≠fore, please always take a look at the gen¬≠eral terms and con¬≠di¬≠tions and the pri¬≠vacy pol¬≠icy of the pay¬≠ment provider. You e.g. also have the right to have data erased or rec¬≠ti¬≠fied at any time. Please con¬≠tact the respec¬≠tive ser¬≠vice provider regard¬≠ing your rights (right to with¬≠draw, right of access and indi¬≠vid¬≠ual rights).

Dura¬≠tion of data processing 

Pro¬≠vided we have fur¬≠ther infor¬≠ma¬≠tion on this, we will inform you below about the dura¬≠tion of the pro¬≠cess¬≠ing of your data. In gen¬≠eral, we only process per¬≠sonal data for as long as is absolutely nec¬≠es¬≠sary for pro¬≠vid¬≠ing our ser¬≠vices and prod¬≠ucts. This stor¬≠age period may be exceeded how¬≠ever, if it is required by law, for exam¬≠ple for account¬≠ing pur¬≠poses. We keep any account¬≠ing doc¬≠u¬≠ments of con¬≠tracts (invoices, con¬≠tract doc¬≠u¬≠ments, account state¬≠ments, etc.) for 10 years (Sec¬≠tion 147 AO) and other rel¬≠e¬≠vant busi¬≠ness doc¬≠u¬≠ments for 6 years (Sec¬≠tion 247 HGB).

Right to object

You always have the right to infor­ma­tion, rec­ti­fi­ca­tion and era­sure of your per­sonal data. If you have any ques­tions, you can always con­tact the per­son that is respon­si­ble for the respec­tive pay­ment provider. You can find con­tact details for them either in our respec­tive pri­vacy pol­icy or on the rel­e­vant pay­ment provider’s website.

You can erase, deac¬≠ti¬≠vate or man¬≠age cook¬≠ies in your browser, that pay¬≠ment providers use for their func¬≠tions. How this works dif¬≠fers a lit¬≠tle depend¬≠ing on which browser you are using. Please note, how¬≠ever, that the pay¬≠ment process may then no longer work.

Legal basis

For the pro¬≠cess¬≠ing of con¬≠trac¬≠tual or legal rela¬≠tion¬≠ships (Art. 6 para. 1 lit. b GDPR), we offer other pay¬≠ment ser¬≠vice providers in addi¬≠tion to the con¬≠ven¬≠tional banking/credit insti¬≠tu¬≠tions. In the pri¬≠vacy pol¬≠icy of the indi¬≠vid¬≠ual pay¬≠ment providers (such as Ama¬≠zon Pay¬≠ments, Apple Pay or Dis¬≠cover) you will find a detailed overview of data pro¬≠cess¬≠ing and data stor¬≠age. In addi¬≠tion, you can always con¬≠tact the respon¬≠si¬≠ble par¬≠ties should you have any ques¬≠tions about data pro¬≠tec¬≠tion issues.

Pro­vided it is avail­able, you can find infor­ma­tion on the spe­cial pay­ment providers in the fol­low­ing sections.

Pay­Pal Pri­vacy Policy

On our web­site we use the online pay­ment ser­vice Pay­Pal. The provider of this ser­vice is the Amer­i­can com­pany Pay­Pal Inc. The respon­si­ble entity for the Euro­pean region is the com­pany Pay­Pal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boule­vard Royal, L-2449 Luxembourg).

Pay­Pal also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Pay¬≠Pal uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Pay¬≠Pal to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data processed by using Pay­Pal in the Pri­vacy Pol­icy at https://https://www.paypal.com/webapps/mpp/ua/privacy-full.

Stripe Pri­vacy Policy

Stripe Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: opti¬≠mis¬≠ing the pay¬≠ment process on our web¬≠site
ūüďď Processed data: data such as name, address, bank details (account num¬≠ber, credit card num¬≠ber, pass¬≠words, TANs, etc.), IP address and con¬≠tract data
You can find more details on this in the pri­vacy pol­icy below
ūüďÖ Stor¬≠age period: data is stored until the col¬≠lab¬≠o¬≠ra¬≠tion with Stripe is ter¬≠mi¬≠nated
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. b GDPR (con¬≠tract pro¬≠cess¬≠ing), Art. 6 para. 1 lit. a GDPR (con¬≠sent)

What is Stripe?

On our web¬≠site we use a pay¬≠ment tool by Stripe, an Amer¬≠i¬≠can tech¬≠nol¬≠ogy com¬≠pany and online pay¬≠ment ser¬≠vice. Stripe Pay¬≠ments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ire¬≠land) is respon¬≠si¬≠ble for cus¬≠tomers within the EU. There¬≠fore, if you choose Stripe as your pay¬≠ment method, your pay¬≠ment will be processed via Stripe Pay¬≠ments. Hence, the data required for the pay¬≠ment process is for¬≠warded to Stripe where it is then stored. In this pri¬≠vacy pol¬≠icy we will give you an overview of Stripe‚Äôs data pro¬≠cess¬≠ing and reten¬≠tion. More¬≠over, we will explain why we use Stripe on our website.

The tech¬≠nol¬≠ogy com¬≠pany Stripe offers pay¬≠ment solu¬≠tions for online pay¬≠ments. Stripe enables us to accept credit and debit card pay¬≠ments in our web¬≠shop while it han¬≠dles the entire pay¬≠ment process. A major advan¬≠tage of Stripe is that you never have to leave our web¬≠site or shop dur¬≠ing the pay¬≠ment process. More¬≠over, pay¬≠ments are processed very quickly via Stripe.

Why do we use Stripe on our website?

We of course want to offer the best pos¬≠si¬≠ble ser¬≠vice with both our web¬≠site and our inte¬≠grated online shop. After all, we would like you to feel com¬≠fort¬≠able on our site and take advan¬≠tage of our offers. We know that your time is valu¬≠able and there¬≠fore, pay¬≠ment pro¬≠cess¬≠ing in par¬≠tic¬≠u¬≠lar must work quickly and smoothly. In addi¬≠tion to our other pay¬≠ment providers, with Stripe we have found a part¬≠ner that guar¬≠an¬≠tees secure and fast pay¬≠ment processing.

What data are stored by Stripe?

If you choose Stripe as your pay¬≠ment method, your per¬≠sonal data (trans¬≠ac¬≠tion data) will be trans¬≠mit¬≠ted to Stripe where it will be stored. These data include the pay¬≠ment method (i.e. credit card, debit card or account num¬≠ber), bank sort code, cur¬≠rency, as well as the amount and the pay¬≠ment date. Dur¬≠ing a trans¬≠ac¬≠tion, your name, email address, billing or ship¬≠ping address and some¬≠times your trans¬≠ac¬≠tion his¬≠tory may also be trans¬≠mit¬≠ted. These data are nec¬≠es¬≠sary for authen¬≠ti¬≠ca¬≠tion. Fur¬≠ther¬≠more, Stripe may also col¬≠lect rel¬≠e¬≠vant data for the pur¬≠pose of fraud pre¬≠ven¬≠tion, finan¬≠cial report¬≠ing and for pro¬≠vid¬≠ing its ser¬≠vices in full. These data may include your name, address, tele¬≠phone num¬≠ber as well as your coun¬≠try in addi¬≠tion to tech¬≠ni¬≠cal data about your device (such as your IP address).

Stripe does not sell any of your data to inde¬≠pen¬≠dent third par¬≠ties, such as mar¬≠ket¬≠ing agen¬≠cies or other com¬≠pa¬≠nies that have noth¬≠ing to do with Stripe. How¬≠ever, data may be for¬≠warded to inter¬≠nal depart¬≠ments, a lim¬≠ited num¬≠ber of Stripe‚Äôs exter¬≠nal part¬≠ners or for legal com¬≠pli¬≠ance rea¬≠sons. What is more, Stripe uses cook¬≠ies to col¬≠lect data. Here is a selec¬≠tion of cook¬≠ies that Stripe may set dur¬≠ing the pay¬≠ment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456311826578-5
Pur¬≠pose: This cookie appears when you select your pay¬≠ment method. It saves and recog¬≠nises whether you are access¬≠ing our web¬≠site via a PC, tablet or smart¬≠phone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9311826578-1
Pur­pose: This cookie is required for car­ry­ing out credit card trans­ac­tions. For this pur­pose, the cookie stores your ses­sion ID.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Pur­pose: This cookie also stores your ID. Stripe uses it for the pay­ment process on our web­site.
Expiry date: after end of the session

How long and where are the data stored?

Gen¬≠er¬≠ally, per¬≠sonal data are stored for the dura¬≠tion of the pro¬≠vided ser¬≠vice. This means that the data will be stored until we ter¬≠mi¬≠nate our coop¬≠er¬≠a¬≠tion with Stripe. How¬≠ever, in order to meet legal and offi¬≠cial oblig¬≠a¬≠tions, Stripe may also store per¬≠sonal data for longer than the dura¬≠tion of the pro¬≠vided ser¬≠vice. Fur¬≠ther¬≠more, since Stripe is a global com¬≠pany, your data may be stored in any of the coun¬≠tries Stripe offers its ser¬≠vices in. There¬≠fore, your data may be stored out¬≠side your coun¬≠try, such as in the USA for example.

How can I erase my data or pre¬≠vent data retention?

Please note that when you use this tool, your data may also be stored and processed out­side the EU. Most third coun­tries (includ­ing the USA) are not con­sid­ered secure under cur­rent Euro­pean data pro­tec­tion law. Data must not sim­ply be trans­ferred to, as well as stored and processed in inse­cure third coun­tries, unless there are suit­able guar­an­tees (such as EU stan­dard con­trac­tual clauses) between us and the respec­tive non-Euro­pean ser­vice provider.

You always reserve the right to infor­ma­tion, cor­rec­tion and dele­tion of your per­sonal data. Should you have any ques­tions, you can con­tact the Stripe team at https://support.stripe.com/contact/email.

You can erase, deac­ti­vate or man­age cook­ies in your browser that Stripe uses for its func­tions. This works dif­fer­ently depend­ing on which browser you are using. Please note, how­ever, that if you do so the pay­ment process may no longer work. The fol­low­ing instruc­tions will show you how to man­age cook­ies in your browser:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

Legal basis

For the pro¬≠cess¬≠ing of con¬≠trac¬≠tual or legal rela¬≠tion¬≠ships (Art. 6 para. 1 lit. b GDPR), we  offer the pay¬≠ment ser¬≠vice provider Sofort√ľber¬≠weisung in addi¬≠tion to the con¬≠ven¬≠tional bank/credit insti¬≠tu¬≠tions. Suc¬≠cess¬≠ful use of the ser¬≠vice also requires your con¬≠sent (Art. 6 para. 1 lit. a GDPR), pro¬≠vided the use of cook¬≠ies is nec¬≠es¬≠sary for it.

Stripe also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Stripe uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Stripe to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have now given you a gen¬≠eral overview of Stripe‚Äôs data pro¬≠cess¬≠ing and reten¬≠tion. If you want more infor¬≠ma¬≠tion, Stripe‚Äôs detailed pri¬≠vacy pol¬≠icy at https://stripe.com/at/privacy is a good source.

 

Face­book Pri­vacy Policy

Face­book Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: data such as cus¬≠tomer data, data on user behav¬≠iour, device infor¬≠ma¬≠tion and IP address.
You can find more details in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age period: until the data no longer serves Facebook‚Äôs pur¬≠poses
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What are Face¬≠book tools?

We use selected Face¬≠book tools on our web¬≠site. Face¬≠book is a social media net¬≠work of the com¬≠pany Face¬≠book Ire¬≠land Ltd., 4 Grand Canal Square, Grand Canal Har¬≠bour, Dublin 2 Ire¬≠land. With the aid of this tool we can pro¬≠vide the best pos¬≠si¬≠ble offers to you and any¬≠one inter¬≠ested in our prod¬≠ucts and services.

If your data is col¬≠lected and for¬≠warded via our embed¬≠ded Face¬≠book ele¬≠ments or via our Face¬≠book page (fan¬≠page), both we and Face¬≠book Ire¬≠land Ltd. are respon¬≠si¬≠ble for this. How¬≠ever, should any fur¬≠ther pro¬≠cess¬≠ing occur, then Face¬≠book is solely respon¬≠si¬≠ble for this data. Our joint com¬≠mit¬≠ments were also set out in a pub¬≠licly avail¬≠able agree¬≠ment at https://www.facebook. com / legal / controller_addendum . It e.g. states that we must clearly inform you about the use of Face¬≠book tools on our web¬≠site. We are also respon¬≠si¬≠ble for ensur¬≠ing that the tools are securely inte¬≠grated into our web¬≠site and are in accor¬≠dance with the applic¬≠a¬≠ble pri¬≠vacy laws. Face¬≠book, on the other hand, is e.g. respon¬≠si¬≠ble for the data secu¬≠rity of Facebook‚Äôs prod¬≠ucts. If you have any ques¬≠tions about Facebook‚Äôs data col¬≠lec¬≠tion and pro¬≠cess¬≠ing, you can con¬≠tact the com¬≠pany directly. Should you direct the ques¬≠tion to us, we are obliged to for¬≠ward it to Facebook.

In the fol¬≠low¬≠ing we will give you an overview on the dif¬≠fer¬≠ent Face¬≠book tools, as well as on what data is sent to Face¬≠book and how you can erase this data.

Along with many other prod¬≠ucts, Face¬≠book also offers so called ‚ÄúFace¬≠book Busi¬≠ness Tools‚ÄĚ. This is Facebook‚Äôs offi¬≠cial name for its tools, but it is not very com¬≠mon. There¬≠fore, we decided to merely call them ‚ÄúFace¬≠book tools‚ÄĚ. They include the following:

  • Face¬≠book-Pixel
  • Social Plu¬≠g¬≠ins (e.g. the ‚ÄúLike‚ÄĚ or ‚ÄúShare‚Äú button)
  • Face¬≠book Login
  • Account Kit
  • APIs (appli¬≠ca¬≠tion pro¬≠gram¬≠ming interface)
  • SDKs (Soft¬≠wart devel¬≠op¬≠mept kits)
  • Plat¬≠tform-inte¬≠gra¬≠tions
  • Plu¬≠g¬≠ins
  • Codes
  • Spec¬≠i¬≠fi¬≠ca¬≠tions
  • Doc¬≠u¬≠men¬≠ta¬≠tions
  • Tech¬≠nolo¬≠gies and Services

With these tools Face­book can extend its ser­vices and is able to receive infor­ma­tion on user activ­i­ties out­side of Facebook.

Why do we use Face­book tools on our website?

We only want to show our ser­vices and prod­ucts to peo­ple who are gen­uinely inter­ested in them. With the help of adver­tise­ments (Face­book Ads) we can reach exactly these peo­ple. How­ever, to be able to show suit­able adverts to users, Face­book requires addi­tional infor­ma­tion on people’s needs and wishes. There­fore, infor­ma­tion on the user behav­iour (and con­tact details) on our web­site, are pro­vided to Face­book. Con­se­quently, Face­book can col­lect bet­ter user data and is able to dis­play suit­able adverts for our prod­ucts or ser­vices. Thanks to the tools it is pos­si­ble to cre­ate tar­geted, cus­tomised ad cam­paigns of Facebook.

Face¬≠book calls data about your behav¬≠iour on our web¬≠site ‚Äúevent data‚ÄĚ and uses them for ana¬≠lyt¬≠ics ser¬≠vices. That way, Face¬≠book can cre¬≠ate ‚Äúcam¬≠paign reports‚ÄĚ about our ad cam¬≠paigns‚Äô effec¬≠tive¬≠ness on our behalf. More¬≠over, by analy¬≠ses we can get a bet¬≠ter insight in how you use our ser¬≠vices, our web¬≠site or our prod¬≠ucts. There¬≠fore, some of these tools help us opti¬≠mise your user expe¬≠ri¬≠ence on our web¬≠site. With the social plu¬≠g¬≠ins for instance, you can share our site‚Äôs con¬≠tents directly on Facebook.

What data is stored by Face¬≠book tools?

With the use of Face­book tools, per­sonal data (cus­tomer data) may be sent to Face­book. Depend­ing on the tools used, cus­tomer data such as name, address, tele­phone num­ber and IP address may be transmitted.

Face¬≠book uses this infor¬≠ma¬≠tion to match the data with the data it has on you (if you are a Face¬≠book mem¬≠ber). How¬≠ever, before the cus¬≠tomer data is trans¬≠ferred to Face¬≠book, a so called ‚ÄúHash¬≠ing‚ÄĚ takes place. This means, that a data record of any size is trans¬≠formed into a string of char¬≠ac¬≠ters, which also has the pur¬≠pose of encrypt¬≠ing data.

More¬≠over, not only con¬≠tact data, but also ‚Äúevent data‚Äú is trans¬≠ferred. These data are the infor¬≠ma¬≠tion we receive about you on our web¬≠site. To give an exam¬≠ple, it allows us to see what sub¬≠pages you visit or what prod¬≠ucts you buy from us. Face¬≠book does not dis¬≠close the obtained infor¬≠ma¬≠tion to third par¬≠ties (such as adver¬≠tis¬≠ers), unless the com¬≠pany has an explicit per¬≠mis¬≠sion or is legally obliged to do so. Also, ‚Äúevent data‚Äú can be linked to con¬≠tact infor¬≠ma¬≠tion, which helps Face¬≠book to offer improved, cus¬≠tomised adverts. Finally, after the pre¬≠vi¬≠ously men¬≠tioned match¬≠ing process, Face¬≠book deletes the con¬≠tact data.

To deliver opti¬≠mised adver¬≠tise¬≠ments, Face¬≠book only uses event data, if they have been com¬≠bined with other data (that have been col¬≠lected by Face¬≠book in other ways). Face¬≠book also uses event data for the pur¬≠poses of secu¬≠rity, pro¬≠tec¬≠tion, devel¬≠op¬≠ment and research. Many of these data are trans¬≠mit¬≠ted to Face¬≠book via cook¬≠ies. Cook¬≠ies are lit¬≠tle text files, that are used for stor¬≠ing data or infor¬≠ma¬≠tion in browsers. Depend¬≠ing on the tools used, and on whether you are a Face¬≠book mem¬≠ber, a dif¬≠fer¬≠ent num¬≠ber of cook¬≠ies are placed in your browser. In the descrip¬≠tions of the indi¬≠vid¬≠ual Face¬≠book tools we will go into more detail on Face¬≠book cook¬≠ies. You can also find gen¬≠eral infor¬≠ma¬≠tion about the use of Face¬≠book cook¬≠ies at https://www.facebook.com/policies/cookies.

How long and where are the data stored?

Face¬≠book fun¬≠da¬≠men¬≠tally stores data, until they are no longer of use for their own ser¬≠vices and prod¬≠ucts. Face¬≠book has servers for stor¬≠ing their data all around the world. How¬≠ever, cus¬≠tomer data is cleared within 48 hours after they have been matched with their own user data.

How can I erase my data or pre¬≠vent data retention?

In accor¬≠dance with the Gen¬≠eral Data Pro¬≠tec¬≠tion Reg¬≠u¬≠la¬≠tion (GDPR) you have the right of infor¬≠ma¬≠tion, rec¬≠ti¬≠fi¬≠ca¬≠tion, trans¬≠fer and dele¬≠tion of your data.

The col­lected data is only fully deleted, when you delete your entire Face­book account. Delet­ing your Face­book account works as follows:

1) Click on set­tings in the top right side in Facebook.

2) Then, click “Your Face­book infor­ma­tion“ in the left column.

3) Now click on ‚ÄúDeac¬≠ti¬≠va¬≠tion and deletion‚ÄĚ.

4) Choose “Per­ma­nently delete account“ and then click on “Con­tinue to account deletion“.

5) Enter your pass­word, click on “con­tinue“ and then on “Delete account“.

The reten­tion of data Face­book receives via our site is done via cook­ies (e.g. with social plu­g­ins), among oth­ers. You can deac­ti­vate, clear or man­age both all and indi­vid­ual cook­ies in your browser. How this can be done dif­fers depend­ing on the browser you use. The fol­low­ing instruc­tions show, how to man­age cook­ies in your browser:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

If you gen¬≠er¬≠ally do not want to allow any cook¬≠ies at all, you can set up your browser to notify you when¬≠ever a cookie is about to be set. This gives you the oppor¬≠tu¬≠nity to decide upon the per¬≠mis¬≠sion or dele¬≠tion of every sin¬≠gle cookie.

Legal basis

If you have con¬≠sented to your data being processed and stored by inte¬≠grated Face¬≠book tools, this con¬≠sent is the legal basis for data pro¬≠cess¬≠ing (Art. 6 para. 1 lit. a GDPR). Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 para. 1 lit. f GDPR) to main¬≠tain fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. Nev¬≠er¬≠the¬≠less, we only use these tools if you have given your con¬≠sent. Most social media plat¬≠forms also set cook¬≠ies on your browser to store data. We there¬≠fore rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy about cook¬≠ies care¬≠fully and to take a look at the pri¬≠vacy pol¬≠icy or Facebook‚Äôs cookie policy.

Face­book also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Face¬≠book uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Face¬≠book to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could give you an under­stand­ing of the most impor­tant infor­ma­tion about the use of Face­book tools and data pro­cess­ing. If you want to find out more on how Face­book use your data, we rec­om­mend read­ing the data poli­cies at https://www.facebook.com/about/privacy/update.

Face­book Login Pri­vacy Policy

We inte¬≠grated the con¬≠ve¬≠nient Face¬≠book Login to our web¬≠site. With it, you can eas¬≠ily log into our site with your Face¬≠book account, with¬≠out hav¬≠ing to cre¬≠ate a new user account. If you decide to reg¬≠is¬≠ter via the Face¬≠book Login, you will be redi¬≠rected to the social media net¬≠work Face¬≠book. There, you can log in with your Face¬≠book user data. By using this method to log in, data on you and your user behav¬≠iour is stored and trans¬≠mit¬≠ted to Facebook.

To save the data, Face¬≠book uses var¬≠i¬≠ous cook¬≠ies. In the fol¬≠low¬≠ing we will show you the most sig¬≠nif¬≠i¬≠cant cook¬≠ies that are placed in your browser or that already exist when you log into our site via the Face¬≠book Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Pur­pose: This cookie is used to make the social plu­gin func­tion opti­mally on our web­site.
Expiry date: after 3 months

Name: datr
Value: 4Jh7XUA2311826578SEmPsSfzCOO4JFFl
Pur¬≠pose: Face¬≠book sets the ‚Äúdatr‚ÄĚ cookie, when a web browser accesses facebook.com. The cookie helps to iden¬≠tify login activ¬≠i¬≠ties and pro¬≠tect users.
Expiry date: after 2 years

Name: _js_datr
Value: deleted
Pur¬≠pose: Face¬≠book sets this ses¬≠sion cookie for track¬≠ing pur¬≠poses, even if you do not have a Face¬≠book account or are logged out.
Expiry date: after the end of the session

Note: The cook¬≠ies we stated are only a small range of the cook¬≠ies which are avail¬≠able to Face¬≠book. Other cook¬≠ies include for exam¬≠ple _ fbp, sb or wd. It is not pos¬≠si¬≠ble to dis¬≠close an exhaus¬≠tive list, since Face¬≠book have a mul¬≠ti¬≠tude of cook¬≠ies at their dis¬≠posal which they use in variation.

On the one hand, Face¬≠book Login enables a fast and easy reg¬≠is¬≠tra¬≠tion process. On the other hand, it gives us the oppor¬≠tu¬≠nity to share data with Face¬≠book. In turn, we can cus¬≠tomise our offer and adver¬≠tis¬≠ing cam¬≠paigns bet¬≠ter to your needs and inter¬≠ests. The data we receive from Face¬≠book by this means, is pub¬≠lic data such as

  • your Face¬≠book name
  • your pro¬≠file picture
  • your stored email address
  • friends lists
  • but¬≠ton clicks (e.g. ‚ÄúLike‚Äú button)
  • date of birth
  • lan¬≠guage
  • place of residence

In return, we pro¬≠vide Face¬≠book with infor¬≠ma¬≠tion about your activ¬≠i¬≠ties on our web¬≠site. These include infor¬≠ma¬≠tion on the ter¬≠mi¬≠nal device you used, which of our sub¬≠pages you visit, or what prod¬≠ucts you have bought from us.

By using Face­book Login, you agree to the data pro­cess­ing. You can ter­mi­nate this agree­ment any­time. If you want to learn more about Facebook’s data pro­cess­ing, we rec­om­mend you to read Facebook’s Data Pol­icy at https://www.facebook.com/policy.php.

If you are reg­is­tered with Face­book, you can change your adver­tise­ment set­tings any­time at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

Insta­gram Pri­vacy Policy

Insta­gram Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: opti¬≠mis¬≠ing our ser¬≠vice
ūüďď Processed data: includes data on user behav¬≠iour, infor¬≠ma¬≠tion about your device and IP address.
More details can be found in the pri­vacy pol­icy below.
ūüďÖ Stor¬≠age period: until Insta¬≠gram no longer needs the data for its pur¬≠poses
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Instagram?

We have inte¬≠grated func¬≠tions of Insta¬≠gram to our web¬≠site. Insta¬≠gram is a social media plat¬≠form of the com¬≠pany Insta¬≠gram LLC, 1601 Wil¬≠low Rd, Menlo Park CA 94025, USA. Since 2012, Insta¬≠gram is a sub¬≠sidiary com¬≠pany of Face¬≠book Inc. and is a part of Facebook‚Äôs prod¬≠ucts. The inclu¬≠sion of Instagram‚Äôs con¬≠tents on our web¬≠site is called embed¬≠ding. With this, we can show you Insta¬≠gram con¬≠tents such as but¬≠tons, pho¬≠tos or videos directly on our web¬≠site. If you open web¬≠sites of our online pres¬≠ence, that have an inte¬≠grated Insta¬≠gram func¬≠tion, data gets trans¬≠mit¬≠ted to, as well as stored and processed by Insta¬≠gram. Insta¬≠gram uses the same sys¬≠tems and tech¬≠nolo¬≠gies as Face¬≠book. There¬≠fore, your data will be processed across all Face¬≠book firms.

In the fol¬≠low¬≠ing, we want to give you a more detailed insight on why Insta¬≠gram col¬≠lects data, what data these are and how you can con¬≠trol data pro¬≠cess¬≠ing. As Insta¬≠gram belongs to Face¬≠book Inc., we have, on the one hand received this infor¬≠ma¬≠tion from the Insta¬≠gram guide¬≠lines, and on the other hand from Facebook‚Äôs Data Policy.

Insta¬≠gram is one of the most famous social media net¬≠works world¬≠wide. Insta¬≠gram com¬≠bines the ben¬≠e¬≠fits of a blog with the ben¬≠e¬≠fits of audio-visual plat¬≠forms such as YouTube or Vimeo. To ‚ÄúInsta‚Äú (how the plat¬≠form is casu¬≠ally called by many users) you can upload pho¬≠tos and short videos, edit them with dif¬≠fer¬≠ent fil¬≠ters and also share them to other social net¬≠works. Also, if you do not want to be active on Insta¬≠gram your¬≠self, you can just fol¬≠low other inter¬≠est¬≠ing users.

Why do we use Insta­gram on our website?

Insta¬≠gram is a social media plat¬≠form whose suc¬≠cess has sky¬≠rock¬≠eted within recent years. Nat¬≠u¬≠rally, we have also reacted to this boom. We want you to feel as com¬≠fort¬≠able as pos¬≠si¬≠ble on our web¬≠site. There¬≠fore, we attach great impor¬≠tance to diver¬≠si¬≠fied con¬≠tents. With the embed¬≠ded Insta¬≠gram fea¬≠tures we can enrich our con¬≠tent with help¬≠ful, funny or excit¬≠ing Insta¬≠gram con¬≠tents. Since Insta¬≠gram is a sub¬≠sidiary com¬≠pany of Face¬≠book, the col¬≠lected data can also serve us for cus¬≠tomised adver¬≠tis¬≠ing on Face¬≠book. Hence, only per¬≠sons who are gen¬≠uinely inter¬≠ested in our prod¬≠ucts or ser¬≠vices can see our ads.

Insta­gram also uses the col­lected data for track­ing and analy­sis pur­poses. We receive sum­marised sta­tis­tics and there­fore more insight to your wishes and inter­ests. It is impor­tant to men­tion that these reports do not iden­tify you personally.

What data is stored by Instagram?

When¬≠ever you land on one of our sites, which have Insta¬≠gram func¬≠tions (i.e. Insta¬≠gram pho¬≠tos or plu¬≠g¬≠ins) inte¬≠grated to them, your browser auto¬≠mat¬≠i¬≠cally con¬≠nects with Instagram‚Äôs servers. Thereby, data is sent to, as well as saved and processed by Insta¬≠gram. This always hap¬≠pens, whether you have an Insta¬≠gram account or not. More¬≠over, it includes infor¬≠ma¬≠tion on our web¬≠site, your com¬≠puter, your pur¬≠chases, the adver¬≠tise¬≠ments you see and on how you use our offer. The date and time of your inter¬≠ac¬≠tion is also stored. If you have an Insta¬≠gram account or are logged in, Insta¬≠gram saves sig¬≠nif¬≠i¬≠cantly more data on you.

Face¬≠book dis¬≠tin¬≠guishes between cus¬≠tomer data and event data. We assume this is also the case for Insta¬≠gram. Cus¬≠tomer data are for exam¬≠ple names, addresses, phone num¬≠bers and IP addresses. These data are only trans¬≠mit¬≠ted to Insta¬≠gram, if they have been ‚Äúhashed‚ÄĚ first. Thereby, a set of data is trans¬≠formed into a string of char¬≠ac¬≠ters, which encrypts any con¬≠tact data. More¬≠over, the afore¬≠men¬≠tioned ‚Äúevent data‚Äú (data on your user behav¬≠iour) is trans¬≠mit¬≠ted as well. It is also pos¬≠si¬≠ble, that con¬≠tact data may get com¬≠bined with event data. The col¬≠lected data data is matched with any data Insta¬≠gram already has on you.

Fur­ther­more, the gath­ered data are trans­ferred to Face­book via lit­tle text files (cook­ies) which usu­ally get set in your browser. Depend­ing on the Insta­gram func­tion used, and whether you have an Insta­gram account your­self, the amount of data that gets stored varies.

We assume data pro­cess­ing on Insta­gram works the same way as on Face­book. There­fore, if you have an account on Insta­gram or have vis­ited www.instagram.com, Insta­gram has set at least one cookie. If this is the case, your browser uses the cookie to send infor­ma­tion to Insta­gram, as soon as you come across an Insta­gram func­tion. No later than 90 days (after match­ing) the data is deleted or anonymised. Even though we have stud­ied Instagram’s data pro­cess­ing in-depth, we can­not tell for sure what exact data Insta­gram col­lects and retains.

In the fol¬≠low¬≠ing we will show you a list of the least cook¬≠ies placed in your browser when click on an Insta¬≠gram func¬≠tion (e.g. but¬≠ton or an Insta pic¬≠ture). In our test we assume you do not have an Insta¬≠gram account, since if you would be logged in to your Insta¬≠gram account, your browser would place sig¬≠nif¬≠i¬≠cantly more cookies.

The fol¬≠low¬≠ing cook¬≠ies were used in our test:

Name: csrfto­ken
Value: ‚Äú‚ÄĚ
Pur­pose: This cookie is most likely set for secu­rity rea­sons to pre­vent fal­si­fi­ca­tions of requests. We could not find out more infor­ma­tion on it.
Expiry date: after one year

Name: mid
Value: ‚Äú‚ÄĚ
Pur¬≠pose: Insta¬≠gram places this cookie to opti¬≠mise its own offers and ser¬≠vices in- and out¬≠side of Insta¬≠gram. The cookie allo¬≠cates a unique user ID.
Expiry date: after end of session

Name: fbsr_311826578124024
Value: no infor­ma­tion
Pur¬≠pose: This cookie stores the login request of Insta¬≠gram app users.

Expiry date: after end of session

Name: rur
Value: ATN
Pur­pose: This is an Insta­gram cookie which guar­an­tees func­tion­al­ity on Insta­gram.
Expiry date: after end of session

Name: url­gen
Value: ‚Äú{‚ÄĚ194.96.75.33‚ÄĚ: 1901}:1iEtYv:Y833k2_UjKvXgYe311826578‚ÄĚ
Pur­pose: This cookie serves Instagram’s mar­ket­ing pur­poses.
Expiry date: after end of session

Note: We do not claim this list to be exhaus­tive. The cook­ies that are placed in each indi­vid­ual case, depend on the func­tions embed­ded as well as on your use of Instagram.

How long and where are these data stored?

Insta¬≠gram shares the infor¬≠ma¬≠tion obtained within the Face¬≠book busi¬≠nesses with exter¬≠nal part¬≠ners and per¬≠sons you are glob¬≠ally con¬≠nected with. Data pro¬≠cess¬≠ing is done accord¬≠ing to Facebook‚Äôs inter¬≠nal data pol¬≠icy. Your data is dis¬≠trib¬≠uted to Facebook‚Äôs servers across the world, par¬≠tially for secu¬≠rity rea¬≠sons. Most of these servers are in the USA.

How can I erase my data or pre¬≠vent data retention?

Thanks to the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), you have the right of infor­ma­tion, rec­ti­fi­ca­tion, trans­fer and dele­tion of your data. Fur­ther­more, you can man­age your data in Instagram’s set­tings. If you want to delete your data on Insta­gram com­pletely, you will have to delete your Insta­gram account permanently.

And this is how an Insta­gram account can be deleted:

First, open the Insta¬≠gram app. Then, nav¬≠i¬≠gate to your pro¬≠file page, select the three bars in the top right, choose ‚ÄúSet¬≠tings‚ÄĚ and then click ‚ÄúHelp‚ÄĚ. Now, you will be redi¬≠rected to the company‚Äôs web¬≠site, where you must click on ‚ÄúMan¬≠ag¬≠ing Your Account‚ÄĚ and then ‚ÄúDelete Your Account‚ÄĚ.

When you delete your account com¬≠pletely, Insta¬≠gram deletes posts such as your pho¬≠tos and sta¬≠tus updates. Any infor¬≠ma¬≠tion other peo¬≠ple shared about you are not a part of your account and do there¬≠fore not get deleted.

As men¬≠tioned before, Insta¬≠gram pri¬≠mar¬≠ily stores your data via cook¬≠ies. You can man¬≠age, deac¬≠ti¬≠vate or delete these cook¬≠ies in your browser. Depend¬≠ing on your browser, man¬≠ag¬≠ing them varies a bit. We will show you the instruc¬≠tions of the most rel¬≠e¬≠vant browsers here.

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

Gen¬≠er¬≠ally, you can set your browser to notify you when¬≠ever a cookie is about to be set. Then you can indi¬≠vid¬≠u¬≠ally decide upon the per¬≠mis¬≠sion of every cookie.

Legal basis

If you have con¬≠sented to the pro¬≠cess¬≠ing and stor¬≠age of your data by inte¬≠grated social media ele¬≠ments, this con¬≠sent is the legal basis for data pro¬≠cess¬≠ing (Art. 6 para. 1 lit. a GDPR) . Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 para. 1 lit. f GDPR) to main¬≠tain fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. We only use the inte¬≠grated social media ele¬≠ments if you have given your con¬≠sent. Most social media plat¬≠forms also place cook¬≠ies in your browser to store data. We there¬≠fore rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy about cook¬≠ies care¬≠fully and to take a look at the pri¬≠vacy pol¬≠icy or the cookie pol¬≠icy of the respec¬≠tive ser¬≠vice provider.

Insta­gram and Face­book also process data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fer to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

As a basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fers there, Face¬≠book uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Face¬≠book to com¬≠ply with the EU‚Äôs level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have tried to give you the most impor­tant infor­ma­tion about data pro­cess­ing by Insta­gram. On https://help.instagram.com/519522125107875

you can take a closer look at Instagram‚Äôs data guidelines.

LinkedIn Pri­vacy Policy

LinkedIn Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: opti¬≠mi¬≠sa¬≠tion of our ser¬≠vice
ūüďď Processed data: includes data on user behav¬≠iour, infor¬≠ma¬≠tion about your device and IP address.
More details can be found in the pri­vacy pol­icy below.
ūüďÖ Stor¬≠age period: the data is gen¬≠er¬≠ally deleted within 30 days
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is LinkedIn?

On our web¬≠site we use social plu¬≠g¬≠ins from the social media net¬≠work LinkedIn, of the LinkedIn Cor¬≠po¬≠ra¬≠tion, 2029 Stier¬≠lin Court, Moun¬≠tain View, CA 94043, USA. Social plu¬≠g¬≠ins can be feeds, con¬≠tent shar¬≠ing or a link to our LinkedIn page. Social plu¬≠g¬≠ins are clearly marked with the well-known LinkedIn logo and for exam¬≠ple allow shar¬≠ing inter¬≠est¬≠ing con¬≠tent directly via our web¬≠site. More¬≠over, LinkedIn Ire¬≠land Unlim¬≠ited Com¬≠pany Wilton Place in Dublin is respon¬≠si¬≠ble for data pro¬≠cess¬≠ing in the Euro¬≠pean Eco¬≠nomic Area and Switzerland.

By embed­ding these plu­g­ins, data can be sent to, as well as stored and processed by LinkedIn. In this pri­vacy pol­icy we want to inform you what data this is, how the net­work uses this data and how you can man­age or pre­vent data retention.

LinkedIn is the largest social net¬≠work for busi¬≠ness con¬≠tacts. In con¬≠trast to e.g. Face¬≠book, LinkedIn focuses exclu¬≠sively on estab¬≠lish¬≠ing busi¬≠ness con¬≠nec¬≠tions. There¬≠fore, com¬≠pa¬≠nies can present ser¬≠vices and prod¬≠ucts on the plat¬≠form and estab¬≠lish busi¬≠ness rela¬≠tion¬≠ships. Many peo¬≠ple also use LinkedIn to find a job or to find suit¬≠able employ¬≠ees for their own com¬≠pany. In Ger¬≠many alone, the net¬≠work has over 11 mil¬≠lion mem¬≠bers. In Aus¬≠tria there are about 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. You just can¬≠not keep up with fol¬≠low¬≠ing every sin¬≠gle social media chan¬≠nel. Even if it would really be worth it, as it is with our chan¬≠nels, since we keep post¬≠ing inter¬≠est¬≠ing news and arti¬≠cles worth spread¬≠ing. There¬≠fore, on our web¬≠site we have cre¬≠ated the oppor¬≠tu¬≠nity to share inter¬≠est¬≠ing con¬≠tent directly on LinkedIn, or to refer directly to our LinkedIn page. We con¬≠sider built-in social plu¬≠g¬≠ins as an extended ser¬≠vice on our web¬≠site. The data LinkedIn col¬≠lects also help us to dis¬≠play poten¬≠tial adver¬≠tis¬≠ing mea¬≠sures only to peo¬≠ple who are inter¬≠ested in our offer.

What data are stored by LinkedIn?

LinkedIn stores no per¬≠sonal data due to the mere inte¬≠gra¬≠tion of social plu¬≠g¬≠ins. LinkedIn calls the data gen¬≠er¬≠ated by plu¬≠g¬≠ins pas¬≠sive impres¬≠sions. How¬≠ever, if you click on a social plu¬≠gin to e.g. share our con¬≠tent, the plat¬≠form stores per¬≠sonal data as so-called ‚Äúactive impres¬≠sions‚ÄĚ. This hap¬≠pens regard¬≠less of whether you have a LinkedIn account or not. If you are logged in, the col¬≠lected data will be assigned to your account.

When you inter¬≠act with our plu¬≠g¬≠ins, your browser estab¬≠lishes a direct con¬≠nec¬≠tion to LinkedIn‚Äôs servers. Through that, the com¬≠pany logs var¬≠i¬≠ous usage data. These may include your IP address, login data, device infor¬≠ma¬≠tion or infor¬≠ma¬≠tion about your inter¬≠net or cel¬≠lu¬≠lar provider. If you use LinkedIn ser¬≠vices via your smart¬≠phone, your loca¬≠tion may also be iden¬≠ti¬≠fied (after you have given per¬≠mis¬≠sion). More¬≠over, LinkedIn can share these data with third-party adver¬≠tis¬≠ers in ‚Äúhashed‚ÄĚ form. Hash¬≠ing means that a data set is trans¬≠formed into a char¬≠ac¬≠ter string. This allows data to be encrypted, which pre¬≠vents per¬≠sons from get¬≠ting identified.

Most data on of your user behav­iour is stored in cook­ies. These are small text files that usu­ally get placed in your browser. Fur­ther­more, LinkedIn can also use web bea­cons, pixel tags, dis­play tags and other device recognitions.

Var¬≠i¬≠ous tests also show which cook¬≠ies are set when a user inter¬≠acts with a social plug-in. We do not claim for the infor¬≠ma¬≠tion we found to be exhaus¬≠tive, as it only serves as an exam¬≠ple. The fol¬≠low¬≠ing cook¬≠ies were set with¬≠out being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16311826578-
Pur¬≠pose: This cookie is a so-called ‚Äúbrowser ID cookie‚ÄĚ and stores your iden¬≠ti¬≠fi¬≠ca¬≠tion num¬≠ber (ID).
Expiry date: after 2 years

Name: lang
Value: v=2&lang=en-gb
Pur­pose:This cookie saves your default or pre­ferred lan­guage.
Expiry date: after end of session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G311826578…
Pur­pose:This cookie is used for rout­ing. Rout­ing records how you found your way to LinkedIn and how you nav­i­gate through the web­site.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Pur­pose:No fur­ther infor­ma­tion could be found about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:3118265782900777718326218137
Pur¬≠pose: This is a ses¬≠sion cookie that LinkedIn uses to main¬≠tain anony¬≠mous user ses¬≠sions through the server.
Expiry date: after end of session

Name: bscookie
Value: “v=1&201910230812…
Pur¬≠pose: This cookie is a secu¬≠rity cookie. LinkedIn describes it as a secure browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Pur­pose: We could not find any fur­ther infor­ma­tion about this cookie.
Expiry date: after 7 days

Note: LinkedIn also works with third par¬≠ties. That is why we iden¬≠ti¬≠fied the Google Ana¬≠lyt¬≠ics cook¬≠ies _ga and _gat in our test.

How long and where are the data stored?

In gen¬≠eral, LinkedIn retains your per¬≠sonal data for as long as the com¬≠pany con¬≠sid¬≠ers it nec¬≠es¬≠sary for pro¬≠vid¬≠ing its ser¬≠vices. How¬≠ever, LinkedIn deletes your per¬≠sonal data when you delete your account. In some excep¬≠tional cases, LinkedIn keeps some sum¬≠marised and anonymised data, even account dele¬≠tions. As soon as you delete your account, it may take up to a day until other peo¬≠ple can no longer see your data. LinkedIn gen¬≠er¬≠ally deletes the data within 30 days. How¬≠ever, LinkedIn retains data if it is nec¬≠es¬≠sary for legal rea¬≠sons. Also, data that can no longer be assigned to any per¬≠son remains stored even after the account is closed. The data are stored on var¬≠i¬≠ous servers in Amer¬≠ica and pre¬≠sum¬≠ably also in Europe.

How can I delete my data or pre¬≠vent data retention?

You have the right to access and delete your per¬≠sonal data at any time. In your LinkedIn account you can man¬≠age, change and delete your data. More¬≠over, you can request a copy of your per¬≠sonal data from LinkedIn.

How to access account data in your LinkedIn profile:

In LinkedIn, click on your pro¬≠file icon and select the ‚ÄúSet¬≠tings & Pri¬≠vacy‚ÄĚ sec¬≠tion. Now click on ‚ÄúPri¬≠vacy‚ÄĚ and then on the sec¬≠tion ‚ÄúHow LinkedIn uses your data on‚ÄĚ. Then, click ‚ÄúChange‚ÄĚ in the row with ‚ÄúMan¬≠age your data and activ¬≠ity‚ÄĚ. There you can instantly view selected data on your web activ¬≠ity and your account history.

In your browser you also have the option of pre¬≠vent¬≠ing data pro¬≠cess¬≠ing by LinkedIn. As men¬≠tioned above, LinkedIn stores most data via cook¬≠ies that are placed in your browser. You can man¬≠age, deac¬≠ti¬≠vate or delete these cook¬≠ies. Depend¬≠ing on which browser you have, these set¬≠tings work a lit¬≠tle dif¬≠fer¬≠ent. You can find the instruc¬≠tions for the most com¬≠mon browsers here:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

You can gen¬≠er¬≠ally set your browser to always notify you when a cookie is about to be set. Then you can always decide indi¬≠vid¬≠u¬≠ally whether you want to allow the cookie or not.

Legal basis

If you have con¬≠sented to the pro¬≠cess¬≠ing and stor¬≠age of your data by inte¬≠grated social media ele¬≠ments, your con¬≠sent is the legal basis for data pro¬≠cess¬≠ing (Art. 6 para. 1 lit. a GDPR). Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 para. 1 lit. f GDPR) to main¬≠tain fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. We only use the inte¬≠grated social media ele¬≠ments if you have given your con¬≠sent. Most social media plat¬≠forms also place cook¬≠ies in your browser to store data. We there¬≠fore rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy about cook¬≠ies care¬≠fully and take a look at the pri¬≠vacy pol¬≠icy or the cookie pol¬≠icy of the respec¬≠tive ser¬≠vice provider.

LinkedIn also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

LinkedIn uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as the basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way, and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graph 2 and 3 of the GDPR). These clauses oblige LinkedIn to com¬≠ply with the EU‚Äôs level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have tried to pro­vide you with the most impor­tant infor­ma­tion about data pro­cess­ing by LinkedIn. On https://www.linkedin.com/legal/privacy-policy you can find out more on data pro­cess­ing by the social media net­work LinkedIn.

Pin­ter­est Pri­vacy Policy

Pin­ter­est Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: data such as data on user behav¬≠iour, device infor¬≠ma¬≠tion, IP address and search terms.
You can find more details in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age period: until Pin¬≠ter¬≠est no longer needs the data for its pur¬≠poses
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Pinterest?

On our web­site we use but­tons and wid­gets by the social media net­work Pin­ter­est, of the com­pany Pin­ter­est Inc., 808 Bran­nan Street, San Fran­cisco, CA 94103, USA. For the Euro­pean area, the entity respon­si­ble for all aspects of pri­vacy is the Irish com­pany Pin­ter­est Europe Ltd. (Palmer­ston House, 2nd Floor, Fen­ian Street, Dublin 2, Ireland).

Pin¬≠ter¬≠est is a social net¬≠work that spe¬≠cialises in graphic rep¬≠re¬≠sen¬≠ta¬≠tions and pho¬≠tographs. Its name is made up of the two words ‚Äúpin‚ÄĚ and ‚Äúinter¬≠est‚ÄĚ. Users can exchange ideas about var¬≠i¬≠ous hob¬≠bies and inter¬≠ests via Pin¬≠ter¬≠est and view pro¬≠files with pic¬≠tures openly or in defined groups.

Why do we use Pinterest?

The social media plat¬≠form Pin¬≠ter¬≠est has been around for a few years now and is still one of the most vis¬≠ited and val¬≠ued plat¬≠forms. Pin¬≠ter¬≠est is par¬≠tic¬≠u¬≠larly suit¬≠able for our indus¬≠try because the plat¬≠form is pri¬≠mar¬≠ily known for beau¬≠ti¬≠ful and inter¬≠est¬≠ing images. That is why we are of course also rep¬≠re¬≠sented on Pin¬≠ter¬≠est and want to put our con¬≠tent in the lime¬≠light in places other than our web¬≠site. The col¬≠lected data may also be used for adver¬≠tis¬≠ing pur¬≠poses, so we can show adver¬≠tis¬≠ing mes¬≠sages to pre¬≠cisely those peo¬≠ple who are inter¬≠ested in our ser¬≠vices or products.

Which data are processed by Pinterest?

Pin­ter­est may store so-called log data. This includes infor­ma­tion about your browser, IP address, our web­site address and the your activ­i­ties on it (e.g. when you click the save or pin but­ton), along with your search his­tory, the date and time of the request as well as cookie and device data. If you inter­act with an embed­ded Pin­ter­est func­tion, cook­ies that store var­i­ous data may also be set in your browser. Most of the above-men­tioned log data, as well as pre­set lan­guage set­tings and click­stream data are stored in cook­ies. Pin­ter­est con­sid­ers click­stream data as infor­ma­tion about your web­site behaviour.

If you have a Pin¬≠ter¬≠est account your¬≠self and are logged in, the data col¬≠lected via our site may be linked to your account and used for adver¬≠tis¬≠ing pur¬≠poses. If you inter¬≠act with our inte¬≠grated Pin¬≠ter¬≠est func¬≠tions, you will usu¬≠ally be redi¬≠rected to the Pin¬≠ter¬≠est page. Below you will see an exem¬≠plary selec¬≠tion of cook¬≠ies that can then be placed in your browser.

Name: _auth
Value: 0
Pur¬≠pose: The cookie is used for authen¬≠ti¬≠ca¬≠tion. A value such as your ‚Äúuser¬≠name‚ÄĚ can be stored in it, for example.

Expiry date: after one year

Name: _pinterest_referrer
Value: 1
Pur­pose: This cookie stores the infor­ma­tion that you came to Pin­ter­est via our web­site. Thus, the URL of our web­site is retained.
Expiry date: after the ses¬≠sion ends

Name: _pinterest_sess
Value: … 9HRHZvVE0rQlUxdG89
Pur­pose: This cookie is used to log into Pin­ter­est and it con­tains user IDs, authen­ti­ca­tion tokens and time stamps.

Expiry date: after one year

Name: _routing_id
Value: ‚Äú8d850ddd-4fb8-499c-961c-77e¬≠fae9d4065 311826578 -8‚ÄĚ
Pur¬≠pose: This cookie con¬≠tains an assigned value that is used to iden¬≠tify a spe¬≠cific rout¬≠ing destination.

Expiry date: after one day

Name: cm_sub
Value: denied
Pur­pose: This cookie stores user IDs and time stamps.

Expiry date: after one year

Name: csrfto­ken
Value: 9e49145c82a93d34fd933b0fd8446165 311826578-1
Pur­pose: This cookie is most cer­tainly placed for secu­rity rea­sons in order to pre­vent fal­si­fied inquiries. How­ever, we could not find more pre­cise information.

Expiry date: after one year

Name: ses­sion­Fun­nelEvent­Logged
Value: 1
Pur­pose: We have not yet been able to find out more infor­ma­tion about this cookie.

Expiry date: after one day

How long and where are the data retained?

Pin¬≠ter¬≠est basi¬≠cally stores the col¬≠lected data until it is no longer needed for the company‚Äôs pur¬≠poses. As soon as the stor¬≠age of this data is no longer nec¬≠es¬≠sary, e.g. for the com¬≠pli¬≠ance with legal reg¬≠u¬≠la¬≠tions, the data is either erased or anonymised so you can no longer be iden¬≠ti¬≠fied as a per¬≠son. The data may also be stored on Amer¬≠i¬≠can servers.

Right to object

You also have the right and the option to revoke your con­sent to the use of cook­ies or third-party providers such as Pin­ter­est at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can for exam­ple also pre­vent data reten­tion by cook­ies by man­ag­ing, deac­ti­vat­ing or eras­ing cook­ies in your browser.

Since cook¬≠ies can be used with embed¬≠ded Pin¬≠ter¬≠est ele¬≠ments, we also rec¬≠om¬≠mend you to read our gen¬≠eral pri¬≠vacy pol¬≠icy on cook¬≠ies. To find out which of your data are stored and processed, you should read the pri¬≠vacy poli¬≠cies of the respec¬≠tive tools.

Legal basis

If you have con¬≠sented to the pro¬≠cess¬≠ing and stor¬≠age of you data by inte¬≠grated social media ele¬≠ments, this con¬≠sent is the legal basis for data pro¬≠cess¬≠ing (Art. 6 para. 1 lit. a GDPR). Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 para. 1 lit. f GDPR) in main¬≠tain¬≠ing fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. Nev¬≠er¬≠the¬≠less, we only use the tool if you have given your con¬≠sent to it. Most social media plat¬≠forms also place cook¬≠ies in your browser to store data. We there¬≠fore rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy on cook¬≠ies care¬≠fully and to take a look at the pri¬≠vacy pol¬≠icy or the cookie pol¬≠icy of the respec¬≠tive ser¬≠vice provider.

Pin­ter­est also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Pin¬≠ter¬≠est uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Pin¬≠ter¬≠est to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could pro­vide you with the most impor­tant infor­ma­tion about data pro­cess­ing by Pin­ter­est. You can find out more about Pinterest’s pri­vacy guide­lines at https://policy.pinterest.com/en-gb/privacy-policy.

Audio & Video

Audio & Video Pri¬≠vacy Pol¬≠icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: Data such as con¬≠tact details, user behav¬≠iour, device infor¬≠ma¬≠tion and IP addresses can be stored.
You can find more details in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age period: data are retained for as long as nec¬≠es¬≠sary for the pro¬≠vi¬≠sion of the ser¬≠vice
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What are audio and video elements?

We have inte­grated audio and video ele­ments to our web­site. There­fore, you can watch videos or lis­ten to music/podcasts directly via our web­site. This con­tent is deliv­ered by ser­vice providers and is obtained from the respec­tive providers’ servers.

Audio and video ele­ments are inte­grated func­tional ele­ments of plat­forms such as YouTube, Vimeo or Spo­tify. It is usu­ally free of charge to use these por­tals, but they can also con­tain paid con­tent. With the inte­grated ele­ments, you can lis­ten to or view any of their con­tent on our website.

If you use audio or video ele­ments on our web­site, your per­sonal data may get trans­mit­ted to as well as processed and retained by ser­vice providers.

Why do we use audio & video ele¬≠ments on our website?

We of course want to pro¬≠vide you with the best offer on our web¬≠site. And we are aware that con¬≠tent is no longer just con¬≠veyed in text and sta¬≠tic images. Instead of just giv¬≠ing you a link to a video, we offer you audio and video for¬≠mats directly on our web¬≠site. These are enter¬≠tain¬≠ing or infor¬≠ma¬≠tive, but ide¬≠ally they are both. Our ser¬≠vice there¬≠fore gets expanded and it gets eas¬≠ier for you to access inter¬≠est¬≠ing con¬≠tent. In addi¬≠tion to our texts and images, we thus also offer video and/or audio content.

Which data are retained by audio & video elements?

When you visit a page on our web¬≠site with e.g. an embed¬≠ded video, your server con¬≠nects to the ser¬≠vice provider‚Äôs server. Thus, your data will also be trans¬≠ferred to the third-party provider, where it will be stored. Cer¬≠tain data is col¬≠lected and stored regard¬≠less of whether you have an account with the third party provider or not. This usu¬≠ally includes your IP address, browser type, oper¬≠at¬≠ing sys¬≠tem and other gen¬≠eral infor¬≠ma¬≠tion about your device. Most providers also col¬≠lect infor¬≠ma¬≠tion on your web activ¬≠ity. This e.g. includes the ses¬≠sion dura¬≠tion, bounce rate, the but¬≠tons you clicked or infor¬≠ma¬≠tion about the web¬≠site you are using the ser¬≠vice on. This data is mostly stored via cook¬≠ies or pixel tags (also known as web bea¬≠cons). Any data that is pseu¬≠do¬≠nymised usu¬≠ally gets stored in your browser via cook¬≠ies. In the respec¬≠tive provider‚Äôs Pri¬≠vacy Pol¬≠icy, you can always find more infor¬≠ma¬≠tion on the data that is stored and processed.

Dura­tion of data processing

You can find out exactly how long the data is stored on the third-party provider‚Äôs servers either in a lower point of the respec¬≠tive tool‚Äôs Pri¬≠vacy Pol¬≠icy or in the provider‚Äôs Pri¬≠vacy Pol¬≠icy. Gen¬≠er¬≠ally, per¬≠sonal data is only processed for as long as is absolutely nec¬≠es¬≠sary for the pro¬≠vi¬≠sion of our ser¬≠vices or prod¬≠ucts. This usu¬≠ally also applies to third-party providers. In most cases, you can assume that cer¬≠tain data will be stored on third-party providers‚Äô servers for sev¬≠eral years. Data can be retained for dif¬≠fer¬≠ent amounts of time, espe¬≠cially when stored in cook¬≠ies. Some cook¬≠ies are deleted after you leave a web¬≠site, while oth¬≠ers may be stored in your browser for a few years.

Right to object

You also retain the right and the option to revoke your con­sent to the use of cook­ies or third-party providers at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can e.g. also pre­vent data reten­tion via cook­ies by man­ag­ing, deac­ti­vat­ing or eras­ing cook­ies in your browser. The legal­ity of the pro­cess­ing up to the point of revo­ca­tion remains unaffected.

Since the inte­grated audio and video func­tions on our site usu­ally also use cook­ies, we rec­om­mend you to also read our gen­eral Pri­vacy Pol­icy on cook­ies. You can find out more about the han­dling and stor­age of your data in the Pri­vacy Poli­cies of the respec­tive third party providers.

Legal basis 

If you have con¬≠sented to the pro¬≠cess¬≠ing and stor¬≠age of your data by inte¬≠grated audio and video ele¬≠ments, your con¬≠sent is con¬≠sid¬≠ered the legal basis for data pro¬≠cess¬≠ing (Art. 6 Para. 1 lit. a GDPR). Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 Para. 1 lit. f GDPR) in main¬≠tain¬≠ing fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. We only use the inte¬≠grated audio and video ele¬≠ments if you have con¬≠sented to it.

Spo­tify Pri­vacy Policy

On our web¬≠site we use Spo¬≠tify, which is a tool for music and pod¬≠casts. The provider of this ser¬≠vice is the Swedish com¬≠pany Spo¬≠tify AB, Regerings¬≠gatan 19, SE-111 53 Stock¬≠holm, Swe¬≠den. You can find out more about the data that is processed by Spo¬≠tify in their Pri¬≠vacy Pol¬≠icy at https://www.spotify.com/uk/legal/privacy-policy/.

YouTube Pri­vacy Policy

YouTube Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: opti¬≠mis¬≠ing our ser¬≠vice
ūüďď Processed data: Data such as con¬≠tact details, data on user behav¬≠iour, infor¬≠ma¬≠tion about your device and IP address may be stored.
You can find more details on this in the pri­vacy pol­icy below.
ūüďÖ Stor¬≠age period: data are gen¬≠er¬≠ally stored for as long as is nec¬≠es¬≠sary for the pur¬≠pose of the ser¬≠vice
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is YouTube?

We have inte¬≠grated YouTube videos to our web¬≠site. There¬≠fore, we can show you inter¬≠est¬≠ing videos directly on our site. YouTube is a video por¬≠tal, which has been a sub¬≠sidiary com¬≠pany of Google LLC since 2006. The video por¬≠tal is oper¬≠ated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our web¬≠site that con¬≠tains an embed¬≠ded YouTube video, your browser auto¬≠mat¬≠i¬≠cally con¬≠nects to the servers of YouTube or Google. Thereby, cer¬≠tain data are trans¬≠ferred (depend¬≠ing on the set¬≠tings). Google is respon¬≠si¬≠ble for YouTube‚Äôs data pro¬≠cess¬≠ing and there¬≠fore Google‚Äôs data pro¬≠tec¬≠tion applies.

In the fol¬≠low¬≠ing we will explain in more detail which data is processed, why we have inte¬≠grated YouTube videos and how you can man¬≠age or clear your data.

On YouTube, users can watch, rate, com¬≠ment or upload videos for free. Over the past few years, YouTube has become one of the most impor¬≠tant social media chan¬≠nels world¬≠wide. For us to be able to dis¬≠play videos on our web¬≠site, YouTube pro¬≠vides a code snip¬≠pet that we have inte¬≠grated to our website.

Why do we use YouTube videos on our website?

YouTube is the video plat­form with the most vis­i­tors and best con­tent. We strive to offer you the best pos­si­ble user expe­ri­ence on our web­site, which of course includes inter­est­ing videos. With the help of our embed­ded videos, we can pro­vide you other help­ful con­tent in addi­tion to our texts and images. Addi­tion­ally, embed­ded videos make it eas­ier for our web­site to be found on the Google search engine. More­over, if we place ads via Google Ads, Google only shows these ads to peo­ple who are inter­ested in our offers, thanks to the col­lected data.

What data is stored by YouTube?

As soon as you visit one of our pages with an inte­grated YouTube, YouTube places at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, by using cook­ies YouTube can usu­ally asso­ciate your inter­ac­tions on our web­site with your pro­file. This includes data such as ses­sion dura­tion, bounce rate, approx­i­mate loca­tion, tech­ni­cal infor­ma­tion such as browser type, screen res­o­lu­tion or your Inter­net provider. Addi­tional data can include con­tact details, poten­tial rat­ings, shared con­tent via social media or YouTube videos you added to your favourites.

If you are not logged in to a Google or YouTube account, Google stores data with a unique iden¬≠ti¬≠fier linked to your device, browser or app. Thereby, e.g. your pre¬≠ferred lan¬≠guage set¬≠ting is main¬≠tained. How¬≠ever, many inter¬≠ac¬≠tion data can¬≠not be saved since less cook¬≠ies are set.

In the fol¬≠low¬≠ing list we show you cook¬≠ies that were placed in the browser dur¬≠ing a test. On the one hand, we show cook¬≠ies that were set with¬≠out being logged into a YouTube account. On the other hand, we show you what cook¬≠ies were placed while being logged in. We do not claim for this list to be exhaus¬≠tive, as user data always depend on how you inter¬≠act with YouTube.

Name: YSC
Value: b9-CV6o­jI5Y311826578-1
Pur¬≠pose: This cookie reg¬≠is¬≠ters a unique ID to store sta¬≠tis¬≠tics of the video that was viewed.
Expiry date: after end of session

Name: PREF
Value: f1=50000000
Pur­pose: This cookie also reg­is­ters your unique ID. Google receives sta­tis­tics via PREF on how you use YouTube videos on our web­site.
Expiry date: after 8 months

Name: GPS
Value: 1
Pur­pose: This cookie reg­is­ters your unique ID on mobile devices to track GPS loca­tions.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Pur­pose: This cookie tries to esti­mate the user’s inter­net band­with on our sites (that have built-in YouTube videos).
Expiry date: after 8 months

Fur­ther cook­ies that are placed when you are logged into your YouTube account:

Name: APISID
Value: zIL­lv­ClZSkqGsS­wI/AU1aZ­I6HY7311826578-
Pur¬≠pose: This cookie is used to cre¬≠ate a pro¬≠file on your inter¬≠ests. This data is then used for per¬≠son¬≠alised adver¬≠tise¬≠ments.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Pur¬≠pose: The cookie stores the sta¬≠tus of a user‚Äôs con¬≠sent to the use of var¬≠i¬≠ous Google ser¬≠vices. CONSENT also pro¬≠vides safety mea¬≠sures to pro¬≠tect users from unau¬≠tho¬≠rised attacks.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Pur¬≠pose: This cookie is used to cre¬≠ate a pro¬≠file on your inter¬≠ests. This data helps to dis¬≠play cus¬≠tomised ads.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Pur­pose: This cookie stores infor­ma­tion on your login data.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJu­uF5/AnUd­DUIsJ9i­Jz2vdM
Pur¬≠pose: This cookie iden¬≠ti¬≠fies your browser and device. It is used to cre¬≠ate a pro¬≠file on your inter¬≠ests.
Expiry date: after 2 years

Name: SID
Value: oQfNK­jAsI311826578-
Pur¬≠pose: This cookie stores your Google Account ID and your last login time, in a dig¬≠i¬≠tally signed and encrypted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Pur­pose: This cookie stores infor­ma­tion on how you use the web­site and on what adver­tise­ments you may have seen before vis­it­ing our web­site.
Expiry date: after 3 months

How long and where is the data stored?

The data YouTube receive and process on you are stored on Google’s servers. Most of these servers are in Amer­ica. At https://www.google.com/about/datacenters/inside/locations/?hl=en you can see where Google’s data cen­tres are located. Your data is dis­trib­uted across the servers. There­fore, the data can be retrieved quicker and is bet­ter pro­tected against manipulation.

Google stores col¬≠lected data for dif¬≠fer¬≠ent peri¬≠ods of time. You can delete some data any¬≠time, while other data are auto¬≠mat¬≠i¬≠cally deleted after a cer¬≠tain time, and still other data are stored by Google for a long time. Some data (such as ele¬≠ments on ‚ÄúMy activ¬≠ity‚ÄĚ, pho¬≠tos, doc¬≠u¬≠ments or prod¬≠ucts) that are saved in your Google account are stored until you delete them. More¬≠over, you can delete some data asso¬≠ci¬≠ated with your device, browser, or app, even if you are not signed into a Google Account.

How can I erase my data or pre¬≠vent data retention?

Gen¬≠er¬≠ally, you can delete data man¬≠u¬≠ally in your Google account. Fur¬≠ther¬≠more, in 2019 an auto¬≠matic dele¬≠tion of loca¬≠tion and activ¬≠ity data was intro¬≠duced. Depend¬≠ing on what you decide on, it deletes stored infor¬≠ma¬≠tion either after 3 or 18 months.

Regard¬≠less of whether you have a Google account or not, you can set your browser to delete or deac¬≠ti¬≠vate cook¬≠ies placed by Google. These set¬≠tings vary depend¬≠ing on the browser you use. The fol¬≠low¬≠ing instruc¬≠tions will show how to man¬≠age cook¬≠ies in your browser:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

If you gen¬≠er¬≠ally do not want to allow any cook¬≠ies, you can set your browser to always notify you when a cookie is about to be set. This will enable you to decide to either allow or per¬≠mit each indi¬≠vid¬≠ual cookie.

Legal basis

If you have con¬≠sented pro¬≠cess¬≠ing and stor¬≠age of your data by inte¬≠grated YouTube ele¬≠ments, this con¬≠sent is the legal basis for data pro¬≠cess¬≠ing (Art. 6 para. 1 lit. a GDPR). Gen¬≠er¬≠ally, your data is also stored and processed on the basis of our legit¬≠i¬≠mate inter¬≠est (Art. 6 para. 1 lit. f GDPR) to main¬≠tain fast and good com¬≠mu¬≠ni¬≠ca¬≠tion with you or other cus¬≠tomers and busi¬≠ness part¬≠ners. Nev¬≠er¬≠the¬≠less, we only use inte¬≠grated YouTube ele¬≠ments if you have given your con¬≠sent. YouTube also sets cook¬≠ies in your browser to store data. We there¬≠fore rec¬≠om¬≠mend you to read our pri¬≠vacy pol¬≠icy on cook¬≠ies care¬≠fully and to take a look at the pri¬≠vacy pol¬≠icy or the cookie pol¬≠icy of the respec¬≠tive ser¬≠vice provider.

YouTube also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of the data processing.

YouTube uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion (= Art. 46, para¬≠graphs 2 and 3 of the GDPR) as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (which are out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein and Nor¬≠way) or for data trans¬≠fer there. These clauses oblige YouTube to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

Since YouTube is a sub¬≠sidiary com¬≠pany of Google, Google‚Äôs pri¬≠vacy state¬≠ment applies to both. If you want to learn more about how your data is han¬≠dled, we rec¬≠om¬≠mend the pri¬≠vacy pol¬≠icy at https://policies.google.com/privacy?hl=en.

YouTube Sub­scribe But­ton Pri­vacy Policy

We have inte¬≠grated the YouTube sub¬≠scribe but¬≠ton to our web¬≠site, which you can recog¬≠nise by the clas¬≠sic YouTube logo. The logo shows the words ‚ÄúSub¬≠scribe‚ÄĚ or ‚ÄúYouTube‚ÄĚ in white let¬≠ters against a red back¬≠ground, with a white ‚ÄúPlay‚ÄĚ sym¬≠bol on the left. The but¬≠ton may also be dis¬≠played in a dif¬≠fer¬≠ent design.

Our YouTube chan¬≠nel con¬≠sis¬≠tently offers you funny, inter¬≠est¬≠ing or excit¬≠ing videos. With the built-in ‚ÄúSub¬≠scribe‚ÄĚ but¬≠ton you can sub¬≠scribe to our chan¬≠nel directly via our web¬≠site and do not need to go to YouTube‚Äôs web¬≠site for it. With this fea¬≠ture, we want to make it as easy as pos¬≠si¬≠ble for you to access our com¬≠pre¬≠hen¬≠sive con¬≠tent. Please note that YouTube may save and process your data.

If you see a built-in sub¬≠scrip¬≠tion but¬≠ton on our page, YouTube sets at least one cookie, accord¬≠ing to Google. This cookie stores your IP address and our URL. It also allows YouTube to receive infor¬≠ma¬≠tion about your browser, your approx¬≠i¬≠mate loca¬≠tion and your default lan¬≠guage. In our test the fol¬≠low¬≠ing four cook¬≠ies were placed, with¬≠out us being logged into YouTube:

Name: YSC
Value: b9-CV6o­jI5311826578Y
Pur¬≠pose: This cookie reg¬≠is¬≠ters a unique ID, which stores sta¬≠tis¬≠tics of the viewed video.
Expiry date: after end of session

Name: PREF
Value: f1=50000000
Pur­pose:This cookie also reg­is­ters your unique ID. Google uses PREF to get sta­tis­tics on how you inter­act with YouTube videos on our web­site.
Expiry date: after 8 months

Name: GPS
Value: 1
Pur­pose:This cookie reg­is­ters your unique ID on mobile devices to track your GPS loca­tion.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 31182657895Chz8bagyU
Pur­pose: This cookie tries to esti­mate the user’s inter­net band­with on our web­site (that con­tain built-in YouTube video).
Expiry date: after 8 months

Note: These cook¬≠ies were set after a test, thus we do not claim for the list to be exhaustive.

If you are logged into your YouTube account, YouTube may store many of the actions and inter¬≠ac¬≠tions you make on our web¬≠site via cook¬≠ies, to then assign them to your YouTube account. This gives YouTube infor¬≠ma¬≠tion on e.g. how long you have been brows¬≠ing our web¬≠site, which browser type you use, which screen res¬≠o¬≠lu¬≠tion you pre¬≠fer or what actions you take.

On the one hand, YouTube uses this data to improve its own ser­vices and offers, and on the other hand to pro­vide analy­ses and sta­tis­tics for adver­tis­ers (who use Google Ads).

Google Fonts Pri­vacy Policy

Google Fonts Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: data such as IP address, CSS and font requests
You can find more details on this in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age period: Google stores font files for one year
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What are Google Fonts?

On our web­site we use Google Fonts, by the com­pany Google Inc. (1600 Amphithe­atre Park­way Moun­tain View, CA 94043, USA).

To use Google Fonts, you must log in and set up a pass¬≠word. Fur¬≠ther¬≠more, no cook¬≠ies will be saved in your browser. The data (CSS, Fonts) will be requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. Accord¬≠ing to Google, all requests for CSS and fonts are fully sep¬≠a¬≠rated from any other Google ser¬≠vices. If you have a Google account, you do not need to worry that your Google account details are trans¬≠mit¬≠ted to Google while you use Google Fonts. Google records the use of CSS (Cas¬≠cad¬≠ing Style Sheets) as well as the utilised fonts and stores these data securely. We will have a detailed look at how exactly the data stor¬≠age works.

Google Fonts (pre¬≠vi¬≠ously Google Web Fonts) is a direc¬≠tory with over 800 fonts that Google pro¬≠vides its users free of charge.

Many of these fonts have been pub­lished under the SIL Open Font License license, while oth­ers have been pub­lished under the Apache license. Both are free soft­ware licenses.

Why do we use Google Fonts on our website?

With Google Fonts we can use dif­fer­ent fonts on our web­site and do not have to upload them to our own server. Google Fonts is an impor­tant ele­ment which helps to keep the qual­ity of our web­site high. All Google fonts are auto­mat­i­cally opti­mised for the web, which saves data vol­ume and is an advan­tage espe­cially for the use of mobile ter­mi­nal devices. When you use our web­site, the low data size pro­vides fast load­ing times. More­over, Google Fonts are secure Web Fonts. Var­i­ous image syn­the­sis sys­tems (ren­der­ing) can lead to errors in dif­fer­ent browsers, oper­at­ing sys­tems and mobile ter­mi­nal devices. These errors could opti­cally dis­tort parts of texts or entire web­sites. Due to the fast Con­tent Deliv­ery Net­work (CDN) there are no cross-plat­form issues with Google Fonts. All com­mon browsers (Google Chrome, Mozilla Fire­fox, Apple Safari, Opera) are sup­ported by Google Fonts, and it reli­ably oper­ates on most mod­ern mobile oper­at­ing sys­tems, includ­ing Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for pre­sent­ing our entire online ser­vice as pleas­antly and as uni­formly as possible.

Which data is stored by Google?

When¬≠ever you visit our web¬≠site, the fonts are reloaded by a Google server. Through this exter¬≠nal cue, data gets trans¬≠ferred to Google‚Äôs servers. There¬≠fore, this makes Google recog¬≠nise that you (or your IP-address) is vis¬≠it¬≠ing our web¬≠site. The Google Fonts API was devel¬≠oped to reduce the usage, stor¬≠age and gath¬≠er¬≠ing of end user data to the min¬≠i¬≠mum needed for the proper depic¬≠tion of fonts. What is more, API stands for ‚ÄěAppli¬≠ca¬≠tion Pro¬≠gram¬≠ming Inter¬≠face‚Äú and works as a soft¬≠ware data intermediary.

Google Fonts stores CSS and font requests safely with Google, and there¬≠fore it is pro¬≠tected. Using its col¬≠lected usage fig¬≠ures, Google can deter¬≠mine how pop¬≠u¬≠lar the indi¬≠vid¬≠ual fonts are. Google pub¬≠lishes the results on inter¬≠nal analy¬≠sis pages, such as Google Ana¬≠lyt¬≠ics. More¬≠over, Google also utilises data of ist own web crawler, in order to deter¬≠mine which web¬≠sites are using Google fonts. This data is pub¬≠lished in Google Fonts‚Äô Big¬≠Query data¬≠base. Enter¬≠pre¬≠neurs and devel¬≠op¬≠ers use Google‚Äôs web¬≠ser¬≠vice Big¬≠Query to be able to inspect and move big vol¬≠umes of data.

One more thing that should be con­sid­ered, is that every request for Google Fonts auto­mat­i­cally trans­mits infor­ma­tion such as lan­guage pref­er­ences, IP address, browser ver­sion, as well as the browser’s screen res­o­lu­tion and name to Google’s servers. It can­not be clearly iden­ti­fied if this data is saved, as Google has not directly declared it.

How long and where is the data stored?

Google saves requests for CSS assets for one day in a tag on their servers, which are pri¬≠mar¬≠ily located out¬≠side of the EU. This makes it pos¬≠si¬≠ble for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a web¬≠site can get changed swiftly and easily.

Any font related data is stored with Google for one year. This is because Google’s aim is to fun­da­men­tally boost web­sites’ load­ing times. With mil­lions of web­sites refer­ring to the same fonts, they are buffered after the first visit and instantly reap­pear on any other web­sites that are vis­ited there­after. Some­times Google updates font files to either reduce the data sizes, increase the lan­guage cov­er­age or to improve the design.

How can I erase my data or pre¬≠vent it being stored?

The data Google stores for either a day or a year can¬≠not be deleted eas¬≠ily. Upon open¬≠ing the page this data is auto¬≠mat¬≠i¬≠cally trans¬≠mit¬≠ted to Google. In order to clear the data ahead of time, you have to con¬≠tact Google‚Äôs sup¬≠port at https://support.google.com/?hl=en-GB&tid=311826578. The only way for you to pre¬≠vent the reten¬≠tion of your data is by not vis¬≠it¬≠ing our website.

Unlike other web fonts, Google offers us unre¬≠stricted access to all its fonts. Thus, we have a vast sea of font types at our dis¬≠posal, which helps us to get the most out of our web¬≠site. You can find out more answers and infor¬≠ma¬≠tion on Google Fonts at https://developers.google.com/fonts/faq?tid=311826578. While Google does address rel¬≠e¬≠vant ele¬≠ments on data pro¬≠tec¬≠tion at this link, it does not con¬≠tain any detailed infor¬≠ma¬≠tion on data reten¬≠tion.
It proofs rather dif­fi­cult to receive any pre­cise infor­ma­tion on stored data by Google.

Legal basis

If you have con¬≠sented to the use of Google Fonts, your con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 Para¬≠graph 1 lit. a GDPR (Con¬≠sent) your con¬≠sent is the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data, as can occur when it is processed by Google Fonts.

We also have a legit¬≠i¬≠mate inter¬≠est in using Google Font to opti¬≠mise our online ser¬≠vice. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use Google Font if you have given your con¬≠sent to it.

Google also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Google uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Google to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find more infor­ma­tion on which data is gen­er­ally retained by Google and what this data is used at https://policies.google.com/privacy?hl=en-GB.

Google reCAPTCHA Pri­vacy Policy

Google reCAPTCHA Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: Ser¬≠vice opti¬≠mi¬≠sa¬≠tion and pro¬≠tec¬≠tion against cyber attacks
ūüďď Processed data: data such as IP address, browser infor¬≠ma¬≠tion, oper¬≠at¬≠ing sys¬≠tem, lim¬≠ited loca¬≠tion and usage data
You can find more details on this in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age dura¬≠tion: depend¬≠ing on the retained data
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is reCAPTCHA?

Our pri¬≠mary goal is to pro¬≠vide you an expe¬≠ri¬≠ence on our web¬≠site that is as secure and pro¬≠tected as pos¬≠si¬≠ble. To do this, we use Google reCAPTCHA from Google Inc. (1600 Amphithe¬≠ater Park¬≠way Moun¬≠tain View, CA 94043, USA). With reCAPTCHA we can deter¬≠mine whether you are a real per¬≠son from flesh and bones, and not a robot or a spam soft¬≠ware. By spam we mean any elec¬≠tron¬≠i¬≠cally unde¬≠sir¬≠able infor¬≠ma¬≠tion we receive invol¬≠un¬≠tar¬≠ily. Clas¬≠sic CAPTCHAS usu¬≠ally needed you to solve text or pic¬≠ture puz¬≠zles to check. But thanks to Google‚Äôs reCAPTCHA you usu¬≠ally do have to do such puz¬≠zles. Most of the times it is enough to sim¬≠ply tick a box and con¬≠firm you are not a bot. With the new Invis¬≠i¬≠ble reCAPTCHA ver¬≠sion you don‚Äôt even have to tick a box. In this pri¬≠vacy pol¬≠icy you will find out how exactly this works, and what data is used for it.

reCAPTCHA is a free captcha ser¬≠vice from Google that pro¬≠tects web¬≠sites from spam soft¬≠ware and mis¬≠use by non-human vis¬≠i¬≠tors. This ser¬≠vice is used the most when you fill out forms on the Inter¬≠net. A captcha ser¬≠vice is a type of auto¬≠matic Tur¬≠ing-test that is designed to ensure spe¬≠cific actions on the Inter¬≠net are done by human beings and not bots. Dur¬≠ing the clas¬≠sic Tur¬≠ing-test (named after com¬≠puter sci¬≠en¬≠tist Alan Tur¬≠ing), a per¬≠son dif¬≠fer¬≠en¬≠ti¬≠ates between bot and human. With Captchas, a com¬≠puter or soft¬≠ware pro¬≠gram does the same. Clas¬≠sic captchas func¬≠tion with small tasks that are easy to solve for humans but pro¬≠vide con¬≠sid¬≠er¬≠able dif¬≠fi¬≠cul¬≠ties to machines. With reCAPTCHA, you no longer must actively solve puz¬≠zles. The tool uses mod¬≠ern risk tech¬≠niques to dis¬≠tin¬≠guish peo¬≠ple from bots. The only thing you must do there, is to tick the text field ‚ÄúI am not a robot‚ÄĚ. How¬≠ever, with Invis¬≠i¬≠ble reCAPTCHA even that is no longer nec¬≠es¬≠sary. reCAPTCHA, inte¬≠grates a JavaScript ele¬≠ment into the source text, after which the tool then runs in the back¬≠ground and analy¬≠ses your user behav¬≠iour. The soft¬≠ware cal¬≠cu¬≠lates a so-called captcha score from your user actions. Google uses this score to cal¬≠cu¬≠late the like¬≠li¬≠hood of you being a human, before enter¬≠ing the captcha. reCAPTCHA and Captchas in gen¬≠eral are used every time bots could manip¬≠u¬≠late or mis¬≠use cer¬≠tain actions (such as reg¬≠is¬≠tra¬≠tions, sur¬≠veys, etc.).

Why do we use reCAPTCHA on our website?

We only want to wel¬≠come peo¬≠ple from flesh and bones on our side and want bots or spam soft¬≠ware of all kinds to stay away. There¬≠fore, we are doing every¬≠thing we can to stay pro¬≠tected and to offer you the high¬≠est pos¬≠si¬≠ble user friend¬≠li¬≠ness. For this rea¬≠son, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a ‚Äúbot-free‚ÄĚ web¬≠site. Using reCAPTCHA, data is trans¬≠mit¬≠ted to Google to deter¬≠mine whether you gen¬≠uinely are human. reCAPTCHA thus ensures our website‚Äôs and sub¬≠se¬≠quently your secu¬≠rity. With¬≠out reCAPTCHA it could e.g. hap¬≠pen that a bot would reg¬≠is¬≠ter as many email addresses as pos¬≠si¬≠ble when reg¬≠is¬≠ter¬≠ing, in order to sub¬≠se¬≠quently ‚Äúspam‚ÄĚ forums or blogs with unwanted adver¬≠tis¬≠ing con¬≠tent. With reCAPTCHA we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA col¬≠lects per¬≠sonal user data to deter¬≠mine whether the actions on our web¬≠site are made by peo¬≠ple. Thus, IP addresses and other data Google needs for its reCAPTCHA ser¬≠vice, may be sent to Google. Within mem¬≠ber states of the Euro¬≠pean Eco¬≠nomic Area, IP addresses are almost always com¬≠pressed before the data makes its way to a server in the USA. More¬≠over, your IP address will not be com¬≠bined with any other of Google‚Äôs data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algo¬≠rithm checks whether Google cook¬≠ies from other Google ser¬≠vices (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an addi¬≠tional cookie in your browser and takes a snap¬≠shot of your browser window.

The fol­low­ing list of col­lected browser and user data is not exhaus­tive. Rather, it pro­vides exam­ples of data, which to our knowl­edge, is processed by Google.

  • Refer¬≠rer URL (the address of the page the vis¬≠i¬≠tor has come from)
  • IP-address (z.B. 256.123.123.1)
  • Infor¬≠ma¬≠tion on the oper¬≠at¬≠ing sys¬≠tem (the soft¬≠ware that enables the oper¬≠a¬≠tion of your com¬≠put¬≠ers. Pop¬≠u¬≠lar oper¬≠at¬≠ing sys¬≠tems are Win¬≠dows, Mac OS X or Linux)
  • Cook¬≠ies (small text files that save data in your browser)
  • Mouse and key¬≠board behav¬≠iour (every action you take with your mouse or key¬≠board is stored)
  • Date and lan¬≠guage set¬≠tings (the lan¬≠guage and date you have set on your PC is saved)
  • All Javascript objects (JavaScript is a pro¬≠gram¬≠ming lan¬≠guage that allows web¬≠sites to adapt to the user. JavaScript objects can col¬≠lect all kinds of data under one name)
  • Screen res¬≠o¬≠lu¬≠tion (shows how many pix¬≠els the image dis¬≠play con¬≠sists of)

Google may use and analyse this data even before you click on the ‚ÄúI am not a robot‚ÄĚ check¬≠mark. In the Invis¬≠i¬≠ble reCAPTCHA ver¬≠sion, there is no need to even tick at all, as the entire recog¬≠ni¬≠tion process runs in the back¬≠ground. More¬≠over, Google have not given details on what infor¬≠ma¬≠tion and how much data they retain.

The fol­low­ing cook­ies are used by reCAPTCHA: With the fol­low­ing list we are refer­ring to Google’s reCAPTCHA demo ver­sion at https://www.google.com/recaptcha/api2/demo.
For track¬≠ing pur¬≠poses, all these cook¬≠ies require a unique iden¬≠ti¬≠fier. Here is a list of cook¬≠ies that Google reCAPTCHA has set in the demo version:

Name: IDE
Value: WqTUml­n­mv_qXy­i_DGN­PLESKn­RN­rpgX­oy1K-pAZ­tAkMbHI-311826578-8
Pur¬≠pose: This cookie is set by Dou¬≠bleClick (which is owned by Google) to reg¬≠is¬≠ter and report a user‚Äôs inter¬≠ac¬≠tions with adver¬≠tise¬≠ments. With it, ad effec¬≠tive¬≠ness can be mea¬≠sured, and appro¬≠pri¬≠ate opti¬≠mi¬≠sa¬≠tion mea¬≠sures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Pur¬≠pose: This cookie col¬≠lects web¬≠site usage sta¬≠tis¬≠tics and mea¬≠sures con¬≠ver¬≠sions. A con¬≠ver¬≠sion e.g. takes place, when a user becomes a buyer. The cookie is also used to dis¬≠play rel¬≠e¬≠vant adverts to users. Fur¬≠ther¬≠more, the cookie can pre¬≠vent a user from see¬≠ing the same ad more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa3118265780xgZFmiqWppRWKOr
Pur¬≠pose: We could not find out much about this cookie. In Google‚Äôs pri¬≠vacy state¬≠ment, the cookie is men¬≠tioned in con¬≠nec¬≠tion with ‚Äúadver¬≠tis¬≠ing cook¬≠ies‚ÄĚ such as ‚ÄúDSID‚ÄĚ, ‚ÄúFLC‚ÄĚ, ‚ÄúAID‚ÄĚ and ‚ÄúTAID‚ÄĚ. ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Pur¬≠pose: This cookie stores the sta¬≠tus of a user‚Äôs con¬≠sent to the use of var¬≠i¬≠ous Google ser¬≠vices. CONSENT also serves to pre¬≠vent fraud¬≠u¬≠lent logins and to pro¬≠tect user data from unau¬≠tho¬≠rised attacks.
Expiry date: after 19 years

Name: NID
Value: 0WmuWqy311826578zILzqV_nmt3sDXwPeM5Q
Pur¬≠pose: Google uses NID to cus¬≠tomise adver¬≠tise¬≠ments to your Google searches. With the help of cook¬≠ies, Google ‚Äúremem¬≠bers‚ÄĚ your most fre¬≠quently entered search queries or your pre¬≠vi¬≠ous ad inter¬≠ac¬≠tions. Thus, you always receive adver¬≠tise¬≠ments tai¬≠lored to you. The cookie con¬≠tains a unique ID to col¬≠lect users‚Äô per¬≠sonal set¬≠tings for adver¬≠tis¬≠ing pur¬≠poses.
Expiry date: after 6 months

Name: DV
Value: gEAAB­BCjJMX­cI0d­SAAAAN­bqc311826578-4
Pur¬≠pose: This cookie is set when you tick the ‚ÄúI am not a robot‚ÄĚ check¬≠mark. Google Ana¬≠lyt¬≠ics uses the cookie per¬≠son¬≠alised adver¬≠tis¬≠ing. DV col¬≠lects anony¬≠mous infor¬≠ma¬≠tion and is also used to dis¬≠tinct between users.
Expiry date: after 10 minutes

Note: We do not claim for this list to be exten­sive, as Google often change the choice of their cookies.

How long and where are the data stored?

Due to the inte¬≠gra¬≠tion of reCAPTCHA, your data will be trans¬≠ferred to the Google server. Google have not dis¬≠closed where exactly this data is stored, despite repeated inquiries. But even with¬≠out con¬≠fir¬≠ma¬≠tion from Google, it can be assumed that data such as mouse inter¬≠ac¬≠tion, length of stay on a web¬≠site or lan¬≠guage set¬≠tings are stored on the Euro¬≠pean or Amer¬≠i¬≠can Google servers. The IP address that your browser trans¬≠mits to Google does gen¬≠er¬≠ally not get merged with other Google data from the company‚Äôs other ser¬≠vices.
How¬≠ever, the data will be merged if you are logged in to your Google account while using the reCAPTCHA plug-in. Google‚Äôs diverg¬≠ing pri¬≠vacy pol¬≠icy applies for this.

How can I erase my data or pre¬≠vent data retention?

If you want to pre­vent any data about you and your behav­iour to be trans­mit­ted to Google, you must fully log out of Google and delete all Google cook­ies before vis­it­ing our web­site or use the reCAPTCHA soft­ware. Gen­er­ally, the data is auto­mat­i­cally sent to Google as soon as you visit our web­site. To delete this data, you must con­tact Google Sup­port at https://support.google.com/?hl=en-GB&tid=311826578.

If you use our web¬≠site, you agree that Google LLC and its rep¬≠re¬≠sen¬≠ta¬≠tives auto¬≠mat¬≠i¬≠cally col¬≠lect, edit and use data.

Please note that when using this tool, your data can also be stored and processed out­side the EU. Most third coun­tries (includ­ing the USA) are not con­sid­ered secure under cur­rent Euro­pean data pro­tec­tion law. Data to inse­cure third coun­tries must not sim­ply be trans­ferred to, stored and processed there unless there are suit­able guar­an­tees (such as EU’s Stan­dard Con­trac­tual Clauses) between us and the non-Euro­pean ser­vice provider.

Legal basis

If you have con¬≠sented to the use of Google reCAPTCHA, your con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 Para¬≠graph 1 lit. a GDPR (con¬≠sent) your con¬≠sent is the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data, as can occur when processed by Google reCAPTCHA.

We also have a legit¬≠i¬≠mate inter¬≠est in using Google reCAPTCHA to opti¬≠mise our online ser¬≠vice and make it more secure. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use Google reCAPTCHA if you have given your con¬≠sent to it.

Google also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Google uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Google to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find out a lit¬≠tle more about reCAPTCHA on Google‚Äôs web devel¬≠oper page at https://developers.google.com/recaptcha/. Google goes into the tech¬≠ni¬≠cal devel¬≠op¬≠ment of the reCAPTCHA in more detail here, but you will look in vain for detailed infor¬≠ma¬≠tion about data stor¬≠age and data pro¬≠tec¬≠tion issues. A good overview of the basic use of data by Google can be found in the in-house data pro¬≠tec¬≠tion dec¬≠la¬≠ra¬≠tion at https://policies.google.com/privacy?hl=en-GB.

WooCom­merce Pri­vacy Policy

WooCom­merce Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice opti¬≠mi¬≠sa¬≠tion
ūüďď Processed data: data such as IP address, browser infor¬≠ma¬≠tion, pre¬≠set lan¬≠guage set¬≠tings as well as date and time of web access
You can find more details on this in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age period: Server log files, tech¬≠ni¬≠cal data and IP addresses will be erased after about 30 days
‚öĖÔłŹ Legal bases: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is WooCommerce?

We have inte¬≠grated the open-source shop sys¬≠tem WooCom¬≠merce to our web¬≠site as a plu¬≠gin. This WooCom¬≠merce plu¬≠gin is based on the con¬≠tent man¬≠age¬≠ment sys¬≠tem Word¬≠Press, which is a sub¬≠sidiary com¬≠pany of Automat¬≠tic Inc. (60 29th Street #343, San Fran¬≠cisco, CA 94110, USA). Through the imple¬≠mented func¬≠tions, data are stored and sent to Automat¬≠tic Inc where they are processed. In this pri¬≠vacy pol¬≠icy we want to inform you on what data this is, how the net¬≠work uses this data and how you can man¬≠age or pre¬≠vent data retention.

WooCom¬≠merce is an online shop sys¬≠tem that has been part of the Word¬≠Press direc¬≠tory since 2011 and was spe¬≠cially devel¬≠oped for Word¬≠Press web¬≠sites. It is a cus¬≠tomis¬≠able, open source eCom¬≠merce plat¬≠form that is based on Word¬≠Press. It has been inte¬≠grated into our web¬≠site as a Word¬≠Press plugin.

Why do we use WooCom­merce on our website?

We use this prac¬≠ti¬≠cal online shop sys¬≠tem, to be able to offer you our phys¬≠i¬≠cal or dig¬≠i¬≠tal prod¬≠ucts or ser¬≠vices in the best pos¬≠si¬≠ble way on our web¬≠site. The aim is to give you easy and easy access to our offer, so that you can quickly and eas¬≠ily nav¬≠i¬≠gate to the prod¬≠ucts you want. With WooCom¬≠merce we have found a good plu¬≠gin that meets our require¬≠ments for an online shop.

What data is stored by WooCommerce?

Infor¬≠ma¬≠tion that you actively enter to a text field in our online shop can be col¬≠lected and stored by WooCom¬≠merce or Automat¬≠tic. Hence, if you reg¬≠is¬≠ter with us or order a prod¬≠uct, Automat¬≠tic may col¬≠lect, process and save this data. In addi¬≠tion to email address, name or address, this can also be your credit card or billing infor¬≠ma¬≠tion. Sub¬≠se¬≠quently, Automat¬≠tic can also use this infor¬≠ma¬≠tion for their own mar¬≠ket¬≠ing campaigns.

There is also evi¬≠dence that Automat¬≠tic auto¬≠mat¬≠i¬≠cally col¬≠lects infor¬≠ma¬≠tion on you in so-called server log files:

  • IP-address
  • Browser infor¬≠ma¬≠tion
  • Pre-set lan¬≠guage settings
  • Date and time of the web access

More¬≠over, WooCom¬≠merce sets cook¬≠ies in your browser and uses tech¬≠nolo¬≠gies such as pixel tags (web bea¬≠cons), to for exam¬≠ple clearly iden¬≠tify you as a user and to be able to offer inter¬≠est-based adver¬≠tis¬≠ing. WooCom¬≠merce uses sev¬≠eral dif¬≠fer¬≠ent cook¬≠ies, which are placed depend¬≠ing on the user action. This means that if you for exam¬≠ple add a prod¬≠uct to the shop¬≠ping cart, a cookie is set so that the prod¬≠uct remains in the shop¬≠ping cart when you leave our web¬≠site and come back later.

Below we want to show you an exam­ple list of pos­si­ble cook­ies that may be set by WooCommerce:

Name: woocommerce_items_in_cart
Value: 1
Pur­pose: This cookie helps WooCom­merce to deter­mine when the con­tents of the shop­ping cart change.
Expiry date: after end of session

Name: woocommerce_cart_hash
Value: 447c84f810834056ab37cfe5ed27f204311826578-7
Pur­pose: This cookie is also used to recog­nise and save the changes in your shop­ping cart.
Expiry date: after end of session

Name: wp_woocommerce_session_d9e29d251cf8a108a6482d9fe2ef34b6
Value: 1146%7C%7C1589034207%7C%7C95f8053ce0cea135bbce671043e740311826578-4aa
Pur¬≠pose: This cookie con¬≠tains a unique iden¬≠ti¬≠fier for you to allow the shop¬≠ping cart data to be found in the data¬≠base.
Expiry date: after 2 days

How long and where is the data stored?

Unless there is a legal oblig¬≠a¬≠tion to keep data for a longer period, WooCom¬≠merce will delete your data if it is no longer needed for the pur¬≠poses it was saved for. Server log files for exam¬≠ple, the tech¬≠ni¬≠cal data for your browser and your IP address will be deleted after about 30 days. This is how long Automat¬≠tic use the data to analyse the traf¬≠fic on their own web¬≠sites (for exam¬≠ple all Word¬≠Press web¬≠sites) and to fix pos¬≠si¬≠ble prob¬≠lems. The data is stored on Automattic‚Äôs Amer¬≠i¬≠can servers.

How can I erase my data and pre¬≠vent data retention?

You have the right to access your per¬≠sonal data any¬≠time, as well as to object to it being used and processed. You can also lodge a com¬≠plaint with a state super¬≠vi¬≠sory author¬≠ity anytime.

You can also man¬≠age, delete or deac¬≠ti¬≠vate cook¬≠ies indi¬≠vid¬≠u¬≠ally in your browser. How¬≠ever, please note that deac¬≠ti¬≠vated or deleted cook¬≠ies may have a neg¬≠a¬≠tive impact on the func¬≠tions of our WooCom¬≠merce online shop. Depend¬≠ing on the browser you use, man¬≠ag¬≠ing cook¬≠ies dif¬≠fers slightly. Below you will find links to the instruc¬≠tions for the most com¬≠mon browsers:

Chrome: Clear, enable and man¬≠age cook¬≠ies in Chrome 

Safari: Man¬≠age cook¬≠ies and web¬≠site data in Safari 

Fire¬≠fox: Clear cook¬≠ies and site data in Firefox 

Inter¬≠net Explorer: Delete and man¬≠age cookies 

Microsoft Edge: Delete cook¬≠ies in Microsoft Edge 

Legal basis

If you have agreed to the use of WooCom¬≠merce, then your con¬≠sent the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para¬≠graph 1 lit. a (Con¬≠sent) your con¬≠sent is the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data, as can occur when it is col¬≠lected by WooCommerce.

We also have a legit¬≠i¬≠mate inter¬≠est in using WooCom¬≠merce to opti¬≠mise our online ser¬≠vice and to present our ser¬≠vice nicely for you. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use WooCom¬≠merce if you have given your con¬≠sent to it.

WooCom­merce also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

WooCom¬≠merce uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige WooCom¬≠merce to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find more details on WooCommerce’s Pri­vacy Pol­icy and on which data is retained as well as how at https://automattic.com/privacy/ and you can find more gen­eral infor­ma­tion about WooCom­merce at https://woocommerce.com/.

Cloud­flare Pri­vacy Policy

Cloud­flare Pri­vacy Pol­icy Overview

ūüĎ• Affected par¬≠ties: web¬≠site vis¬≠i¬≠tors
ūü§Ě Pur¬≠pose: ser¬≠vice per¬≠for¬≠mance opti¬≠mi¬≠sa¬≠tion (to accel¬≠er¬≠ate web¬≠site load¬≠ing times)
ūüďď Processed data: data such as IP address, con¬≠tact and pro¬≠to¬≠col infor¬≠ma¬≠tion, secu¬≠rity fin¬≠ger¬≠prints and web¬≠site per¬≠for¬≠mance data
You can find more details on this in the Pri­vacy Pol­icy below.
ūüďÖ Stor¬≠age dura¬≠tion: most of the data is stored for less than 24 hours
‚öĖÔłŹ Legal basis: Art. 6 para. 1 lit. a GDPR (con¬≠sent), Art. 6 para. 1 lit. f GDPR (legit¬≠i¬≠mate interests)

What is Cloudflare?

We use Cloud¬≠flare by the com¬≠pany Cloud¬≠flare, Inc. (101 Townsend St., San Fran¬≠cisco, CA 94107, USA) on our web¬≠site to enhance its speed and secu¬≠rity. For this, Cloud¬≠flare uses cook¬≠ies and processes user data. Cloud¬≠flare, Inc. is an Amer¬≠i¬≠can com¬≠pany that offers a con¬≠tent deliv¬≠ery net¬≠work and var¬≠i¬≠ous secu¬≠rity ser¬≠vices. These ser¬≠vices take place between the user and our host¬≠ing provider. In the fol¬≠low¬≠ing, we will try to explain in detail what all this means.

A con¬≠tent deliv¬≠ery net¬≠work (CDN), as pro¬≠vided by Cloud¬≠flare, is noth¬≠ing more than a net¬≠work of servers that are con¬≠nected to each other. Cloud¬≠flare has deployed servers around the world, which ensure web¬≠sites can appear on your screen faster. Sim¬≠ply put, Cloud¬≠flare makes copies of our web¬≠site and places them on its own servers. Thus, when you visit our web¬≠site, a load dis¬≠tri¬≠b¬≠u¬≠tion sys¬≠tem ensures that the main part of our web¬≠site is deliv¬≠ered by a server that can dis¬≠play our web¬≠site to you as quickly as pos¬≠si¬≠ble. The CDN sig¬≠nif¬≠i¬≠cantly short¬≠ens the route of the trans¬≠mit¬≠ted data to your browser. Thus, Cloud¬≠flare does not only deliver our website‚Äôs con¬≠tent from our host¬≠ing server, but from servers from all over the world. Cloud¬≠flare is par¬≠tic¬≠u¬≠larly help¬≠ful for users from abroad, since pages can be deliv¬≠ered from a nearby server. In addi¬≠tion to the fast deliv¬≠ery of web¬≠sites, Cloud¬≠flare also offers var¬≠i¬≠ous secu¬≠rity ser¬≠vices, such as DDoS pro¬≠tec¬≠tion, or the web appli¬≠ca¬≠tion firewall.

Why do we use Cloud­flare on our website?

Of course, we want our web¬≠site to offer you the best pos¬≠si¬≠ble ser¬≠vice. Cloud¬≠flare helps us make our web¬≠site faster and more secure. Cloud¬≠flare offers us web opti¬≠mi¬≠sa¬≠tions as well as secu¬≠rity ser¬≠vices such as DDoS pro¬≠tec¬≠tion and a web fire¬≠wall. More¬≠over, this includes a Reverse-Proxy and the con¬≠tent dis¬≠tri¬≠b¬≠u¬≠tion net¬≠work (CDN). Cloud¬≠flare blocks threats and lim¬≠its abu¬≠sive bots as well as crawlers that waste our band¬≠width and server resources. By stor¬≠ing our web¬≠site in local data cen¬≠tres and block¬≠ing spam soft¬≠ware, Cloud¬≠flare enables us to reduce our band¬≠width usage by about 60%. Fur¬≠ther¬≠more, the pro¬≠vi¬≠sion of con¬≠tent through a data cen¬≠tre near you and cer¬≠tain web opti¬≠miza¬≠tions car¬≠ried out there, cut the aver¬≠age load¬≠ing time of a web¬≠site in about half. Accord¬≠ing to Cloud¬≠flare, the set¬≠ting ‚ÄúI‚Äôm Under Attack Mode‚ÄĚ can be used to mit¬≠i¬≠gate fur¬≠ther attacks by dis¬≠play¬≠ing a JavaScript cal¬≠cu¬≠la¬≠tion task that must be solved before a user can access a web¬≠site. Over¬≠all, this makes our web¬≠site sig¬≠nif¬≠i¬≠cantly more pow¬≠er¬≠ful and less sus¬≠cep¬≠ti¬≠ble to spam or other attacks.

What data is stored by Cloudflare?

Cloud¬≠flare gen¬≠er¬≠ally only trans¬≠mits data that is con¬≠trolled by web¬≠site oper¬≠a¬≠tors. There¬≠fore, Cloud¬≠flare does not deter¬≠mine the con¬≠tent, but the web¬≠site oper¬≠a¬≠tor them¬≠selves does. Addi¬≠tion¬≠ally, Cloud¬≠flare may col¬≠lect cer¬≠tain infor¬≠ma¬≠tion about the use of our web¬≠site and may process data we send or data which Cloud¬≠flare has received cer¬≠tain instruc¬≠tions for. Mostly, Cloud¬≠flare receives data such as IP addresses, con¬≠tacts and pro¬≠to¬≠col infor¬≠ma¬≠tion, secu¬≠rity fin¬≠ger¬≠prints and web¬≠sites‚Äô per¬≠for¬≠mance data. Log data for exam¬≠ple helps Cloud¬≠flare iden¬≠tify new threats. That way, Cloud¬≠flare can ensure a high level of secu¬≠rity for our web¬≠site. As part of their ser¬≠vices, Cloud¬≠flare process this data in com¬≠pli¬≠ance with the applic¬≠a¬≠ble laws. Of course, this also includes the com¬≠pli¬≠ance with the Gen¬≠eral Data Pro¬≠tec¬≠tion Reg¬≠u¬≠la¬≠tion (GDPR).

Fur¬≠ther¬≠more, Cloud¬≠flare uses a cookie for secu¬≠rity rea¬≠sons. The cookie (__cfduid) is used to iden¬≠tify indi¬≠vid¬≠ual users behind a shared IP address, and to apply secu¬≠rity set¬≠tings for each indi¬≠vid¬≠ual user. The cookie is very use¬≠ful, if you e.g. use our web¬≠site from a restau¬≠rant where sev¬≠eral infected com¬≠put¬≠ers are located. How¬≠ever, if your com¬≠puter is trust¬≠wor¬≠thy, we can recog¬≠nise that with the cookie. Hence, you will be able to freely and care¬≠lessly surf our web¬≠site, despite the infected PCs in your area. Another point that is impor¬≠tant to know, is that this cookie does not store any per¬≠sonal data. The cookie is essen¬≠tial for Cloudflare‚Äôs secu¬≠rity func¬≠tions and can¬≠not be deactivated.

Cook­ies by Cloudflare

Name: __cfduid
Value: d798bf7d­f9c1ad5b7583eda5c­c5e78311826578-3
Pur­pose: Secu­rity set­tings for each indi­vid­ual vis­i­tor
Expiry date: after one year

Cloud¬≠flare also works with third party providers. They may how¬≠ever only process per¬≠sonal data after the instruc¬≠tion of Cloud¬≠flare and in accor¬≠dance with the data pro¬≠tec¬≠tion guide¬≠lines and other con¬≠fi¬≠den¬≠tial¬≠ity and secu¬≠rity mea¬≠sures. With¬≠out explicit con¬≠sent from us, Cloud¬≠flare will not pass on any per¬≠sonal data.

How long and where is the data stored?

Cloud¬≠flare stores your infor¬≠ma¬≠tion pri¬≠mar¬≠ily in the United States and the Euro¬≠pean Eco¬≠nomic Area. Cloud¬≠flare can trans¬≠fer and access the infor¬≠ma¬≠tion described above, from all over the world. In gen¬≠eral, Cloud¬≠flare stores domains‚Äô user-level data with the Free, Pro and Busi¬≠ness ver¬≠sions for less than 24 hours. For enter¬≠prise domains that have acti¬≠vated Cloud¬≠flare Logs (pre¬≠vi¬≠ously called Enter¬≠prise LogShare or ELS), data can be stored for up to 7 days. How¬≠ever, if IP addresses trig¬≠ger secu¬≠rity warn¬≠ings in Cloud¬≠flare, there may be excep¬≠tions to the stor¬≠age period men¬≠tioned above.

How can I erase my data or pre¬≠vent data retention?

Cloud¬≠flare only keeps data logs for as long as nec¬≠es¬≠sary and in most cases deletes the data within 24 hours. Cloud¬≠flare also does not store any per¬≠sonal data, such as your IP address. How¬≠ever, there is infor¬≠ma¬≠tion that Cloud¬≠flare store indef¬≠i¬≠nitely as part of their per¬≠ma¬≠nent logs. This is done to improve the over¬≠all per¬≠for¬≠mance of Cloud¬≠flare Resolver and to iden¬≠tify poten¬≠tial secu¬≠rity risks. You can find out exactly which per¬≠ma¬≠nent logs are saved at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data Cloud¬≠flare col¬≠lects (tem¬≠porar¬≠ily or per¬≠ma¬≠nently) is cleared of all per¬≠sonal data. Cloud¬≠flare also anonymise all per¬≠ma¬≠nent logs.

In their pri¬≠vacy pol¬≠icy, Cloud¬≠flare state that they are not respon¬≠si¬≠ble for the con¬≠tent you receive. For exam¬≠ple, if you ask Cloud¬≠flare whether you can update or delete con¬≠tent, Cloud¬≠flare will always refer to us as the web¬≠site oper¬≠a¬≠tor. You can also com¬≠pletely pre¬≠vent the col¬≠lec¬≠tion and pro¬≠cess¬≠ing of your data by Cloud¬≠flare, when you deac¬≠ti¬≠vate the exe¬≠cu¬≠tion of script-code in your browser, or if you inte¬≠grate a script blocker to your browser.

Legal basis

If you have con¬≠sented to the use of Cloud¬≠flare, your con¬≠sent is the legal basis for the cor¬≠re¬≠spond¬≠ing data pro¬≠cess¬≠ing. Accord¬≠ing to Art. 6 para¬≠graph 1 lit. a (Con¬≠sent) your con¬≠sent is the legal basis for the pro¬≠cess¬≠ing of per¬≠sonal data, as can occur when it is col¬≠lected by Cloudflare.

We also have a legit¬≠i¬≠mate inter¬≠est in using Cloud¬≠flare to opti¬≠mise our online ser¬≠vice and make it more secure. The cor¬≠re¬≠spond¬≠ing legal basis for this is Art. 6 para. 1 lit.f GDPR (legit¬≠i¬≠mate inter¬≠ests). Nev¬≠er¬≠the¬≠less, we only use Cloud¬≠flare if you have given your con¬≠sent to it.

Cloud­flare also processes data in the USA, among other coun­tries. We would like to note, that accord­ing to the Euro­pean Court of Jus­tice, there is cur­rently no ade­quate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with var­i­ous risks to the legal­ity and secu­rity of data processing.

Cloud¬≠flare uses stan¬≠dard con¬≠trac¬≠tual clauses approved by the EU Com¬≠mis¬≠sion as basis for data pro¬≠cess¬≠ing by recip¬≠i¬≠ents based in third coun¬≠tries (out¬≠side the Euro¬≠pean Union, Ice¬≠land, Liecht¬≠en¬≠stein, Nor¬≠way and espe¬≠cially in the USA) or data trans¬≠fer there (= Art. 46, para¬≠graphs 2 and 3 of the GDPR). These clauses oblige Cloud¬≠flare to com¬≠ply with the EU‚Äės level of data pro¬≠tec¬≠tion when pro¬≠cess¬≠ing rel¬≠e¬≠vant data out¬≠side the EU. These clauses are based on an imple¬≠ment¬≠ing order by the EU Com¬≠mis¬≠sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find more infor­ma­tion about data pro­tec­tion at Cloud­flare at https://www.cloudflare.com/en-gb/privacypolicy/.

All texts are copyrighted.

Source: Cre­ated with the Daten­schutz Gen­er­a­tor by AdSimple