Table of contents

Pri­vacy Policy

We have writ­ten this pri­vacy policy (ver­sion 09.09.2021-311826578) in order to explain to you, in accord­ance with the pro­vi­sions of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (EU) 2016/679 and applic­able national laws, which per­sonal data (data for short) we as the con­trol­ler – and the pro­cessors com­mis­sioned by us (e.g. pro­viders) – pro­cess, will pro­cess in the future and what legal options you have. The terms used are to be con­sidered as gender-neut­ral.
In short: We provide you with com­pre­hens­ive inform­a­tion about any per­sonal data we pro­cess about you.

Pri­vacy policies usu­ally sound very tech­nical and use legal ter­min­o­logy. How­ever, this pri­vacy policy is inten­ded to describe the most import­ant things to you as simply and trans­par­ently as pos­sible. So long as it aids trans­par­ency, tech­nical terms are explained in a reader-friendly man­ner, links to fur­ther inform­a­tion are provided and graph­ics are used. We are thus inform­ing in clear and simple lan­guage that we only pro­cess per­sonal data in the con­text of our busi­ness activ­it­ies if there is a legal basis for it. This is cer­tainly not pos­sible with brief, unclear and legal-tech­nical state­ments, as is often stand­ard on the Inter­net when it comes to data pro­tec­tion. I hope you find the fol­low­ing explan­a­tions inter­est­ing and inform­at­ive. Maybe you will also find some inform­a­tion that you have not been famil­iar with.
If you still have ques­tions, we would like to ask you to con­tact the respons­ible body named below or in the imprint, to fol­low the exist­ing links and to look at fur­ther inform­a­tion on third-party sites. You can of course also find our con­tact details in the imprint.

Scope

This pri­vacy policy applies to all per­sonal data pro­cessed by our com­pany and to all per­sonal data pro­cessed by com­pan­ies com­mis­sioned by us (pro­cessors). With the term per­sonal data, we refer to inform­a­tion within the mean­ing of Art­icle 4 No. 1 GDPR, such as the name, email address and postal address of a per­son. The pro­cessing of per­sonal data ensures that we can offer and invoice our ser­vices and products, be it online or off­line. The scope of this pri­vacy policy includes:

  • all online pres­ences (web­sites, online shops) that we operate
  • Social media pres­ences and email communication
  • mobile apps for smart­phones and other devices

In short: This pri­vacy policy applies to all areas in which per­sonal data is pro­cessed in a struc­tured man­ner by the com­pany via the chan­nels men­tioned. Should we enter into legal rela­tions with you out­side of these chan­nels, we will inform you sep­ar­ately if necessary.

Legal bases

In the fol­low­ing pri­vacy policy, we provide you with trans­par­ent inform­a­tion on the legal prin­ciples and reg­u­la­tions, i.e. the legal bases of the Gen­eral Data Pro­tec­tion Reg­u­la­tion, which enable us to pro­cess per­sonal data.
Whenever EU law is con­cerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access the Gen­eral Data Pro­tec­tion Reg­u­la­tion of the EU online at EUR-Lex, the gate­way to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.

We only pro­cess your data if at least one of the fol­low­ing con­di­tions applies:

  1. Con­sent (Art­icle 6 Para­graph 1 lit. a GDPR): You have given us your con­sent to pro­cess data for a spe­cific pur­pose. An example would be the stor­age of data you entered into a con­tact form.
  2. Con­tract (Art­icle 6 Para­graph 1 lit. b GDPR): We pro­cess your data in order to ful­fill a con­tract or pre-con­trac­tual oblig­a­tions with you. For example, if we con­clude a sales con­tract with you, we need per­sonal inform­a­tion in advance.
  3. Legal oblig­a­tion (Art­icle 6 Para­graph 1 lit. c GDPR): If we are sub­ject to a legal oblig­a­tion, we will pro­cess your data. For example, we are leg­ally required to keep invoices for our book­keep­ing. These usu­ally con­tain per­sonal data.
  4. Legit­im­ate interests (Art­icle 6 Para­graph 1 lit. f GDPR): In the case of legit­im­ate interests that do not restrict your basic rights, we reserve the right to pro­cess per­sonal data. For example, we have to pro­cess cer­tain data in order to be able to oper­ate our web­site securely and eco­nom­ic­ally. There­fore, the pro­cessing is a legit­im­ate interest.

Other con­di­tions such as mak­ing record­ings in the interest of the pub­lic, the exer­cise of offi­cial author­ity as well as the pro­tec­tion of vital interests do not usu­ally occur with us. Should such a legal basis be rel­ev­ant, it will be dis­closed in the appro­pri­ate place.

In addi­tion to the EU reg­u­la­tion, national laws also apply:

  • In Aus­tria this is the Aus­trian Data Pro­tec­tion Act (Datens­chutzge­setz), in short DSG.
  • In Ger­many this is the Fed­eral Data Pro­tec­tion Act (Bundes­datens­chutzge­setz), in short BDSG.

Should other regional or national laws apply, we will inform you about them in the fol­low­ing sections.

Con­tact details of the data pro­tec­tion controller

If you have any ques­tions about data pro­tec­tion, you will find the con­tact details of the respons­ible per­son or con­trol­ler below:
Vul­vani UG (haf­tungs­bes­chränkt)
Duls­berg-Süd 4
22049 Ham­burg
Author­ised to represent: 

Email: hello@vulvani.com

Phone: +49 40 52473445
Com­pany details: https://www.vulvani.com/impressum

Stor­age Period

It is a gen­eral cri­terion for us to store per­sonal data only for as long as is abso­lutely neces­sary for the pro­vi­sion of our ser­vices and products. This means that we delete per­sonal data as soon as any reason for the data pro­cessing no longer exists. In some cases, we are leg­ally obliged to keep cer­tain data stored even after the ori­ginal pur­pose no longer exists, such as for account­ing purposes.

If you want your data to be deleted or if you want to revoke your con­sent to data pro­cessing, the data will be deleted as soon as pos­sible, provided there is no oblig­a­tion to con­tinue its storage.

We will inform you below about the spe­cific dur­a­tion of the respect­ive data pro­cessing, provided we have fur­ther information.

Rights in accord­ance with the Gen­eral Data Pro­tec­tion Regulation

You are gran­ted the fol­low­ing rights in accord­ance with the pro­vi­sions of the GDPR (Gen­eral Data Pro­tec­tion Reg­u­la­tion) and the Aus­trian Data Pro­tec­tion Act (DSG):

  • right to rec­ti­fic­a­tion (art­icle 16 GDPR)
  • right to eras­ure (“right to be for­got­ten“) (art­icle 17 GDPR)
  • right to restrict pro­cessing (art­icle 18 GDPR)
  • righ to noti­fic­a­tion – noti­fic­a­tion oblig­a­tion regard­ing rec­ti­fic­a­tion or eras­ure of per­sonal data or restric­tion of pro­cessing (art­icle 19 GDPR)
  • right to data port­ab­il­ity (art­icle 20 GDPR)
  • Right to object (art­icle 21 GDPR)
  • right not to be sub­ject to a decision based solely on auto­mated pro­cessing – includ­ing pro­fil­ing – (art­icle 22 GDPR)

If you think that the pro­cessing of your data viol­ates the data pro­tec­tion law, or that your data pro­tec­tion rights have been infringed in any other way, you can lodge a com­plaint with your respect­ive reg­u­lat­ory author­ity. For Aus­tria this is the data pro­tec­tion author­ity, whose web­site you can access at https://www.data-protection-authority.gv.at/.

Ham­burg Data pro­tec­tion authority

State Com­mis­sioner for Data Pro­tec­tion: Prof. Dr. Johannes Cas­par
E-mail address: Lud­wig-Erhard-Str. 22 7.OG, 20459 Ham­burg
Phone num­ber: 040/428 54-40 40
E-mail address: mailbox@datenschutz.hamburg.de
Web­site:
https://datenschutz-hamburg.de/

Data trans­fer to third countries

We only trans­fer or pro­cess data to coun­tries out­side the EU (third coun­tries) if you con­sent to this pro­cessing, if this is required by law or if it is con­trac­tu­ally neces­sary. In any case, we gen­er­ally only do so to the per­mit­ted extent. In most cases, your con­sent is the most import­ant reason for data being pro­cessed in third coun­tries. When per­sonal data is being pro­cessed in third coun­tries such as the USA, where many soft­ware man­u­fac­tur­ers offer their ser­vices and have their serv­ers loc­ated, your per­sonal data may be pro­cessed and stored in unex­pec­ted ways.

We want to expressly point out, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fer to the USA. Data pro­cessing by US ser­vices (such as Google Ana­lyt­ics) may res­ult in data pro­cessing and reten­tion without the data hav­ing under­gone anonymisa­tion pro­cesses. Fur­ther­more, US gov­ern­ment author­it­ies may be able to access indi­vidual data. The col­lec­ted data may also get linked to data from other ser­vices of the same pro­vider, should you have a user account with the respect­ive pro­vider. We try to use server loc­a­tions within the EU, whenever this is offered and possible.

We will provide you with more details about data trans­fer to third coun­tries in the appro­pri­ate sec­tions of this pri­vacy policy, whenever applicable.

Secur­ity of data pro­cessing operations

In order to pro­tect per­sonal data, we have imple­men­ted both tech­nical and organ­isa­tional meas­ures. We encrypt or pseud­onymise per­sonal data wherever this is pos­sible. Thus, we make it as dif­fi­cult as we can for third parties to extract per­sonal inform­a­tion from our data.

Art­icle 25 of the GDPR refers to “data pro­tec­tion by tech­nical design and by data pro­tec­tion-friendly default” which means that both soft­ware (e.g. forms) and hard­ware (e.g. access to server rooms) appro­pri­ate safe­guards and secur­ity meas­ures shall always be placed. If applic­able, we will out­line the spe­cific meas­ures below.

TLS encryp­tion with https

The terms TLS, encryp­tion and https sound very tech­nical, which they are indeed. We use HTTPS (Hyper­text Trans­fer Pro­tocol Secure) to securely trans­fer data on the Inter­net.
This means that the entire trans­mis­sion of all data from your browser to our web server is secured – nobody can “listen in”.

We have thus intro­duced an addi­tional layer of secur­ity and meet pri­vacy require­ments through tech­no­logy design Art­icle 25 Sec­tion 1 GDPR). With the use of TLS (Trans­port Layer Secur­ity), which is an encryp­tion pro­tocol for safe data trans­fer on the inter­net, we can ensure the pro­tec­tion of con­fid­en­tial inform­a­tion.
You can recog­nise the use of this safe­guard­ing tool by the little lock-sym­bol , which is situ­ated in your browser’s top left corner in the left of the inter­net address (e.g. examplepage.uk), as well as by the dis­play of the let­ters https (instead of http) as a part of our web address.
If you want to know more about encryp­tion, we recom­mend you to do a Google search for “Hyper­text Trans­fer Pro­tocol Secure wiki” to find good links to fur­ther information.

Com­mu­nic­a­tions

Com­mu­nic­a­tions Overview

👥 Affected parties: Any­one who com­mu­nic­ates with us via phone, email or online form
📓 Pro­cessed data: e. g. tele­phone num­ber, name, email address or data entered in forms. You can find more details on this under the respect­ive form of con­tact
🤝 Pur­pose: hand­ling com­mu­nic­a­tion with cus­tom­ers, busi­ness part­ners, etc.
📅 Stor­age dur­a­tion: for the dur­a­tion of the busi­ness case and the legal require­ments
⚖️ Legal basis: Art­icle 6 (1) (a) GDPR (con­sent), Art­icle 6 (1) (b) GDPR (con­tract), Art­icle 6 (1) (f) GDPR (legit­im­ate interests)

If you con­tact us and com­mu­nic­ate with us via phone, email or online form, your per­sonal data may be processed.

The data will be pro­cessed for hand­ling and pro­cessing your request and for the related busi­ness trans­ac­tion. The data is stored for this period of time or for as long as is leg­ally required.

Affected per­sons

The above-men­tioned pro­cesses affect all those who seek con­tact with us via the com­mu­nic­a­tion chan­nels we provide.

Tele­phone

When you call us, the call data is stored in a pseud­onymised form on the respect­ive ter­minal device, as well as by the tele­com­mu­nic­a­tions pro­vider that is being used. In addi­tion, data such as your name and tele­phone num­ber may be sent via email and stored for answer­ing your inquir­ies. The data will be erased as soon as the busi­ness case has ended and the legal require­ments allow for its erasure.

Email

If you com­mu­nic­ate with us via email, your data is stored on the respect­ive ter­minal device (com­puter, laptop, smart­phone, …) as well as on the email server. The data will be deleted as soon as the busi­ness case has ended and the legal require­ments allow for its erasure.

Online forms

If you com­mu­nic­ate with us using an online form, your data is stored on our web server and, if neces­sary, for­war­ded to our email address. The data will be erased as soon as the busi­ness case has ended and the legal require­ments allow for its erasure.

Legal bases

Data pro­cessing is based on the fol­low­ing legal bases:

  • Art. 6 para. 1 lit. a GDPR (con­sent): You give us your con­sent to store your data and to con­tinue to use it for the pur­poses of the busi­ness case;
  • Art. 6 para. 1 lit. b GDPR (con­tract): For the per­form­ance of a con­tract with you or a pro­cessor such as a tele­phone pro­vider, or if we have to pro­cess the data for pre-con­trac­tual activ­it­ies, such as pre­par­ing an offer;
  • Art. 6 para. 1 lit. f GDPR (legit­im­ate interests): We want to con­duct our cus­tomer inquir­ies and busi­ness com­mu­nic­a­tion in a pro­fes­sional man­ner. Thus, cer­tain tech­nical facil­it­ies such email pro­grams, Exchange serv­ers and mobile net­work oper­at­ors are neces­sary to effi­ciently oper­ate our communications.

Cook­ies

Cook­ies Overview 

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: depend­ing on the respect­ive cookie. You can find out more details below or from the soft­ware man­u­fac­turer that sets the cookie.
📓 Pro­cessed data: Depend­ing on the cookie used. More details can be found below or from the man­u­fac­turer of the soft­ware that sets the cookie.
📅 Stor­age dur­a­tion: can vary from hours to years, depend­ing on the respect­ive cookie
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What are cookies?

Our web­site uses HTTP-cook­ies to store user-spe­cific data.
In the fol­low­ing we explain what cook­ies are and why they are used, so that you can bet­ter under­stand the fol­low­ing pri­vacy policy.

Whenever you surf the Inter­net, you are using a browser. Com­mon browsers are for example, Chrome, Safari, Fire­fox, Inter­net Explorer and Microsoft Edge. Most web­sites store small text-files in your browser. These files are called cookies.

It is import­ant to note that cook­ies are very use­ful little help­ers. Almost every web­site uses cook­ies. More pre­cisely, these are HTTP cook­ies, as there are also other cook­ies for other uses. HTTP cook­ies are small files that our web­site stores on your com­puter. These cookie files are auto­mat­ic­ally placed into the cookie-folder, which is the “brain” of your browser. A cookie con­sists of a name and a value. Moreover, to define a cookie, one or mul­tiple attrib­utes must be specified.

Cook­ies store cer­tain user data about you, such as lan­guage or per­sonal page set­tings. When you re-open our web­site to visit again, your browser sub­mits these “user-related” inform­a­tion back to our site. Thanks to cook­ies, our web­site knows who you are and offers you the set­tings you are famil­iar to. In some browsers, each cookie has its own file, while in oth­ers, such as Fire­fox, all cook­ies are stored in one single file.

The fol­low­ing graphic shows a pos­sible inter­ac­tion between a web browser such as Chrome and the web server. The web browser requests a web­site and receives a cookie back from the server. The browser then uses this again as soon as another page is requested.

HTTP cookie interaction between browser and web server

There are both first-party cook­ies and third-party cook­ies. First-party cook­ies are cre­ated dir­ectly by our site, while third-party cook­ies are cre­ated by part­ner-web­sites (e.g. Google Ana­lyt­ics). Each cookie must be eval­u­ated indi­vidu­ally, as each cookie stores dif­fer­ent data. The expiry time of a cookie also var­ies from a few minutes to a few years. Cook­ies are not soft­ware pro­grams and do not con­tain vir­uses, tro­jans or other mal­ware. Cook­ies also can­not access your PC’s information.

This is an example of how cookie-files can look:

Name: _ga
Value: GA1.2.1326744211.152311826578-9
Pur­pose: Dif­fer­en­ti­ation between web­site vis­it­ors
Expiry date: after 2 years

A browser should sup­port these min­imum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cook­ies per domain
  • At least 3000 cook­ies in total

Which types of cook­ies are there?

The exact cook­ies that we use, depend on the used ser­vices, which will be out­lined in the fol­low­ing sec­tions of this pri­vacy policy. Firstly, we will briefly focus on the dif­fer­ent types of HTTP-cookies.

There are 4 dif­fer­ent types of cookies:

Essen­tial cook­ies
These cook­ies are neces­sary to ensure the basic func­tions of a web­site. They are needed when a user for example puts a product into their shop­ping cart, then con­tin­ues surf­ing on dif­fer­ent web­sites and comes back later in order to pro­ceed to the check­out. These cook­ies ensure the shop­ping cart does not get deleted, even if the user closes their browser window.

Pur­pos­ive cook­ies
These cook­ies col­lect inform­a­tion about user beha­viour and whether the user receives any error mes­sages. Fur­ther­more, these cook­ies record the website’s load­ing time as well as its beha­viour in dif­fer­ent browsers.

Tar­get-ori­ent­ated cook­ies
These cook­ies ensure bet­ter user-friend­li­ness. Thus, inform­a­tion such as pre­vi­ously entered loc­a­tions, fonts sizes or data in forms stay stored.

Advert­ising cook­ies
These cook­ies are also known as tar­get­ing cook­ies. They serve the pur­pose of deliv­er­ing cus­tom­ised advert­ise­ments to the user. This can be very prac­tical, but also rather annoying.

Upon your first visit to a web­site you are usu­ally asked which of these cookie-types you want to accept. Fur­ther­more, this decision will of course also be stored in a cookie.

If you want to learn more about cook­ies and do not mind tech­nical doc­u­ment­a­tion, we recom­mend https://tools.ietf.org/html/rfc6265, the Request for Com­ments of the Inter­net Engin­eer­ing Task Force (IETF) called “HTTP State Man­age­ment Mechanism”.

Pur­pose of pro­cessing via cookies

The pur­pose ulti­mately depends on the respect­ive cookie. You can find out more details below or from the soft­ware man­u­fac­turer that sets the cookie.

Which data are processed?

Cook­ies are little help­ers for a wide vari­ety of tasks. Unfor­tu­nately, it is not pos­sible to tell which data is gen­er­ally stored in cook­ies, but in the pri­vacy policy below we will inform you on what data is pro­cessed or stored.

Stor­age period of cookies

The stor­age period depends on the respect­ive cookie and is fur­ther spe­cified below. Some cook­ies are erased after less than an hour, while oth­ers can remain on a com­puter for sev­eral years.

You can also influ­ence the stor­age dur­a­tion your­self. You can manu­ally erase all cook­ies at any time in your browser (also see “Right of objec­tion” below). Fur­ther­more, the latest instance cook­ies based on con­sent will be erased is after you with­draw your con­sent. The leg­al­ity of stor­age will remain unaf­fected until then.

Right of objec­tion – how can I erase cookies?

You can decide for your­self how and whether you want to use cook­ies. Regard­less of which ser­vice or web­site the cook­ies ori­gin­ate from, you always have the option of eras­ing, deac­tiv­at­ing or only par­tially accept­ing cook­ies. You can for example block third-party cook­ies but allow all other cookies.

If you want to find out which cook­ies have been stored in your browser, or if you want to change or erase cookie set­tings, you can find this option in your browser settings:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

If you gen­er­ally do not want cook­ies, you can set up your browser in a way to notify you whenever a cookie is about to be set. This gives you the oppor­tun­ity to manu­ally decide to either per­mit or deny the place­ment of every single cookie. This pro­ced­ure var­ies depend­ing on the browser. There­fore, it might be best for you to search for the instruc­tions in Google. If you are using Chrome, you could for example put the search term “delete cook­ies Chrome” or “deac­tiv­ate cook­ies Chrome” into Google.

Legal basis

The so-called “cookie dir­ect­ive” has exis­ted since 2009. It states that the stor­age of cook­ies requires your con­sent (Art­icle 6 Para­graph 1 lit. a GDPR). Within coun­tries of the EU, how­ever, the reac­tions to these guidelines still vary greatly. In Aus­tria, how­ever, this dir­ect­ive was imple­men­ted in Sec­tion 96 (3) of the Tele­com­mu­nic­a­tions Act (TKG). In Ger­many, the cookie guidelines have not been imple­men­ted as national law. Instead, this guideline was largely imple­men­ted in Sec­tion 15 (3) of the Tele­media Act (TMG).

For abso­lutely neces­sary cook­ies, even if no con­sent has been given, there are legit­im­ate interests (Art­icle 6 (1) (f) GDPR), which in most cases are of an eco­nomic nature. We want to offer our vis­it­ors a pleas­ant user exper­i­ence on our web­site. For this, cer­tain cook­ies often are abso­lutely necessary.

This is exclus­ively done with your con­sent, unless abso­lutely neces­sary cook­ies are used. The legal basis for this is Art­icle 6 (1) (a) of the GDPR.

In the fol­low­ing sec­tions you will find more detail on the use of cook­ies, provided the used soft­ware does use cookies.

Web host­ing

Web host­ing Overview

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: pro­fes­sional host­ing of the web­site and secur­ity of oper­a­tions
📓 Pro­cessed data: IP address, time of web­site visit, browser used and other data. You can find more details on this below or at the respect­ive web host­ing pro­vider.
📅 Stor­age period: depend­ent on the respect­ive pro­vider, but usu­ally 2 weeks
⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is web hosting?

Every time you visit a web­site nowadays, cer­tain inform­a­tion – includ­ing per­sonal data – is auto­mat­ic­ally cre­ated and stored, includ­ing on this web­site. This data should be pro­cessed as spar­ingly as pos­sible, and only with good reason. By web­site, we mean the entirety of all web­sites on your domain, i.e. everything from the homepage to the very last sub­page (like this one here). By domain we mean example.uk or examplepage.com.

When you want to view a web­site on a screen, you use a pro­gram called a web browser. You prob­ably know the names of some web browsers: Google Chrome, Microsoft Edge, Moz­illa Fire­fox, and Apple Safari.

The web browser has to con­nect to another com­puter which stores the website’s code: the web server. Oper­at­ing a web server is com­plic­ated and time-con­sum­ing, which is why this is usu­ally done by pro­fes­sional pro­viders. They offer web host­ing and thus ensure the reli­able and flaw­less stor­age of web­site data.

Whenever the browser on your com­puter estab­lishes a con­nec­tion (desktop, laptop, smart­phone) and whenever data is being trans­ferred to and from the web server, per­sonal data may be pro­cessed. After all, your com­puter stores data, and the web server also has to retain the data for a period of time in order to ensure it can oper­ate properly.

Illus­tra­tion:

Browser and web server

Why do we pro­cess per­sonal data?

The pur­poses of data pro­cessing are:

  1. Pro­fes­sional host­ing of the web­site and oper­a­tional security
  2. To main­tain the oper­a­tional as well as IT security
  3. Anonym­ous eval­u­ation of access pat­terns to improve our offer, and if neces­sary, for pro­sec­u­tion or the pur­suit of claims.li>

Which data are processed?

Even while you are vis­it­ing our web­site, our web server, that is the com­puter on which this web­site is saved, usu­ally auto­mat­ic­ally saves data such as

  • the full address (URL) of the accessed web­site (e. g. https://www.examplepage.uk/examplesubpage.html?tid=311826578)
  • browser and browser ver­sion (e.g. Chrome 87)
  • the oper­at­ing sys­tem used (e.g. Win­dows 10)
  • the address (URL) of the pre­vi­ously vis­ited page (refer­rer URL) (e. g. https://www.examplepage.uk/icamefromhere.html/)
  • the host name and the IP address of the device from the web­site is being accessed from (e.g. COMPUTERNAME and 194.23.43.121)
  • date and time
  • in so-called web server log files

How long is the data stored?

Gen­er­ally, the data men­tioned above are stored for two weeks and are then auto­mat­ic­ally deleted. We do not pass these data on to oth­ers, but we can­not rule out the pos­sib­il­ity that this data may be viewed by the author­it­ies in the event of illegal conduct.

In short: Your visit is logged by our pro­vider (com­pany that runs our web­site on spe­cial com­puters (serv­ers)), but we do not pass on your data without your consent!

Legal basis

The law­ful­ness of pro­cessing per­sonal data in the con­text of web host­ing is jus­ti­fied in Art. 6 para. 1 lit. f GDPR (safe­guard­ing of legit­im­ate interests), as the use of pro­fes­sional host­ing with a pro­vider is neces­sary to present the com­pany in a safe and user-friendly man­ner on the inter­net, as well as to have the abil­ity to track any attacks and claims, if necessary.

Amazon Web Ser­vices (AWS) Pri­vacy Policy

We use Amazon Web Ser­vices (AWS) for our web­site, which is a web host­ing pro­vider, among other things. The pro­vider of this ser­vice is the Amer­ican com­pany Amazon Web Ser­vices, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

Amazon Web Ser­vices (AWS) also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Amazon Web Ser­vices (AWS) uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Amazon Web Ser­vices (AWS) to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that are pro­cessed through the use of Amazon Web Ser­vices (AWS) in their Pri­vacy Policy at https://aws.amazon.com/privacy/?nc1=h_ls.

1&1 IONOS Web­host­ing Pri­vacy Policy

We use IONOS by 1&1 to host our web­site. In Ger­many, 1&1 IONOS SE is loc­ated at Elgen­dorfer Str. 57, 56410 Montabaur, in Aus­tria you can find 1&1 IONOS SE at Gumpen­dorfer Straße 142/PF 266, 1060 Vienna. IONOS offers the fol­low­ing web host­ing ser­vices: Domain, Web­site & Shop, Host­ing & Word­Press, Mar­ket­ing, Email & Office, IONOS Cloud and Server.

As explained in the “Auto­matic Data Stor­age” sec­tion, web serv­ers, like those of IONOS, store data of every web­site visit.

If you would like to learn more about IONOS web­site pri­vacy, please visit the pri­vacy policy at ionos.com.

Face­book Pixel Pri­vacy Policy

We use Facebook’s Face­book pixel on our web­site. For that, we have imple­men­ted a code on our web­site. The Face­book pixel is a seg­ment of a JavaS­cript code, which, in case you came to our web­site via Face­book ads, loads an array or func­tions that enable Face­book to track your user actions. For example, if you buy a product on our web­site, the Face­book pixel is triggered and stores your actions on our web­site in one or more cook­ies. These cook­ies enable Face­book to match your user data (cus­tomer data such as IP address, user ID) with the data of your Face­book account. After that, Face­book deletes your data again. The col­lec­ted data is anonym­ous as well as inac­cess­ible and can only be used for ad place­ment pur­poses. If you are a Face­book user and you are logged in, your visit to our web­site is auto­mat­ic­ally assigned to your Face­book user account.

We exclus­ively want to show our products or ser­vices to per­sons, who are inter­ested in them. With the aid of the Face­book pixel, our advert­ising meas­ures can get bet­ter adjus­ted to your wishes and interests. There­fore, Face­book users get to see suit­able advert­ise­ment (if they allowed per­son­al­ised advert­ise­ment). Moreover, Face­book uses the col­lec­ted data for ana­lyt­ical pur­poses and for its own advertisements.

In the fol­low­ing we will show you the cook­ies, which were set on a test page with the Face­book pixel integ­rated to it. Please con­sider that these cook­ies are only examples. Depend­ing on the inter­ac­tion that is made on our web­site, dif­fer­ent cook­ies are set.

Name: _fbp
Value: fb.1.1568287647279.257405483-6311826578-7
Pur­pose: Face­book uses this cookie to dis­play advert­ising products.
Expir­a­tion date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Pur­pose: This cookie is used for Face­book pixels to func­tion prop­erly.
Expir­a­tion date: after 3 months

Name: com­ment_au­thor_50ae8267e2bd­f1253ec1a5769f48e062311826578-3
Value: Name of the author
Pur­pose: This cookie saves the text and name of a user who e.g. leaves a com­ment.
Expir­a­tion date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author)
Pur­pose: This cookie saved the URL of the web­site that the user types into a text box on our web­site.
Expir­a­tion date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: email address of the author
Pur­pose: This cookie saves the email address of the user, if they provided it on the web­site.
Expir­a­tion date: after 12 months

Note: The above-men­tioned cook­ies relate to an indi­vidual user beha­viour. Moreover, espe­cially con­cern­ing the usage of cook­ies, changes at Face­book can never be ruled out.

If you are registered on Face­book, you can change the set­tings for advert­ise­ments your­self at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Face­book user, you can man­age your user based online advert­ising at https://www.youronlinechoices.com/uk/your-ad-choices. You have the option to activ­ate or deac­tiv­ate any pro­viders there.

We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fer to the USA. Data pro­cessing is done mainly through Face­book Pixel. This may lead to data not being anonym­ously pro­cessed and stored. Fur­ther­more, US gov­ern­ment author­it­ies may get access to indi­vidual data. The data may also get linked to data from other Face­book ser­vices you have a user account with.

If you want to learn more about Facebook’s data pro­tec­tion, we recom­mend you the view the company’s in-house data policies at https://www.facebook.com/policy.php.

Pri­vacy Policy for Facebook‘s Auto­matic Advanced Matching

Along with Facebook’s pixel func­tion, we have also activ­ated Auto­matic Advanced Match­ing. This func­tion allows us to send hashed emails, names, genders, cit­ies, states, post­codes and dates of birth or tele­phone num­bers as addi­tional inform­a­tion to Face­book, provided you have made them avail­able to us. This activ­a­tion gives us the oppor­tun­ity to cus­tom­ise advert­ising cam­paigns even bet­ter to per­sons who are inter­ested in our ser­vices or products.

Google Ana­lyt­ics Pri­vacy Policy

Google Ana­lyt­ics Pri­vacy Policy Overview 

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: Eval­u­ation of vis­itor inform­a­tion to optim­ise the web­site.
📓 Pro­cessed data: Access stat­ist­ics that con­tain data such as the loc­a­tion of access, device data, access dur­a­tion and time, nav­ig­a­tion beha­viour, click beha­viour and IP addresses. You can find more details on this in the pri­vacy policy below.
📅 Stor­age period: depend­ing on the prop­er­ties used
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Google Analytics?

We use the track­ing and ana­lysis tool Google Ana­lyt­ics (GA) of the US-Amer­ican com­pany Google LLC (1600 Amphi­theatre Park­way Moun­tain View, CA 94043, USA). Google Ana­lyt­ics col­lects data on your actions on our web­site. Whenever you click a link for example, this action is saved in a cookie and trans­ferred to Google Ana­lyt­ics. With the help of reports which we receive from Google Ana­lyt­ics, we can adapt our web­site and our ser­vices bet­ter to your wishes. In the fol­low­ing, we will explain the track­ing tool in more detail, and most of all, we will inform you what data is saved and how you can pre­vent this.

Google Ana­lyt­ics is a track­ing tool with the pur­pose of con­duct­ing data traffic ana­lysis of our web­site. For Google Ana­lyt­ics to work, there is a track­ing code integ­rated to our web­site. Upon your visit to our web­site, this code records vari­ous actions you per­form on your web­site. As soon as you leave our web­site, this data is sent to the Google Ana­lyt­ics server, where it is stored.

Google pro­cesses this data and we then receive reports on your user beha­viour. These reports can be one of the following:

  • Tar­get audi­ence reports: With the help of tar­get audi­ence reports we can get to know our users bet­ter and can there­fore bet­ter under­stand who is inter­ested in our service.
  • Advert­ising reports: Through advert­ising reports we can ana­lyse our online advert­ising bet­ter and hence improve it.
  • Acquis­i­tion reports: Acquis­i­tion reports provide us help­ful inform­a­tion on how we can get more people enthu­si­astic about our service.
  • Beha­viour reports: With these reports, we can find out how you inter­act with our web­site. By the means of beha­viour reports, we can under­stand what path you go on our web­site and what links you click.
  • Con­ver­sion reports: A con­ver­sion is the pro­cess of lead­ing you to carry out a desired action due to a mar­ket­ing mes­sage. An example of this would be trans­form­ing you from a mere web­site vis­itor into a buyer or a news­let­ter sub­scriber. Hence, with the help of these reports we can see in more detail, if our mar­ket­ing meas­ures are suc­cess­ful with you. Our aim is to increase our con­ver­sion rate.
  • Real time reports: With the help of these reports we can see in real time, what hap­pens on our web­site. It makes us for example see, we can see how many users are read­ing this text right now.

Why do we use Google Ana­lyt­ics on our website?

The object­ive of our web­site is clear: We want to offer you the best pos­sible ser­vice. Google Ana­lyt­ics’ stat­ist­ics and data help us with reach­ing this goal.

Stat­ist­ic­ally eval­u­ated data give us a clear pic­ture of the strengths and weak­nesses of our web­site. On the one hand, we can optim­ise our page in a way, that makes it easier to be found by inter­ested people on Google. On the other hand, the data helps us to get a bet­ter under­stand­ing of you as our vis­itor. There­fore, we can very accur­ately find out what we must improve on our web­site, in order to offer you the best pos­sible ser­vice. The ana­lysis of that data also enables us to carry out our advert­ising and mar­ket­ing meas­ures in a more indi­vidual and more cost-effect­ive way. After all, it only makes sense to show our products and ser­vices exclus­ively to people who are inter­ested in them.

What data is stored by Google Analytics?

With the aid of a track­ing code, Google Ana­lyt­ics cre­ates a ran­dom, unique ID which is con­nec­ted to your browser cookie. That way, Google Ana­lyt­ics recog­nises you as a new user. The next time you visit our site, you will be recog­nised as a “recur­ring” user. All data that is col­lec­ted gets saved together with this very user ID. Only this is how it is made pos­sible for us to eval­u­ate and ana­lyse pseud­onym­ous user profiles.

To ana­lyse our web­site with Google Ana­lyt­ics, a prop­erty ID must be inser­ted into the track­ing code. The data is then stored in the cor­res­pond­ing prop­erty. Google Ana­lyt­ics 4-prop­erty is stand­ard for every newly cre­ated prop­erty. An altern­at­ive how­ever, is the Uni­ver­sal Ana­lyt­ics Prop­erty. Depend­ing on the prop­erty that is being used, data are stored for dif­fer­ent peri­ods of time.

Your inter­ac­tions on our web­site are meas­ured by tags such as cook­ies and app instance IDs. Inter­ac­tions are all kinds of actions that you per­form on our web­site. If you are also using other Google sys­tems (such as a Google Account), data gen­er­ated by Google Ana­lyt­ics can be linked with third-party cook­ies. Google does not pass on any Google Ana­lyt­ics data, unless we as the web­site own­ers author­ise it. In case it is required by law, excep­tions can occur.

The fol­low­ing cook­ies are used by Google Analytics:

Name: _ga
Value:2.1326744211.152311826578-5
Pur­pose: By deafault, analytics.js uses the cookie _ga, to save the user ID. It gen­er­ally serves the pur­pose of dif­fer­en­ti­at­ing between web­site vis­it­ors.
Expir­a­tion date: After 2 years

Name: _gid
Value:2.1687193234.152311826578-1
Pur­pose: This cookie also serves the pur­pose of dif­fer­en­ti­at­ing between web­site users
Expir­a­tion date: After 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Ver­wendung­szweck: It is used for decreas­ing the demand rate. If Google Ana­lyt­ics is provided via Google Tag Man­ager, this cookie gets the name _dc_gtm_ <prop­erty-id>.
Expir­a­tion date: After 1 minute

Name: AMP_TOKEN
Value: No inform­a­tion
Pur­pose: This cookie has a token which is used to retrieve the user ID by the AMP Cli­ent ID Ser­vice. Other pos­sible val­ues sug­gest a logoff, a request or an error.
Expir­a­tion date: After 30 seconds up to one year

Name: __utma
Value:1564498958.1564498958.1564498958.1
Pur­pose: With this cookie your beha­viour on the web­site can be tracked and the site per­form­ance can be meas­ured. The cookie is updated every time the inform­a­tion is sent to Google Ana­lyt­ics.
Expir­a­tion date: After 2 years

Name: __utmt
Value: 1
Pur­pose: Just like _gat_gtag_UA_<property-id> this cookie is used for keep­ing the require­ment rate in check.
Expir­a­tion date: Afer 10 minutes

Name: __utmb
Value:3.10.1564498958
Pur­pose: This cookie is used to determ­ine new ses­sions. It is updated every time new data or inform­a­tion gets sent to Google Ana­lyt­ics.
Expir­a­tion date: After 30 minutes

Name: __utmc
Value: 167421564
Pur­pose: This cookie is used to determ­ine new ses­sions for recur­ring vis­it­ors. It is there­fore a ses­sion cookie, and only stays stored until you close the browser again.
Expir­a­tion date: After clos­ing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Pur­pose: This cookie is used to identify the source of the num­ber of vis­it­ors to our web­site. This means, that the cookie stored inform­a­tion on where you came to our web­site from. This could be another site or an advert­ise­ment.
Expir­a­tion date: After 6 months

Name: __utmv
Value: No inform­a­tion
Pur­pose: The cookie is used to store cus­tom user data. It gets updated whenever inform­a­tion is sent to Google Ana­lyt­ics.
Expir­a­tion date: After 2 years

Note: This list is by no means exhaust­ive, since Google are repeatedly chan­ging the use of their cookies.

Below we will give you an over­view of the most import­ant data that can be eval­u­ated by Google Analytics:

Heat­maps: Google cre­ates so-called Heat­maps an. These Heat­maps make it pos­sible to see the exact areas you click on, so we can get inform­a­tion on what routes you make on our website.

Ses­sion dur­a­tion: Google calls the time you spend on our web­site without leav­ing it ses­sion dur­a­tion. Whenever you are inact­ive for 20 minutes, the ses­sion ends automatically.

Bounce rate If you only look at one page of our web­site and then leave our web­site again, it is called a bounce.

Account cre­ation: If you cre­ate an account or make an order on our web­site, Google Ana­lyt­ics col­lects this data.

IP-Address: The IP address is only shown in a shortened form, to make it impossible to clearly alloc­ate it.

Loc­a­tion: Your approx­im­ate loc­a­tion and the coun­try you are in can be defined by the IP address. This pro­cess is called IP loc­a­tion determination.

Tech­nical inform­a­tion: Inform­a­tion about your browser type, your inter­net pro­vider and your screen res­ol­u­tion are called tech­nical information.

Source: Both, Google Ana­lyt­ics as well as ourselves, are inter­ested what web­site or what advert­ise­ment led you to our site.

Fur­ther pos­sibly stored data include con­tact data, poten­tial reviews, play­ing media (e.g. when you play a video on our site), shar­ing of con­tents via social media or adding our site to your favour­ites. This list is not exhaust­ive and only serves as gen­eral guid­ance on Google Ana­lyt­ics’ data retention.

How long and where is the data stored?

Google has serv­ers across the globe. Most of them are in Amer­ica and there­fore your data is mainly saved on Amer­ican serv­ers. Here you can read detailed inform­a­tion on where Google’s data centres are loc­ated: https://www.google.com/about/datacenters/inside/locations/?hl=en

Your data is alloc­ated to vari­ous phys­ical data medi­ums. This has the advant­age of allow­ing to retrieve the data faster, and of pro­tect­ing it bet­ter from manip­u­la­tion. Every Google data centre has respect­ive emer­gency pro­grams for your data. Hence, in case of a hard­ware fail­ure at Google or a server error due to nat­ural dis­asters, the risk for a ser­vice inter­rup­tion stays rel­at­ively low.

The data reten­tion period depends on the prop­er­ties used. When using the newer Google Ana­lyt­ics 4-prop­er­ties, the reten­tion period of your user data is set to 14 months. For so-called event data, we have the option of choos­ing a reten­tion period of either 2 months or 14 months.

Google Ana­lyt­ics has a 26 months stand­ard­ised period of retain­ing your user data. After this time, your user data is deleted. How­ever, we have the pos­sib­il­ity to choose the reten­tion period of user data ourselves. There are the fol­low­ing five options:

  • Dele­tion after 14 months
  • Dele­tion after 26 months
  • Dele­tion after 38 months
  • Dele­tion after 50 months
  • No auto­mat­ical deletion

Addi­tion­ally, there is the option for data to be deleted only if you no longer visit our web­site within a period determ­ined by us. In this case, the reten­tion period will be reset every time you revisit our web­site within the spe­cified period.

As soon as the chosen period is expired, the data is deleted once a month. This reten­tion period applies to any of your data which is linked to cook­ies, user iden­ti­fic­a­tion and advert­ise­ment IDs (e.g. cook­ies of the Double­Click domain). Any report res­ults are based on aggreg­ated inform­a­tion and are stored inde­pend­ently of any user data. Aggreg­ated inform­a­tion is a merge of indi­vidual data into a single and big­ger unit.

How can I delete my data or pre­vent data retention?

Under the pro­vi­sions of the European Union’s data pro­tec­tion law, you have the right to obtain inform­a­tion on your data and to update, delete or restrict it. With the help of a browser add on that can deac­tiv­ate Google Ana­lyt­ics’ JavaS­cript (ga.js, analytics.js, dc.js), you can pre­vent Google Ana­lyt­ics from using your data. You can down­load this add on at https://tools.google.com/dlpage/gaoptout?hl=en-GB. Please con­sider that this add on can only deac­tiv­ate any data col­lec­tion by Google Analytics.

If you gen­er­ally want to deac­tiv­ate, delete or man­age all cook­ies (inde­pend­ently of Google Ana­lyt­ics), you can use one of the guides that are avail­able for any browser:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

Legal basis

The use of Google Ana­lyt­ics requires your con­sent, which we obtained via our cookie popup. Accord­ing to Art. 6 para. 1 lit. a of the GDPR (con­sent) , this is the legal basis for the pro­cessing of per­sonal data when col­lec­ted via web ana­lyt­ics tools.

In addi­tion to con­sent, we have legit­im­ate interest in ana­lys­ing the beha­viour of web­site vis­it­ors, in order to tech­nic­ally and eco­nom­ic­ally improve our offer. With Google Ana­lyt­ics, we can recog­nise web­site errors, identify attacks and improve prof­it­ab­il­ity. The legal basis for this is Art. 6 para. 1 lit. f of the GDPR (legit­im­ate interests) . Nev­er­the­less, we only use Google Ana­lyt­ics if you have given your consent.

Google also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Google uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Google to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could provide you with the most import­ant inform­a­tion about data pro­cessing by Google Ana­lyt­ics. If you want to find out more on the track­ing ser­vice, we recom­mend these two links: https://marketingplatform.google.com/about/analytics/terms/gb/ and https://support.google.com/analytics/answer/6004245?hl=en.

Google Ana­lyt­ics IP Anonymisation

We imple­men­ted Google Ana­lyt­ics’ IP address anonymisa­tion to this web­site. Google developed this func­tion, so this web­site can com­ply with the applic­able pri­vacy laws and the local data pro­tec­tion author­it­ies’ recom­mend­a­tions, should they pro­hibit the reten­tion of any full IP addresses.
The anonymisa­tion or mask­ing of IP addresses takes place, as soon as they reach Google Ana­lyt­ics’ data col­lec­tion net­work, but before the data would be saved or processed.

You can find more inform­a­tion on IP anonymisa­tion at https://support.google.com/analytics/answer/2763052?hl=en.

Google Ana­lyt­ics Reports on demo­graphic char­ac­ter­ist­ics and interests

We have turned on Google Ana­lyt­ics’ func­tions for advert­ising reports. These reports on demo­graphic char­ac­ter­ist­ics and interests con­tain details about age, gender and interests. Through them we can get a bet­ter pic­ture of our users – without being able to alloc­ate any data to indi­vidual per­sons. You can learn more about advert­ising func­tions at auf https://support.google.com/analytics/answer/3450482?hl=en&amp%3Butm_id=ad.

You can ter­min­ate the use of your Google Account’s activ­it­ies and inform­a­tion in “Ads Set­tings” at https://adssettings.google.com/authenticated via a checkbox.

Google Ana­lyt­ics‘ Data Pro­cessing Amendment

By accept­ing the amend­ment on data pro­cessing in Google Ana­lyt­ics, we entered a con­tract with Google con­cern­ing the use of Google Analytics.

You can find out more about the amend­ment on data pro­cessing for Google Ana­lyt­ics here: https://support.google.com/analytics/answer/3379636?hl=en&utm_id=ad

Google Ana­lyt­ics Google Sig­nals Pri­vacy Policy

We have activ­ated Google sig­nals in Google Ana­lyt­ics. Through this, any exist­ing Google Ana­lyt­ics func­tions (advert­ising reports, remarket­ing, cross-device reports and reports on interests and demo­graphic char­ac­ter­ist­ics) are updated, to res­ult in the sum­mary and anonymisa­tion of your data, should you have per­mit­ted per­son­al­ised ads in your Google Account.

The spe­cial aspect of this is that it involves cross-device track­ing. That means your data can be ana­lysed across mul­tiple devices. Through the activ­a­tion of Google sig­nals, data is col­lec­ted and linked to the Google account. For example, it enables Google to recog­nise when you look at a product on a smart­phone and later buy the product on a laptop. Due to activ­at­ing Google sig­nals, we can start cross-device remarket­ing cam­paigns, which would oth­er­wise not be pos­sible to this extent. Remarket­ing means, that we can show you our products and ser­vices across other web­sites as well.

Moreover, fur­ther vis­itor data such as loc­a­tion, search his­tory, You­Tube his­tory and data about your actions on our web­site are col­lec­ted in Google Ana­lyt­ics. As a res­ult, we receive improved advert­ising reports and more use­ful inform­a­tion on your interests and demo­graphic char­ac­ter­ist­ics. These include your age, the lan­guage you speak, where you live or what your gender is. Cer­tain social cri­teria such as your job, your mar­ital status or your income are also included. All these char­ac­ter­ist­ics help Google Ana­lyt­ics to define groups of per­sons or tar­get audiences.

Those reports also help us to bet­ter assess your beha­viour, as well as your wishes and interests. As a res­ult, we can optim­ise and cus­tom­ise our products and ser­vices for you. By default, this data expires after 26 months. Please con­sider, that this data is only col­lec­ted if you have agreed to per­son­al­ised advert­ise­ment in your Google Account. The retained inform­a­tion is always exclus­ively sum­mar­ised and anonym­ous data, and never any data on indi­vidual per­sons. You can man­age or delete this data in your Google Account.

IONOS WebAna­lyt­ics Pri­vacy Policy

IONOS WebAna­lyt­ics Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: Eval­u­ation of vis­itor inform­a­tion to optim­ise the web­site.
📓 Pro­cessed data: Access stat­ist­ics that con­tain data such as the access loc­a­tion, device data, access dur­a­tion and time and IP addresses in anonymised form.
📅 Stor­age period: depend­ing on the con­tract period with IONOS WebAna­lyt­ics
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is IONOS WebAnalytics?

We use the ana­lysis tool IONOS WebAna­lyt­ics by the Ger­man com­pany 1&1 IONOS SE, Elgen­dorfer Straße 57, 56410 Montabaur, Ger­many on our web­site. The tool helps us to ana­lyse our web­site. For this, data is col­lec­ted and stored. How­ever, this tool does not col­lect any data that could identify you as a per­son. Nev­er­the­less, in this pri­vacy policy we will give you more detailed inform­a­tion on the pro­cessing and stor­age of your data and explain why we use IONOS WebAnalytics.

As the name sug­gests, IONOS WebAna­lyt­ics is a tool that is used to ana­lyse our web­site. The soft­ware pro­gram col­lects data such as how long you have been on our web­site, what but­tons you click or which web­site has led you to us. Frankly, this gives us a good over­view of the user beha­viour on our web­site. This inform­a­tion is fully anonym­ous. Mean­ing, that with this data we can­not identify you as a per­son, and only receive gen­eral usage inform­a­tion and statistics.

Why do we use IONOS WebAna­lyt­ics on our website?

It is our goal to provide you the best pos­sible exper­i­ence on our web­site. We are con­fid­ent of our offers and want our web­site to be a help­ful and use­ful place for you. To ensure this, we have to adapt our web­site to your needs and wishes as well as we can. A web ana­lysis tool such as IONOS WebAna­lyt­ics and the data it provides can improve our web­site accord­ingly. Fur­ther­more, the col­lec­ted data can also be use­ful to us for mak­ing our advert­ising and mar­ket­ing meas­ures more indi­vidual. How­ever, with all these web ana­lyses, the pro­tec­tion of your per­sonal data is import­ant to us. Unlike other ana­lysis tools, IONOS WebAna­lyt­ics does not store or pro­cess any data that could identify you as a person.

Which data are stored by IONOS WebAnalytics?

Your data are col­lec­ted and stored using log files or a so-called pixel. A pixel is a snip­pet of JavaS­cript code that loads vari­ous func­tions which can be used for track­ing user beha­viour. WebAna­lyt­ics delib­er­ately refrains from using cookies.

IONOS does not retain any of your per­sonal data. When you access a page, your IP address is trans­mit­ted, but is then imme­di­ately anonymised and pro­cessed in a way that makes it impossible to identify you as a person.

The fol­low­ing data are stored by IONOS WebAnalytics:

  • Your browser type and version
  • which web­site you vis­ited before (refer­rer)
  • which spe­cific site you have accessed on our website
  • which oper­at­ing sys­tem you are using
  • which device you are using (PC, tab­let or smartphone)
  • when you accessed our site
  • Your anonymised IP address

These data are not for­war­ded to any third party pro­viders and are only used for stat­ist­ical evaluations.

How long and where are the data stored?

The data will be stored until our con­tract with IONOS WebAna­lyt­ics expires. With a reg­u­lar web host­ing tar­iff, the data will be stored in our log dir­ect­ory, which will gen­er­ate graph­ical stat­ist­ics. These logs are deleted every 8 weeks. With a MyWeb­site tar­iff, the data is iden­ti­fied by a pixel. In this case, the data is only stored and pro­cessed intern­ally at IONOS WebAnalytics.

How can I erase my data or pre­vent data retention?

Gen­er­ally, you reserve the right to inform­a­tion, cor­rec­tion or dele­tion and restric­tion of the pro­cessing of your per­sonal data at any time. Moreover, you can revoke your con­sent to the pro­cessing of your data any­time. How­ever, it is not pos­sible to delete this data since IONOS WebAna­lyt­ics neither stores or pro­cesses any of your per­sonal data, nor any data that could be assigned to you as a person.

Legal basis

The use of IONOS WebAna­lyt­ics requires your con­sent, which we obtained via our cookie popup. Accord­ing to Art. 6 para. 1 lit. a GDPR (con­sent) , this con­sent is the legal basis for per­sonal data pro­cessing, such as when it is col­lec­ted by web ana­lyt­ics tools.

In addi­tion to con­sent, we have legit­im­ate interest in ana­lys­ing the beha­viour of web­site vis­it­ors and thus tech­nic­ally and eco­nom­ic­ally improv­ing our offer. With the help of IONOS WebAna­lyt­ics, we can recog­nise web­site errors, identify attacks and improve prof­it­ab­il­ity. The legal basis for this is Art. 6 para. 1 lit.f  GDPR (legit­im­ate interests). Nev­er­the­less, we only use IONOS WebAna­lyt­ics if you have given us your consent.

We hope we could provide you with the most import­ant inform­a­tion on IONOS WebAna­lyt­ics’ rather spar­ing data pro­cessing. If you want to learn more about the track­ing ser­vice, we recom­mend you to read the company’s pri­vacy policy at https://www.ionos.co.uk/help/online-marketing/siteanalytics/information-collected-in-siteanalytics/?tid=311826578.

Email-Mar­ket­ing

Email Mar­ket­ing Overview

👥 Affected parties: news­let­ter sub­scribers
🤝 Pur­pose: dir­ect mar­ket­ing via email, noti­fic­a­tion of events that are rel­ev­ant to the sys­tem
📓 Pro­cessed data: data entered dur­ing regis­tra­tion, but at least the email address. You can find more details on this in the respect­ive email mar­ket­ing tool used.
📅 Stor­age dur­a­tion: for the dur­a­tion of the sub­scrip­tion
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Email-Marketing?

We use email mar­ket­ing to keep you up to date. If you have agreed to receive our emails or news­let­ters, your data will be pro­cessed and stored. Email mar­ket­ing is a part of online mar­ket­ing. In this type of mar­ket­ing, news or gen­eral inform­a­tion about a com­pany, product or ser­vice are emailed to a spe­cific group of people who are inter­ested in it.

If you want to par­ti­cip­ate in our email mar­ket­ing (usu­ally via news­let­ter), you usu­ally just have to register with your email address. To do this, you have to fill in and sub­mit an online form. How­ever, we may also ask you for your title and name, so we can address you per­son­ally in our emails.

The regis­tra­tion for news­let­ters gen­er­ally works with the help of the so-called “double opt-in pro­ced­ure”. After you have registered for our news­let­ter on our web­site, you will receive an email, via which you can con­firm the news­let­ter regis­tra­tion. This ensures that you own the email address you signed up with, and pre­vents any­one to register with a third-party email address. We or a noti­fic­a­tion tool we use, will log every single regis­tra­tion. This is neces­sary so we can ensure and prove, that regis­tra­tion pro­cesses are done leg­ally and cor­rectly. In gen­eral, the time of regis­tra­tion and regis­tra­tion con­firm­a­tion are stored, as well as your IP address. Moreover, any change you make to your data that we have on file is also logged.

Why do we use Email-Marketing?

Of course, we want to stay in con­tact with you and keep you in the loop of the most import­ant news about our com­pany. For this, we use email mar­ket­ing – often just referred to as “news­let­ters” – as an essen­tial part of our online mar­ket­ing. If you agree to this or if it is per­mit­ted by law, we will send you news­let­ters, sys­tem emails or other noti­fic­a­tions via email. Whenever the term “news­let­ter” is used in the fol­low­ing text, it mainly refers to emails that are sent reg­u­larly. We of course don’t want to bother you with our news­let­ter in any way. Thus, we genu­inely strive to offer only rel­ev­ant and inter­est­ing con­tent. In our emails you can e.g. find out more about our com­pany and our ser­vices or products. Since we are con­tinu­ously improv­ing our offer, our news­let­ter will always give you the latest news, or spe­cial, luc­rat­ive pro­mo­tions. Should we com­mis­sion a ser­vice pro­vider for our email mar­ket­ing, who offers a pro­fes­sional mail­ing tool, we do this in order to offer you fast and secure news­let­ters. The pur­pose of our email mar­ket­ing is to inform you about new offers and also to get closer to our busi­ness goals.

Which data are processed?

If you sub­scribe to our news­let­ter via our web­site, you then have to con­firm your mem­ber­ship in our email list via an email that we will send to you. In addi­tion to your IP and email address, your name, address and tele­phone num­ber may also be stored. How­ever, this will only be done if you agree to this data reten­tion. Any data marked as such are neces­sary so you can par­ti­cip­ate in the offered ser­vice. Giv­ing this inform­a­tion is vol­un­tary, but fail­ure to provide it will pre­vent you from using this ser­vice. Moreover, inform­a­tion about your device or the type of con­tent you prefer on our web­site may also be stored. In the sec­tion “Auto­matic data stor­age” you can find out more about how your data is stored when you visit a web­site. We record your informed con­sent, so we can always prove that it com­plies with our laws.

Dur­a­tion of data processing

If you unsub­scribe from our e-mail/news­let­ter dis­tri­bu­tion list, we may store your address for up to three years on the basis of our legit­im­ate interests, so we can keep proof your con­sent at the time. We are only allowed to pro­cess this data if we have to defend ourselves against any claims.

How­ever, if you con­firm that you have given us your con­sent to sub­scribe to the news­let­ter, you can sub­mit an indi­vidual request for eras­ure at any time. Fur­ther­more, if you per­man­ently object to your con­sent, we reserve the right to store your email address in a black­list. But as long as you have vol­un­tar­ily sub­scribed to our news­let­ter, we will of course keep your email address on file.

With­drawal – how can I can­cel my subscription?

You have the option to can­cel your news­let­ter sub­scrip­tion at any time. All you have to do is revoke your con­sent to the news­let­ter sub­scrip­tion. This usu­ally only takes a few seconds or a few clicks. Most of the time you will find a link at the end of every email, via which you will be able to can­cel the sub­scrip­tion. Should you not be able to find the link in the news­let­ter, you can con­tact us by email and we will imme­di­ately can­cel your news­let­ter sub­scrip­tion for you.

Legal basis

Our news­let­ter is sent on the basis of your con­sent (Art­icle 6 (1) (a) GDPR). This means that we are only allowed to send you a news­let­ter if you have act­ively registered for it before­hand. Moreover, we may also send you advert­ising mes­sages on the basis of Sec­tion 7 (3) UWG (Unfair Com­pet­i­tion Act), provided you have become our cus­tomer and have not objec­ted to the use of your email address for dir­ect mail.

If avail­able – you can find inform­a­tion on spe­cial email mar­ket­ing ser­vices and how they pro­cess per­sonal data, in the fol­low­ing sections.

Send­in­blue Pri­vacy Policy

Send­in­blue Pri­vacy Policy Overview

👥 Affected parties: news­let­ter sub­scribers
🤝 Pur­pose: dir­ect mar­ket­ing via email, noti­fic­a­tion of rel­ev­ant events to the sys­tem
📓 Pro­cessed data: data that was entered dur­ing regis­tra­tion, but at least email addresses.
📅 Stor­age dur­a­tion: for sub­scrip­tion dur­a­tion
⚖️ Legal bases: Art. 6 para­graph 1 lit. a GDPR (con­sent), Art. 6 para­graph 1 lit. f GDPR (legit­im­ate interests)

What is Sendinblue?

On our web­site you can sub­scribe to our news­let­ter for free. For this to work, we use the Send­in­blue email ser­vice for our news­let­ter. This is a ser­vice of the Ger­man com­pany Send­in­blue GmbH, Köpenicker street 126, 10179 Ber­lin. Send­in­blue is an email mar­ket­ing tool, among other things, that we can use to send you cus­tom­ised news­let­ters. With Send­in­blue there is no need for us to install any­thing, all while we can still draw on a pool of really use­ful func­tions. In the fol­low­ing we will go into more detail about this email mar­ket­ing ser­vice and inform you on the most import­ant aspects that are rel­ev­ant to data pro­tec­tion and privacy.

Why do we use Sendinblue?

The news­let­ter ser­vice also offers us help­ful options for ana­lysis pur­poses. This means that if we send a news­let­ter, we can for example find out whether and when you opened the news­let­ter. The soft­ware also detects and records which link you click in the news­let­ter. This inform­a­tion helps us enorm­ously to adapt and optim­ise our ser­vice to your wishes and con­cerns. After all, we nat­ur­ally want to offer you the best pos­sible ser­vice. In addi­tion to the data already men­tioned above, data about your user beha­viour is also stored.

Which data is pro­cessed by Sendinblue?

We are of course very pleased if you register for our news­let­ter. That way we can always let you know first-handedly what is going on in our com­pany, so you can stay up to date. How­ever, you should know that when you sign up for the news­let­ter, all data you enter (such as your email address or your first and last name) will be retained and man­aged on our server as well as at Send­in­blue. This also applies to per­sonal data. For example, in addi­tion to the time and date of regis­tra­tion, your IP address is also stored. Dur­ing regis­tra­tion, you also con­sent to being sent our news­let­ter. There will also be a ref­er­ence to this Pri­vacy Policy. Fur­ther­more, data such as your click beha­viour within the news­let­ter may also be processed.

How long and where are the data retained?

The data for the news­let­ter tool are stored on serv­ers in Ger­many. Any retained data that could be used to identify you per­son­ally (i.e. per­sonal data), are gen­er­ally erased at Send­in­blue no later than two years after our con­trac­tual rela­tion­ship ends. You can also request the eras­ure of your data indi­vidu­ally and at any time. Requests are pro­cessed within 30 days. Data that we col­lect and trans­mit to Send­in­blue will be erased by us as soon as you unsub­scribe from our newsletter.

Right to object

You have the option to can­cel your news­let­ter sub­scrip­tion at any time. All you have to do is revoke your con­sent to your news­let­ter sub­scrip­tion. This nor­mally only takes a few seconds or one or two clicks. Usu­ally you will find a link at the end of every email to unsub­scribe from the news­let­ter. If you genu­inely can­not find the link in the news­let­ter, please email us and we will can­cel your news­let­ter sub­scrip­tion imme­di­ately. After you unsub­scribe, your per­sonal data will be erased from our server as well as from Sendinblue’s serv­ers loc­ated in Ger­many. You have the right to receive free inform­a­tion about your stored data and, where applic­able, a right to eras­ure, restrict pro­cessing or rectification.

Legal basis

Our news­let­ter is sent by Send­in­blue on the basis of your con­sent (Art­icle 6 para­graph 1 lit. a GDPR). Thus, we are only author­ised to send you a news­let­ter if you have act­ively registered for it before­hand. If your con­sent is not required, the news­let­ter is sent to you on the basis of our  legit­im­ate interest in dir­ect mar­ket­ing (Art­icle 6 para­graph 1 lit. f), provided this is leg­ally per­mit­ted. We record your regis­tra­tion pro­cess so we can prove com­pli­ance with the law at any time.

If you would like more inform­a­tion about data pro­cessing, we recom­mend the company’s Pri­vacy Policy at https://www.sendinblue.com/legal/privacypolicy/ along with the fol­low­ing inform­a­tion page at https://www.sendinblue.com/information-for-email-recipients/.

Online Mar­ket­ing

Online Mar­ket­ing Pri­vacy Policy Overview 

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: Eval­u­ation of vis­itor inform­a­tion for web­site optim­isa­tion
📓 Pro­cessed data: Access stat­ist­ics con­tain­ing data such as access loc­a­tion, device data, access dur­a­tion and time, nav­ig­a­tion beha­viour, click beha­viour and IP addresses. Per­sonal data such as name or email address may also be pro­cessed. You can find more details on this from the respect­ive Online Mar­ket­ing tool.
📅 Stor­age period: depend­ing on the Online Mar­ket­ing tools used
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Online Marketing?

Online Mar­ket­ing refers to all meas­ures that are car­ried out online to achieve mar­ket­ing goals, such as increas­ing brand aware­ness or doing busi­ness trans­ac­tions. Fur­ther­more, our Online Mar­ket­ing meas­ures aim to draw people’s atten­tion to our web­site. In order to be able to show our offer to many inter­ested people, we do Online Mar­ket­ing. It mostly is about online advert­ising, con­tent mar­ket­ing or search engine optim­isa­tion. For this, per­sonal data is also stored and pro­cessed, to enable us to use Online Mar­ket­ing effi­ciently and tar­geted. On the one hand, the data help us to only show our con­tent to people who are inter­ested in it. On the other hand, it helps us to meas­ure the advert­ising suc­cess of our Online Mar­ket­ing measures.

Why do we use Online Mar­ket­ing tools?

We want to show our web­site to every­one who is inter­ested in our offer. We are aware that this is not pos­sible without con­scious meas­ures being taken. That is why we do Online Mar­ket­ing. There are vari­ous tools that make work­ing on our Online Mar­ket­ing meas­ures easier for us. These also provide sug­ges­tions for improve­ment via data. Thus, we can tar­get our cam­paigns more pre­cisely to our tar­get group. The ulti­mate pur­pose of these Online Mar­ket­ing tools is to optim­ise our offer.

Which data are processed?

For our Online Mar­ket­ing to work and to meas­ure its suc­cess, user pro­files are cre­ated and data are e.g. stored in cook­ies (small text files). With the help of this data, we can not only advert­ise in the tra­di­tional way, but also present our con­tent dir­ectly on our web­site in the way you prefer. There are vari­ous third-party tools that offer these func­tions and thus col­lect and store your data accord­ingly. The afore­men­tioned cook­ies e.g. store the pages you visit on our web­site, how long you view these pages, which links or but­tons you click or which web­site you came from. What is more, tech­nical inform­a­tion may also be stored. This may include e.g. your IP address, the browser and device you use to visit our web­site or the time you accessed our web­site as well as the time you left. If you have agreed for us to determ­ine your loc­a­tion, we can also store and pro­cess it.

Your IP address is stored in pseud­onymised form (i.e. shortened). What is more, dis­tinct data that dir­ectly identify you as a per­son, such as your name, address or email address, are only stored in pseud­onymised for advert­ising and Online Mar­ket­ing pur­poses. With this data we can­not identify you as a per­son and only retain the pseud­onymised inform­a­tion that is stored in your user profile.

Under cer­tain cir­cum­stances, cook­ies may also be util­ised, ana­lysed and used for advert­ising pur­poses on other web­sites that use the same advert­ising tools. Thus, your data may then also be stored on the serv­ers of the respect­ive pro­vider of the advert­ising tool.

In rare excep­tions, unique data (name, email address, etc.) may also be stored in the user pro­files. This can hap­pen, if you are for example a mem­ber of a social media chan­nel that we use for our Online Mar­ket­ing meas­ures and if the net­work con­nects pre­vi­ously received data with the user profile.

We only ever receive sum­mar­ised inform­a­tion from the advert­ising tools we use that do store data on their serv­ers. We never receive data that can be used to identify you as an indi­vidual. What is more, the data only shows how well-placed advert­ising meas­ures have worked. For example, we can see what meas­ures have caused you or other users to visit our web­site and pur­chase a ser­vice or product. Based on these ana­lyses we can improve our advert­ising offer in the future and adapt it more pre­cisely to the needs and wishes of people who are interested.

Dur­a­tion of data processing

Below we will inform you on the dur­a­tion of data pro­cessing, provided we have this inform­a­tion. In gen­eral, we only pro­cess per­sonal data for as long as is abso­lutely neces­sary to provide our ser­vices and products. Data stored in cook­ies are retained for dif­fer­ent lengths of time. Some cook­ies are deleted after you leave a web­site, while oth­ers may be stored in your browser for a num­ber of years. How­ever, in the respect­ive pri­vacy policies of the respect­ive pro­vider, you will usu­ally find detailed inform­a­tion on the indi­vidual cook­ies this pro­vider uses.

Right of withdrawal

You also retain the right and the option to revoke your con­sent to the use of cook­ies or third-party pro­viders at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can for example also pre­vent data col­lec­tion by cook­ies if you man­age, deac­tiv­ate or erase cook­ies in your browser. The leg­al­ity of the pro­cessing remains unaf­fected to the point of revocation.

Since Online Mar­ket­ing tools usu­ally use cook­ies, we also recom­mend you to read our pri­vacy policy on cook­ies. If you want to find out which of your data is stored and pro­cessed, you should read the pri­vacy policies of the respect­ive tools.

Legal basis

If you have con­sen­ted to the use of third-party pro­viders, then this con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para. 1 lit. a GDPR (con­sent) , this con­sent is the legal basis for per­sonal data pro­cessing, as may be done when data is col­lec­ted by online mar­ket­ing tools.

Moreover, we have a legit­im­ate interest in meas­ur­ing our online mar­ket­ing activ­it­ies in anonymised form, in order to use this data for optim­ising our offer and our Mar­ket­ing. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests) . Nev­er­the­less, we only use these tools if you have given your consent.

Inform­a­tion on spe­cial online mar­ket­ing tools can be found in the fol­low­ing sec­tions, provided this inform­a­tion is available.

Face­book Con­ver­sions API Pri­vacy Policy

On our web­site we use Face­book Con­ver­sions API, which is an event track­ing tool. The pro­vider of this ser­vice is the Amer­ican com­pany Face­book Inc. The com­pany also has Irish headquar­ters at 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2, Ireland.

Face­book also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Face­book uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way, and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Face­book to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that is pro­cessed by using Face­book in their Pri­vacy Policy at https://www.facebook.com/about/privacy.

Face­book Cus­tom Audi­ences Pri­vacy Policy

On our web­site we use Face­book Cus­tom Audi­ences, a event track­ing tool. The pro­vider of this ser­vice is the Amer­ican com­pany Face­book Inc. The com­pany also has Irish headquar­ters at 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2, Irland.

Face­book also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Face­book uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way, and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Face­book to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data that is pro­cessed by using Face­book in their Pri­vacy Policy at https://www.facebook.com/about/privacy.

PayPal Mar­ket­ing Solu­tions Pri­vacy Policy

On our web­site, we use PayPal Mar­ket­ing Solu­tions, which is a sales optim­isa­tion tool. The pro­vider of this ser­vice is the Amer­ican com­pany PayPal Pte. Ltd, 2211 North First Street, San Jose, Cali­for­nia 95131, USA.

PayPal also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

PayPal uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way, and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige PayPal to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about PayPal’s data pro­cessing in their pri­vacy policy at https://www.paypal.com/c2/webapps/mpp/ua/privacy-full.

Tik­Tok Pixel Pri­vacy Policy

On our web­site we use Tik­Tok Pixel, which is a con­ver­sion track­ing tool for advert­isers. The pro­vider of this ser­vice is the Chinese com­pany Tik­Tok. The respons­ible entity for the European region is the Irish com­pany Tik­Tok Tech­no­logy Lim­ited (10 Earls­fort Ter­race, Dub­lin, D02 T380, Ireland).

Tik­Tok uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion (= Art. 46, para­graphs 2 and 3 of the GDPR) as basis for data pro­cessing by recip­i­ents based in third coun­tries (which are out­side the European Union, Ice­land, Liecht­en­stein and Nor­way) or for data trans­fer there. These clauses oblige Tik­Tok to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more on the data pro­cessed by using Tik­Tok in their Pri­vacy Policy at https://www.tiktok.com/legal/privacy-policy?lang=de.

Amazon Asso­ci­ates Pro­gram Pri­vacy Policy

Amazon Affil­i­ate Pro­gram Pri­vacy Policy Overview 

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: eco­nomic suc­cess and the optim­isa­tion of our ser­vice.
📓 Pro­cessed data: Access stat­ist­ics that con­tain data such as access loc­a­tion, device data, access dur­a­tion and time, nav­ig­a­tion beha­viour, click beha­viour and IP addresses. Per­sonal data such as name or email address can also be pro­cessed.
📅 Stor­age period: per­sonal data is stored by Amazon until it is no longer needed
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit.f GDPR (legit­im­ate interests)

What is the Amazon Asso­ci­ates Program?

We use the Amazon Asso­ci­ates Pro­gram of the com­pany Amazon.com Inc on our web­site. The respons­ible bod­ies for the pri­vacy state­ment are Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l, Amazon Ser­vices Europe S.à.r.l. as well as Amazon Media EU S.à.r.l., which are based at 5, Rue Plaetis, L-2338 Lux­em­burg, along with Amazon Instant Video Ger­many Ltd., which is loc­ated at Domagk­straße 28, 80807 Munich. Thereby, Amazon Ger­many Ser­vices Ltd. at Mar­cel-Breuer-Straße 12, 80807 Munich is respons­ible for data pro­cessing. Due to the use of the Amazon Asso­ci­ates Pro­gram, Amazon can receive, store and pro­cess your data.

In this pri­vacy state­ment we will inform you on what data this can be, why we use the pro­gram and how you can man­age or pre­vent the data transmission.

The Amazon Asso­ci­ates Pro­gram is an affil­i­ate mar­ket­ing pro­gram of the online ship­ping com­pany Amazon.co.uk. Like any affil­i­ate pro­gram, the Amazon Asso­ci­ates Pro­gram is also based on the prin­ciple of inter­me­di­ation com­mis­sions. Amazon (or we) place advert­ise­ments or part­ner links on our web­site, which let us receive a reim­burse­ment of advert­ising costs (com­mis­sion) if you click on them and buy a product on Amazon.

Why do we use the Amazon Asso­ci­ates Pro­gram on our website?

Our aim is to provide you a pleas­ant time with extens­ive, help­ful con­tent. There­fore, we put a lot of work and energy into the devel­op­ment of our web­site. With the aid of the Amazon Asso­ci­ates Pro­gram, we can receive a little remu­ner­a­tion for our work. Of course, every affil­i­ate link to Amazon is related with our theme and shows offers that may interest you.

What data is stored by the Amazon Asso­ci­ates Program?

As soon as you inter­act with the products and ser­vices of Amazon, the com­pany col­lects your data. Amazon dif­fer­en­ti­ates between inform­a­tion you act­ively gave to the busi­ness and inform­a­tion that is col­lec­ted and retained auto­mat­ic­ally. “Act­ive inform­a­tion” include name, email address, tele­phone num­ber, age, pay­ment details or loc­a­tion inform­a­tion. So-called “auto­matic inform­a­tion” are primar­ily saved by cook­ies. This includes inform­a­tion, user beha­viour, IP address, device inform­a­tion (browser type, oper­at­ing sys­tems) or the URL. Moreover, Amazon also saves the click­stream, which is the path (order of pages) you make as a user in order to get to a product. Amazon also stores cook­ies in your browser to retrace the ori­gin of an order. This enables the com­pany to identify if you clicked an Amazon ad or an affil­i­ate link on our website.

If you have an Amazon account and are logged in to it while you surf our web­site, the col­lec­ted data can be alloc­ated to your account. You can pre­vent this by log­ging out of Amazon before surf­ing our website.

In the fol­low­ing we will show you exem­plary cook­ies that are placed in your browser when you click an Amazon link on our website.

Name: uid
Value: 3230928052675285215311826578-9
Pur­pose: This cookie stores a unique user ID and col­lects inform­a­tion on your web­site activ­ity.
Expiry date: after 2 months

Name: ad-id
Value: AyDaIn­R­V1k-Lk59x­Sn­p7h5o
Pur­pose: This cookie is provided by amazon-adsystem.com and serves the com­pany regard­ing vari­ous advert­ising pur­poses.
Expiry date: after 8 months

Name: uuid2
Value: 8965834524520213028311826578-2
Pur­pose: This cookie allows tar­geted and interest-based advert­ising via the AppNexus plat­form. By the IP address it col­lects and retains anonym­ous data on what ads you clicked and which sites you opened.
Expiry date: after 3 months

Name: ses­sion-id
Value: 262-0272718-2582202311826578-1
Pur­pose: This cookie stores a unique user ID that the server assigns to you for the dur­a­tion of a web­site visit (ses­sion). If you visit the site again, the inform­a­tion saved in there gets retrieved again.
Expiry date: after 15 years

Name: APID
Value: UP9801199c-4bee-11ea-931d-02e8e13f0574
Pur­pose: This cookie stores inform­a­tion on how you use a web­site, and on what ads you looked at before your visit to the web­site.
Expiry date: after one year

Name: ses­sion-id-time
Value: tb:s-STNY7ZS65H5335FZEVPE|1581329862486&t:1581329864300&adb:adblk_no
Pur­pose: This cookie records the time you spend on a web­site with a unique cookie ID.
Expiry date: after 2 years

Name: csm-hit
Value: 2082754801l
Pur­pose: We could not find any detailed inform­a­tion on this cookie.
Expiry date: after 15 years

Note: Please note, that this list merely shows examples of cook­ies and does not claim to be exhaustive.

Amazon use the obtained inform­a­tion to bet­ter tailor their advert­ise­ments to their users’ interests.

How long and where is my data stored?

Amazon saves per­sonal data for as long as it is required for both Amazon’s busi­ness ser­vices, and for legal reas­ons. As the company’s headquar­ters are in the USA, any col­lec­ted data is stored on Amer­ican servers.

How can I delete my data or pre­vent data retention?

You always have the right to access your per­sonal data and clear it. If you have an Amazon account, you can man­age or delete many of the col­lec­ted data.

Fur­ther­more, your browser offers another option for man­aging Amazon’s pro­cessing and reten­tion of data accord­ing to your pref­er­ences. There you can man­age, clear or delete cook­ies. This works a little dif­fer­ent on every browser. Here you can find instruc­tions for the most com­mon browsers:

Chrome: Clear, enable and man­age cook­ies in Chrome

Safari: Man­age cook­ies and web­site data in Safari

Fire­fox: Clear cook­ies and site data in Firefox

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge

Legal basis

If you have con­sen­ted to the use of the Amazon Asso­ci­ates Pro­gram, then your con­sent is the the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para. 1 lit. a GDPR (con­sent) , this con­sent rep­res­ents the legal basis for per­sonal data pro­cessing, as may be done when it is col­lec­ted by the Amazon Asso­ci­ates program.

We also have legit­im­ate interest in using the Amazon Asso­ci­ates Pro­gram to optim­ise our online ser­vice and mar­ket­ing meas­ures. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit.f GDPR (legit­im­ate interests). Nev­er­the­less, we only use the Amazon Asso­ci­ates Pro­gram if you have con­sen­ted to it.

Amazon also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Amazon uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Amazon to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we have brought you the most import­ant inform­a­tion about data trans­fer by the Amazon Affil­i­ate Pro­gram. You can find more inform­a­tion on this at https: // www.amazon.de/gp/help/customer/display.html?nodeId=201909010 .

Awin Affil­i­ate Pro­gram Pri­vacy Policy

Awin Affil­i­ate Pro­gram Pri­vacy Policy Overview

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: eco­nomic suc­cess and the ser­vice optim­isa­tion.
📓 Pro­cessed data: Access stat­ist­ics con­tain­ing data such as access loc­a­tion, device data, access dur­a­tion and time, nav­ig­a­tion beha­viour, click beha­viour and IP addresses. Per­sonal data such as name or email address can also be pro­cessed.
📅 Stor­age period: Awin stores the data until the pur­poses have been imple­men­ted and account­ing and report­ing require­ments have been met
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit.f GDPR (legit­im­ate interests)

What is the Awin affil­i­ate program?

We work with the affil­i­ate and advert­ising com­pany AWIN AG (Eich­horn­strasse 3, 10785 Ber­lin, Ger­many). Awin uses track­ing tools to per­form its ser­vices and to be able to save and trace a user action (e.g. the pur­chase of a product). This means that your data will also be sent to the com­pany in pseud­onymised form where it will then be stored. In this pri­vacy policy, we want to explain not only why we use this affil­i­ate pro­gram, but also which of your data is stored, how it is stored and how you can pre­vent this data retention.

Awin is an affil­i­ate mar­ket­ing net­work. Its mem­bers are advert­isers and web­site oper­at­ors who offer an advert­ising plat­form for the products or ser­vices offered. In affil­i­ate mar­ket­ing, web­site oper­at­ors are usu­ally referred to as pub­lish­ers. They place advert­ise­ments for advert­isers on their plat­form (web­site) and receive a com­mis­sion in the event of a click or sale.

Why do we use the Awin affil­i­ate pro­gram on our website?

In addi­tion to our con­tent, products or ser­vices, we also want to provide you with inter­est­ing advert­ise­ments that fit our theme. We also offer our web­site as advert­ising space and the Awin affil­i­ate net­work provides us with many con­tacts to advert­isers. This enables us to place selec­ted advert­ise­ments on our web­site and receive a com­mis­sion for suc­cess­ful trans­ac­tions (leads, sales).

What data is stored by the Awin affil­i­ate program?

Awin needs cer­tain user data to be able to recon­struct the path from us (pub­lisher) to the advert­iser. This means that when you click on an advert­ise­ment on our web­site and land on the advertiser’s web­site, it will be doc­u­mented by cook­ies. Awin also cre­ates a restric­ted user pro­file (without your name and iden­tity), which doc­u­ments the path from an advert­ise­ment to a sale.

In order to trace this path, Awin uses so-called track­ing domain cook­ies, jour­ney tags and device fin­ger­print­ing. The cook­ies are set in your browser when you click on one of the ads on our web­site. The jour­ney tags are integ­rated into the advertiser’s web­site as JavaS­cript code so that Awin can receive trans­ac­tion data. Moreover, fin­ger­print­ing enables Awin to uniquely identify a device by tak­ing browser or device attrib­utes into account. The cook­ies for example store which advert­ising mater­ial was clicked on what web­site and when it was clicked.

Below we will show you a list of exem­plary cook­ies that are set in your browser when you click on an advert­ise­ment on our website.

Name: AWSESS
Value: 360701:2483145311826578-1
Pur­pose: This cookie stores data on when you see or click an advert­ise­ment. This inform­a­tion is then used to avoid show­ing you the same ads over and over again.
Expiry date: after end of the session

Name: aw11354
Value: 512465|0|0|1606813823||aw|24336851897
Pur­pose: This cookie is set as soon as you click on a link that leads to the advert­iser. The ID stores our web address, the ad you clicked, the time, the ad type ID and the product ID.
Expiry date: after 30 days

Name: bId
Value: HLEX_5fc6087ff90540.34189752311826578-8
Pur­pose: This cookie sets a browser-spe­cific ID to identify a new click on the same browser.
Expiry date: after one year

All this data is used only to under­stand a publisher’s mar­ket­ing efforts and sales. Fur­ther­more, the mem­bers of the net­work are provided with an ana­lysis report based on the col­lec­ted data. This data is only ever passed on in sum­mar­ised form, which does not allow any con­clu­sions to be drawn about you as a per­son. Accord­ing to Awin, the col­lec­ted data are not used for users’ interest or per­son­al­ity pro­files. Moreover, for each trans­ac­tion Awin retains an indi­vidual sequence of num­bers that con­tains inform­a­tion about the cam­paign and the devices used. Awin only pro­cesses so-called “pseud­onym­ous” user data, which can­not identify you directly.

How long and where are the data stored?

Accord­ing to Awin, all data is saved until the des­ig­nated pur­poses have been imple­men­ted and the account­ing and report­ing require­ments no longer require it to be stored. There are no details avail­able on the company’s web­site. The data is stored on European serv­ers. Fur­ther­more, since Awin only pro­cesses pseud­onym­ous data, no inform­a­tion can be given about per­sonal data such as IP addresses for example.

How can I erase my data or pre­vent data retention?

Should any of your per­sonal data be col­lec­ted, you of course reserve the right to access and delete them at any time. How­ever, Awin usu­ally only stores pseud­onym­ous data that can­not identify you as a per­son. Nev­er­the­less, data is of course col­lec­ted with cook­ies. If you want to pre­vent this, you have the option of man­aging, deac­tiv­at­ing or delet­ing cook­ies in your browser. This works a little dif­fer­ently for each browser. Below you will find the instruc­tions for the most com­mon browsers:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

Legal basis

If you have agreed to the use of the Awin Part­ner Pro­gram, your con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para. 1 lit. a GDPR (con­sent), this con­sent is the legal basis for per­sonal data pro­cessing, as it may be done when it is col­lec­ted by the Awin Part­ner Program.

We also have legit­im­ate interest in using the Awin Part­ner Pro­gram to optim­ise our online ser­vice and mar­ket­ing meas­ures. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). We only use the Awin Part­ner Pro­gram track­ing tool if you have con­sen­ted to it.

We hope we could provide you with the most import­ant inform­a­tion about Awin and their data pro­cessing. If you would like more inform­a­tion on Awin’s pri­vacy guidelines, we recom­mend you to read their pri­vacy policy at https://www.awin.com/gb/privacy. If you have any ques­tions you can also send an email to global-privacy@awin.com at any time.

Google Ads (Google AdWords) Con­ver­sion Track­ing Pri­vacy Policy Overview

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: eco­nomic suc­cess and ser­vice optim­isa­tion.
📓 Pro­cessed data: Access stat­ist­ics that con­tain data such as access loc­a­tion, device data, access dur­a­tion and time, nav­ig­a­tion beha­viour, click beha­viour and IP addresses. Per­sonal data such as name or email address may also be pro­cessed.
📅 Stor­age period: Con­ver­sion cook­ies usu­ally expire after 30 days and do not trans­mit any per­sonal data
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit.f GDPR (legit­im­ate interests)

What is Google Ads con­ver­sion tracking?

We use Google Ads (pre­vi­ously Google AdWords) as an online mar­ket­ing meas­ure, to advert­ise our products and ser­vices. Thus, we want to draw more people’s atten­tion on the inter­net to the high qual­ity of our offers. As part of our advert­ising meas­ures with Google Ads, we use the con­ver­sion track­ing of Google LLC., 1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, USA (“Google”) on our web­site. With the aid of this free track­ing tool we can tailor our advert­ising offer bet­ter to your interests and needs. In the fol­low­ing art­icle we will explain, why we use con­ver­sion track­ing, what data gets saved and how you can pre­vent this data retention.

Google Ads (pre­vi­ously Google AdWords) is the internal online advert­ising sxstem of the com­pany Google LLC. We are con­vinced of our offer‘s qual­ity and would like as many people as pos­sible to dis­cover our web­site. For this, Google Ads offers the best plat­form within the online envir­on­ment. Of course, we also want to get an over­view of the cost-bene­fit factor of our advert­ising cam­paigns. Thence, we use Google Ads’ con­ver­sion track­ing tool.

But what is a con­ver­sion actu­ally? A con­ver­sion occurs, when you turn from an inter­ested vis­itor into an act­ing web­site vis­itor. This hap­pens every time you click on our ad and then make another action, such as pay­ing a visit to our web­site. With Google’s con­ver­sion track­ing tool, we can under­stand what hap­pens after a user clicks our Google ad. It shows us for instance if products get bought, ser­vices are used or whether users have sub­scribed to our newsletter.

Why do we use Google Ads con­ver­sion track­ing on our website?

We use Google Ads to show our offer also across other web­sites. Our aim is for our advert­ising cam­paigns to reach only those people, who are inter­ested in our offers. With the con­ver­sion track­ing tool, we see what keywords, ads, ad groups and cam­paigns lead to the desired cus­tomer actions. We see how many cus­tom­ers inter­act with our ads on a device, to then con­vert. With this data we can cal­cu­late our cost-bene­fit-factor, meas­ure the suc­cess of indi­vidual ad cam­paigns and there­fore optim­ise our online mar­ket­ing meas­ures. With the help of the obtained data we can give our web­site a more inter­est­ing design and cus­tom­ise our advert­ising offer bet­ter to your needs.

What data is stored with Google Ads con­ver­sion tracking?

For a bet­ter ana­lysis of cer­tain user actions, we have integ­rated a con­ver­sion track­ing tag, or code snip­pet to our web­site. There­fore, if you click one of our Google ads, a Google domain stores the cookie “con­ver­sion” on your com­puter (usu­ally in the browser) or on your mobile device. Cook­ies are little text files that save inform­a­tion on your computer.

Here are data of the most sig­ni­fic­ant cook­ies for Google’s con­ver­sion tracking:

Name: Con­ver­sion
Value: EhMI_aySuoyv4­gIVled3Ch0ll­weVGAEgt-mr6aXd7dYlSAGQ311826578-3
Pur­pose: This cookie saves every con­ver­sion you make on our web­site after you came to us via a Google ad.
Expiry date: after 3 months

Name: _gac
Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE
Pur­pose: This is a clas­sic Google Ana­lyt­ics Cookie that records vari­ous actions on our web­site.
Expiry date: after 3 months

Note: The cookie _gac only appears in con­nec­tion with Google Ana­lyt­ics. The above list does not claim to be exhaust­ive, as Google repeatedly change the cook­ies they use for ana­lyt­ical evaluation.

As soon as you com­plete an action on our web­site, Google iden­ti­fies the cookie and saves your action as a so-called con­ver­sion. For as long as you surf our web­site, provided the cookie has not expired, both Google and us can determ­ine that you found your way to us via a Google ad. Then, the cookie is read and sent back to Google Ads, together with the con­ver­sion data. Moreover, other cook­ies may also be used for meas­ur­ing con­ver­sions. Google Ads‘ con­ver­sion track­ing can be fine-tuned and improved with the aid of Google Ana­lyt­ics. Fur­ther­more, ads which Google dis­plays in vari­ous places across the web, might be placed under our domain with the name “__gads” or “_gac”.
Since Septem­ber 2017, analytics.js retains vari­ous cam­paign inform­a­tion with the _gac cookie. This cookie stores data, as soon as you open one of our sites that has been set up for Google Ads’ auto-tag­ging. In con­trast to cook­ies that are placed for Google domains, Google can only read these con­ver­sion cook­ies when you are on our web­site. We do neither col­lect nor receive any per­sonal data. We do obtain a report with stat­ist­ical eval­u­ations by Google. With the help thereof, we can not only see the total num­ber of users who clicked our ad, but also what advert­ising meas­ures were well received.

How long and where is the data stored?

At this point we want to reit­er­ate, that we have no influ­ence on how Google use the col­lec­ted data. Accord­ing to Google, the data are encryp­ted and stored on a secure server. In most cases, con­ver­sion cook­ies expire after 30 days, and do not trans­mit any per­son­al­ised data. The cook­ies named “con­ver­sion“ and “_gac“ (which is used with Google Ana­lyt­ics) have an expiry date of 3 months.

How can I erase my data or pre­vent data retention?

You have the pos­sib­il­ity to opt out of Google Ads’ con­ver­sion track­ing. The con­ver­sion track­ing can be blocked by deac­tiv­at­ing the con­ver­sion track­ing cookie via your browser. If you do this, you will not be con­sidered for the stat­istic of the track­ing tool. You can change the cookie set­tings in your browser any­time. Doing so, works a little dif­fer­ent in every browser. Hence, in the fol­low­ing you will find an instruc­tion on how to man­age cook­ies in your browser:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

If you gen­er­ally do not want to allow any cook­ies at all, you can set up your browser to notify you whenever a poten­tial cookie is about to be set. This lets you decide upon per­mit­ting or deny­ing the cookie’s place­ment. By down­load­ing and installing the browser plu­gin at https://support.google.com/ads/answer/7395996 you can also deac­tiv­ate all “advert­ising cook­ies”. Please con­sider that by deac­tiv­at­ing these cook­ies, you can­not pre­vent all advert­ise­ments, only per­son­al­ised ads.

Legal basis

If you have con­sen­ted to the use of Google Ads Con­ver­sion Track­ing, your con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para. 1 lit. a GDPR (con­sent), this con­sent is the legal basis for per­sonal data pro­cessing, as may be done when col­lec­ted by Google Ads Con­ver­sion Tracking.

We also have legit­im­ate interest in using Google Ads Con­ver­sion Track­ing to optim­ise our online ser­vice and mar­ket­ing meas­ures. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). Nev­er­the­less, we only use Google Ads Con­ver­sion Track­ing if you have con­sen­ted to it.

Google also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Google uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Google to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

If you would like to find out more about data pro­tec­tion at Google, we recom­mend Google’s pri­vacy policy at: https://policies.google.com/privacy?hl=en-GB.

Con­tent Deliv­ery Networks

Con­tent Deliv­ery Net­works Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: Ser­vice per­form­ance optim­isa­tion (to increase web­site load­ing speeds)
📓 Pro­cessed data: data such as your IP address
You can find more details on this below as well as in the indi­vidual Pri­vacy Policies.
📅 Stor­age period: most data is stored until it is no longer needed for the pro­vi­sion of the ser­vice.
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is a Con­tent Deliv­ery Network?

On our web­site we use a so-called con­tent deliv­ery net­work or CDN. This helps to load our web­site quickly and eas­ily, regard­less of your loc­a­tion. Moreover, your per­sonal data will also be stored, man­aged and pro­cessed on the respect­ive CDN provider’s serv­ers. In the fol­low­ing, we will go into more gen­eral detail on this ser­vice and the data pro­cessing asso­ci­ated with it. You can find detailed inform­a­tion on how your data is handled in the provider’s Pri­vacy Policy.

Each con­tent deliv­ery net­work (CDN) is a net­work of region­ally dis­trib­uted serv­ers that are con­nec­ted to each other via the inter­net. Through this net­work, web­site con­tent (espe­cially very large files) can be delivered quickly and smoothly, even when large load­ing peaks occur. To make this pos­sible, CDNs cre­ate a copy of our web­site on their serv­ers. The web­site can be delivered quickly because these serv­ers are dis­trib­uted all around the world. Any data trans­fer to your browser is there­fore sig­ni­fic­antly shortened by the CDN.

Why do we use a Con­tent Deliv­ery Net­work for our website?

A fast load­ing web­site is part of our ser­vice. Of course, we know how annoy­ing it is when a web­site loads at a snail’s pace. Most of the time, you lose your patience and click away before the web­site is fully loaded. But of course we want to avoid that. There­fore, to us a fast load­ing web­site is an oblig­at­ory part of our web­site offer. With the use of a con­tent deliv­ery net­work, our web­site loads sig­ni­fic­antly faster in your browser. Fur­ther­more, CDNs are par­tic­u­larly help­ful when you are abroad, as the web­site is always delivered from a server in your area.

Which data are processed?

If you access a web­site or its con­tent and it gets cached in a CDN, the CDN for­wards the request to the server closest to you which then deliv­ers the con­tent. Con­tent deliv­ery net­works are built in a way that JavaS­cript lib­rar­ies can be down­loaded and hos­ted on npm and Git­hub serv­ers. Altern­at­ively, Word­Press plu­gins can also be loaded on most CDNs, provided they are hos­ted on WordPress.org. Moreover, your browser can send per­sonal data to the con­tent deliv­ery net­work we use. This includes data such as IP addresses, browser type, browser ver­sion, the accessed web­site or the time and date of the page visit. This data is col­lec­ted and stored by the CDN. Whether cook­ies are used for data stor­age depends on the net­work that is being used. For more inform­a­tion on this, please read the Pri­vacy Policy of the respect­ive service.

Right to object

If you want to pre­vent this data trans­fer alto­gether, you can use a JavaS­cript blocker (see for example https://noscript.net/) on your com­puter. How­ever, our web­site can then of course no longer offer its usual ser­vice (such as a fast load­ing speeds).

Legal basis

If you have con­sen­ted to the use of a con­tent deliv­ery net­work, your con­sent rep­res­ents the the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para­graph 1 lit. a (con­sent) your con­sent rep­res­ents the legal basis for the pro­cessing of per­sonal data, as it can occur when col­lec­ted by a con­tent deliv­ery network.

We also have a legit­im­ate interest in using a con­tent deliv­ery net­work to optim­ise our online ser­vice and make it more secure. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). Nev­er­the­less, we only use the tool if you have con­sen­ted to it.

Provided this inform­a­tion is avail­able, you can find out more about the par­tic­u­lar con­tent deliv­ery net­works in the fol­low­ing sections.

Cookie Con­sent Man­age­ment Plat­form Overview

👥 Affected parties: Web­site vis­it­ors
🤝 Pur­pose: Obtain­ing and man­aging con­sent to cer­tain cook­ies and thus the use of cer­tain tools
📓 Pro­cessed data: data for man­aging cookie set­tings such as IP address, time of con­sent, type of con­sent and indi­vidual con­sent. You can find more details on this dir­ectly with the tool that is being used.
📅 Stor­age period: depends on the tool used, peri­ods of sev­eral years can be assumed
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is a cookie con­sent man­age­ment platform?

We use a Con­sent Man­age­ment Plat­form (CMP) soft­ware on our web­site that makes it easier for us and you to handle the scripts and cook­ies used cor­rectly and securely. The soft­ware auto­mat­ic­ally cre­ates a cookie pop-up, scans and con­trols all scripts and cook­ies, provides you with the cookie con­sent required under data pro­tec­tion law and helps you and us to keep track of all cook­ies. Most cookie con­sent man­age­ment tools identify and cat­egor­ize all exist­ing cook­ies. As a web­site vis­itor, you then decide for your­self whether and which scripts and cook­ies you allow or not. The fol­low­ing graphic shows the rela­tion­ship between browser, web server and CMP.

Consent Management Platform overview

Why do we use a cookie man­age­ment tool?

Our goal is to offer you the best pos­sible trans­par­ency in the area of ​​data pro­tec­tion. We are also leg­ally obliged to do so. We want to inform you as well as pos­sible about all tools and all cook­ies that can save and pro­cess your data. It is also your right to decide for your­self which cook­ies you accept and which you do not. In order to grant you this right, we first need to know exactly which cook­ies actu­ally landed on our web­site. Thanks to a cookie man­age­ment tool, which reg­u­larly scans the web­site for all cook­ies present, we know about all cook­ies and can provide you with GDPR-com­pli­ant inform­a­tion. You can then use the con­sent sys­tem to accept or reject cookies.

Which data are processed?

As part of our cookie man­age­ment tool, you can man­age each indi­vidual cookie your­self and have com­plete con­trol over the stor­age and pro­cessing of your data. The declar­a­tion of your con­sent is stored so that we do not have to ask you every time you visit our web­site and we can also prove your con­sent if required by law. This is saved either in an opt-in cookie or on a server. The stor­age time of your cookie con­sent var­ies depend­ing on the pro­vider of the cookie man­age­ment tool. Usu­ally this data (e.g. pseud­onym­ous user ID, time of con­sent, detailed inform­a­tion on the cookie cat­egor­ies or tools, browser, device inform­a­tion) is stored for up to two years.

Dur­a­tion of data processing

We will inform you below about the dur­a­tion of the data pro­cessing if we have fur­ther inform­a­tion. In gen­eral, we only pro­cess per­sonal data for as long as is abso­lutely neces­sary for the pro­vi­sion of our ser­vices and products. Data stored in cook­ies are stored for dif­fer­ent lengths of time. Some cook­ies are deleted after you leave the web­site, oth­ers may be stored in your browser for a few years. The exact dur­a­tion of the data pro­cessing depends on the tool used, in most cases you should be pre­pared for a stor­age period of sev­eral years. In the respect­ive data pro­tec­tion declar­a­tions of the indi­vidual pro­viders, you will usu­ally receive pre­cise inform­a­tion about the dur­a­tion of the data processing.

Right of objection

You also have the right and the option to revoke your con­sent to the use of cook­ies at any time. This works either via our cookie man­age­ment tool or via other opt-out func­tions. For example, you can also pre­vent data col­lec­tion by cook­ies by man­aging, deac­tiv­at­ing or delet­ing cook­ies in your browser.

Inform­a­tion on spe­cial cookie man­age­ment tools can be found – if avail­able – in the fol­low­ing sections.

Legal basis

If you agree to cook­ies, your per­sonal data will be pro­cessed and stored via these cook­ies. If we are allowed to use cook­ies with your con­sent (Art­icle 6 para­graph 1 lit. a GDPR), this con­sent is also the legal basis for the use of cook­ies and the pro­cessing of your data. In order to be able to man­age the con­sent to cook­ies and to enable you to give your con­sent, a cookie con­sent man­age­ment plat­form soft­ware is used. The use of this soft­ware enables us to oper­ate the web­site in an effi­cient and leg­ally com­pli­ant man­ner, which is a legit­im­ate interest (Art­icle 6 para­graph 1 lit. f GDPR).

Pay­ment providers

Pay­ment Pro­viders Pri­vacy Policy Overview

👥 Affected parties: vis­it­ors to the web­site
🤝 Pur­pose: To enable and optim­ise the pay­ment pro­cess on our web­site
📓 Pro­cessed data: data such as name, address, bank details (account num­ber, credit card num­ber, pass­words, TANs, etc.), IP address and con­tract data
You can find more details on this dir­ectly from the pay­ment pro­vider tool that is being used.
📅 Stor­age period: depend­ing on the pay­ment pro­vider that is being used
⚖️ Legal basis: Art. 6 para­graph 1 lit. b GDPR (per­form­ance of a contract)

What is a pay­ment provider?

On our web­site we use online pay­ment sys­tems, which enable us as well as you to have a secure and smooth pay­ment pro­cess avail­able. Among other things, per­sonal data may also be sent to the respect­ive pay­ment pro­vider, where it may also be stored and pro­cessed. Pay­ment pro­viders are online pay­ment sys­tems that enable you to place an order via online bank­ing. The pay­ment pro­cessing is car­ried out by the pay­ment pro­vider of your choice. We will then receive inform­a­tion about the pay­ment. This method can be used by any user who has an act­ive online bank­ing account with a PIN and TAN. There are hardly any banks that do not offer or accept such pay­ment methods.

Why do we use pay­ment pro­viders on our website?

With both our web­site and our embed­ded online shop, we of course want to offer you the best pos­sible ser­vice, so you can feel com­fort­able on our site and take advant­age of our offers. We know that your time is valu­able and that pay­ment pro­cessing in par­tic­u­lar has to work quickly and smoothly. Thus, we offer vari­ous pay­ment pro­viders. You can choose your pre­ferred pay­ment pro­vider and pay in the usual way.

Which data are processed?

What exact data that is pro­cessed of course depends on the respect­ive pay­ment pro­vider. How­ever, gen­er­ally data such as name, address, bank details (account num­ber, credit card num­ber, pass­words, TANs, etc.) do get stored. This data is neces­sary for car­ry­ing out any trans­ac­tions. In addi­tion, any con­tract data and user data, such as when you have vis­ited our web­site, what con­tent you are inter­ested in or which sub-pages you have clicked, may also be stored. Most pay­ment pro­viders also store your IP address and inform­a­tion about the com­puter you are using.

Your data is usu­ally stored and pro­cessed on the pay­ment pro­viders’ serv­ers. We, so the web­site oper­ator, do not receive this data. We only get inform­a­tion on whether the pay­ment has gone through or not. For iden­tity and credit checks, it may hap­pen for pay­ment pro­viders to for­ward data to the appro­pri­ate body. The busi­ness and pri­vacy policy prin­ciples of the respect­ive pro­vider always apply to all pay­ment trans­ac­tions. There­fore, please always take a look at the gen­eral terms and con­di­tions and the pri­vacy policy of the pay­ment pro­vider. You e.g. also have the right to have data erased or rec­ti­fied at any time. Please con­tact the respect­ive ser­vice pro­vider regard­ing your rights (right to with­draw, right of access and indi­vidual rights).

Dur­a­tion of data processing 

Provided we have fur­ther inform­a­tion on this, we will inform you below about the dur­a­tion of the pro­cessing of your data. In gen­eral, we only pro­cess per­sonal data for as long as is abso­lutely neces­sary for provid­ing our ser­vices and products. This stor­age period may be exceeded how­ever, if it is required by law, for example for account­ing pur­poses. We keep any account­ing doc­u­ments of con­tracts (invoices, con­tract doc­u­ments, account state­ments, etc.) for 10 years (Sec­tion 147 AO) and other rel­ev­ant busi­ness doc­u­ments for 6 years (Sec­tion 247 HGB).

Right to object

You always have the right to inform­a­tion, rec­ti­fic­a­tion and eras­ure of your per­sonal data. If you have any ques­tions, you can always con­tact the per­son that is respons­ible for the respect­ive pay­ment pro­vider. You can find con­tact details for them either in our respect­ive pri­vacy policy or on the rel­ev­ant pay­ment provider’s website.

You can erase, deac­tiv­ate or man­age cook­ies in your browser, that pay­ment pro­viders use for their func­tions. How this works dif­fers a little depend­ing on which browser you are using. Please note, how­ever, that the pay­ment pro­cess may then no longer work.

Legal basis

For the pro­cessing of con­trac­tual or legal rela­tion­ships (Art. 6 para. 1 lit. b GDPR), we offer other pay­ment ser­vice pro­viders in addi­tion to the con­ven­tional banking/credit insti­tu­tions. In the pri­vacy policy of the indi­vidual pay­ment pro­viders (such as Amazon Pay­ments, Apple Pay or Dis­cover) you will find a detailed over­view of data pro­cessing and data stor­age. In addi­tion, you can always con­tact the respons­ible parties should you have any ques­tions about data pro­tec­tion issues.

Provided it is avail­able, you can find inform­a­tion on the spe­cial pay­ment pro­viders in the fol­low­ing sections.

PayPal Pri­vacy Policy

On our web­site we use the online pay­ment ser­vice PayPal. The pro­vider of this ser­vice is the Amer­ican com­pany PayPal Inc. The respons­ible entity for the European region is the com­pany PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

PayPal also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

PayPal uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige PayPal to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find out more about the data pro­cessed by using PayPal in the Pri­vacy Policy at https://https://www.paypal.com/webapps/mpp/ua/privacy-full.

Stripe Pri­vacy Policy

Stripe Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: optim­ising the pay­ment pro­cess on our web­site
📓 Pro­cessed data: data such as name, address, bank details (account num­ber, credit card num­ber, pass­words, TANs, etc.), IP address and con­tract data
You can find more details on this in the pri­vacy policy below
📅 Stor­age period: data is stored until the col­lab­or­a­tion with Stripe is ter­min­ated
⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (con­tract pro­cessing), Art. 6 para. 1 lit. a GDPR (con­sent)

What is Stripe?

On our web­site we use a pay­ment tool by Stripe, an Amer­ican tech­no­logy com­pany and online pay­ment ser­vice. Stripe Pay­ments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dub­lin, Ire­land) is respons­ible for cus­tom­ers within the EU. There­fore, if you choose Stripe as your pay­ment method, your pay­ment will be pro­cessed via Stripe Pay­ments. Hence, the data required for the pay­ment pro­cess is for­war­ded to Stripe where it is then stored. In this pri­vacy policy we will give you an over­view of Stripe’s data pro­cessing and reten­tion. Moreover, we will explain why we use Stripe on our website.

The tech­no­logy com­pany Stripe offers pay­ment solu­tions for online pay­ments. Stripe enables us to accept credit and debit card pay­ments in our web­shop while it handles the entire pay­ment pro­cess. A major advant­age of Stripe is that you never have to leave our web­site or shop dur­ing the pay­ment pro­cess. Moreover, pay­ments are pro­cessed very quickly via Stripe.

Why do we use Stripe on our website?

We of course want to offer the best pos­sible ser­vice with both our web­site and our integ­rated online shop. After all, we would like you to feel com­fort­able on our site and take advant­age of our offers. We know that your time is valu­able and there­fore, pay­ment pro­cessing in par­tic­u­lar must work quickly and smoothly. In addi­tion to our other pay­ment pro­viders, with Stripe we have found a part­ner that guar­an­tees secure and fast pay­ment processing.

What data are stored by Stripe?

If you choose Stripe as your pay­ment method, your per­sonal data (trans­ac­tion data) will be trans­mit­ted to Stripe where it will be stored. These data include the pay­ment method (i.e. credit card, debit card or account num­ber), bank sort code, cur­rency, as well as the amount and the pay­ment date. Dur­ing a trans­ac­tion, your name, email address, billing or ship­ping address and some­times your trans­ac­tion his­tory may also be trans­mit­ted. These data are neces­sary for authen­tic­a­tion. Fur­ther­more, Stripe may also col­lect rel­ev­ant data for the pur­pose of fraud pre­ven­tion, fin­an­cial report­ing and for provid­ing its ser­vices in full. These data may include your name, address, tele­phone num­ber as well as your coun­try in addi­tion to tech­nical data about your device (such as your IP address).

Stripe does not sell any of your data to inde­pend­ent third parties, such as mar­ket­ing agen­cies or other com­pan­ies that have noth­ing to do with Stripe. How­ever, data may be for­war­ded to internal depart­ments, a lim­ited num­ber of Stripe’s external part­ners or for legal com­pli­ance reas­ons. What is more, Stripe uses cook­ies to col­lect data. Here is a selec­tion of cook­ies that Stripe may set dur­ing the pay­ment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456311826578-5
Pur­pose: This cookie appears when you select your pay­ment method. It saves and recog­nises whether you are access­ing our web­site via a PC, tab­let or smart­phone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9311826578-1
Pur­pose: This cookie is required for car­ry­ing out credit card trans­ac­tions. For this pur­pose, the cookie stores your ses­sion ID.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Pur­pose: This cookie also stores your ID. Stripe uses it for the pay­ment pro­cess on our web­site.
Expiry date: after end of the session

How long and where are the data stored?

Gen­er­ally, per­sonal data are stored for the dur­a­tion of the provided ser­vice. This means that the data will be stored until we ter­min­ate our cooper­a­tion with Stripe. How­ever, in order to meet legal and offi­cial oblig­a­tions, Stripe may also store per­sonal data for longer than the dur­a­tion of the provided ser­vice. Fur­ther­more, since Stripe is a global com­pany, your data may be stored in any of the coun­tries Stripe offers its ser­vices in. There­fore, your data may be stored out­side your coun­try, such as in the USA for example.

How can I erase my data or pre­vent data retention?

Please note that when you use this tool, your data may also be stored and pro­cessed out­side the EU. Most third coun­tries (includ­ing the USA) are not con­sidered secure under cur­rent European data pro­tec­tion law. Data must not simply be trans­ferred to, as well as stored and pro­cessed in insec­ure third coun­tries, unless there are suit­able guar­an­tees (such as EU stand­ard con­trac­tual clauses) between us and the respect­ive non-European ser­vice provider.

You always reserve the right to inform­a­tion, cor­rec­tion and dele­tion of your per­sonal data. Should you have any ques­tions, you can con­tact the Stripe team at https://support.stripe.com/contact/email.

You can erase, deac­tiv­ate or man­age cook­ies in your browser that Stripe uses for its func­tions. This works dif­fer­ently depend­ing on which browser you are using. Please note, how­ever, that if you do so the pay­ment pro­cess may no longer work. The fol­low­ing instruc­tions will show you how to man­age cook­ies in your browser:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

Legal basis

For the pro­cessing of con­trac­tual or legal rela­tion­ships (Art. 6 para. 1 lit. b GDPR), we  offer the pay­ment ser­vice pro­vider Sofortüber­weisung in addi­tion to the con­ven­tional bank/credit insti­tu­tions. Suc­cess­ful use of the ser­vice also requires your con­sent (Art. 6 para. 1 lit. a GDPR), provided the use of cook­ies is neces­sary for it.

Stripe also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Stripe uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Stripe to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have now given you a gen­eral over­view of Stripe’s data pro­cessing and reten­tion. If you want more inform­a­tion, Stripe’s detailed pri­vacy policy at https://stripe.com/at/privacy is a good source.

 

Face­book Pri­vacy Policy

Face­book Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice optim­isa­tion
📓 Pro­cessed data: data such as cus­tomer data, data on user beha­viour, device inform­a­tion and IP address.
You can find more details in the Pri­vacy Policy below.
📅 Stor­age period: until the data no longer serves Facebook’s pur­poses
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What are Face­book tools?

We use selec­ted Face­book tools on our web­site. Face­book is a social media net­work of the com­pany Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dub­lin 2 Ire­land. With the aid of this tool we can provide the best pos­sible offers to you and any­one inter­ested in our products and services.

If your data is col­lec­ted and for­war­ded via our embed­ded Face­book ele­ments or via our Face­book page (fan­page), both we and Face­book Ire­land Ltd. are respons­ible for this. How­ever, should any fur­ther pro­cessing occur, then Face­book is solely respons­ible for this data. Our joint com­mit­ments were also set out in a pub­licly avail­able agree­ment at https://www.facebook. com / legal / controller_addendum . It e.g. states that we must clearly inform you about the use of Face­book tools on our web­site. We are also respons­ible for ensur­ing that the tools are securely integ­rated into our web­site and are in accord­ance with the applic­able pri­vacy laws. Face­book, on the other hand, is e.g. respons­ible for the data secur­ity of Facebook’s products. If you have any ques­tions about Facebook’s data col­lec­tion and pro­cessing, you can con­tact the com­pany dir­ectly. Should you dir­ect the ques­tion to us, we are obliged to for­ward it to Facebook.

In the fol­low­ing we will give you an over­view on the dif­fer­ent Face­book tools, as well as on what data is sent to Face­book and how you can erase this data.

Along with many other products, Face­book also offers so called “Face­book Busi­ness Tools”. This is Facebook’s offi­cial name for its tools, but it is not very com­mon. There­fore, we decided to merely call them “Face­book tools”. They include the following:

  • Face­book-Pixel
  • Social Plu­gins (e.g. the “Like” or “Share“ button)
  • Face­book Login
  • Account Kit
  • APIs (applic­a­tion pro­gram­ming interface)
  • SDKs (Soft­wart devel­op­mept kits)
  • Platt­form-integ­ra­tions
  • Plu­gins
  • Codes
  • Spe­cific­a­tions
  • Doc­u­ment­a­tions
  • Tech­no­lo­gies and Services

With these tools Face­book can extend its ser­vices and is able to receive inform­a­tion on user activ­it­ies out­side of Facebook.

Why do we use Face­book tools on our website?

We only want to show our ser­vices and products to people who are genu­inely inter­ested in them. With the help of advert­ise­ments (Face­book Ads) we can reach exactly these people. How­ever, to be able to show suit­able adverts to users, Face­book requires addi­tional inform­a­tion on people’s needs and wishes. There­fore, inform­a­tion on the user beha­viour (and con­tact details) on our web­site, are provided to Face­book. Con­sequently, Face­book can col­lect bet­ter user data and is able to dis­play suit­able adverts for our products or ser­vices. Thanks to the tools it is pos­sible to cre­ate tar­geted, cus­tom­ised ad cam­paigns of Facebook.

Face­book calls data about your beha­viour on our web­site “event data” and uses them for ana­lyt­ics ser­vices. That way, Face­book can cre­ate “cam­paign reports” about our ad cam­paigns’ effect­ive­ness on our behalf. Moreover, by ana­lyses we can get a bet­ter insight in how you use our ser­vices, our web­site or our products. There­fore, some of these tools help us optim­ise your user exper­i­ence on our web­site. With the social plu­gins for instance, you can share our site’s con­tents dir­ectly on Facebook.

What data is stored by Face­book tools?

With the use of Face­book tools, per­sonal data (cus­tomer data) may be sent to Face­book. Depend­ing on the tools used, cus­tomer data such as name, address, tele­phone num­ber and IP address may be transmitted.

Face­book uses this inform­a­tion to match the data with the data it has on you (if you are a Face­book mem­ber). How­ever, before the cus­tomer data is trans­ferred to Face­book, a so called “Hash­ing” takes place. This means, that a data record of any size is trans­formed into a string of char­ac­ters, which also has the pur­pose of encrypt­ing data.

Moreover, not only con­tact data, but also “event data“ is trans­ferred. These data are the inform­a­tion we receive about you on our web­site. To give an example, it allows us to see what sub­pages you visit or what products you buy from us. Face­book does not dis­close the obtained inform­a­tion to third parties (such as advert­isers), unless the com­pany has an expli­cit per­mis­sion or is leg­ally obliged to do so. Also, “event data“ can be linked to con­tact inform­a­tion, which helps Face­book to offer improved, cus­tom­ised adverts. Finally, after the pre­vi­ously men­tioned match­ing pro­cess, Face­book deletes the con­tact data.

To deliver optim­ised advert­ise­ments, Face­book only uses event data, if they have been com­bined with other data (that have been col­lec­ted by Face­book in other ways). Face­book also uses event data for the pur­poses of secur­ity, pro­tec­tion, devel­op­ment and research. Many of these data are trans­mit­ted to Face­book via cook­ies. Cook­ies are little text files, that are used for stor­ing data or inform­a­tion in browsers. Depend­ing on the tools used, and on whether you are a Face­book mem­ber, a dif­fer­ent num­ber of cook­ies are placed in your browser. In the descrip­tions of the indi­vidual Face­book tools we will go into more detail on Face­book cook­ies. You can also find gen­eral inform­a­tion about the use of Face­book cook­ies at https://www.facebook.com/policies/cookies.

How long and where are the data stored?

Face­book fun­da­ment­ally stores data, until they are no longer of use for their own ser­vices and products. Face­book has serv­ers for stor­ing their data all around the world. How­ever, cus­tomer data is cleared within 48 hours after they have been matched with their own user data.

How can I erase my data or pre­vent data retention?

In accord­ance with the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) you have the right of inform­a­tion, rec­ti­fic­a­tion, trans­fer and dele­tion of your data.

The col­lec­ted data is only fully deleted, when you delete your entire Face­book account. Delet­ing your Face­book account works as follows:

1) Click on set­tings in the top right side in Facebook.

2) Then, click “Your Face­book inform­a­tion“ in the left column.

3) Now click on “Deac­tiv­a­tion and deletion”.

4) Choose “Per­man­ently delete account“ and then click on “Con­tinue to account deletion“.

5) Enter your pass­word, click on “con­tinue“ and then on “Delete account“.

The reten­tion of data Face­book receives via our site is done via cook­ies (e.g. with social plu­gins), among oth­ers. You can deac­tiv­ate, clear or man­age both all and indi­vidual cook­ies in your browser. How this can be done dif­fers depend­ing on the browser you use. The fol­low­ing instruc­tions show, how to man­age cook­ies in your browser:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

If you gen­er­ally do not want to allow any cook­ies at all, you can set up your browser to notify you whenever a cookie is about to be set. This gives you the oppor­tun­ity to decide upon the per­mis­sion or dele­tion of every single cookie.

Legal basis

If you have con­sen­ted to your data being pro­cessed and stored by integ­rated Face­book tools, this con­sent is the legal basis for data pro­cessing (Art. 6 para. 1 lit. a GDPR). Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 para. 1 lit. f GDPR) to main­tain fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. Nev­er­the­less, we only use these tools if you have given your con­sent. Most social media plat­forms also set cook­ies on your browser to store data. We there­fore recom­mend you to read our pri­vacy policy about cook­ies care­fully and to take a look at the pri­vacy policy or Facebook’s cookie policy.

Face­book also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Face­book uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Face­book to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could give you an under­stand­ing of the most import­ant inform­a­tion about the use of Face­book tools and data pro­cessing. If you want to find out more on how Face­book use your data, we recom­mend read­ing the data policies at https://www.facebook.com/about/privacy/update.

Face­book Login Pri­vacy Policy

We integ­rated the con­veni­ent Face­book Login to our web­site. With it, you can eas­ily log into our site with your Face­book account, without hav­ing to cre­ate a new user account. If you decide to register via the Face­book Login, you will be redir­ec­ted to the social media net­work Face­book. There, you can log in with your Face­book user data. By using this method to log in, data on you and your user beha­viour is stored and trans­mit­ted to Facebook.

To save the data, Face­book uses vari­ous cook­ies. In the fol­low­ing we will show you the most sig­ni­fic­ant cook­ies that are placed in your browser or that already exist when you log into our site via the Face­book Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Pur­pose: This cookie is used to make the social plu­gin func­tion optim­ally on our web­site.
Expiry date: after 3 months

Name: datr
Value: 4Jh7XUA2311826578SEmPsSfzCOO4JFFl
Pur­pose: Face­book sets the “datr” cookie, when a web browser accesses facebook.com. The cookie helps to identify login activ­it­ies and pro­tect users.
Expiry date: after 2 years

Name: _js_datr
Value: deleted
Pur­pose: Face­book sets this ses­sion cookie for track­ing pur­poses, even if you do not have a Face­book account or are logged out.
Expiry date: after the end of the session

Note: The cook­ies we stated are only a small range of the cook­ies which are avail­able to Face­book. Other cook­ies include for example _ fbp, sb or wd. It is not pos­sible to dis­close an exhaust­ive list, since Face­book have a mul­ti­tude of cook­ies at their dis­posal which they use in variation.

On the one hand, Face­book Login enables a fast and easy regis­tra­tion pro­cess. On the other hand, it gives us the oppor­tun­ity to share data with Face­book. In turn, we can cus­tom­ise our offer and advert­ising cam­paigns bet­ter to your needs and interests. The data we receive from Face­book by this means, is pub­lic data such as

  • your Face­book name
  • your pro­file picture
  • your stored email address
  • friends lists
  • but­ton clicks (e.g. “Like“ button)
  • date of birth
  • lan­guage
  • place of residence

In return, we provide Face­book with inform­a­tion about your activ­it­ies on our web­site. These include inform­a­tion on the ter­minal device you used, which of our sub­pages you visit, or what products you have bought from us.

By using Face­book Login, you agree to the data pro­cessing. You can ter­min­ate this agree­ment any­time. If you want to learn more about Facebook’s data pro­cessing, we recom­mend you to read Facebook’s Data Policy at https://www.facebook.com/policy.php.

If you are registered with Face­book, you can change your advert­ise­ment set­tings any­time at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

Ins­tagram Pri­vacy Policy

Ins­tagram Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: optim­ising our ser­vice
📓 Pro­cessed data: includes data on user beha­viour, inform­a­tion about your device and IP address.
More details can be found in the pri­vacy policy below.
📅 Stor­age period: until Ins­tagram no longer needs the data for its pur­poses
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Instagram?

We have integ­rated func­tions of Ins­tagram to our web­site. Ins­tagram is a social media plat­form of the com­pany Ins­tagram LLC, 1601 Wil­low Rd, Menlo Park CA 94025, USA. Since 2012, Ins­tagram is a sub­si­di­ary com­pany of Face­book Inc. and is a part of Facebook’s products. The inclu­sion of Instagram’s con­tents on our web­site is called embed­ding. With this, we can show you Ins­tagram con­tents such as but­tons, pho­tos or videos dir­ectly on our web­site. If you open web­sites of our online pres­ence, that have an integ­rated Ins­tagram func­tion, data gets trans­mit­ted to, as well as stored and pro­cessed by Ins­tagram. Ins­tagram uses the same sys­tems and tech­no­lo­gies as Face­book. There­fore, your data will be pro­cessed across all Face­book firms.

In the fol­low­ing, we want to give you a more detailed insight on why Ins­tagram col­lects data, what data these are and how you can con­trol data pro­cessing. As Ins­tagram belongs to Face­book Inc., we have, on the one hand received this inform­a­tion from the Ins­tagram guidelines, and on the other hand from Facebook’s Data Policy.

Ins­tagram is one of the most fam­ous social media net­works world­wide. Ins­tagram com­bines the bene­fits of a blog with the bene­fits of audio-visual plat­forms such as You­Tube or Vimeo. To “Insta“ (how the plat­form is cas­u­ally called by many users) you can upload pho­tos and short videos, edit them with dif­fer­ent fil­ters and also share them to other social net­works. Also, if you do not want to be act­ive on Ins­tagram your­self, you can just fol­low other inter­est­ing users.

Why do we use Ins­tagram on our website?

Ins­tagram is a social media plat­form whose suc­cess has skyrock­eted within recent years. Nat­ur­ally, we have also reacted to this boom. We want you to feel as com­fort­able as pos­sible on our web­site. There­fore, we attach great import­ance to diver­si­fied con­tents. With the embed­ded Ins­tagram fea­tures we can enrich our con­tent with help­ful, funny or excit­ing Ins­tagram con­tents. Since Ins­tagram is a sub­si­di­ary com­pany of Face­book, the col­lec­ted data can also serve us for cus­tom­ised advert­ising on Face­book. Hence, only per­sons who are genu­inely inter­ested in our products or ser­vices can see our ads.

Ins­tagram also uses the col­lec­ted data for track­ing and ana­lysis pur­poses. We receive sum­mar­ised stat­ist­ics and there­fore more insight to your wishes and interests. It is import­ant to men­tion that these reports do not identify you personally.

What data is stored by Instagram?

Whenever you land on one of our sites, which have Ins­tagram func­tions (i.e. Ins­tagram pho­tos or plu­gins) integ­rated to them, your browser auto­mat­ic­ally con­nects with Instagram’s serv­ers. Thereby, data is sent to, as well as saved and pro­cessed by Ins­tagram. This always hap­pens, whether you have an Ins­tagram account or not. Moreover, it includes inform­a­tion on our web­site, your com­puter, your pur­chases, the advert­ise­ments you see and on how you use our offer. The date and time of your inter­ac­tion is also stored. If you have an Ins­tagram account or are logged in, Ins­tagram saves sig­ni­fic­antly more data on you.

Face­book dis­tin­guishes between cus­tomer data and event data. We assume this is also the case for Ins­tagram. Cus­tomer data are for example names, addresses, phone num­bers and IP addresses. These data are only trans­mit­ted to Ins­tagram, if they have been “hashed” first. Thereby, a set of data is trans­formed into a string of char­ac­ters, which encrypts any con­tact data. Moreover, the afore­men­tioned “event data“ (data on your user beha­viour) is trans­mit­ted as well. It is also pos­sible, that con­tact data may get com­bined with event data. The col­lec­ted data data is matched with any data Ins­tagram already has on you.

Fur­ther­more, the gathered data are trans­ferred to Face­book via little text files (cook­ies) which usu­ally get set in your browser. Depend­ing on the Ins­tagram func­tion used, and whether you have an Ins­tagram account your­self, the amount of data that gets stored varies.

We assume data pro­cessing on Ins­tagram works the same way as on Face­book. There­fore, if you have an account on Ins­tagram or have vis­ited www.instagram.com, Ins­tagram has set at least one cookie. If this is the case, your browser uses the cookie to send inform­a­tion to Ins­tagram, as soon as you come across an Ins­tagram func­tion. No later than 90 days (after match­ing) the data is deleted or anonymised. Even though we have stud­ied Instagram’s data pro­cessing in-depth, we can­not tell for sure what exact data Ins­tagram col­lects and retains.

In the fol­low­ing we will show you a list of the least cook­ies placed in your browser when click on an Ins­tagram func­tion (e.g. but­ton or an Insta pic­ture). In our test we assume you do not have an Ins­tagram account, since if you would be logged in to your Ins­tagram account, your browser would place sig­ni­fic­antly more cookies.

The fol­low­ing cook­ies were used in our test:

Name: csrf­token
Value: “”
Pur­pose: This cookie is most likely set for secur­ity reas­ons to pre­vent falsi­fic­a­tions of requests. We could not find out more inform­a­tion on it.
Expiry date: after one year

Name: mid
Value: “”
Pur­pose: Ins­tagram places this cookie to optim­ise its own offers and ser­vices in- and out­side of Ins­tagram. The cookie alloc­ates a unique user ID.
Expiry date: after end of session

Name: fbsr_311826578124024
Value: no inform­a­tion
Pur­pose: This cookie stores the login request of Ins­tagram app users.

Expiry date: after end of session

Name: rur
Value: ATN
Pur­pose: This is an Ins­tagram cookie which guar­an­tees func­tion­al­ity on Ins­tagram.
Expiry date: after end of session

Name: url­gen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe311826578”
Pur­pose: This cookie serves Instagram’s mar­ket­ing pur­poses.
Expiry date: after end of session

Note: We do not claim this list to be exhaust­ive. The cook­ies that are placed in each indi­vidual case, depend on the func­tions embed­ded as well as on your use of Instagram.

How long and where are these data stored?

Ins­tagram shares the inform­a­tion obtained within the Face­book busi­nesses with external part­ners and per­sons you are glob­ally con­nec­ted with. Data pro­cessing is done accord­ing to Facebook’s internal data policy. Your data is dis­trib­uted to Facebook’s serv­ers across the world, par­tially for secur­ity reas­ons. Most of these serv­ers are in the USA.

How can I erase my data or pre­vent data retention?

Thanks to the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), you have the right of inform­a­tion, rec­ti­fic­a­tion, trans­fer and dele­tion of your data. Fur­ther­more, you can man­age your data in Instagram’s set­tings. If you want to delete your data on Ins­tagram com­pletely, you will have to delete your Ins­tagram account permanently.

And this is how an Ins­tagram account can be deleted:

First, open the Ins­tagram app. Then, nav­ig­ate to your pro­file page, select the three bars in the top right, choose “Set­tings” and then click “Help”. Now, you will be redir­ec­ted to the company’s web­site, where you must click on “Man­aging Your Account” and then “Delete Your Account”.

When you delete your account com­pletely, Ins­tagram deletes posts such as your pho­tos and status updates. Any inform­a­tion other people shared about you are not a part of your account and do there­fore not get deleted.

As men­tioned before, Ins­tagram primar­ily stores your data via cook­ies. You can man­age, deac­tiv­ate or delete these cook­ies in your browser. Depend­ing on your browser, man­aging them var­ies a bit. We will show you the instruc­tions of the most rel­ev­ant browsers here.

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

Gen­er­ally, you can set your browser to notify you whenever a cookie is about to be set. Then you can indi­vidu­ally decide upon the per­mis­sion of every cookie.

Legal basis

If you have con­sen­ted to the pro­cessing and stor­age of your data by integ­rated social media ele­ments, this con­sent is the legal basis for data pro­cessing (Art. 6 para. 1 lit. a GDPR) . Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 para. 1 lit. f GDPR) to main­tain fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. We only use the integ­rated social media ele­ments if you have given your con­sent. Most social media plat­forms also place cook­ies in your browser to store data. We there­fore recom­mend you to read our pri­vacy policy about cook­ies care­fully and to take a look at the pri­vacy policy or the cookie policy of the respect­ive ser­vice provider.

Ins­tagram and Face­book also pro­cess data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fer to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

As a basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fers there, Face­book uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Face­book to com­ply with the EU’s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have tried to give you the most import­ant inform­a­tion about data pro­cessing by Ins­tagram. On https://help.instagram.com/519522125107875

you can take a closer look at Instagram’s data guidelines.

LinkedIn Pri­vacy Policy

LinkedIn Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: optim­isa­tion of our ser­vice
📓 Pro­cessed data: includes data on user beha­viour, inform­a­tion about your device and IP address.
More details can be found in the pri­vacy policy below.
📅 Stor­age period: the data is gen­er­ally deleted within 30 days
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is LinkedIn?

On our web­site we use social plu­gins from the social media net­work LinkedIn, of the LinkedIn Cor­por­a­tion, 2029 Sti­er­lin Court, Moun­tain View, CA 94043, USA. Social plu­gins can be feeds, con­tent shar­ing or a link to our LinkedIn page. Social plu­gins are clearly marked with the well-known LinkedIn logo and for example allow shar­ing inter­est­ing con­tent dir­ectly via our web­site. Moreover, LinkedIn Ire­land Unlim­ited Com­pany Wilton Place in Dub­lin is respons­ible for data pro­cessing in the European Eco­nomic Area and Switzerland.

By embed­ding these plu­gins, data can be sent to, as well as stored and pro­cessed by LinkedIn. In this pri­vacy policy we want to inform you what data this is, how the net­work uses this data and how you can man­age or pre­vent data retention.

LinkedIn is the largest social net­work for busi­ness con­tacts. In con­trast to e.g. Face­book, LinkedIn focuses exclus­ively on estab­lish­ing busi­ness con­nec­tions. There­fore, com­pan­ies can present ser­vices and products on the plat­form and estab­lish busi­ness rela­tion­ships. Many people also use LinkedIn to find a job or to find suit­able employ­ees for their own com­pany. In Ger­many alone, the net­work has over 11 mil­lion mem­bers. In Aus­tria there are about 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. You just can­not keep up with fol­low­ing every single social media chan­nel. Even if it would really be worth it, as it is with our chan­nels, since we keep post­ing inter­est­ing news and art­icles worth spread­ing. There­fore, on our web­site we have cre­ated the oppor­tun­ity to share inter­est­ing con­tent dir­ectly on LinkedIn, or to refer dir­ectly to our LinkedIn page. We con­sider built-in social plu­gins as an exten­ded ser­vice on our web­site. The data LinkedIn col­lects also help us to dis­play poten­tial advert­ising meas­ures only to people who are inter­ested in our offer.

What data are stored by LinkedIn?

LinkedIn stores no per­sonal data due to the mere integ­ra­tion of social plu­gins. LinkedIn calls the data gen­er­ated by plu­gins pass­ive impres­sions. How­ever, if you click on a social plu­gin to e.g. share our con­tent, the plat­form stores per­sonal data as so-called “act­ive impres­sions”. This hap­pens regard­less of whether you have a LinkedIn account or not. If you are logged in, the col­lec­ted data will be assigned to your account.

When you inter­act with our plu­gins, your browser estab­lishes a dir­ect con­nec­tion to LinkedIn’s serv­ers. Through that, the com­pany logs vari­ous usage data. These may include your IP address, login data, device inform­a­tion or inform­a­tion about your inter­net or cel­lu­lar pro­vider. If you use LinkedIn ser­vices via your smart­phone, your loc­a­tion may also be iden­ti­fied (after you have given per­mis­sion). Moreover, LinkedIn can share these data with third-party advert­isers in “hashed” form. Hash­ing means that a data set is trans­formed into a char­ac­ter string. This allows data to be encryp­ted, which pre­vents per­sons from get­ting identified.

Most data on of your user beha­viour is stored in cook­ies. These are small text files that usu­ally get placed in your browser. Fur­ther­more, LinkedIn can also use web beacons, pixel tags, dis­play tags and other device recognitions.

Vari­ous tests also show which cook­ies are set when a user inter­acts with a social plug-in. We do not claim for the inform­a­tion we found to be exhaust­ive, as it only serves as an example. The fol­low­ing cook­ies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16311826578-
Pur­pose: This cookie is a so-called “browser ID cookie” and stores your iden­ti­fic­a­tion num­ber (ID).
Expiry date: after 2 years

Name: lang
Value: v=2&lang=en-gb
Pur­pose:This cookie saves your default or pre­ferred lan­guage.
Expiry date: after end of session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G311826578…
Pur­pose:This cookie is used for rout­ing. Rout­ing records how you found your way to LinkedIn and how you nav­ig­ate through the web­site.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Pur­pose:No fur­ther inform­a­tion could be found about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:3118265782900777718326218137
Pur­pose: This is a ses­sion cookie that LinkedIn uses to main­tain anonym­ous user ses­sions through the server.
Expiry date: after end of session

Name: bscookie
Value: “v=1&201910230812…
Pur­pose: This cookie is a secur­ity cookie. LinkedIn describes it as a secure browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Pur­pose: We could not find any fur­ther inform­a­tion about this cookie.
Expiry date: after 7 days

Note: LinkedIn also works with third parties. That is why we iden­ti­fied the Google Ana­lyt­ics cook­ies _ga and _gat in our test.

How long and where are the data stored?

In gen­eral, LinkedIn retains your per­sonal data for as long as the com­pany con­siders it neces­sary for provid­ing its ser­vices. How­ever, LinkedIn deletes your per­sonal data when you delete your account. In some excep­tional cases, LinkedIn keeps some sum­mar­ised and anonymised data, even account dele­tions. As soon as you delete your account, it may take up to a day until other people can no longer see your data. LinkedIn gen­er­ally deletes the data within 30 days. How­ever, LinkedIn retains data if it is neces­sary for legal reas­ons. Also, data that can no longer be assigned to any per­son remains stored even after the account is closed. The data are stored on vari­ous serv­ers in Amer­ica and pre­sum­ably also in Europe.

How can I delete my data or pre­vent data retention?

You have the right to access and delete your per­sonal data at any time. In your LinkedIn account you can man­age, change and delete your data. Moreover, you can request a copy of your per­sonal data from LinkedIn.

How to access account data in your LinkedIn profile:

In LinkedIn, click on your pro­file icon and select the “Set­tings & Pri­vacy” sec­tion. Now click on “Pri­vacy” and then on the sec­tion “How LinkedIn uses your data on”. Then, click “Change” in the row with “Man­age your data and activ­ity”. There you can instantly view selec­ted data on your web activ­ity and your account history.

In your browser you also have the option of pre­vent­ing data pro­cessing by LinkedIn. As men­tioned above, LinkedIn stores most data via cook­ies that are placed in your browser. You can man­age, deac­tiv­ate or delete these cook­ies. Depend­ing on which browser you have, these set­tings work a little dif­fer­ent. You can find the instruc­tions for the most com­mon browsers here:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

You can gen­er­ally set your browser to always notify you when a cookie is about to be set. Then you can always decide indi­vidu­ally whether you want to allow the cookie or not.

Legal basis

If you have con­sen­ted to the pro­cessing and stor­age of your data by integ­rated social media ele­ments, your con­sent is the legal basis for data pro­cessing (Art. 6 para. 1 lit. a GDPR). Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 para. 1 lit. f GDPR) to main­tain fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. We only use the integ­rated social media ele­ments if you have given your con­sent. Most social media plat­forms also place cook­ies in your browser to store data. We there­fore recom­mend you to read our pri­vacy policy about cook­ies care­fully and take a look at the pri­vacy policy or the cookie policy of the respect­ive ser­vice provider.

LinkedIn also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

LinkedIn uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as the basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way, and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graph 2 and 3 of the GDPR). These clauses oblige LinkedIn to com­ply with the EU’s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have tried to provide you with the most import­ant inform­a­tion about data pro­cessing by LinkedIn. On https://www.linkedin.com/legal/privacy-policy you can find out more on data pro­cessing by the social media net­work LinkedIn.

Pin­terest Pri­vacy Policy

Pin­terest Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice optim­isa­tion
📓 Pro­cessed data: data such as data on user beha­viour, device inform­a­tion, IP address and search terms.
You can find more details in the Pri­vacy Policy below.
📅 Stor­age period: until Pin­terest no longer needs the data for its pur­poses
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Pinterest?

On our web­site we use but­tons and wid­gets by the social media net­work Pin­terest, of the com­pany Pin­terest Inc., 808 Bran­nan Street, San Fran­cisco, CA 94103, USA. For the European area, the entity respons­ible for all aspects of pri­vacy is the Irish com­pany Pin­terest Europe Ltd. (Palmer­ston House, 2nd Floor, Fenian Street, Dub­lin 2, Ireland).

Pin­terest is a social net­work that spe­cial­ises in graphic rep­res­ent­a­tions and pho­to­graphs. Its name is made up of the two words “pin” and “interest”. Users can exchange ideas about vari­ous hob­bies and interests via Pin­terest and view pro­files with pic­tures openly or in defined groups.

Why do we use Pinterest?

The social media plat­form Pin­terest has been around for a few years now and is still one of the most vis­ited and val­ued plat­forms. Pin­terest is par­tic­u­larly suit­able for our industry because the plat­form is primar­ily known for beau­ti­ful and inter­est­ing images. That is why we are of course also rep­res­en­ted on Pin­terest and want to put our con­tent in the lime­light in places other than our web­site. The col­lec­ted data may also be used for advert­ising pur­poses, so we can show advert­ising mes­sages to pre­cisely those people who are inter­ested in our ser­vices or products.

Which data are pro­cessed by Pinterest?

Pin­terest may store so-called log data. This includes inform­a­tion about your browser, IP address, our web­site address and the your activ­it­ies on it (e.g. when you click the save or pin but­ton), along with your search his­tory, the date and time of the request as well as cookie and device data. If you inter­act with an embed­ded Pin­terest func­tion, cook­ies that store vari­ous data may also be set in your browser. Most of the above-men­tioned log data, as well as pre­set lan­guage set­tings and click­stream data are stored in cook­ies. Pin­terest con­siders click­stream data as inform­a­tion about your web­site behaviour.

If you have a Pin­terest account your­self and are logged in, the data col­lec­ted via our site may be linked to your account and used for advert­ising pur­poses. If you inter­act with our integ­rated Pin­terest func­tions, you will usu­ally be redir­ec­ted to the Pin­terest page. Below you will see an exem­plary selec­tion of cook­ies that can then be placed in your browser.

Name: _auth
Value: 0
Pur­pose: The cookie is used for authen­tic­a­tion. A value such as your “user­name” can be stored in it, for example.

Expiry date: after one year

Name: _pinterest_referrer
Value: 1
Pur­pose: This cookie stores the inform­a­tion that you came to Pin­terest via our web­site. Thus, the URL of our web­site is retained.
Expiry date: after the ses­sion ends

Name: _pinterest_sess
Value: … 9HRHZvVE0rQlUxdG89
Pur­pose: This cookie is used to log into Pin­terest and it con­tains user IDs, authen­tic­a­tion tokens and time stamps.

Expiry date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77e­fae9d4065 311826578 -8”
Pur­pose: This cookie con­tains an assigned value that is used to identify a spe­cific rout­ing destination.

Expiry date: after one day

Name: cm_sub
Value: denied
Pur­pose: This cookie stores user IDs and time stamps.

Expiry date: after one year

Name: csrf­token
Value: 9e49145c82a93d34fd933b0fd8446165 311826578-1
Pur­pose: This cookie is most cer­tainly placed for secur­ity reas­ons in order to pre­vent fals­i­fied inquir­ies. How­ever, we could not find more pre­cise information.

Expiry date: after one year

Name: ses­sion­Funne­lEvent­Logged
Value: 1
Pur­pose: We have not yet been able to find out more inform­a­tion about this cookie.

Expiry date: after one day

How long and where are the data retained?

Pin­terest basic­ally stores the col­lec­ted data until it is no longer needed for the company’s pur­poses. As soon as the stor­age of this data is no longer neces­sary, e.g. for the com­pli­ance with legal reg­u­la­tions, the data is either erased or anonymised so you can no longer be iden­ti­fied as a per­son. The data may also be stored on Amer­ican servers.

Right to object

You also have the right and the option to revoke your con­sent to the use of cook­ies or third-party pro­viders such as Pin­terest at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can for example also pre­vent data reten­tion by cook­ies by man­aging, deac­tiv­at­ing or eras­ing cook­ies in your browser.

Since cook­ies can be used with embed­ded Pin­terest ele­ments, we also recom­mend you to read our gen­eral pri­vacy policy on cook­ies. To find out which of your data are stored and pro­cessed, you should read the pri­vacy policies of the respect­ive tools.

Legal basis

If you have con­sen­ted to the pro­cessing and stor­age of you data by integ­rated social media ele­ments, this con­sent is the legal basis for data pro­cessing (Art. 6 para. 1 lit. a GDPR). Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 para. 1 lit. f GDPR) in main­tain­ing fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. Nev­er­the­less, we only use the tool if you have given your con­sent to it. Most social media plat­forms also place cook­ies in your browser to store data. We there­fore recom­mend you to read our pri­vacy policy on cook­ies care­fully and to take a look at the pri­vacy policy or the cookie policy of the respect­ive ser­vice provider.

Pin­terest also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Pin­terest uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Pin­terest to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We hope we could provide you with the most import­ant inform­a­tion about data pro­cessing by Pin­terest. You can find out more about Pinterest’s pri­vacy guidelines at https://policy.pinterest.com/en-gb/privacy-policy.

Audio & Video

Audio & Video Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice optim­isa­tion
📓 Pro­cessed data: Data such as con­tact details, user beha­viour, device inform­a­tion and IP addresses can be stored.
You can find more details in the Pri­vacy Policy below.
📅 Stor­age period: data are retained for as long as neces­sary for the pro­vi­sion of the ser­vice
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What are audio and video elements?

We have integ­rated audio and video ele­ments to our web­site. There­fore, you can watch videos or listen to music/podcasts dir­ectly via our web­site. This con­tent is delivered by ser­vice pro­viders and is obtained from the respect­ive pro­viders’ servers.

Audio and video ele­ments are integ­rated func­tional ele­ments of plat­forms such as You­Tube, Vimeo or Spo­tify. It is usu­ally free of charge to use these portals, but they can also con­tain paid con­tent. With the integ­rated ele­ments, you can listen to or view any of their con­tent on our website.

If you use audio or video ele­ments on our web­site, your per­sonal data may get trans­mit­ted to as well as pro­cessed and retained by ser­vice providers.

Why do we use audio & video ele­ments on our website?

We of course want to provide you with the best offer on our web­site. And we are aware that con­tent is no longer just con­veyed in text and static images. Instead of just giv­ing you a link to a video, we offer you audio and video formats dir­ectly on our web­site. These are enter­tain­ing or inform­at­ive, but ideally they are both. Our ser­vice there­fore gets expan­ded and it gets easier for you to access inter­est­ing con­tent. In addi­tion to our texts and images, we thus also offer video and/or audio content.

Which data are retained by audio & video elements?

When you visit a page on our web­site with e.g. an embed­ded video, your server con­nects to the ser­vice provider’s server. Thus, your data will also be trans­ferred to the third-party pro­vider, where it will be stored. Cer­tain data is col­lec­ted and stored regard­less of whether you have an account with the third party pro­vider or not. This usu­ally includes your IP address, browser type, oper­at­ing sys­tem and other gen­eral inform­a­tion about your device. Most pro­viders also col­lect inform­a­tion on your web activ­ity. This e.g. includes the ses­sion dur­a­tion, bounce rate, the but­tons you clicked or inform­a­tion about the web­site you are using the ser­vice on. This data is mostly stored via cook­ies or pixel tags (also known as web beacons). Any data that is pseud­onymised usu­ally gets stored in your browser via cook­ies. In the respect­ive provider’s Pri­vacy Policy, you can always find more inform­a­tion on the data that is stored and processed.

Dur­a­tion of data processing

You can find out exactly how long the data is stored on the third-party provider’s serv­ers either in a lower point of the respect­ive tool’s Pri­vacy Policy or in the provider’s Pri­vacy Policy. Gen­er­ally, per­sonal data is only pro­cessed for as long as is abso­lutely neces­sary for the pro­vi­sion of our ser­vices or products. This usu­ally also applies to third-party pro­viders. In most cases, you can assume that cer­tain data will be stored on third-party pro­viders’ serv­ers for sev­eral years. Data can be retained for dif­fer­ent amounts of time, espe­cially when stored in cook­ies. Some cook­ies are deleted after you leave a web­site, while oth­ers may be stored in your browser for a few years.

Right to object

You also retain the right and the option to revoke your con­sent to the use of cook­ies or third-party pro­viders at any time. This can be done either via our cookie man­age­ment tool or via other opt-out func­tions. You can e.g. also pre­vent data reten­tion via cook­ies by man­aging, deac­tiv­at­ing or eras­ing cook­ies in your browser. The leg­al­ity of the pro­cessing up to the point of revoc­a­tion remains unaffected.

Since the integ­rated audio and video func­tions on our site usu­ally also use cook­ies, we recom­mend you to also read our gen­eral Pri­vacy Policy on cook­ies. You can find out more about the hand­ling and stor­age of your data in the Pri­vacy Policies of the respect­ive third party providers.

Legal basis 

If you have con­sen­ted to the pro­cessing and stor­age of your data by integ­rated audio and video ele­ments, your con­sent is con­sidered the legal basis for data pro­cessing (Art. 6 Para. 1 lit. a GDPR). Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 Para. 1 lit. f GDPR) in main­tain­ing fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. We only use the integ­rated audio and video ele­ments if you have con­sen­ted to it.

Spo­tify Pri­vacy Policy

On our web­site we use Spo­tify, which is a tool for music and pod­casts. The pro­vider of this ser­vice is the Swedish com­pany Spo­tify AB, Reger­ings­gatan 19, SE-111 53 Stock­holm, Sweden. You can find out more about the data that is pro­cessed by Spo­tify in their Pri­vacy Policy at https://www.spotify.com/uk/legal/privacy-policy/.

You­Tube Pri­vacy Policy

You­Tube Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: optim­ising our ser­vice
📓 Pro­cessed data: Data such as con­tact details, data on user beha­viour, inform­a­tion about your device and IP address may be stored.
You can find more details on this in the pri­vacy policy below.
📅 Stor­age period: data are gen­er­ally stored for as long as is neces­sary for the pur­pose of the ser­vice
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is YouTube?

We have integ­rated You­Tube videos to our web­site. There­fore, we can show you inter­est­ing videos dir­ectly on our site. You­Tube is a video portal, which has been a sub­si­di­ary com­pany of Google LLC since 2006. The video portal is oper­ated by You­Tube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our web­site that con­tains an embed­ded You­Tube video, your browser auto­mat­ic­ally con­nects to the serv­ers of You­Tube or Google. Thereby, cer­tain data are trans­ferred (depend­ing on the set­tings). Google is respons­ible for YouTube’s data pro­cessing and there­fore Google’s data pro­tec­tion applies.

In the fol­low­ing we will explain in more detail which data is pro­cessed, why we have integ­rated You­Tube videos and how you can man­age or clear your data.

On You­Tube, users can watch, rate, com­ment or upload videos for free. Over the past few years, You­Tube has become one of the most import­ant social media chan­nels world­wide. For us to be able to dis­play videos on our web­site, You­Tube provides a code snip­pet that we have integ­rated to our website.

Why do we use You­Tube videos on our website?

You­Tube is the video plat­form with the most vis­it­ors and best con­tent. We strive to offer you the best pos­sible user exper­i­ence on our web­site, which of course includes inter­est­ing videos. With the help of our embed­ded videos, we can provide you other help­ful con­tent in addi­tion to our texts and images. Addi­tion­ally, embed­ded videos make it easier for our web­site to be found on the Google search engine. Moreover, if we place ads via Google Ads, Google only shows these ads to people who are inter­ested in our offers, thanks to the col­lec­ted data.

What data is stored by YouTube?

As soon as you visit one of our pages with an integ­rated You­Tube, You­Tube places at least one cookie that stores your IP address and our URL. If you are logged into your You­Tube account, by using cook­ies You­Tube can usu­ally asso­ci­ate your inter­ac­tions on our web­site with your pro­file. This includes data such as ses­sion dur­a­tion, bounce rate, approx­im­ate loc­a­tion, tech­nical inform­a­tion such as browser type, screen res­ol­u­tion or your Inter­net pro­vider. Addi­tional data can include con­tact details, poten­tial rat­ings, shared con­tent via social media or You­Tube videos you added to your favourites.

If you are not logged in to a Google or You­Tube account, Google stores data with a unique iden­ti­fier linked to your device, browser or app. Thereby, e.g. your pre­ferred lan­guage set­ting is main­tained. How­ever, many inter­ac­tion data can­not be saved since less cook­ies are set.

In the fol­low­ing list we show you cook­ies that were placed in the browser dur­ing a test. On the one hand, we show cook­ies that were set without being logged into a You­Tube account. On the other hand, we show you what cook­ies were placed while being logged in. We do not claim for this list to be exhaust­ive, as user data always depend on how you inter­act with YouTube.

Name: YSC
Value: b9-CV6ojI5Y311826578-1
Pur­pose: This cookie registers a unique ID to store stat­ist­ics of the video that was viewed.
Expiry date: after end of session

Name: PREF
Value: f1=50000000
Pur­pose: This cookie also registers your unique ID. Google receives stat­ist­ics via PREF on how you use You­Tube videos on our web­site.
Expiry date: after 8 months

Name: GPS
Value: 1
Pur­pose: This cookie registers your unique ID on mobile devices to track GPS loc­a­tions.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Pur­pose: This cookie tries to estim­ate the user’s inter­net band­with on our sites (that have built-in You­Tube videos).
Expiry date: after 8 months

Fur­ther cook­ies that are placed when you are logged into your You­Tube account:

Name: APISID
Value: zILlvClZ­SkqGsS­wI/AU1aZI6HY7311826578-
Pur­pose: This cookie is used to cre­ate a pro­file on your interests. This data is then used for per­son­al­ised advert­ise­ments.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Pur­pose: The cookie stores the status of a user’s con­sent to the use of vari­ous Google ser­vices. CONSENT also provides safety meas­ures to pro­tect users from unau­thor­ised attacks.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Pur­pose: This cookie is used to cre­ate a pro­file on your interests. This data helps to dis­play cus­tom­ised ads.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Pur­pose: This cookie stores inform­a­tion on your login data.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZs­JuuF5/A­nUd­DUIs­J9iJz2vdM
Pur­pose: This cookie iden­ti­fies your browser and device. It is used to cre­ate a pro­file on your interests.
Expiry date: after 2 years

Name: SID
Value: oQfNK­jAsI311826578-
Pur­pose: This cookie stores your Google Account ID and your last login time, in a digit­ally signed and encryp­ted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2­JOcDTyL
Pur­pose: This cookie stores inform­a­tion on how you use the web­site and on what advert­ise­ments you may have seen before vis­it­ing our web­site.
Expiry date: after 3 months

How long and where is the data stored?

The data You­Tube receive and pro­cess on you are stored on Google’s serv­ers. Most of these serv­ers are in Amer­ica. At https://www.google.com/about/datacenters/inside/locations/?hl=en you can see where Google’s data centres are loc­ated. Your data is dis­trib­uted across the serv­ers. There­fore, the data can be retrieved quicker and is bet­ter pro­tec­ted against manipulation.

Google stores col­lec­ted data for dif­fer­ent peri­ods of time. You can delete some data any­time, while other data are auto­mat­ic­ally deleted after a cer­tain time, and still other data are stored by Google for a long time. Some data (such as ele­ments on “My activ­ity”, pho­tos, doc­u­ments or products) that are saved in your Google account are stored until you delete them. Moreover, you can delete some data asso­ci­ated with your device, browser, or app, even if you are not signed into a Google Account.

How can I erase my data or pre­vent data retention?

Gen­er­ally, you can delete data manu­ally in your Google account. Fur­ther­more, in 2019 an auto­matic dele­tion of loc­a­tion and activ­ity data was intro­duced. Depend­ing on what you decide on, it deletes stored inform­a­tion either after 3 or 18 months.

Regard­less of whether you have a Google account or not, you can set your browser to delete or deac­tiv­ate cook­ies placed by Google. These set­tings vary depend­ing on the browser you use. The fol­low­ing instruc­tions will show how to man­age cook­ies in your browser:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

If you gen­er­ally do not want to allow any cook­ies, you can set your browser to always notify you when a cookie is about to be set. This will enable you to decide to either allow or per­mit each indi­vidual cookie.

Legal basis

If you have con­sen­ted pro­cessing and stor­age of your data by integ­rated You­Tube ele­ments, this con­sent is the legal basis for data pro­cessing (Art. 6 para. 1 lit. a GDPR). Gen­er­ally, your data is also stored and pro­cessed on the basis of our legit­im­ate interest (Art. 6 para. 1 lit. f GDPR) to main­tain fast and good com­mu­nic­a­tion with you or other cus­tom­ers and busi­ness part­ners. Nev­er­the­less, we only use integ­rated You­Tube ele­ments if you have given your con­sent. You­Tube also sets cook­ies in your browser to store data. We there­fore recom­mend you to read our pri­vacy policy on cook­ies care­fully and to take a look at the pri­vacy policy or the cookie policy of the respect­ive ser­vice provider.

You­Tube also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of the data processing.

You­Tube uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion (= Art. 46, para­graphs 2 and 3 of the GDPR) as basis for data pro­cessing by recip­i­ents based in third coun­tries (which are out­side the European Union, Ice­land, Liecht­en­stein and Nor­way) or for data trans­fer there. These clauses oblige You­Tube to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

Since You­Tube is a sub­si­di­ary com­pany of Google, Google’s pri­vacy state­ment applies to both. If you want to learn more about how your data is handled, we recom­mend the pri­vacy policy at https://policies.google.com/privacy?hl=en.

You­Tube Sub­scribe But­ton Pri­vacy Policy

We have integ­rated the You­Tube sub­scribe but­ton to our web­site, which you can recog­nise by the clas­sic You­Tube logo. The logo shows the words “Sub­scribe” or “You­Tube” in white let­ters against a red back­ground, with a white “Play” sym­bol on the left. The but­ton may also be dis­played in a dif­fer­ent design.

Our You­Tube chan­nel con­sist­ently offers you funny, inter­est­ing or excit­ing videos. With the built-in “Sub­scribe” but­ton you can sub­scribe to our chan­nel dir­ectly via our web­site and do not need to go to YouTube’s web­site for it. With this fea­ture, we want to make it as easy as pos­sible for you to access our com­pre­hens­ive con­tent. Please note that You­Tube may save and pro­cess your data.

If you see a built-in sub­scrip­tion but­ton on our page, You­Tube sets at least one cookie, accord­ing to Google. This cookie stores your IP address and our URL. It also allows You­Tube to receive inform­a­tion about your browser, your approx­im­ate loc­a­tion and your default lan­guage. In our test the fol­low­ing four cook­ies were placed, without us being logged into YouTube:

Name: YSC
Value: b9-CV6ojI5311826578Y
Pur­pose: This cookie registers a unique ID, which stores stat­ist­ics of the viewed video.
Expiry date: after end of session

Name: PREF
Value: f1=50000000
Pur­pose:This cookie also registers your unique ID. Google uses PREF to get stat­ist­ics on how you inter­act with You­Tube videos on our web­site.
Expiry date: after 8 months

Name: GPS
Value: 1
Pur­pose:This cookie registers your unique ID on mobile devices to track your GPS loc­a­tion.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 31182657895Chz8bagyU
Pur­pose: This cookie tries to estim­ate the user’s inter­net band­with on our web­site (that con­tain built-in You­Tube video).
Expiry date: after 8 months

Note: These cook­ies were set after a test, thus we do not claim for the list to be exhaustive.

If you are logged into your You­Tube account, You­Tube may store many of the actions and inter­ac­tions you make on our web­site via cook­ies, to then assign them to your You­Tube account. This gives You­Tube inform­a­tion on e.g. how long you have been brows­ing our web­site, which browser type you use, which screen res­ol­u­tion you prefer or what actions you take.

On the one hand, You­Tube uses this data to improve its own ser­vices and offers, and on the other hand to provide ana­lyses and stat­ist­ics for advert­isers (who use Google Ads).

Google Fonts Pri­vacy Policy

Google Fonts Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice optim­isa­tion
📓 Pro­cessed data: data such as IP address, CSS and font requests
You can find more details on this in the Pri­vacy Policy below.
📅 Stor­age period: Google stores font files for one year
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What are Google Fonts?

On our web­site we use Google Fonts, by the com­pany Google Inc. (1600 Amphi­theatre Park­way Moun­tain View, CA 94043, USA).

To use Google Fonts, you must log in and set up a pass­word. Fur­ther­more, no cook­ies will be saved in your browser. The data (CSS, Fonts) will be reques­ted via the Google domains fonts.googleapis.com and fonts.gstatic.com. Accord­ing to Google, all requests for CSS and fonts are fully sep­ar­ated from any other Google ser­vices. If you have a Google account, you do not need to worry that your Google account details are trans­mit­ted to Google while you use Google Fonts. Google records the use of CSS (Cas­cad­ing Style Sheets) as well as the util­ised fonts and stores these data securely. We will have a detailed look at how exactly the data stor­age works.

Google Fonts (pre­vi­ously Google Web Fonts) is a dir­ect­ory with over 800 fonts that Google provides its users free of charge.

Many of these fonts have been pub­lished under the SIL Open Font License license, while oth­ers have been pub­lished under the Apache license. Both are free soft­ware licenses.

Why do we use Google Fonts on our website?

With Google Fonts we can use dif­fer­ent fonts on our web­site and do not have to upload them to our own server. Google Fonts is an import­ant ele­ment which helps to keep the qual­ity of our web­site high. All Google fonts are auto­mat­ic­ally optim­ised for the web, which saves data volume and is an advant­age espe­cially for the use of mobile ter­minal devices. When you use our web­site, the low data size provides fast load­ing times. Moreover, Google Fonts are secure Web Fonts. Vari­ous image syn­thesis sys­tems (ren­der­ing) can lead to errors in dif­fer­ent browsers, oper­at­ing sys­tems and mobile ter­minal devices. These errors could optic­ally dis­tort parts of texts or entire web­sites. Due to the fast Con­tent Deliv­ery Net­work (CDN) there are no cross-plat­form issues with Google Fonts. All com­mon browsers (Google Chrome, Moz­illa Fire­fox, Apple Safari, Opera) are sup­por­ted by Google Fonts, and it reli­ably oper­ates on most mod­ern mobile oper­at­ing sys­tems, includ­ing Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for present­ing our entire online ser­vice as pleas­antly and as uni­formly as possible.

Which data is stored by Google?

Whenever you visit our web­site, the fonts are reloaded by a Google server. Through this external cue, data gets trans­ferred to Google’s serv­ers. There­fore, this makes Google recog­nise that you (or your IP-address) is vis­it­ing our web­site. The Google Fonts API was developed to reduce the usage, stor­age and gath­er­ing of end user data to the min­imum needed for the proper depic­tion of fonts. What is more, API stands for „Applic­a­tion Pro­gram­ming Inter­face“ and works as a soft­ware data intermediary.

Google Fonts stores CSS and font requests safely with Google, and there­fore it is pro­tec­ted. Using its col­lec­ted usage fig­ures, Google can determ­ine how pop­u­lar the indi­vidual fonts are. Google pub­lishes the res­ults on internal ana­lysis pages, such as Google Ana­lyt­ics. Moreover, Google also util­ises data of ist own web crawler, in order to determ­ine which web­sites are using Google fonts. This data is pub­lished in Google Fonts’ BigQuery data­base. Enter­pren­eurs and developers use Google’s web­ser­vice BigQuery to be able to inspect and move big volumes of data.

One more thing that should be con­sidered, is that every request for Google Fonts auto­mat­ic­ally trans­mits inform­a­tion such as lan­guage pref­er­ences, IP address, browser ver­sion, as well as the browser’s screen res­ol­u­tion and name to Google’s serv­ers. It can­not be clearly iden­ti­fied if this data is saved, as Google has not dir­ectly declared it.

How long and where is the data stored?

Google saves requests for CSS assets for one day in a tag on their serv­ers, which are primar­ily loc­ated out­side of the EU. This makes it pos­sible for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a web­site can get changed swiftly and easily.

Any font related data is stored with Google for one year. This is because Google’s aim is to fun­da­ment­ally boost web­sites’ load­ing times. With mil­lions of web­sites refer­ring to the same fonts, they are buf­fered after the first visit and instantly reappear on any other web­sites that are vis­ited there­after. Some­times Google updates font files to either reduce the data sizes, increase the lan­guage cov­er­age or to improve the design.

How can I erase my data or pre­vent it being stored?

The data Google stores for either a day or a year can­not be deleted eas­ily. Upon open­ing the page this data is auto­mat­ic­ally trans­mit­ted to Google. In order to clear the data ahead of time, you have to con­tact Google’s sup­port at https://support.google.com/?hl=en-GB&tid=311826578. The only way for you to pre­vent the reten­tion of your data is by not vis­it­ing our website.

Unlike other web fonts, Google offers us unres­tric­ted access to all its fonts. Thus, we have a vast sea of font types at our dis­posal, which helps us to get the most out of our web­site. You can find out more answers and inform­a­tion on Google Fonts at https://developers.google.com/fonts/faq?tid=311826578. While Google does address rel­ev­ant ele­ments on data pro­tec­tion at this link, it does not con­tain any detailed inform­a­tion on data reten­tion.
It proofs rather dif­fi­cult to receive any pre­cise inform­a­tion on stored data by Google.

Legal basis

If you have con­sen­ted to the use of Google Fonts, your con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 Para­graph 1 lit. a GDPR (Con­sent) your con­sent is the legal basis for the pro­cessing of per­sonal data, as can occur when it is pro­cessed by Google Fonts.

We also have a legit­im­ate interest in using Google Font to optim­ise our online ser­vice. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). Nev­er­the­less, we only use Google Font if you have given your con­sent to it.

Google also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Google uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Google to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find more inform­a­tion on which data is gen­er­ally retained by Google and what this data is used at https://policies.google.com/privacy?hl=en-GB.

Google reCAPTCHA Pri­vacy Policy

Google reCAPTCHA Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: Ser­vice optim­isa­tion and pro­tec­tion against cyber attacks
📓 Pro­cessed data: data such as IP address, browser inform­a­tion, oper­at­ing sys­tem, lim­ited loc­a­tion and usage data
You can find more details on this in the Pri­vacy Policy below.
📅 Stor­age dur­a­tion: depend­ing on the retained data
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is reCAPTCHA?

Our primary goal is to provide you an exper­i­ence on our web­site that is as secure and pro­tec­ted as pos­sible. To do this, we use Google reCAPTCHA from Google Inc. (1600 Amphi­theater Park­way Moun­tain View, CA 94043, USA). With reCAPTCHA we can determ­ine whether you are a real per­son from flesh and bones, and not a robot or a spam soft­ware. By spam we mean any elec­tron­ic­ally undesir­able inform­a­tion we receive invol­un­tar­ily. Clas­sic CAPTCHAS usu­ally needed you to solve text or pic­ture puzzles to check. But thanks to Google’s reCAPTCHA you usu­ally do have to do such puzzles. Most of the times it is enough to simply tick a box and con­firm you are not a bot. With the new Invis­ible reCAPTCHA ver­sion you don’t even have to tick a box. In this pri­vacy policy you will find out how exactly this works, and what data is used for it.

reCAPTCHA is a free captcha ser­vice from Google that pro­tects web­sites from spam soft­ware and mis­use by non-human vis­it­ors. This ser­vice is used the most when you fill out forms on the Inter­net. A captcha ser­vice is a type of auto­matic Tur­ing-test that is designed to ensure spe­cific actions on the Inter­net are done by human beings and not bots. Dur­ing the clas­sic Tur­ing-test (named after com­puter sci­ent­ist Alan Tur­ing), a per­son dif­fer­en­ti­ates between bot and human. With Captchas, a com­puter or soft­ware pro­gram does the same. Clas­sic captchas func­tion with small tasks that are easy to solve for humans but provide con­sid­er­able dif­fi­culties to machines. With reCAPTCHA, you no longer must act­ively solve puzzles. The tool uses mod­ern risk tech­niques to dis­tin­guish people from bots. The only thing you must do there, is to tick the text field “I am not a robot”. How­ever, with Invis­ible reCAPTCHA even that is no longer neces­sary. reCAPTCHA, integ­rates a JavaS­cript ele­ment into the source text, after which the tool then runs in the back­ground and ana­lyses your user beha­viour. The soft­ware cal­cu­lates a so-called captcha score from your user actions. Google uses this score to cal­cu­late the like­li­hood of you being a human, before enter­ing the captcha. reCAPTCHA and Captchas in gen­eral are used every time bots could manip­u­late or mis­use cer­tain actions (such as regis­tra­tions, sur­veys, etc.).

Why do we use reCAPTCHA on our website?

We only want to wel­come people from flesh and bones on our side and want bots or spam soft­ware of all kinds to stay away. There­fore, we are doing everything we can to stay pro­tec­ted and to offer you the highest pos­sible user friend­li­ness. For this reason, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a “bot-free” web­site. Using reCAPTCHA, data is trans­mit­ted to Google to determ­ine whether you genu­inely are human. reCAPTCHA thus ensures our website’s and sub­sequently your secur­ity. Without reCAPTCHA it could e.g. hap­pen that a bot would register as many email addresses as pos­sible when regis­ter­ing, in order to sub­sequently “spam” for­ums or blogs with unwanted advert­ising con­tent. With reCAPTCHA we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA col­lects per­sonal user data to determ­ine whether the actions on our web­site are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA ser­vice, may be sent to Google. Within mem­ber states of the European Eco­nomic Area, IP addresses are almost always com­pressed before the data makes its way to a server in the USA. Moreover, your IP address will not be com­bined with any other of Google’s data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cook­ies from other Google ser­vices (You­Tube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an addi­tional cookie in your browser and takes a snap­shot of your browser window.

The fol­low­ing list of col­lec­ted browser and user data is not exhaust­ive. Rather, it provides examples of data, which to our know­ledge, is pro­cessed by Google.

  • Refer­rer URL (the address of the page the vis­itor has come from)
  • IP-address (z.B. 256.123.123.1)
  • Inform­a­tion on the oper­at­ing sys­tem (the soft­ware that enables the oper­a­tion of your com­puters. Pop­u­lar oper­at­ing sys­tems are Win­dows, Mac OS X or Linux)
  • Cook­ies (small text files that save data in your browser)
  • Mouse and key­board beha­viour (every action you take with your mouse or key­board is stored)
  • Date and lan­guage set­tings (the lan­guage and date you have set on your PC is saved)
  • All Javas­cript objects (JavaS­cript is a pro­gram­ming lan­guage that allows web­sites to adapt to the user. JavaS­cript objects can col­lect all kinds of data under one name)
  • Screen res­ol­u­tion (shows how many pixels the image dis­play con­sists of)

Google may use and ana­lyse this data even before you click on the “I am not a robot” check­mark. In the Invis­ible reCAPTCHA ver­sion, there is no need to even tick at all, as the entire recog­ni­tion pro­cess runs in the back­ground. Moreover, Google have not given details on what inform­a­tion and how much data they retain.

The fol­low­ing cook­ies are used by reCAPTCHA: With the fol­low­ing list we are refer­ring to Google’s reCAPTCHA demo ver­sion at https://www.google.com/recaptcha/api2/demo.
For track­ing pur­poses, all these cook­ies require a unique iden­ti­fier. Here is a list of cook­ies that Google reCAPTCHA has set in the demo version:

Name: IDE
Value: WqTUm­l­nm­v_qXy­i_DGN­PLESKnRNrp­gXoy1K-pAZtAkMbHI-311826578-8
Pur­pose: This cookie is set by Double­Click (which is owned by Google) to register and report a user’s inter­ac­tions with advert­ise­ments. With it, ad effect­ive­ness can be meas­ured, and appro­pri­ate optim­isa­tion meas­ures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Pur­pose: This cookie col­lects web­site usage stat­ist­ics and meas­ures con­ver­sions. A con­ver­sion e.g. takes place, when a user becomes a buyer. The cookie is also used to dis­play rel­ev­ant adverts to users. Fur­ther­more, the cookie can pre­vent a user from see­ing the same ad more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa3118265780xgZFmiqWppRWKOr
Pur­pose: We could not find out much about this cookie. In Google’s pri­vacy state­ment, the cookie is men­tioned in con­nec­tion with “advert­ising cook­ies” such as “DSID”, “FLC”, “AID” and “TAID”. ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Pur­pose: This cookie stores the status of a user’s con­sent to the use of vari­ous Google ser­vices. CONSENT also serves to pre­vent fraud­u­lent logins and to pro­tect user data from unau­thor­ised attacks.
Expiry date: after 19 years

Name: NID
Value: 0WmuWqy311826578zILzqV_nmt3sDXwPeM5Q
Pur­pose: Google uses NID to cus­tom­ise advert­ise­ments to your Google searches. With the help of cook­ies, Google “remem­bers” your most fre­quently entered search quer­ies or your pre­vi­ous ad inter­ac­tions. Thus, you always receive advert­ise­ments tailored to you. The cookie con­tains a unique ID to col­lect users’ per­sonal set­tings for advert­ising pur­poses.
Expiry date: after 6 months

Name: DV
Value: gEAAB­BCjJMX­cI0d­SAAAAN­bqc311826578-4
Pur­pose: This cookie is set when you tick the “I am not a robot” check­mark. Google Ana­lyt­ics uses the cookie per­son­al­ised advert­ising. DV col­lects anonym­ous inform­a­tion and is also used to dis­tinct between users.
Expiry date: after 10 minutes

Note: We do not claim for this list to be extens­ive, as Google often change the choice of their cookies.

How long and where are the data stored?

Due to the integ­ra­tion of reCAPTCHA, your data will be trans­ferred to the Google server. Google have not dis­closed where exactly this data is stored, des­pite repeated inquir­ies. But even without con­firm­a­tion from Google, it can be assumed that data such as mouse inter­ac­tion, length of stay on a web­site or lan­guage set­tings are stored on the European or Amer­ican Google serv­ers. The IP address that your browser trans­mits to Google does gen­er­ally not get merged with other Google data from the company’s other ser­vices.
How­ever, the data will be merged if you are logged in to your Google account while using the reCAPTCHA plug-in. Google’s diver­ging pri­vacy policy applies for this.

How can I erase my data or pre­vent data retention?

If you want to pre­vent any data about you and your beha­viour to be trans­mit­ted to Google, you must fully log out of Google and delete all Google cook­ies before vis­it­ing our web­site or use the reCAPTCHA soft­ware. Gen­er­ally, the data is auto­mat­ic­ally sent to Google as soon as you visit our web­site. To delete this data, you must con­tact Google Sup­port at https://support.google.com/?hl=en-GB&tid=311826578.

If you use our web­site, you agree that Google LLC and its rep­res­ent­at­ives auto­mat­ic­ally col­lect, edit and use data.

Please note that when using this tool, your data can also be stored and pro­cessed out­side the EU. Most third coun­tries (includ­ing the USA) are not con­sidered secure under cur­rent European data pro­tec­tion law. Data to insec­ure third coun­tries must not simply be trans­ferred to, stored and pro­cessed there unless there are suit­able guar­an­tees (such as EU’s Stand­ard Con­trac­tual Clauses) between us and the non-European ser­vice provider.

Legal basis

If you have con­sen­ted to the use of Google reCAPTCHA, your con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 Para­graph 1 lit. a GDPR (con­sent) your con­sent is the legal basis for the pro­cessing of per­sonal data, as can occur when pro­cessed by Google reCAPTCHA.

We also have a legit­im­ate interest in using Google reCAPTCHA to optim­ise our online ser­vice and make it more secure. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). Nev­er­the­less, we only use Google reCAPTCHA if you have given your con­sent to it.

Google also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Google uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Google to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find out a little more about reCAPTCHA on Google’s web developer page at https://developers.google.com/recaptcha/. Google goes into the tech­nical devel­op­ment of the reCAPTCHA in more detail here, but you will look in vain for detailed inform­a­tion about data stor­age and data pro­tec­tion issues. A good over­view of the basic use of data by Google can be found in the in-house data pro­tec­tion declar­a­tion at https://policies.google.com/privacy?hl=en-GB.

Woo­Com­merce Pri­vacy Policy

Woo­Com­merce Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice optim­isa­tion
📓 Pro­cessed data: data such as IP address, browser inform­a­tion, pre­set lan­guage set­tings as well as date and time of web access
You can find more details on this in the Pri­vacy Policy below.
📅 Stor­age period: Server log files, tech­nical data and IP addresses will be erased after about 30 days
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is WooCommerce?

We have integ­rated the open-source shop sys­tem Woo­Com­merce to our web­site as a plu­gin. This Woo­Com­merce plu­gin is based on the con­tent man­age­ment sys­tem Word­Press, which is a sub­si­di­ary com­pany of Auto­mat­tic Inc. (60 29th Street #343, San Fran­cisco, CA 94110, USA). Through the imple­men­ted func­tions, data are stored and sent to Auto­mat­tic Inc where they are pro­cessed. In this pri­vacy policy we want to inform you on what data this is, how the net­work uses this data and how you can man­age or pre­vent data retention.

Woo­Com­merce is an online shop sys­tem that has been part of the Word­Press dir­ect­ory since 2011 and was spe­cially developed for Word­Press web­sites. It is a cus­tom­is­able, open source eCo­m­merce plat­form that is based on Word­Press. It has been integ­rated into our web­site as a Word­Press plugin.

Why do we use Woo­Com­merce on our website?

We use this prac­tical online shop sys­tem, to be able to offer you our phys­ical or digital products or ser­vices in the best pos­sible way on our web­site. The aim is to give you easy and easy access to our offer, so that you can quickly and eas­ily nav­ig­ate to the products you want. With Woo­Com­merce we have found a good plu­gin that meets our require­ments for an online shop.

What data is stored by WooCommerce?

Inform­a­tion that you act­ively enter to a text field in our online shop can be col­lec­ted and stored by Woo­Com­merce or Auto­mat­tic. Hence, if you register with us or order a product, Auto­mat­tic may col­lect, pro­cess and save this data. In addi­tion to email address, name or address, this can also be your credit card or billing inform­a­tion. Sub­sequently, Auto­mat­tic can also use this inform­a­tion for their own mar­ket­ing campaigns.

There is also evid­ence that Auto­mat­tic auto­mat­ic­ally col­lects inform­a­tion on you in so-called server log files:

  • IP-address
  • Browser inform­a­tion
  • Pre-set lan­guage settings
  • Date and time of the web access

Moreover, Woo­Com­merce sets cook­ies in your browser and uses tech­no­lo­gies such as pixel tags (web beacons), to for example clearly identify you as a user and to be able to offer interest-based advert­ising. Woo­Com­merce uses sev­eral dif­fer­ent cook­ies, which are placed depend­ing on the user action. This means that if you for example add a product to the shop­ping cart, a cookie is set so that the product remains in the shop­ping cart when you leave our web­site and come back later.

Below we want to show you an example list of pos­sible cook­ies that may be set by WooCommerce:

Name: woocommerce_items_in_cart
Value: 1
Pur­pose: This cookie helps Woo­Com­merce to determ­ine when the con­tents of the shop­ping cart change.
Expiry date: after end of session

Name: woocommerce_cart_hash
Value: 447c84f810834056­ab37cfe5ed27f204311826578-7
Pur­pose: This cookie is also used to recog­nise and save the changes in your shop­ping cart.
Expiry date: after end of session

Name: wp_woocommerce_session_d9e29d251cf8a108a6482d9fe2ef34b6
Value: 1146%7C%7C1589034207%7C%7C95f8053ce0cea135bbce671043e740311826578-4aa
Pur­pose: This cookie con­tains a unique iden­ti­fier for you to allow the shop­ping cart data to be found in the data­base.
Expiry date: after 2 days

How long and where is the data stored?

Unless there is a legal oblig­a­tion to keep data for a longer period, Woo­Com­merce will delete your data if it is no longer needed for the pur­poses it was saved for. Server log files for example, the tech­nical data for your browser and your IP address will be deleted after about 30 days. This is how long Auto­mat­tic use the data to ana­lyse the traffic on their own web­sites (for example all Word­Press web­sites) and to fix pos­sible prob­lems. The data is stored on Automattic’s Amer­ican servers.

How can I erase my data and pre­vent data retention?

You have the right to access your per­sonal data any­time, as well as to object to it being used and pro­cessed. You can also lodge a com­plaint with a state super­vis­ory author­ity anytime.

You can also man­age, delete or deac­tiv­ate cook­ies indi­vidu­ally in your browser. How­ever, please note that deac­tiv­ated or deleted cook­ies may have a neg­at­ive impact on the func­tions of our Woo­Com­merce online shop. Depend­ing on the browser you use, man­aging cook­ies dif­fers slightly. Below you will find links to the instruc­tions for the most com­mon browsers:

Chrome: Clear, enable and man­age cook­ies in Chrome 

Safari: Man­age cook­ies and web­site data in Safari 

Fire­fox: Clear cook­ies and site data in Firefox 

Inter­net Explorer: Delete and man­age cookies 

Microsoft Edge: Delete cook­ies in Microsoft Edge 

Legal basis

If you have agreed to the use of Woo­Com­merce, then your con­sent the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para­graph 1 lit. a (Con­sent) your con­sent is the legal basis for the pro­cessing of per­sonal data, as can occur when it is col­lec­ted by WooCommerce.

We also have a legit­im­ate interest in using Woo­Com­merce to optim­ise our online ser­vice and to present our ser­vice nicely for you. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit. f GDPR (legit­im­ate interests). Nev­er­the­less, we only use Woo­Com­merce if you have given your con­sent to it.

Woo­Com­merce also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Woo­Com­merce uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Woo­Com­merce to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find more details on WooCommerce’s Pri­vacy Policy and on which data is retained as well as how at https://automattic.com/privacy/ and you can find more gen­eral inform­a­tion about Woo­Com­merce at https://woocommerce.com/.

Cloud­flare Pri­vacy Policy

Cloud­flare Pri­vacy Policy Overview

👥 Affected parties: web­site vis­it­ors
🤝 Pur­pose: ser­vice per­form­ance optim­isa­tion (to accel­er­ate web­site load­ing times)
📓 Pro­cessed data: data such as IP address, con­tact and pro­tocol inform­a­tion, secur­ity fin­ger­prints and web­site per­form­ance data
You can find more details on this in the Pri­vacy Policy below.
📅 Stor­age dur­a­tion: most of the data is stored for less than 24 hours
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (con­sent), Art. 6 para. 1 lit. f GDPR (legit­im­ate interests)

What is Cloudflare?

We use Cloud­flare by the com­pany Cloud­flare, Inc. (101 Town­send St., San Fran­cisco, CA 94107, USA) on our web­site to enhance its speed and secur­ity. For this, Cloud­flare uses cook­ies and pro­cesses user data. Cloud­flare, Inc. is an Amer­ican com­pany that offers a con­tent deliv­ery net­work and vari­ous secur­ity ser­vices. These ser­vices take place between the user and our host­ing pro­vider. In the fol­low­ing, we will try to explain in detail what all this means.

A con­tent deliv­ery net­work (CDN), as provided by Cloud­flare, is noth­ing more than a net­work of serv­ers that are con­nec­ted to each other. Cloud­flare has deployed serv­ers around the world, which ensure web­sites can appear on your screen faster. Simply put, Cloud­flare makes cop­ies of our web­site and places them on its own serv­ers. Thus, when you visit our web­site, a load dis­tri­bu­tion sys­tem ensures that the main part of our web­site is delivered by a server that can dis­play our web­site to you as quickly as pos­sible. The CDN sig­ni­fic­antly shortens the route of the trans­mit­ted data to your browser. Thus, Cloud­flare does not only deliver our website’s con­tent from our host­ing server, but from serv­ers from all over the world. Cloud­flare is par­tic­u­larly help­ful for users from abroad, since pages can be delivered from a nearby server. In addi­tion to the fast deliv­ery of web­sites, Cloud­flare also offers vari­ous secur­ity ser­vices, such as DDoS pro­tec­tion, or the web applic­a­tion firewall.

Why do we use Cloud­flare on our website?

Of course, we want our web­site to offer you the best pos­sible ser­vice. Cloud­flare helps us make our web­site faster and more secure. Cloud­flare offers us web optim­isa­tions as well as secur­ity ser­vices such as DDoS pro­tec­tion and a web fire­wall. Moreover, this includes a Reverse-Proxy and the con­tent dis­tri­bu­tion net­work (CDN). Cloud­flare blocks threats and lim­its abus­ive bots as well as crawl­ers that waste our band­width and server resources. By stor­ing our web­site in local data centres and block­ing spam soft­ware, Cloud­flare enables us to reduce our band­width usage by about 60%. Fur­ther­more, the pro­vi­sion of con­tent through a data centre near you and cer­tain web optim­iz­a­tions car­ried out there, cut the aver­age load­ing time of a web­site in about half. Accord­ing to Cloud­flare, the set­ting “I’m Under Attack Mode” can be used to mit­ig­ate fur­ther attacks by dis­play­ing a JavaS­cript cal­cu­la­tion task that must be solved before a user can access a web­site. Over­all, this makes our web­site sig­ni­fic­antly more power­ful and less sus­cept­ible to spam or other attacks.

What data is stored by Cloudflare?

Cloud­flare gen­er­ally only trans­mits data that is con­trolled by web­site oper­at­ors. There­fore, Cloud­flare does not determ­ine the con­tent, but the web­site oper­ator them­selves does. Addi­tion­ally, Cloud­flare may col­lect cer­tain inform­a­tion about the use of our web­site and may pro­cess data we send or data which Cloud­flare has received cer­tain instruc­tions for. Mostly, Cloud­flare receives data such as IP addresses, con­tacts and pro­tocol inform­a­tion, secur­ity fin­ger­prints and web­sites’ per­form­ance data. Log data for example helps Cloud­flare identify new threats. That way, Cloud­flare can ensure a high level of secur­ity for our web­site. As part of their ser­vices, Cloud­flare pro­cess this data in com­pli­ance with the applic­able laws. Of course, this also includes the com­pli­ance with the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

Fur­ther­more, Cloud­flare uses a cookie for secur­ity reas­ons. The cookie (__cfduid) is used to identify indi­vidual users behind a shared IP address, and to apply secur­ity set­tings for each indi­vidual user. The cookie is very use­ful, if you e.g. use our web­site from a res­taur­ant where sev­eral infec­ted com­puters are loc­ated. How­ever, if your com­puter is trust­worthy, we can recog­nise that with the cookie. Hence, you will be able to freely and care­lessly surf our web­site, des­pite the infec­ted PCs in your area. Another point that is import­ant to know, is that this cookie does not store any per­sonal data. The cookie is essen­tial for Cloudflare’s secur­ity func­tions and can­not be deactivated.

Cook­ies by Cloudflare

Name: __cfduid
Value: d798b­f7d­f9c1ad5b7583eda5c­c5e78311826578-3
Pur­pose: Secur­ity set­tings for each indi­vidual vis­itor
Expiry date: after one year

Cloud­flare also works with third party pro­viders. They may how­ever only pro­cess per­sonal data after the instruc­tion of Cloud­flare and in accord­ance with the data pro­tec­tion guidelines and other con­fid­en­ti­al­ity and secur­ity meas­ures. Without expli­cit con­sent from us, Cloud­flare will not pass on any per­sonal data.

How long and where is the data stored?

Cloud­flare stores your inform­a­tion primar­ily in the United States and the European Eco­nomic Area. Cloud­flare can trans­fer and access the inform­a­tion described above, from all over the world. In gen­eral, Cloud­flare stores domains’ user-level data with the Free, Pro and Busi­ness ver­sions for less than 24 hours. For enter­prise domains that have activ­ated Cloud­flare Logs (pre­vi­ously called Enter­prise LogShare or ELS), data can be stored for up to 7 days. How­ever, if IP addresses trig­ger secur­ity warn­ings in Cloud­flare, there may be excep­tions to the stor­age period men­tioned above.

How can I erase my data or pre­vent data retention?

Cloud­flare only keeps data logs for as long as neces­sary and in most cases deletes the data within 24 hours. Cloud­flare also does not store any per­sonal data, such as your IP address. How­ever, there is inform­a­tion that Cloud­flare store indef­in­itely as part of their per­man­ent logs. This is done to improve the over­all per­form­ance of Cloud­flare Resolver and to identify poten­tial secur­ity risks. You can find out exactly which per­man­ent logs are saved at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data Cloud­flare col­lects (tem­por­ar­ily or per­man­ently) is cleared of all per­sonal data. Cloud­flare also anonymise all per­man­ent logs.

In their pri­vacy policy, Cloud­flare state that they are not respons­ible for the con­tent you receive. For example, if you ask Cloud­flare whether you can update or delete con­tent, Cloud­flare will always refer to us as the web­site oper­ator. You can also com­pletely pre­vent the col­lec­tion and pro­cessing of your data by Cloud­flare, when you deac­tiv­ate the exe­cu­tion of script-code in your browser, or if you integ­rate a script blocker to your browser.

Legal basis

If you have con­sen­ted to the use of Cloud­flare, your con­sent is the legal basis for the cor­res­pond­ing data pro­cessing. Accord­ing to Art. 6 para­graph 1 lit. a (Con­sent) your con­sent is the legal basis for the pro­cessing of per­sonal data, as can occur when it is col­lec­ted by Cloudflare.

We also have a legit­im­ate interest in using Cloud­flare to optim­ise our online ser­vice and make it more secure. The cor­res­pond­ing legal basis for this is Art. 6 para. 1 lit.f GDPR (legit­im­ate interests). Nev­er­the­less, we only use Cloud­flare if you have given your con­sent to it.

Cloud­flare also pro­cesses data in the USA, among other coun­tries. We would like to note, that accord­ing to the European Court of Justice, there is cur­rently no adequate level of pro­tec­tion for data trans­fers to the USA. This can be asso­ci­ated with vari­ous risks to the leg­al­ity and secur­ity of data processing.

Cloud­flare uses stand­ard con­trac­tual clauses approved by the EU Com­mis­sion as basis for data pro­cessing by recip­i­ents based in third coun­tries (out­side the European Union, Ice­land, Liecht­en­stein, Nor­way and espe­cially in the USA) or data trans­fer there (= Art. 46, para­graphs 2 and 3 of the GDPR). These clauses oblige Cloud­flare to com­ply with the EU‘s level of data pro­tec­tion when pro­cessing rel­ev­ant data out­side the EU. These clauses are based on an imple­ment­ing order by the EU Com­mis­sion. You can find the order and the clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

You can find more inform­a­tion about data pro­tec­tion at Cloud­flare at https://www.cloudflare.com/en-gb/privacypolicy/.

All texts are copyrighted.

Source: Cre­ated with the Datens­chutz Gen­er­ator by AdSimple