With us, you get 50% of the repair costs back on all repairs!
Learn more at Reparaturbonus.at

Privacy policy

Table of contents

Einleitung und Überblick

We have prepared this Privacy Policy (Version 23.01.2024-112706071) to inform you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about the personal data (referred to as "data") we process as the data controller—and the data processed by processors we engage (e.g., service providers). We also explain what lawful options you have. The terms used are intended to be gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies often sound very technical and use legal jargon. This Privacy Policy, however, aims to explain the most important aspects as simply and transparently as possible. Wherever it enhances transparency, technical terms are explained in a user-friendly manner, links to additional information are provided, and graphics are used. We aim to clearly and straightforwardly convey that we only process personal data within the scope of our business activities when there is a corresponding legal basis for doing so.

This clarity would not be possible if we were to use brief, vague, and overly technical legal explanations, as is often the case online when it comes to privacy policies. We hope you find the following explanations both interesting and informative, and perhaps even discover some new information.

If you still have questions, we encourage you to contact the responsible party listed below or in the imprint, follow the provided links, or consult further information on third-party websites. Our contact details are, of course, also available in the imprint.

Scope of application

This Privacy Policy applies to all personal data processed by our company and all personal data processed by companies we engage (data processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

In short: This Privacy Policy applies to all areas where personal data is systematically processed in the company via the mentioned channels. If we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal bases

In this Privacy Policy, we provide you with transparent information about the legal principles and regulations, specifically the legal bases of the General Data Protection Regulation (GDPR), which allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can review this EU GDPR regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only when at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR):
    You have given us your consent to process your data for a specific purpose. An example would be storing the data you entered in a contact form.

  2. Contract (Article 6(1)(b) GDPR):
    We process your data to fulfill a contract or pre-contractual obligations with you. For instance, when we enter into a purchase agreement with you, we need personal information beforehand.

  3. Legal Obligation (Article 6(1)(c) GDPR):
    We process your data if we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.

  4. Legitimate Interests (Article 6(1)(f) GDPR):
    If we have legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently, which constitutes a legitimate interest.

Other conditions, such as performing tasks in the public interest, exercising official authority, or protecting vital interests, generally do not apply to us. Should such legal bases become relevant, we will disclose them in the respective context.

Additional National Laws
In addition to the EU regulation, national laws also apply:

If other regional or national laws apply, we will inform you about them in the relevant sections.

Contact details of the data controller

If you have any questions regarding data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
Kärntner Straße 501
AT-8054 Graz-Seiersberg
Authorized representative: Ing. Mirza Mesic
E-Mail: office@proreparatur.com
Phone: +43 6602333943
Imprint: https://www.proreparatur.com/de/datenschutz

Retention period

As a general principle, we store personal data only as long as it is absolutely necessary to provide our services and products. This means we delete personal data as soon as the reason for processing the data no longer applies. In some cases, we are legally required to retain certain data even after the original purpose no longer exists, such as for accounting purposes.

If you wish to have your data deleted or revoke your consent for data processing, we will delete the data as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of each data processing activity below, where further details are available.

Rights under the general data protection regulation (GDPR)

Pursuant to Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure the fair and transparent processing of your data:

  1. Right of Access (Article 15 GDPR):
    You have the right to know whether we process your data. If this is the case, you are entitled to:

    • Obtain a copy of your data.
    • Learn the purposes of the processing.
    • Know the categories (types) of data being processed.
    • Identify the recipients of the data, and if data is transferred to third countries, understand how security is ensured.
    • Understand the storage duration of your data.
    • Exercise your rights to rectification, deletion, restriction of processing, or objection to processing.
    • Lodge a complaint with a supervisory authority (links to these authorities are provided below).
    • Determine the source of the data if it wasn’t collected from you.
    • Verify whether profiling or automated decision-making is carried out.

  2. Right to Rectification (Article 16 GDPR):
    You can request corrections to your data if you identify any inaccuracies.

  3. Right to Erasure (Article 17 GDPR):
    Also known as the "Right to be Forgotten," this allows you to request the deletion of your data.

  4. Right to Restriction of Processing (Article 18 GDPR):
    You can request that your data only be stored and not further processed.

  5. Right to Data Portability (Article 20 GDPR):
    You can request your data in a commonly used format for transfer to another entity.

  6. Right to Object (Article 21 GDPR):

    • If your data processing is based on Article 6(1)(e) (public interest or official authority) or Article 6(1)(f) (legitimate interests), you can object to it. We will review your objection promptly to determine if we can comply.
    • If data is used for direct marketing, you can object at any time, and we will no longer use your data for this purpose.
    • If data is used for profiling, you can object at any time, and we will cease this type of data processing.

  7. Right to Avoid Automated Decision-Making (Article 22 GDPR):
    In certain cases, you have the right not to be subjected to a decision based solely on automated processing (e.g., profiling).

  8. Right to Lodge a Complaint (Article 77 GDPR):
    If you believe that the processing of your data violates the GDPR or that your rights have been infringed, you can file a complaint with a supervisory authority.

Summary:
You have several rights regarding your data. Don’t hesitate to contact the responsible entity listed above if you wish to exercise them!

If you believe your data processing violates data protection laws or your rights have been infringed in any way, you can lodge a complaint with the relevant supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has its own Data Protection Officer. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority
Director: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

 

Data transfer to third countries

We transfer or process data in countries outside the scope of the GDPR (third countries) only if you consent to such processing or if there is another legal basis permitting it. This applies particularly when processing is legally required, necessary for fulfilling a contractual relationship, or otherwise permissible under general regulations. In most cases, your consent is the primary reason for processing data in third countries. Processing personal data in third countries, such as the United States—where many software providers offer services and maintain server locations—may result in personal data being processed and stored in unexpected ways.

We explicitly point out that, according to the European Court of Justice, an adequate level of protection for data transfers to the USA currently exists only when a US company processing the personal data of EU citizens is an active participant in the EU-US Data Privacy Framework. For more information, see: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Data processing by US-based services that are not active participants in the EU-US Data Privacy Framework may result in non-anonymized processing and storage of data. Additionally, US government authorities may potentially access certain data. It is also possible that data collected by these services could be combined with data from other services provided by the same company if you have a corresponding user account.

Wherever possible, we aim to use server locations within the EU if such options are available. We will provide more detailed information about data transfer to third countries at the relevant sections of this Privacy Policy if applicable.

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. This ensures, within our capabilities, that it is as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that both software (e.g., forms) and hardware (e.g., access to server rooms) should always consider security and implement appropriate measures. Below, we outline specific measures where necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS may sound very technical—and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the Internet.This means that the entire transfer of all data from your browser to our web server is secure—no one can "listen in."

By doing so, we have added an extra layer of security and comply with the principle of data protection by design (Article 25(1) GDPR). The use of TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, ensures the protection of sensitive data.

You can recognize the use of this secure data transmission by the small lock symbol in the upper left corner of your browser, next to the website address (e.g., examplesite.com), and the use of the https scheme (instead of http) in our website address.If you want to learn more about encryption, we recommend searching for "Hypertext Transfer Protocol Secure wiki" on Google to find reliable links with additional information.

Communication

Summary of communication
πŸ‘₯ Affected Parties: Everyone who communicates with us via phone, email, or online form.
πŸ““ Processed Data: For example, phone number, name, email address, and form data entered. More details can be found under the specific type of contact method used.
🀝 Purpose: Handling communication with customers, business partners, etc.
πŸ“… Retention Period: Duration of the business transaction and legal requirements.
βš–οΈ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(b) GDPR (Contract), Article 6(1)(f) GDPR (Legitimate Interests).

If you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed to handle and address your inquiry and the related business transaction. The data is stored only as long as necessary or as required by law.

Affected Individuals

The described processes apply to anyone who contacts us through the communication channels we provide.

Phone

If you call us, call data is pseudonymously stored on the respective device and by the telecommunications provider used. Additionally, data such as your name and phone number may be sent via email and stored to respond to your inquiry. The data is deleted once the business transaction is completed and legal requirements allow.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data is deleted once the business transaction is completed and legal requirements allow.

Online Forms

If you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business transaction is completed and legal requirements allow.

Legal Bases

The processing of data is based on the following legal grounds:

Processing agreement (AVV)

In this section, we explain what a Processing Agreement is and why it is necessary. Since "Processing Agreement" is quite a mouthful, we will frequently use the acronym AVV throughout the text. Like most companies, we don’t work alone but also use the services of other companies or individuals. By involving various companies or service providers, personal data may be transferred for processing. These partners act as processors, with whom we conclude a contract, the so-called Processing Agreement (AVV). The most important thing for you to know is that your personal data is processed exclusively according to our instructions and must be governed by the AVV.

Who are Processors?
As a company and website owner, we are responsible for all data we process from you. In addition to the controller, there can also be processors. This includes any company or person processing personal data on our behalf. According to the GDPR definition, a processor is any natural or legal person, authority, institution, or other entity that processes personal data on our behalf. Processors can include service providers such as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

For better understanding, here’s an overview of the three roles under the GDPR:

Data Subject (you as a customer or prospect) → Controller (us as the company and principal) → Processor (service providers such as web hosts or cloud providers)

Content of a Processing Agreement
As mentioned above, we have concluded AVVs with our partners who act as processors. These agreements primarily stipulate that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, but electronic conclusion is also considered "written" in this context. The processing of personal data can only occur based on this contract. The contract must include the following:

Additionally, the contract includes all obligations of the processor. The most important obligations are:

For an example of what such a Processing Agreement looks like, visit https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, where you’ll find a sample contract.

Cookies

Cookies Summary
πŸ‘₯ Affected: visitors to the website
🀝Purpose: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
πŸ““ Processed Data: Depends on the specific cookie used. More details can be found below or from the software provider that sets the cookie.
πŸ“… Retention Period: Depends on the specific cookie, ranging from hours to years.
βš–οΈ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests).

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used to help you better understand this privacy policy.

Whenever you browse the internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser, which are called cookies.

There’s no denying it: cookies are incredibly useful tools. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other types of cookies for different purposes. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your preferred language or personal site settings. When you revisit our site, your browser sends the "user-specific" information back to our site. Thanks to cookies, our website recognizes who you are and provides the settings you’re familiar with. In some browsers, each cookie is saved as an individual file, while in others, like Firefox, all cookies are stored in a single file.

The following diagram illustrates a possible interaction between a web browser (e.g., Chrome) and a web server. The web browser requests a website and receives a cookie from the server, which the browser then uses again when requesting another page.

HTTP Cookie Interaktion zwischen Browser und Webserver

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie needs to be evaluated individually, as each stores different data. The expiration time of a cookie can also vary, ranging from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware." They also cannot access information on your PC.

Here is an example of cookie data:

Name: _ga
Value: GA1.2.1326744211.152112706071-9
Purpose: Differentiation of website visitors
Expiration: After 2 years

Browsers should be able to support at least the following minimum requirements:

Which types of cookies are there?

The specific cookies we use depend on the services we implement, which are explained in the following sections of this privacy policy. Here, we will briefly describe the different types of HTTP cookies.

There are four types of cookies:

  1. Essential Cookies
    These cookies are necessary to ensure basic website functionality. For example, they are used to keep items in a shopping cart even if a user navigates to other pages or closes their browser before checking out.

  2. Functional Cookies
    These cookies collect information about user behavior and errors (e.g., error messages). They also help measure the loading time and performance of the website on different browsers.

  3. Preference Cookies
    These cookies enhance usability by storing user-specific settings, such as entered locations, font sizes, or form data.

  4. Advertising Cookies
    Also known as targeting cookies, these are used to deliver personalized advertisements. While they can be convenient, they can also sometimes feel intrusive.

Typically, when you visit a website for the first time, you are asked which types of cookies you wish to allow. Your choice is then saved in a cookie.

For a detailed and technical explanation of cookies, we recommend visiting https://datatracker.ietf.org/doc/html/rfc6265, the "HTTP State Management Mechanism" document by the Internet Engineering Task Force (IETF).

Purpose of Processing via Cookies
The purpose of processing depends on the specific cookie. More details can be found below or from the provider of the software that sets the cookie.

What Data Is Processed?
Cookies are small tools with many different uses. The type of data stored in cookies varies, so we provide detailed information about the processed or stored data in the relevant sections of this privacy policy.

Cookie Retention Period
The retention period depends on the specific cookie and is detailed further below. Some cookies are deleted in less than an hour, while others may remain on your device for years.

You also have control over the retention period. You can manually delete cookies in your browser settings at any time (see "Right to Object" below). Additionally, cookies based on consent are deleted upon the withdrawal of your consent, with the legality of storage up to that point remaining unaffected.

Right to Object – How Can I Delete Cookies?
You decide whether and how you want to use cookies. Regardless of the service or website they originate from, you can delete, disable, or only partially allow cookies. For instance, you can block third-party cookies while allowing all others.

To check which cookies are stored in your browser or to change or delete your cookie settings, refer to your browser’s instructions:

If you generally prefer not to use cookies, you can set your browser to notify you whenever a cookie is about to be set. This way, you can decide on a case-by-case basis whether to allow the cookie. Instructions vary depending on the browser. It’s best to search for guidance using terms like "delete cookies in Chrome" or "disable cookies in Chrome" for Chrome users.

Legal Basis
Since 2009, the so-called "Cookie Directive" requires that the storage of cookies requires user consent (Article 6(1)(a) GDPR). However, reactions to this directive differ across EU countries. In Austria, it was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the directive was not incorporated into national law but is largely covered by § 15(3) of the Telemedia Act (TMG).

For essential cookies, legitimate interests (Article 6(1)(f) GDPR) apply, even without user consent. These interests are often economic in nature and aim to ensure a pleasant user experience.

Non-essential cookies are only used with your consent, with Article 6(1)(a) GDPR serving as the legal basis.

In the following sections, you will receive detailed information about the use of cookies, where applicable software involves them.

Web hosting introduction

Web hosting summary
πŸ‘₯ Affected: visitors to the website
🀝 Purpose: Professional hosting of the website and ensuring operational security.
πŸ““ Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider.
πŸ“… Retention period: Depends on the respective provider, but typically 2 weeks.
βš–οΈ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests).

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, as is the case with this website. Such data should be processed sparingly and only with justification. By "website," we mean the entirety of all web pages under a domain, from the homepage to the very last subpage (like this one). By "domain," we mean, for example, example.com or samplewebsite.com.

To view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We’ll simply refer to them as browsers or web browsers.

To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and demanding task, which is why this is typically handled by professional providers known as hosting providers. They offer web hosting services and ensure the reliable and error-free storage of website data. That’s a lot of technical terms, but bear with us—it gets more interesting!

When your browser connects to the web server on your computer (desktop, laptop, tablet, or smartphone) and during data transmission to and from the web server, personal data may be processed. Your computer stores some data, and the web server also needs to store data temporarily to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Browser und Webserver

Why do we process personal data?

The purposes of data processing are:

What Data Is Processed?
Even as you visit our website right now, our web server—the computer where this website is hosted—typically stores the following data automatically:

This data is stored in files called web server log files.

How Long Is Data Stored?
As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data but cannot exclude the possibility that it may be accessed by authorities in the event of unlawful behavior.

In short: Your visit is logged by our provider (the company that runs our website on specialized computers, called servers), but we do not share your data without your consent!

Legal Basis
The legality of processing personal data within the scope of web hosting arises from Article 6(1)(f) GDPR (legitimate interests), as the use of professional hosting by a provider is necessary to present the company securely and user-friendly on the internet and to pursue potential attacks or claims.

There is usually a processing agreement between us and the hosting provider in accordance with Article 28 GDPR, which ensures compliance with data protection and guarantees data security.

1&1 IONOS web hosting privacy policy

To host our website, we use the web hosting services of IONOS by 1&1. In Germany, 1&1 IONOS SE is located at Elgendorfer Str. 57, 56410 Montabaur. In Austria, you can find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266, 1060 Vienna.

What is 1&1 IONOS Web Hosting?
IONOS provides a range of web hosting services, including domains, websites, and online shops, hosting and WordPress solutions, marketing, email and office tools, IONOS Cloud, and servers. With over 22 million domains, nearly 9 million customer contracts, and 100,000 servers, IONOS is one of the largest web hosting providers in Germany.

As mentioned earlier, web hosting involves storing data from you or your device on IONOS servers. Primarily, your IP address, which is considered personal data, is stored. Additionally, technical data such as the URL of our website, the name of your internet browser, and your operating system are also stored.

Why Do We Use 1&1 IONOS Web Hosting?
Founded in Germany in 1988, IONOS brings over 30 years of experience while continually advancing its technology. This combination of experience and innovation provides a strong foundation for our website. We aim for our website to function seamlessly 24/7 while maintaining a high level of security. Since IONOS does not limit monthly data traffic and offers ample storage space, our website remains performant even with a large number of visitors. We are very satisfied with the website's speed, and the cost-effectiveness meets our current needs.

For more information about data protection at IONOS, please refer to their privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have further questions about privacy, you can contact the IONOS data protection team via email at datenschutz@ionos.de.

Data Processing Agreement (DPA) with IONOS

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with IONOS. For detailed information about what a DPA is and what it must include, please refer to our general section "Data Processing Agreement (DPA)."

This agreement is legally required because IONOS processes personal data on our behalf. It specifies that IONOS may only process data received from us according to our instructions and must comply with the GDPR.

You can find the link to the Data Processing Agreement (DPA) here: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Website builder systems introduction

Website builder systems privacy policy
πŸ‘₯ Affected parties: Visitors to the website
🀝 Purpose: Optimization of our service offerings
πŸ““ Processed data: Information such as technical usage details like browser activity, clickstream activities, session heatmaps, contact details, IP address, or geographic location. More details can be found below in this privacy policy and in the provider's privacy policy.
πŸ“… Retention period: Depends on the provider
βš–οΈ Legal bases: Article 6(1)(f) GDPR (Legitimate Interests), Article 6(1)(a) GDPR (Consent)

What Are Website Builder Systems?

We use a website builder system for our website. Builder systems are a special type of content management system (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosting providers also offer builder systems. Using such a system may involve the collection, storage, and processing of personal data. In this privacy text, we provide general information about data processing through builder systems. For more detailed information, please refer to the provider's privacy policy.

Why Do We Use Website Builder Systems for Our Website?

The biggest advantage of a builder system is its ease of use. We aim to offer you a clear, simple, and user-friendly website that we can manage and maintain ourselves without external support. Modern builder systems provide many helpful features that we can use without programming skills. This allows us to design our web presence according to our preferences and offer you an informative and pleasant experience on our website.

What Data Is Stored by a Website Builder System?

The exact data stored depends on the specific builder system used. Each provider collects and processes different data from website visitors. Generally, technical usage information such as the operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit is collected. Additionally, tracking data (e.g., browser activity, clickstream activities, session heatmaps) may be processed.

Personal data such as contact details, including your email address, phone number (if provided), IP address, and geographic location, may also be collected and stored. Specific details about the data stored can be found in the provider's privacy policy.

How Long and Where Is the Data Stored?

We provide information on the duration of data processing in connection with the website builder system used, as far as we have further details. The provider's privacy policy contains detailed information on this. In general, we process personal data only as long as it is necessary to provide our services and products. However, it is possible that the provider stores data according to its policies, over which we have no control.

Right to Object

You always have the right to access, correct, and delete your personal data. For any questions, you can also contact the responsible parties of the website builder system. Contact details can be found either in our privacy policy or on the provider's website.

Cookies used by the provider for its functions can be deleted, disabled, or managed in your browser. Depending on the browser you use, the process may vary. Please note, however, that some features may not work as intended if cookies are disabled.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online services and present them efficiently and attractively for you. The corresponding legal basis is Article 6(1)(f) GDPR (Legitimate Interests). We use the builder system only if you have given your consent.

If data processing is not strictly necessary for the operation of the website, it will be processed only with your consent. This primarily applies to tracking activities. The legal basis in this case is Article 6(1)(a) GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. For more detailed information, please refer to the following section or the provider's privacy policy, if available.

Web analytics introduction

Web analytics privacy policy summary
πŸ‘₯ Affected parties: Visitors to the website
🀝 Purpose: Analysis of visitor information to optimize the web offering
πŸ““ Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the privacy policy of the respective web analytics tool.
πŸ“… Retention period: Depends on the web analytics tool used
βš–οΈ Legal bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is web analytics?

We use software on our website to analyze the behavior of website visitors, commonly referred to as web analytics or web analysis. This involves collecting data that the respective analytics tool provider (also called a tracking tool) stores, manages, and processes. These data are used to create analyses of user behavior on our website and are made available to us as website operators. Most tools also offer testing features, such as A/B testing, where we can determine which offers or content resonate best with our visitors by showing two different options for a limited time. Following the test, we can identify which product or content is more appealing to our visitors. For these testing methods, as well as for other analytics processes, user profiles can be created, and the data may be stored in cookies.

Why do we use web analytics?

Our website has a clear goal: we aim to deliver the best web offering in our industry. To achieve this, we strive to provide the best and most engaging content while ensuring you feel completely comfortable on our site. Web analytics tools allow us to examine visitor behavior in detail, helping us improve our web offering for both you and ourselves.

For instance, we can determine the average age of our visitors, where they come from, when our website is most frequently visited, or which content or products are especially popular. All this information helps us optimize the website, tailoring it to your needs, interests, and preferences.

What data is processed?

The exact data stored depends on the analytics tools used. Generally, the following data is collected:

If you have agreed to share location data, this information may also be processed by the analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, IP addresses are usually stored in a pseudonymized (anonymized and shortened) format. For the purposes of testing, web analysis, and website optimization, no direct personal data, such as your name, age, address, or email address, are stored. If these data are collected, they are stored in a pseudonymized format, ensuring that you cannot be personally identified.

The following example illustrates how Google Analytics works as an example of client-based web tracking using JavaScript code.

Schematischer Datenfluss bei Google Analytics

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing
We will inform you about the duration of data processing below if we have additional information available. Generally, we process personal data only as long as it is absolutely necessary to provide our services and products. If required by law, such as in the case of accounting, the storage period may be extended.

Right to object
You always have the right and opportunity to withdraw your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or through other opt-out functions. For instance, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Legal basis
The use of web analytics requires your consent, which we obtained through our cookie popup. This consent serves as the legal basis for processing personal data collected by web analytics tools, as per Article 6(1)(a) GDPR (Consent).

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offerings technically and economically. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools if you have provided consent.

Since web analytics tools involve the use of cookies, we recommend reading our general privacy policy regarding cookies. To understand exactly which data is stored and processed about you, please review the privacy policies of the respective tools.

Information about specific web analytics tools, if available, can be found in the following sections.

etracker privacy policy

etracker privacy policy summary
πŸ‘₯ Affected parties: Visitors to the website
🀝 Purpose: Analysis of visitor information to optimize the web offering
πŸ““ Processed data: Includes pseudonymized IP addresses, technical information about browsers, operating systems, and devices, time spent on the website, and interactions on the site
πŸ“… Retention period: Depends on the web analytics tool used
βš–οΈ Legal bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is etracker?

We use the analysis tracking tool etracker Analytics from the German company etracker GmbH, Erste Brunnenstraße 1, D-20459 Hamburg, on our website. etracker Analytics is software that collects and evaluates data about your actions on our website. We receive analysis reports about how you use our website, which helps us improve our offerings to better suit your needs. This privacy policy provides further details about the analysis tool and explains which data is stored, when, how, and where.

etracker Analytics is an analysis tool that can measure and analyze the performance of our website and online campaigns. The software collects data, such as how long you stay on our website, how many users visit our website, and where you came from before visiting our site. We also receive detailed insights into visitor behavior on our website, such as which buttons you tend to click, which subpages you like, and which ones you tend to avoid. All of this information is anonymized, meaning we do not identify you as a person but only receive general user information and statistics.

Why do we use etracker on our website?

We use this software tool to improve the quality of our website and offerings. Our goal is to provide you with the best possible service. We want you to feel comfortable on our website and receive exactly what you expect. To achieve this, we need to tailor our offerings as effectively as possible to your needs and requirements.

The data also helps us conduct our online marketing and advertising campaigns more cost-effectively and individually. We want to ensure that our offerings are only shown to people who are genuinely interested in them.

What data is stored by etracker?

To enable tracking, a JavaScript code must be integrated into the website. etracker works based on pixel technology.

By default, etracker does not use cookies or technologies for tracking a website, as this is implemented in the cookie-less mode through Privacy-by-Design. In this case, only absolutely necessary cookies are set. However, if you have actively consented to the use of cookies, etracker also uses cookies.

The following data is stored and processed when a page is viewed:

These website data are transmitted from the web server, and information that the web browser transmits to the web server when retrieving web pages is used. This information is transferred with each page view.

Unlike other technologies, etracker does not read data from your device's memory nor store data on your device. The data is not used by etracker for any other purposes or shared with third parties.

The cookies used do not contain information that can identify you as a person. Data such as IP address, device, and domain information is encrypted or shortened during storage. Therefore, identifying individuals is not possible for us or etracker.

If you have consented to the use of cookies, the following cookies may be set:

Note: The list provided here represents only a selection of the cookies used and may not be exhaustive. The specific cookies set depend on the analytics mechanisms used. You can view a list of all cookies at the following link: https://www.etracker.com/docs/integration-setup/einstellungen-accounts/etracker-cookies/verwendete-cookies-zaehlung/

How long and where is the data stored?
The data is stored on servers located in Hamburg, and all system administration also takes place in Hamburg. Therefore, all data is stored exclusively on German servers. etracker stores the data until the contract with us as a customer expires. After a short period following the contract termination, all data is permanently deleted.

How can I delete my data or prevent data storage?
You have the right to request information, correction, deletion, or restriction of the processing of your personal data at any time. You can also revoke your consent to data processing at any time.

If you want to disable, delete, or manage cookies, you will find the relevant instructions for the most common browsers in the "Cookies" section.

Legal Basis
The use of etracker requires your consent, which we have obtained through our cookie popup. This consent, under Article 6(1)(a) GDPR (Consent), serves as the legal basis for processing personal data as may occur with web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors and improving our offerings technically and economically. Using etracker allows us to identify website errors, detect attacks, and improve profitability. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We only use etracker if you have given consent.

We hope this provides you with the key information about data processing with etracker. For more details on the tracking service, we recommend reading the privacy policy of the company at https://www.etracker.com/datenschutz/.

Data Processing Agreement (DPA) with etracker

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with etracker. You can read more about what a DPA is and what it must contain in our general section "Data Processing Agreement (DPA)."

This agreement is legally required because etracker processes personal data on our behalf. It clarifies that etracker may only process the data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://www.etracker.com/av-vertrag/.

 

Facebook Conversions API Privacy Policy

We use Facebook Conversions API on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For the European region, the company responsible is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook processes your data, including in the USA. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. For more information, visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Facebook uses so-called Standard Contractual Clauses (Art. 46, Sections 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards, even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Facebook Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

To learn more about the data processed through the use of Facebook Conversions API, visit the Privacy Policy at https://www.facebook.com/about/privacy.

 

Google analytics privacy policy

Google analytics privacy policy summary
πŸ‘₯ Affected individuals: Website visitors
🀝 Purpose: Analysis of visitor information to optimize the website's offerings.
πŸ““ Processed data: Access statistics, including data such as access locations, device data, duration and time of access, navigation behavior, and click behavior. More details are provided below in this privacy policy.
πŸ“… Retention period: Customizable; by default, Google Analytics 4 stores data for 14 months.
βš–οΈ Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests).

What is Google Analytics?

We use the analysis tracking tool Google Analytics, specifically the version Google Analytics 4 (GA4) from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies like cookies, device IDs, and login credentials, you can be identified across different devices. This allows your actions to be analyzed cross-platform.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your preferences. Below, we will go into more detail about the tracking tool and inform you about which data is processed and how you can prevent it.

Google Analytics is a tracking tool that serves to analyze the traffic on our website. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as name or address but is used to assign events to a device. GA4 uses an event-based model that records detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Additionally, GA4 includes various machine learning functions to better understand user behavior and trends. With GA4, machine learning-based models are used. This means that missing data can be estimated based on the collected data to optimize analysis and even provide forecasts.

For Google Analytics to function, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on the website. With GA4's event-based data model, we, as website operators, can define and track specific events to gain insights into user interactions. Thus, in addition to general information like clicks or page views, special events important to our business, such as submitting a contact form or purchasing a product, can also be tracked.

Once you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data, and we receive reports about your user behavior. These reports can include the following:

There is also the option that data will only be deleted if you do not visit our website within the period we have set. In this case, the retention period will be reset each time you visit our website within the specified timeframe.

Once the set period expires, the data will be deleted monthly. This retention period applies to your data linked with cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a consolidation of individual data into a larger entity.

How can I delete my data or prevent data storage?
According to the data protection laws of the European Union, you have the right to request information about your data, update it, delete it, or restrict its processing. By using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from processing your data. The browser add-on can be downloaded and installed at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables data collection by Google Analytics.

If you want to disable, delete, or manage cookies in general, you can find the relevant instructions for the most common browsers under the "Cookies" section.

Legal Basis
The use of Google Analytics requires your consent, which we have obtained through our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as may occur in web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks, and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will use Google Analytics only if you have given your consent.

Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards even if the data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Google Analytics Reports on Demographic Features and Interests
We have enabled the advertising reports features in Google Analytics. The demographic and interest reports contain information about age, gender, and interests. This allows us to better understand our users without being able to attribute this data to individual persons. Learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=en.

You can stop the use of activities and information from your Google account under the "Ad Settings" at https://adssettings.google.com/authenticated by checking the appropriate box.

Google Analytics in Consent Mode
Depending on your consent, personal data may be processed by Google Analytics in what is called "Consent Mode." You can choose whether to consent to Google Analytics cookies or not. By doing so, you also decide which data Google Analytics can process from you. The data collected is mainly used for measuring user behavior on the website, serving targeted advertising, and providing us with web analytics reports. Typically, you provide consent for data processing via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be attributed to individual users, and no user profile is created. You can also choose to consent only to statistical measurement. In this case, no personal data is processed and, therefore, not used for advertisements or advertising performance.

Google Analytics IP Anonymization
We have implemented IP address anonymization for Google Analytics on this website. This function was developed by Google to ensure compliance with applicable data protection regulations and recommendations from local data protection authorities when the storage of complete IP addresses is prohibited. The anonymization or masking of the IP address happens as soon as the IP addresses reach the Google Analytics data collection network and before any data storage or processing takes place.

For more information on IP anonymization, visit https://support.google.com/analytics/answer/2763052?hl=en.

Google Optimize Privacy Policy
We use Google Optimize, a website optimization tool, on our website. The service provider is the American company Google Inc. For the European region, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) for all Google services.

Google processes data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards even if the data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

Learn more about the data processed through the use of Google Optimize in the privacy policy at https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Optimize
In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Google. What exactly a DPA is and what must be included in a DPA can be found in our general section "Data Processing Agreement (DPA)."

This agreement is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Terms here: https://business.safety.google/intl/en/adsprocessorterms/.

 

Google site kit privacy policy

Google Site Kit privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Evaluation of visitor information to optimize the web offering.
πŸ““ Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below and in the privacy policy of Google Analytics.
πŸ“… Retention Period: Depending on the properties used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Google Site Kit?
We have integrated the Google Site Kit plugin from the American company Google Inc. into our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics from various Google products, such as Google Analytics, directly in our WordPress dashboard. The tool, as well as the tools integrated into Google Site Kit, also collect personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other privacy texts are relevant for you in this context.

Google Site Kit is a plugin for the content management system WordPress. With this plugin, we can view important statistics for website analysis directly in our dashboard. These statistics are collected by other Google products, primarily Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insight, Google AdSense, Google Optimize, and Google Tag Manager can also be linked with Google Site Kit.

Why do we use Google Site Kit on our website?
As a service provider, it is our task to offer you the best possible experience on our website. You should feel comfortable on our website and quickly and easily find exactly what you are looking for. Statistical evaluations help us better understand you and tailor our offering to your needs and interests. To carry out these evaluations, we use various Google tools. Site Kit greatly facilitates this process, as we can view and analyze the statistics of the Google products directly in the dashboard. We no longer need to log into each tool separately. Site Kit thus provides a good overview of the most important analysis data.

What data is stored by Google Site Kit?
If you have actively consented to the use of tracking tools in the cookie notice (also referred to as script or banner), cookies will be set by Google products like Google Analytics, and data about your user behavior will be sent to Google, stored, and processed. This includes personal data such as your IP address.

For more detailed information on the individual services, we have separate sections in this privacy policy. For example, take a look at our privacy policy for Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how to prevent data storage. We also have separate privacy policies for other Google services such as Google Tag Manager or Google AdSense, with comprehensive information.

Below, we show you some example Google Analytics cookies that may be set in your browser if you have consented to data processing by Google. Please note that these are only a selection of cookies:

Name: _ga
Value: 2.1326744211.152112706071-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.
Expiration: after 2 years

Name: _gid
Value: 2.1687193234.152112706071-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration: after 24 hours

Name: gat_gtag_UA<property-id>
Value: 1
Purpose: This cookie is used to reduce the request rate.
Expiration: after 1 minute

How long and where is the data stored?
Google stores collected data on its own Google servers, which are distributed worldwide. Most servers are located in the United States, so it is likely that your data may also be stored there. You can see exactly where the company provides servers at https://www.google.com/about/datacenters/locations/?hl=en.

Data collected by Google Analytics is typically stored for 26 months. After this period, your user data is deleted. The retention period applies to all data linked to cookies, user recognition, and advertising IDs.

How can I delete my data or prevent data storage?
You always have the right to request information about your data, delete it, correct it, or limit its processing. You can also deactivate, delete, or manage cookies in your browser at any time.

If you want to deactivate, delete, or manage cookies in general, you can find the relevant links to the instructions for the most popular browsers in the "Cookies" section.

Legal Basis
The use of Google Site Kit requires your consent, which we obtained through our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as may occur with the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of Google Site Kit, we identify errors on the website, detect attacks, and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will use Google Site Kit only if you have given consent.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission to ensure that your data complies with European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards even when data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

To learn more about data processing by Google, we recommend reading Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=en.

E-Mail-Marketing introduction

E-Mail-Marketing summary
πŸ‘₯ Affected Individuals: Newsletter subscribers
🀝 Purpose: Direct marketing via email, notification about system-relevant events
πŸ““ Processed Data: Data entered during registration, but at least the email address. More details can be found in the respective email marketing tool used.
πŸ“… Retention Period: Duration of the subscription
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is email marketing?
To keep you updated, we also use email marketing. If you have consented to receive our emails or newsletters, data from you will be processed and stored. Email marketing is a subfield of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested.

If you want to participate in our email marketing (usually via newsletter), you typically only need to register with your email address. You fill out an online form and submit it. However, we may also ask for your salutation and name so that we can address you personally.

Generally, newsletter registration works using the "double opt-in" process. After registering for our newsletter on our website, you will receive an email asking you to confirm your newsletter subscription. This ensures that the email address belongs to you and that no one has subscribed using someone else's email address. We or a notification tool we use will log each individual registration. This is necessary to prove that the registration process complies with legal requirements. The registration time, confirmation time, and your IP address are usually recorded. Additionally, any changes to your stored data are also logged.

Why do we use email marketing?
We naturally want to stay in contact with you and keep you informed about the most important news regarding our company. To do so, we use email marketing – often referred to as a "newsletter" – as an essential part of our online marketing. If you consent or it is legally permissible, we send you newsletters, system emails, or other notifications via email. When we refer to "newsletter" in the following text, we mainly mean regularly sent emails. Of course, we do not want to annoy you with our newsletters. Therefore, we make every effort to provide only relevant and interesting content. For example, you will learn more about our company, services, or products. Since we always improve our offers, you will also be informed about news or special lucrative promotions through our newsletter. If we hire a service provider offering a professional mailing tool for our email marketing, we do so to provide you with fast and secure newsletters. The main purpose of our email marketing is to inform you about new offers and to bring us closer to our business goals.

Which data is processed?
If you become a subscriber to our newsletter via our website, you confirm your membership in an email list via email. In addition to the IP address and email address, your salutation, name, address, and phone number may also be stored. However, this will only happen if you consent to this data storage. The data marked as necessary is required for you to participate in the offered service. The provision is voluntary, but failure to provide this information will prevent you from using the service. Additionally, information about your device or your preferred content on our website may also be stored. More information on data storage when visiting a website can be found in the "Automatic Data Storage" section. We record your consent to ensure that we can always prove compliance with our laws.

Duration of data processing
If you unsubscribe from our email/newsletter distribution list, we may store your email address for up to three years based on our legitimate interests, so we can prove your previous consent. We may only process this data if we need to defend against possible claims.

However, if you confirm that you have given consent to the newsletter subscription, you can request deletion of your data at any time. If you permanently object to the consent, we reserve the right to store your email address in a blocklist. As long as you voluntarily subscribe to our newsletter, we will naturally retain your email address.

Right of objection
You can unsubscribe from our newsletter at any time. You only need to withdraw your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. You will usually find a link at the end of each email to unsubscribe from the newsletter. If the link is not available in the newsletter, please contact us by email, and we will promptly cancel your subscription.

Legal basis
The sending of our newsletter is based on your consent (Article 6 para. 1 lit. a GDPR). This means we can only send you a newsletter if you have actively registered for it. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information about specific email marketing services and how they process personal data can be found in the following sections, if applicable.

Push-Nachrichten introduction

Push-Nachrichten summary
πŸ‘₯ Affected Individuals: Push notification subscribers
🀝 Purpose: Notification about system-relevant and interesting events
πŸ““ Processed Data: Data entered during registration, often including location data. More details can be found in the respective push notification tool used.
πŸ“… Retention Period: Data is typically stored as long as necessary to provide the services.
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract)

What are push notifications?
We also use push notification services on our website to keep our users up to date. This means that if you have consented to the use of such push notifications, we can send you short news via a software tool. Push notifications are a form of text messages that appear directly on your smartphone or other devices such as tablets or PCs when you have signed up for them. You will receive these messages even when you are not on our website or actively using our services. Data about your location and usage behavior may also be collected and stored.

Why do we use push notifications?
On one hand, we use push notifications to ensure that we can fully provide the services we have contractually agreed upon with you. On the other hand, the notifications also serve our online marketing efforts. We can use these messages to present our services or products to you. Especially when there is news in our company, we can inform you immediately. We want to learn as much as possible about the preferences and habits of all our users to continually improve our offerings.

Which data is processed?
To receive push notifications, you must also confirm that you want to receive these messages. The data collected during the consent process will also be stored, managed, and processed. This is necessary to prove and verify that a user has agreed to receive push notifications. A so-called device token or push token is stored in your browser. Usually, location data or the location of your device is also stored.

To ensure that we always send interesting and important push notifications, the interaction with the messages is statistically evaluated. For example, we can see if and when you open the message. Using these insights, we can adjust our communication strategy to your preferences and interests. Although these stored data can be attributed to you, we do not aim to identify you as an individual. Instead, we are interested in the collected data from all our users to make improvements. You can find out exactly which data is stored in the privacy policies of the respective service providers.

Duration of data processing
How long the data is processed and stored primarily depends on the tool we use. Below, you will find more information about the data processing of the individual tools. The privacy policies of the providers usually specify how long data is stored and processed. In general, personal data is only processed as long as it is necessary to provide our services. When data is stored in cookies, the retention period can vary greatly. Data can be deleted immediately after leaving a website, but it can also be stored for several years. Therefore, you should check each individual cookie in detail if you want to know more about data storage. Usually, you can find informative details about individual cookies in the privacy policies of the respective providers.

Legal basis
It is also possible that push notifications are necessary to fulfill certain obligations stated in a contract. For example, to inform you of technical or organizational news. In this case, the legal basis is Art. 6 para. 1 lit. b GDPR.

If this is not the case, the push notifications are only sent based on your consent. Our push notifications may contain promotional content. The push notifications may also be sent based on your location, as indicated by your device. The aforementioned analytical evaluations are also based on your consent to receive such messages. The legal basis in this case is Art. 6 para. 1 lit. a GDPR. You can, of course, withdraw your consent or change various settings at any time in the settings.

Social Media introduction

Social Media privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Display and optimization of our service, contact with visitors, prospects, etc., advertising
πŸ““ Processed Data: Data such as phone numbers, email addresses, contact details, user behavior data, device information, and your IP address.
More details can be found in the respective social media tool used.
πŸ“… Retention Period: Depending on the social media platforms used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is social media?
In addition to our website, we are also active on various social media platforms. Data from users may be processed so that we can specifically target users who are interested in us via social networks. Additionally, elements of a social media platform may be directly embedded into our website. This is the case, for example, when you click on a so-called social button on our website and are redirected to our social media presence. Social media refers to websites and apps where registered members can produce content, exchange content openly or in specific groups, and connect with other members.

Why do we use social media?
For years, social media platforms have been the place where people communicate and connect online. Through our social media profiles, we can present our products and services to interested parties. The social media elements embedded on our website help you quickly and easily switch to our social media content.

The data stored and processed through your use of a social media channel primarily aims to conduct web analytics. The goal of these analyses is to develop more accurate and personalized marketing and advertising strategies. Based on your behavior on a social media platform, the analyzed data can help draw conclusions about your interests and create so-called user profiles. This allows platforms to present tailored advertisements to you. Usually, cookies are set in your browser to store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even when using services from a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us under Art. 26 GDPR. If this is the case, we will specifically point this out and work on the basis of a related agreement. The essentials of the agreement are outlined below with the respective platform.

Please note that when using social media platforms or our embedded elements, your data may be processed outside of the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, it may be more difficult for you to assert or enforce your rights regarding your personal data.

Which data is processed?
The data stored and processed depends on the provider of the social media platform. However, it typically includes data such as phone numbers, email addresses, data entered in a contact form, user data such as which buttons you click, who you like or follow, when you visit certain pages, information about your device, and your IP address. Most of this data is stored in cookies. Specifically, if you have a profile on the visited social media channel and are logged in, the data can be linked to your profile.

All data collected through a social media platform is also stored on the servers of the providers. Thus, only the providers have access to the data and can provide the relevant information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how to object to the data processing, you should carefully read the privacy policy of the respective company. If you have questions about data storage and processing or want to exercise your rights, we recommend contacting the provider directly.

Duration of data processing
We will inform you about the duration of data processing below if we have more information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is matched with user data is deleted within two days. In general, we process personal data only as long as necessary to provide our services and products. If it is legally required, such as in the case of accounting, the storage period may be extended.

Right of objection
You also have the right and opportunity to revoke your consent to the use of cookies or third-party providers like embedded social media elements at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy regarding cookies. To find out which data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis
If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. We will use the tools only to the extent you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

You can learn more about specific social media platforms in the following sections, if available.

AddThis privacy policy

AddThis privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Optimization of our service
πŸ““ Processed Data: Data such as user behavior data, device information, and your IP address.
More details can be found below in the privacy policy.
πŸ“… Retention Period: The collected data is stored for 13 months from the date of collection
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is AddThis?
We use AddThis plugins from Oracle America, Inc. (500 Oracle Parkway, Redwood Shores, CA 94065, USA) on our website. These plugins allow you to quickly and easily share content from our website with others. When you visit a webpage with an AddThis feature, data about you may be transmitted to, stored, and processed by the company AddThis. This privacy policy explains why we use AddThis, what data is processed, and how you can prevent this data transmission.

AddThis develops software tools, among others, that are embedded on websites to allow users to share content on various social media channels or via email. In addition, AddThis also provides features for website analytics. The collected data is also used to offer targeted advertising to internet users. The service is used by over 15 million website operators worldwide.

Why do we use AddThis on our website?
By using the AddThis buttons, you can share interesting content from our website on various social media channels such as Facebook, Twitter, Instagram, or Pinterest. If you like our content, we are of course happy if you share it with your social community. And the easiest way to do this is through the AddThis buttons.

Which data is stored by AddThis?
If you share content using AddThis and you are logged into the respective social media account, data such as your visit to our website and sharing of content may be associated with your user account on the respective social media channel. AddThis uses cookies, pixels, HTTP headers, and browser identifiers to collect data about your browsing behavior. Additionally, some of this data is shared with third parties after pseudonymization.
Here is an example list of possibly processed data:

AddThis uses cookies, which we list as examples below. More details about AddThis cookies can be found at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

Name: bt2
Value: 8961a7f179d87qq69V69112706071-3
Purpose: This cookie is used to track parts of the visited website to recommend other parts of the website.
Expiration: after 255 days

Name: bku
Value: ra/99nTmYN+fZWX7112706071-4
Purpose: This cookie records anonymized user data such as your IP address, geographical location, visited websites, and which ads you clicked on.
Expiration: after 179 days

Note: Please keep in mind that this is just a sample list, and we cannot guarantee its completeness.

AddThis also shares collected information with other companies. More details can be found at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html. AddThis uses the data to create audience and interest profiles and to offer users targeted advertising within the same advertising network.

How long and where is the data stored?
AddThis stores the collected data for 13 months from the date of collection. 1% of the data is kept as a "sample dataset" for a maximum of 24 months to maintain the business relationship. However, in this "sample dataset," direct and indirect identifiers (such as your IP address and cookie ID) are hashed. This means that personal data can no longer be associated with you without additional information. Since AddThis is based in the USA, the collected data is also stored on American servers.

How can I delete my data or prevent data storage?
You have the right to access your personal data and request its deletion. If you no longer want to see ads based on data collected by AddThis, you can use the opt-out button at https://datacloudoptout.oracle.com/?tid=112706071. This sets an opt-out cookie, which you must not delete in order to retain this setting.

You can also set your preferences for usage-based online advertising via https://www.youronlinechoices.com/at/ in the preference management.

Another way to control or stop the data processing according to your preferences is through your browser. Depending on the browser, data processing may vary. You can find the relevant links to instructions for the most popular browsers under the "Cookies" section.

Legal basis
If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. We will use the embedded social media elements only to the extent that you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy about cookies and review the privacy policy or cookie guidelines of the respective service provider.

AddThis processes data, including in the USA. We point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may carry various risks for the lawfulness and security of the data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or data transfer to those countries, AddThis uses Standard Contractual Clauses approved by the EU Commission (= Art. 46 para. 2 and 3 GDPR). These clauses oblige AddThis to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

If you want to learn more about the processing of your data by AddThis, you can find further information at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

Blogs und publication media introduction

Blogs und publication media privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Display and optimization of our service, communication between website visitors, security measures, and administration
πŸ““ Processed Data: Data such as contact details, IP address, and published content.
More details can be found in the tools used.
πŸ“… Retention Period: Dependent on the tools used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 S. 1 lit. b GDPR (Contract)

What are blogs and publication media?
We use blogs or other communication tools on our website that allow us to communicate with you and vice versa. In doing so, your data may be stored and processed by us. This may be necessary to display content correctly, ensure communication works, and enhance security. In this privacy policy, we generally explain which data may be processed from you. Exact details on data processing always depend on the tools and features used. You can find specific information about data processing in the privacy policies of the individual providers.

Why do we use blogs and publication media?
Our main goal with our website is to provide you with interesting and engaging content, and your opinions and contributions are also important to us. Therefore, we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. For example, you can leave comments on our content, reply to other comments, or, in some cases, write your own posts.

Which data is processed?
The exact data processed depends on the communication features we use. Often, data such as IP addresses, usernames, and published content are stored. This is primarily done to ensure security, prevent spam, and take action against illegal content. Cookies may also be used for data storage. These are small text files stored in your browser with information. More details on the collected and stored data can be found in our individual sections and in the privacy policy of the respective provider.

Duration of data processing
We will inform you about the duration of data processing below if we have more information. For example, data from comment and post functions is stored until you revoke the data storage. In general, personal data is only stored as long as necessary to provide our services.

Right to object
You also have the right and opportunity to withdraw your consent to the use of cookies or third-party communication tools at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used in publication media, we also recommend reading our general privacy policy on cookies. To learn more about which data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis
We primarily use communication tools based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers, business partners, and visitors. If the tools are used to fulfill contractual obligations or initiate them, the legal basis is also Art. 6 para. 1 S. 1 lit. b GDPR.

Certain processing, particularly the use of cookies and the use of comment or message functions, requires your consent. If you have consented to the processing and storage of your data through embedded publication media, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication tools we use set cookies in your browser to store data. Therefore, we recommend carefully reading our privacy policy on cookies and reviewing the privacy policy or cookie guidelines of the respective service provider.

Online-Marketing introduction

Online-Marketing privacy policy introduction
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Evaluation of visitor information to optimize the web offering.
πŸ““ Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found in the respective online marketing tool used.
πŸ“… Retention Period: Dependent on the online marketing tools used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is online marketing?
Online marketing refers to all measures carried out online to achieve marketing goals, such as increasing brand awareness or making a business deal. Furthermore, our online marketing measures aim to make people aware of our website. To show our offering to many interested people, we engage in online marketing. This usually includes online advertising, content marketing, or search engine optimization. To use online marketing efficiently and effectively, personal data is also stored and processed. The data helps us, on one hand, to show our content only to those who are truly interested and, on the other hand, to measure the success of our online marketing efforts.

Why do we use online marketing tools?
We want to show our website to everyone interested in our offering. We are aware that this is not possible without targeted measures. Therefore, we engage in online marketing. There are various tools that help us with our online marketing efforts and also provide data-driven suggestions for improvement. This allows us to better target our campaigns at our audience. The ultimate purpose of the online marketing tools we use is to optimize our offering.

Which data is processed?
To make our online marketing work and measure the success of the measures, user profiles are created, and data is stored in cookies (small text files). With this data, we can not only run traditional ads but also display our content on our website in the way that suits you best. Various third-party tools provide these features and also collect and store data about you. The cookies store information such as which pages you visited on our website, how long you viewed them, which links or buttons you clicked, or from which website you came to ours. Additionally, technical information such as your IP address, browser, device, time of visit, and time of departure may also be stored. If you have consented to us determining your location, we may also store and process that data.

Your IP address is stored in a pseudonymized form (i.e., shortened). Unique data that directly identifies you, such as name, address, or email address, is also only stored in pseudonymized form within the advertising and online marketing processes. Therefore, we cannot identify you as an individual, and we only store the pseudonymized data in the user profiles.

Cookies may also be used on other websites that use the same advertising tools, analyzed, and used for advertising purposes. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (name, email address, etc.) may be stored in the user profiles. This happens when you are a member of a social media channel that we use for our online marketing efforts, and the network connects previously obtained data with the user profile.

With all the advertising tools we use, which store data on their servers, we only receive aggregated information and never data that identifies you as an individual. The data shows how well the advertising measures worked. For example, we can see which measures encouraged you or others to visit our website and purchase a service or product. Based on the analyses, we can improve our advertising offerings and adapt them more precisely to the needs and desires of interested people.

Duration of data processing
We will inform you about the duration of data processing below if we have more information. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for varying periods. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. In the privacy policies of the individual providers, you will generally find detailed information about the specific cookies used.

Right to object
You also have the right and the opportunity to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The legality of processing until the revocation remains unaffected.

Since online marketing tools typically use cookies, we also recommend reading our general privacy policy on cookies. To find out which data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis
If you have consented to third-party providers being used, the legal basis for the respective data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent is the legal basis for processing personal data as it relates to online marketing tools.

We also have a legitimate interest in measuring online marketing efforts in an anonymized form to optimize our offerings and measures with the data obtained. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will use the tools only to the extent that you have given consent.

Information about specific online marketing tools will be provided in the following sections, if available.

Survey and questioning systems introduction

Survey and questioning systems privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Evaluation of surveys on the website
πŸ““ Processed Data: Contact details, device data, access duration and time, IP addresses. More details can be found in the respective survey and questioning system used.
πŸ“… Retention Period: Dependent on the tool used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are survey and questioning systems?
We conduct various surveys and questionnaires on our website. These are always evaluated anonymously. A survey or questioning system is a tool embedded in our website that asks you questions (e.g., about our products or services) that you can answer if you choose to participate. Your responses are always evaluated anonymously. However, with your consent to data processing, personal data may also be stored and processed.

Why do we use survey and questioning systems?
We want to offer you the best products and services in our industry. With surveys, we get perfect feedback from you and learn what you expect from us or our services. Based on these anonymous evaluations, we can adjust our products or services to better match your needs and expectations. The information also helps us target our advertising and marketing efforts more precisely at people who are genuinely interested in our offering.

Which data is processed?
Personal data is only processed if necessary for the technical implementation or if you have consented to the processing of personal data. For example, your IP address may be stored to display the survey in your browser. Cookies may also be used so that you can easily continue the survey later.

If you have consented to data processing, in addition to your IP address, contact details such as your email address or phone number may be processed. Data you enter in an online form may also be stored and processed. Some providers also store information about your visited websites (on our site), when you started and completed the survey, and various technical details about your computer.

How long is data stored?
How long data is processed and stored depends primarily on the tools we use. Further details on data processing of the respective tools will be provided below. In the privacy policies of the providers, you will typically find specific information on how long data is stored and processed. In general, personal data is only processed as long as necessary to provide our services. Data stored in cookies is retained for varying durations. Some cookies may be deleted as soon as you leave a website, while others may remain in your browser for several years. Therefore, you should review each cookie in detail to understand the data storage duration. Typically, you will find insightful information on the cookies used in the privacy policies of the respective providers.

Right to object
You also have the right to withdraw your consent to the use of cookies or embedded survey systems at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used in survey systems, we also recommend reading our general privacy policy on cookies. To learn more about which data is stored and processed, you should review the privacy policies of the respective tools.

Legal basis
The use of survey systems requires your consent, which we obtain through our cookie popup. This consent serves as the legal basis for the processing of personal data, as it applies to surveys and questioning systems (Art. 6 para. 1 lit. a GDPR).

In addition to consent, we have a legitimate interest in conducting surveys related to our topic. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We use the tools only to the extent that you have granted consent.

Since cookies may be used in survey systems, we also recommend reading our general privacy policy on cookies. To understand which data is stored and processed, you should review the privacy policies of the respective tools.

Google Forms Privacy Policy
We use Google Forms for our website, a service for Google Cloud forms. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data continues to meet European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European data protection level when processing your relevant data, even when stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Google Ads Data Processing Terms, which correspond to the Standard Contractual Clauses and also apply to Google Forms, can be found at https://business.safety.google/adsprocessorterms/.

More about the data processed by Google can be found in the privacy policy at https://policies.google.com/privacy.

Data Processing Agreement (DPA) Google Forms
We have concluded a Data Processing Agreement (DPA) with Google in accordance with Article 28 of the GDPR. What a DPA exactly is and what must be included in a DPA can be found in our general section "Data Processing Agreement (DPA)."

This agreement is legally required because Google processes personal data on our behalf. It specifies that Google may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the Data Processing Agreement (DPA) can be found at https://workspace.google.com/terms/dpa_terms.html.

Review platforms introduction

Review platforms summary
πŸ‘₯ Affected Individuals: Website visitors or review platform users
🀝 Purpose: Feedback on our products and/or services
πŸ““ Processed Data: Including IP address, email address, name. More details can be found below or in the respective review platforms used.
πŸ“… Retention Period: Dependent on the respective platform
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are review platforms?
On various review platforms, you can review our products or services. We participate in some of these platforms to gather feedback from you and improve our offerings. When you rate us on a review platform, the privacy policy and the terms of service of the respective review service apply. You often need to register to submit a review. Review technologies (widgets) can also be embedded on our website. By using such an embedded tool, data is also transmitted, processed, and stored by the respective provider.

Many of these embedded programs work on a similar principle. After you order a product or use a service from us, you will be asked to submit a review via email or on the website. You are usually redirected via a link to a review page where you can quickly and easily leave a review. Some review systems also offer an interface to various social media channels to make the feedback accessible to more people.

Why do we use review platforms?
Review platforms collect feedback and reviews about our offerings. Through your reviews, we quickly receive relevant feedback, which helps us improve our products and/or services more efficiently. Reviews thus serve both to optimize our offerings and to provide future customers with an overview of the quality of our products and services.

Which data is processed?
With your consent, we transmit information about you and the services you have used to the respective review platform. We do this to ensure that you have actually used one of our services, as only then can you give valid feedback. The transmitted data is solely for user identification. The exact data stored and processed depends on the providers used. Typically, review platforms are provided with personal data such as IP address, email address, or your name. After submitting your review, order details such as the order number of a purchased item are also forwarded to the respective platform. If your email address is transmitted, it is done so that the review platform can send you an email after purchasing a product. To embed your review on our website, we also provide the provider with the information that you visited our page. The review platform is responsible for the collected personal data.

How long and where is the data stored?
Exact information on the duration of data processing will be provided below in the respective privacy policy of the provider, if we have more information. In general, we process personal data only as long as necessary to provide our services and products. Personal data mentioned in a review is usually anonymized by the platform’s staff and is only visible to administrators of the company. The collected data is stored on the provider’s servers and is deleted by most providers after the contract ends.

Right to object
You also have the right and opportunity to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal basis
If you have consented to the use of a review platform, the legal basis for the respective data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for the processing of personal data, as it applies to a review platform.

We also have a legitimate interest in using a review platform to optimize our online service. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We will only use a review platform to the extent that you have granted consent.

We hope we have provided you with the most important general information about data processing on review platforms. You can find more detailed information in the following sections or in the linked privacy policies of the company.

Content search providers introduction

Content search providers privacy policy summary
πŸ‘₯ Affected Individuals: Website visitors
🀝 Purpose: Improvement of user experience
πŸ““ Processed Data: The data processed depends heavily on the services used. Typically, it includes IP address, search interests, and/or technical data. More details can be found in the respective tools used.
πŸ“… Retention Period: Dependent on the tools used
βš–οΈ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is a content search provider?
We have published a lot of content on our website, and of course, we don’t want it to be forgotten just because it can’t be found. That’s why we use a content search provider on our website. You’re probably familiar with big search engines like Google. A content search provider is essentially a search engine, but unlike Google, it doesn’t search the entire web for content—it only searches the website you’re on. Through a text box, you can enter terms related to the content you’re looking for, and the search tool will find the posts you need. When you use the embedded search function, personal data may also be processed.

Why do we use a content search provider?
As you explore our website, you’ll quickly notice how much useful content we’ve published over the years. There are real treasures, and we want you to find them quickly without having to click around too much. With a content search function directly on our website, you can quickly and easily find the content you’re looking for using keywords that match the topic. This feature is really useful, and we also see it as our task to make your experience on our website as pleasant and helpful as possible. That’s why we’ve decided to integrate a content search tool on our website.

Which data is processed?
When you use the search function on our website, the embedded content search provider (e.g., Algolia Places or Giphy) may automatically collect and store data from you. This includes technical data about your browser as well as data such as your IP address, device ID, and the search terms you enter. Please note that IP addresses are considered personal data. According to the privacy policies of the providers, these details are collected and stored to improve security and enhance their services. The automatically collected usage data, which doesn’t include personal data and is processed in an anonymized form, may also be used for analysis purposes. Some providers may share this anonymized data with third parties. For more detailed information, we recommend reading the specific privacy policies of the individual providers. To ensure the proper functionality of the services, cookies are typically set in your browser. More information about cookies can be found in our general section "Cookies". Whether and which cookies are used by the individual search tools is usually available in the respective privacy policies of the embedded tools.

How long and where is the data stored?
In general, each content search provider processes different data. Therefore, this section cannot go into specifics about the data processing of each tool. However, typically, services store personal data only as long as necessary for the smooth functioning of the tools. Some services (e.g., Giphy) may retain personal data for longer if legally required. Data in depersonalized form is also retained longer by most providers. Content search providers may use cookies to store various data. You can learn more about this in our general section on cookies. If you want to know about the specific cookies used by a search provider, we recommend reviewing the privacy policy of the provider we use. There, you will typically find a sample list of the cookies used.

Right to object
Please be aware that you have the right to prevent the processing of your personal data. You always have the right to access your personal data and object to its use. You can also withdraw your consent at any time through the cookie consent tool or other opt-out options. Cookies used can be managed, deleted, or disabled via your browser. If you delete cookies, some functions of the tool might not work properly. Please note that how you manage cookies in your browser depends on the browser you use. Links to the guides for major browsers are available in the "Cookies" section.

Legal basis
If you have consented to the use of a content search provider, the legal basis for the respective data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent serves as the legal basis for processing personal data as part of the data collection by a content search provider.

We also have a legitimate interest in using a content search provider to optimize our service on our website. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We use a content search provider only if you have given consent. We want to emphasize this point once again.

Information about specific content search providers will be provided – if available – in the following sections.

Explanation of Terms Used
We always strive to make our privacy policy as clear and understandable as possible. However, especially when it comes to technical and legal topics, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or specific technical expressions (e.g., cookies, IP address). We do not want to use these terms without explanation. Below, you will find an alphabetical list of important terms we have used in our privacy policy that we may not have sufficiently explained yet. If these terms are derived from the GDPR and are definitions, we will include the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Processor” means a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controller, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors can therefore include, in addition to service providers like tax consultants, hosting or cloud providers, payment or newsletter providers, as well as large companies like Google or Microsoft.

Consent

Begriffsbestimmung nach Artikel 4 der DSGVO

For the purposes of this Regulation, the term:

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by a statement or by a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them;

Explanation: Typically, on websites, such consent is given through a cookie consent tool. You are probably familiar with this. When you first visit a website, you are usually asked via a banner whether you consent to data processing. You are often also able to make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data can be processed. Consent can also be given in writing, not just via a tool.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Personal data” means any information relating to an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data refers to any data that can identify you as a person. This typically includes data such as:

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, in turn, you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also “special categories” of personal data that are particularly sensitive and require more protection. These include:

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

„Profiling“ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves compiling various pieces of information about a person to learn more about them. In the web space, profiling is often used for advertising purposes or creditworthiness checks. Web or advertising analysis programs, for example, collect data on your behavior and interests on a website. This results in a specific user profile, which is used to display targeted ads to a particular audience.

 

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Controller” means the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of Member States, the controller or the specific criteria for its nomination may be designated by Union law or the law of Member States;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller.” If we pass on collected data to other service providers for processing, these are “processors.” An “Data Processing Agreement (DPA)” must be signed for this purpose.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Processing” means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As stated in the original GDPR explanation, this includes not only collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Created with the Data protection generator by AdSimple

 Home | ProReparatur.com