Shop

Privacy Policy for PrintableArtForge

Privacy Policy

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for which purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).
The terms used are not gender-specific.

Status: September 7, 2025

Table of Contents

  • Controller
  • Overview of Processing Activities
  • Relevant Legal Bases
  • Security Measures
  • Transmission of Personal Data
  • International Data Transfers
  • General Information on Data Storage and Deletion
  • Rights of Data Subjects
  • Business Services
  • Payment Procedures
  • Provision of the Online Offering and Web Hosting
  • Use of Cookies
  • Registration, Login, and User Account
  • Contact and Inquiry Management
  • Communication via Messenger
  • Newsletter and Electronic Notifications
  • Marketing Communication via Email, Mail, Fax, or Telephone
  • Sweepstakes and Competitions
  • Web Analysis, Monitoring, and Optimization
  • Online Marketing
  • Affiliate Programs and Affiliate Links
  • Presence on Social Networks (Social Media)
  • Plug-ins and Embedded Functions as well as Content

Controller
PrintableArtForge
Joel Kilb
MecklenburgerstraรŸe 4
64297, Darmstadt, Germany
Email address: joel@printableartforge.com

Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the categories of data subjects.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Sweepstakes and competition participants.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Audience building.
  • Affiliate tracking.
  • Organizational and administrative procedures.
  • Conducting sweepstakes and competitions.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and business management procedures.

Relevant Legal Bases
Relevant legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of them in this privacy policy.

  • Consent (Art. 6 (1) sentence 1 lit. a) GDPR) โ€“ The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR) โ€“ Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) sentence 1 lit. c) GDPR) โ€“ Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR) โ€“ Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany: In addition to the GDPR, national data protection provisions apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz โ€“ BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission as well as automated individual decision-making, including profiling. Furthermore, the data protection laws of the individual federal states may also apply.

Note on the applicability of the GDPR and the Swiss Data Protection Act (DSG): These data protection notices serve both to provide information under the Swiss DSG and under the General Data Protection Regulation (GDPR). For this reason, please note that, due to broader territorial applicability and clarity, the terminology of the GDPR is used. In particular, instead of the terms used in the Swiss DSG such as โ€œprocessingโ€ of โ€œpersonal data,โ€ โ€œoverriding interest,โ€ and โ€œparticularly sensitive personal data,โ€ the terms used in the GDPR โ€“ โ€œprocessingโ€ of โ€œpersonal data,โ€ โ€œlegitimate interest,โ€ and โ€œspecial categories of dataโ€ โ€“ are applied. However, the legal meaning of the terms remains determined under the Swiss DSG where it applies.

Security Measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures particularly include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input, transfer, availability assurance, and separation of such data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and responses to data threats. In addition, we take data protection into account in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and by means of data protection-friendly default settings.

Transmission of Personal Data
In the course of processing personal data, it may occur that such data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers tasked with IT duties or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

International Data Transfers
Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transmitting data to other persons, entities, or companies (which can be identified by the postal address of the respective provider or when this privacy policy expressly indicates a transfer to third countries), this is always carried out in compliance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded Standard Contractual Clauses (SCCs) with the respective providers, which comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the SCCs serve as an additional safeguard. Should changes arise within the framework of the DPF, the SCCs function as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we will inform you whether they are certified under the DPF and whether SCCs are in place. Further information on the DPF and a list of certified companies can be found on the U.S. Department of Commerce website: https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found on the EU Commissionโ€™s website: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion
We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is withdrawn or there are no other legal grounds for processing. This applies in cases where the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

In cases where multiple retention periods or deletion deadlines apply to a given dataset, the longest period shall always prevail. Data that is no longer required for its original purpose but must be retained due to legal obligations or other reasons will only be processed for the purposes that justify its retention.

Retention and Deletion of Data:
The following general retention and archiving periods apply under German law:

  • 10 years โ€“ Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the work instructions and other organizational documents required for their understanding (ยง 147 (1) no. 1 in conjunction with (3) AO, ยง 14b (1) UStG, ยง 257 (1) no. 1 in conjunction with (4) HGB).
  • 8 years โ€“ Accounting records, such as invoices and expense receipts (ยง 147 (1) nos. 4 and 4a in conjunction with (3) sentence 1 AO, and ยง 257 (1) no. 4 in conjunction with (4) HGB).
  • 6 years โ€“ Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation, e.g., timesheets, cost accounting sheets, calculation documents, price markings, but also payroll documents insofar as they are not already accounting records, and cash register receipts (ยง 147 (1) nos. 2, 3, 5 in conjunction with (3) AO, ยง 257 (1) nos. 2 and 3 in conjunction with (4) HGB).
  • 3 years โ€“ Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, based on past business experience and common industry practices, are stored for the duration of the regular statutory limitation period of three years (ยงยง 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly those set out in Articles 15 to 21 GDPR:

  • Right to object: You have the right, at any time and for reasons relating to your particular situation, to object to the processing of your personal data which is based on Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent you have given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the data and further information as well as a copy of the data, in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request the immediate erasure of data concerning you, or, alternatively, to request restriction of processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services
We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as โ€œcontractual partnersโ€), within the framework of contractual and comparable legal relationships as well as related measures, and in the context of communication with the contractual partners (including pre-contractual communication), for example, in order to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any duties to update, and remedies in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purpose of administrative tasks related to these obligations as well as corporate organization. Furthermore, we process the data on the basis of our legitimate interests in both proper and efficient business management, as well as in implementing security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., by involving telecommunications, transport, and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities).

Within the framework of applicable law, we only disclose contractual partnersโ€™ data to third parties insofar as this is necessary for the purposes mentioned above or for the fulfillment of legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within this privacy policy.

Which data is required for the purposes mentioned is communicated to the contractual partners before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account (e.g., as long as it must be retained for statutory archiving purposes, usually ten years for tax purposes). Data disclosed to us by the contractual partner as part of an order will be deleted in accordance with the specifications and, in principle, after the end of the order.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses, telephone numbers); contract data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Service recipients and clients; prospects; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and business management procedures.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legal obligation (Art. 6 (1) sentence 1 lit. c) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Online shop, order forms, e-commerce, and service provision: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and provision, delivery, or execution. Where necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to deliver or execute the order on behalf of our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such during the ordering or comparable acquisition process and includes the details necessary for delivery, provision, and invoicing, as well as contact information to allow for any queries; legal basis: performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

Payment Procedures
Within the framework of contractual and other legal relationships, due to legal obligations, or on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and, in addition to banks and credit institutions, we also use other service providers (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes inventory data, such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-, transaction-, and recipient-related information. These details are necessary in order to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information confirming or declining the payment. In some cases, payment service providers may transmit data to credit agencies. This transmission serves the purpose of identity and credit checks. For this, we refer you to the general terms and conditions and the privacy policies of the respective payment service providers.

For payment transactions, the terms and conditions and privacy notices of the respective payment service providers apply, which are available within the respective websites or transaction applications. We also refer you to these for further information and the assertion of withdrawal, access, and other data subject rights.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of the contract, duration, customer category); usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); contact data (e.g., postal and email addresses, telephone numbers).
  • Data subjects: Service recipients and clients; business and contractual partners; prospects.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; business processes and business management procedures.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

Provision of the Online Offering and Web Hosting
We process usersโ€™ data in order to provide them with our online services. For this purpose, we process the userโ€™s IP address, which is necessary to transmit the content and functions of our online services to the userโ€™s browser or device.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); log data (e.g., logfiles relating to logins, retrieval of data, or access times); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation timestamp).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); security measures; provision of contractual services and fulfillment of contractual obligations.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Provision of the online offering on own/dedicated server hardware: For the provision of our online offering, we use server hardware operated by us as well as the associated storage space, computing capacity, and software; legal basis: legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).
  • Collection of access data and logfiles: Access to our online offering is logged in the form of so-called โ€œserver logfiles.โ€ Server logfiles may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the userโ€™s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server logfiles may be used for security purposes, e.g., to avoid server overloads (particularly in the event of abusive attacks such as DDoS attacks), and also to ensure server utilization and stability; legal basis: legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR). Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
  • Email transmission and hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of the recipients and senders, as well as other information relating to email transmission (e.g., the providers involved) and the content of the respective emails, are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted during transport, but (unless so-called end-to-end encryption is used) not on the servers from which they are sent and received. We can therefore not take responsibility for the transmission path of emails between the sender and our server; legal basis: legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).
  • 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; legal basis: legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); website: https://www.ionos.de; privacy policy: https://www.ionos.de/terms-gtc/terms-privacy; data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen/.
  • WordPress.com: Hosting and software for creating, providing, and operating websites, blogs, and other online offerings; service provider: Aut Oโ€™Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; legal basis: legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); website: https://wordpress.com; privacy policy: https://automattic.com/de/privacy/; data processing agreement: https://wordpress.com/support/data-processing-agreements/; basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (provided by the service provider).

Use of Cookies
The term โ€œcookiesโ€ refers to functions that store and read information on usersโ€™ devices. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as generating analyses of visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain usersโ€™ prior consent. Where consent is not required, we rely on our legitimate interests. This applies if the storage and reading of information is essential to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be withdrawn at any time. We provide clear information about the scope of use and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on the presence of consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of the respective services and procedures.

Storage duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, login status can be saved, and preferred content displayed directly when the user revisits a website. Likewise, user data collected via cookies may be used for reach measurement. Unless we provide users with explicit details on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and may be stored for up to two years.

General information on withdrawal and objection (opt-out): Users may withdraw consent they have given at any time and may also object to processing in accordance with legal requirements, including via their browserโ€™s privacy settings.

  • Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); consent (Art. 6 (1) sentence 1 lit. a) GDPR).

Further notes on processing activities, procedures, and services:

  • Processing of cookie data based on consent: We use a consent management solution to obtain usersโ€™ consent for the use of cookies or for the procedures and providers listed within the consent management solution. This procedure serves to obtain, record, manage, and withdraw consents, particularly with regard to the use of cookies and similar technologies used to store, read, and process information on usersโ€™ devices. As part of this procedure, usersโ€™ consent for the use of cookies and related processing of information (including specific processing activities and providers listed in the consent management process) is obtained. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated requests and to demonstrate consent in accordance with legal requirements. Storage is carried out server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies, in order to be able to assign consent to a specific user or their device. Unless specific details about consent management service providers are provided, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, details of the scope of consent (e.g., categories of cookies and/or service providers concerned), as well as information about the browser, system, and device used; legal basis: consent (Art. 6 (1) sentence 1 lit. a) GDPR).
  • Complianz: Consent management: procedure for obtaining, recording, managing, and withdrawing consents, in particular for the use of cookies and similar technologies for storing, reading, and processing information on usersโ€™ devices, as well as their processing; service provider: operated on servers and/or computers under its own data protection responsibility; website: https://complianz.io/; privacy policy: https://complianz.io/legal/. Further information: An individual user ID, language, types of consent, and the time of consent are stored server-side and in the cookie on the usersโ€™ device.

Registration, Login, and User Account
Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account based on contractual obligations. The processed data particularly includes login information (username, password, and an email address).

When using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of the users, in order to protect against misuse and other unauthorized use. These data are generally not passed on to third parties unless required for the pursuit of our claims or if there is a legal obligation to do so.

Users may be informed by email about operations relevant to their user account, such as technical changes.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); log data (e.g., logfiles regarding logins, retrieval of data, or access times).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; organizational and administrative procedures; provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€ Deletion upon termination.
  • Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Registration with real names: Due to the nature of our community, we ask users to use our service only with their real names. This means the use of pseudonyms is not permitted; legal basis: performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).
  • User profiles are not public: User profiles are not publicly visible or accessible.

Contact and Inquiry Management
When contacting us (e.g., by post, contact form, email, telephone, or via social media) and within existing user and business relationships, we process the details of the inquiring persons to the extent necessary to respond to the contact inquiries and any requested actions.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR); performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR).

Further notes on processing activities, procedures, and services:

  • Contact form: When contacting us via our contact form, email, or other communication methods, we process the personal data provided to us to respond to and handle the respective inquiry. This typically includes details such as name, contact information, and, where necessary, further information provided to us that is required for proper handling. We use this data exclusively for the stated purpose of contact and communication; legal bases: performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Communication via Messenger
We use messenger services for communication purposes and therefore ask you to observe the following notes regarding the functionality of messengers, encryption, the use of communication metadata, and your options to object.

You may also contact us by alternative means, e.g., telephone or email. Please use the contact options provided to you or those indicated within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use the latest version of the messengers with encryption enabled to ensure the encryption of message content.

However, we additionally inform our communication partners that while the providers of the messengers cannot view the content, they may be able to learn that and when communication partners communicate with us, as well as technical information about the communication partnersโ€™ devices and, depending on their device settings, also location information (so-called metadata).

Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and they, for example, contact us on their own initiative, we use messengers in relation to our contractual partners and within the framework of contract initiation as a contractual measure, and in the case of other prospects and communication partners on the basis of our legitimate interests in fast and efficient communication and to meet the communication needs of our partners via messenger. Furthermore, we inform you that we do not transmit contact details provided to us to the messengers for the first time without your consent.

Withdrawal, Objection, and Deletion:
You may withdraw consent you have given at any time. Furthermore, you may object at any time to the processing of your personal data in accordance with the legal requirements. Upon withdrawal or objection, the data concerned will no longer be processed, unless further processing is legally permitted or required. Deletion of the data takes place in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€

  • Types of data processed: Contact data (e.g., postal and email addresses); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Newsletter and Electronic Notifications
We send newsletters, emails, and other electronic notifications (hereinafter โ€œnewsletterโ€) only with the consent of the recipients or on the basis of a legal permission. Where the contents of the newsletter are specifically described during registration, they are decisive for the userโ€™s consent. For subscribing to our newsletter, providing your email address is normally sufficient. However, to be able to offer you a personalized service, we may also ask for your name for personal addressing in the newsletter, or for further information if necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may retain unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove a previously given consent. The processing of this data is restricted to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In cases where permanent compliance with objections is required, we reserve the right to store the email address solely for this purpose in a blocklist (so-called โ€œblocklistโ€).

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. Where we commission a service provider with the dispatch of emails, this is done on the basis of our legitimate interests in an efficient and secure delivery system.

Contents: Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses, telephone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); usage data (e.g., page views and dwell time, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or post).
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).
  • Right to object (Opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe from the newsletter is provided at the end of each newsletter, or you may use one of the contact options provided above, preferably email.

Further notes on processing activities, procedures, and services:

  • Measurement of open and click rates: The newsletters contain a so-called โ€œweb beacon,โ€ i.e., a pixel-sized file that is retrieved from our or the service providerโ€™s server (if used) when the newsletter is opened. As part of this retrieval, technical information such as browser details, your system, your IP address, and the time of retrieval are initially collected. This information is used for the technical improvement of our newsletter based on technical data, or the target groups and their reading behavior determined by their access locations (which can be determined using the IP address) or access times.

This analysis also includes determining whether and when newsletters are opened and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users as well as the storage of measurement results in user profiles; legal basis: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).

Promotional Communication via Email, Post, Fax, or Telephone
We process personal data for the purposes of promotional communication, which may be carried out through various channels, such as email, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to withdraw consent given at any time or to object to promotional communication at any time.

After withdrawal or objection, we store the data required to prove the prior authorization for contacting or sending communications for up to three years after the end of the year of withdrawal or objection, based on our legitimate interests. The processing of these data is limited to the purpose of a possible defense against claims. Based on the legitimate interest of permanently observing the withdrawal or objection of users, we also store the data necessary to prevent renewed contact (e.g., depending on the communication channel, the email address, telephone number, or name).

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or post); marketing; sales promotion.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Sweepstakes and Competitions
We process personal data of participants in sweepstakes and competitions only in compliance with the relevant data protection regulations, insofar as processing is necessary for the provision, execution, and handling of the sweepstakes contractually, the participants have given their consent, or the processing serves our legitimate interests (e.g., in ensuring the security of the sweepstakes or protecting our interests against misuse, such as possible collection of IP addresses when submitting sweepstakes entries).

If participantsโ€™ contributions are published as part of the sweepstakes (e.g., within the framework of a vote, presentation of sweepstakes entries or winners, or reporting on the sweepstakes), we point out that the participantsโ€™ names may also be published in this context. Participants may object to this at any time.

If the sweepstakes takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as โ€œonline platformโ€), the terms of use and privacy policies of the respective platforms also apply. In these cases, we point out that we are responsible for the information provided by participants in the context of the sweepstakes, and inquiries regarding the sweepstakes should be addressed to us.

Participantsโ€™ data will be deleted once the sweepstakes or competition has ended and the data are no longer required to notify the winners or because no further inquiries regarding the sweepstakes are expected. As a rule, participantsโ€™ data are deleted no later than six months after the end of the sweepstakes. Data of winners may be retained for a longer period, e.g., to answer queries regarding prizes or to fulfill prize obligations; in such cases, the retention period depends on the type of prize and may be up to three years, e.g., in order to process warranty cases. Furthermore, participantsโ€™ data may be retained for longer, e.g., in the form of reporting on the sweepstakes in online and offline media.

Where data are collected within the scope of the sweepstakes for other purposes as well, their processing and retention period are governed by the privacy policy for that specific use (e.g., in the case of subscribing to the newsletter as part of a sweepstakes).

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions, as well as related information such as authorship details or creation time).
  • Data subjects: Sweepstakes and competition participants.
  • Purposes of processing: Conducting sweepstakes and competitions.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 (1) sentence 1 lit. b) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Web Analysis, Monitoring, and Optimization
Web analysis (also referred to as โ€œreach measurementโ€) serves to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitorsโ€”such as age or genderโ€”as pseudonymous values. By means of reach analysis, we can, for example, identify the times at which our online offering or its functions and content are used most frequently, or which areas invite reuse. It also enables us to determine which areas require optimization.

In addition to web analysis, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profilesโ€”i.e., data aggregated to form a usage processโ€”may be created for these purposes, and information may be stored in a browser or on a device and then read out. The information collected includes, in particular, visited websites and elements used there, as well as technical details such as the browser used, the operating system, and usage times. Where users have consented to the collection of their location dataโ€”either by us or by the providers of the services we useโ€”the processing of location data is also possible.

Furthermore, usersโ€™ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored in the context of web analysis, A/B testing, and optimizationโ€”only pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: Where we ask users for their consent to the use of third-party services, the legal basis for processing is consent. Otherwise, usersโ€™ data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€ Storage of cookies up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on usersโ€™ devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analytical information to a device in order to recognize which content users have accessed within one or more usage sessions, which search terms they used, whether they accessed content again, or interacted with our online offering. The time and duration of usage, sources referring users to our online offering, and technical aspects of their devices and browsers are also stored.

Pseudonymous profiles of users may be created with information from the use of different devices, with cookies being used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides approximate geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data are used solely for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible, and are not used for other purposes. When Google Analytics collects measurement data, all IP lookups are performed on EU-based servers before traffic is forwarded for processing to Analytics servers.

Online Marketing
We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as โ€œcontentโ€) based on potential interests of users, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called โ€œcookieโ€) or similar procedures are used, whereby the information relevant for displaying the aforementioned content about the user is stored. This may include, for example, viewed content, visited websites, used online networks, communication partners, as well as technical details such as the browser used, the operating system, and information about usage times and functions used. Where users have consented to the collection of their location data, these may also be processed.

In addition, usersโ€™ IP addresses are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored within the scope of online marketing proceduresโ€”only pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

The statements in the profiles are usually stored in the cookies or by means of similar procedures. These cookies may later generally also be read on other websites using the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with further data, and stored on the server of the online marketing provider.

In exceptional cases, clear data may be assigned to the profiles, primarily if users are, for example, members of a social network whose online marketing procedure we use, and the network links the user profiles with the aforementioned information. We note that users may make additional arrangements with the providers, e.g., by granting consent in the course of registration.

We generally only have access to aggregated information about the success of our advertisements. However, within the scope of so-called conversion measurements, we can check which of our online marketing procedures led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely for the analysis of the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of up to two years.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for processing is consent. Otherwise, usersโ€™ data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

Notes on Withdrawal and Objection:
We refer to the privacy policies of the respective providers and the opt-out options provided by them. If no explicit opt-out option is provided, you may disable cookies in your browser settings. However, this may restrict the functionality of our online offering. We therefore additionally recommend the following opt-out options, which are offered collectively for specific regions:
a) Europe: https://www.youronlinechoices.eu
b) Canada: https://www.youradchoices.ca/choices
c) USA: https://www.aboutads.info/choices
d) Cross-regional: https://optout.aboutads.info

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures).
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€ Storage of cookies up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on usersโ€™ devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Google Ads and Conversion Measurement: Online marketing procedure for the purpose of placing content and advertisements within the providerโ€™s advertising network (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users presumed to have an interest in the ads. We also measure the conversion of the ads, i.e., whether users interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users.

Affiliate Programs and Affiliate Links
We integrate so-called affiliate links or other references (which may include search forms, widgets, or discount codes) to the offers and services of third-party providers into our online offering (collectively referred to as โ€œaffiliate linksโ€). If users follow the affiliate links or subsequently take up the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as โ€œcommissionโ€).

In order to be able to track whether users have taken up the offers of an affiliate link used by us, it is necessary that the respective third-party providers know that users followed an affiliate link placed within our online offering. The assignment of affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission settlement and will be removed once it is no longer required for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with specific values, which are part of the link or may be stored elsewhere, e.g., in a cookie. Such values may include, in particular, the originating website (referrer), time, an online identifier of the website operator where the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, usersโ€™ data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Contract data (e.g., contract subject, term, customer category); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Prospective customers; users (e.g., website visitors, users of online services).
  • Purposes of processing: Affiliate tracking.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Amazon Partner Program: Affiliate partner program (Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates);

Presences in Social Networks (Social Media)
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the European Union. This may entail risks for users, for example, making it more difficult to enforce user rights.

Furthermore, user data within social networks are generally processed for market research and advertising purposes. For example, user behavior and resulting interests may be used to create usage profiles. These profiles may, in turn, be used to display advertisements inside and outside the networks that presumably correspond to usersโ€™ interests. As a rule, cookies are stored on usersโ€™ devices, in which usage behavior and user interests are stored. In addition, usage profiles may also store data independently of the devices used by users (particularly if they are members of the respective platforms and logged in).

For detailed information on the respective forms of processing and the opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

Also, in the case of requests for information or the assertion of data subject rights, we note that these can most effectively be exercised with the providers. Only they have access to the usersโ€™ data and can take direct action and provide information. If you still require assistance, you may contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., textual or visual messages and contributions as well as related information such as authorship details or time of creation); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g., collecting feedback via online form); public relations.
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€
  • Legal bases: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Instagram: Social network that enables sharing photos and videos, commenting and liking posts, sending messages, and subscribing to profiles and pages.
  • Facebook Pages: Profiles within the social network Facebook โ€“ The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data from visitors to our Facebook Page (โ€œFanpageโ€). This includes, in particular, information about user behavior (e.g., viewed or interacted content, actions taken) and device information (e.g., IP address, operating system, browser type, language settings, cookie data). More details can be found in Facebookโ€™s Data Policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical evaluations through the โ€œPage Insightsโ€ service, giving insights into how people interact with our page and its content.

The basis for this is an agreement with Facebook (โ€œInformation about Page Insightsโ€: https://www.facebook.com/legal/terms/page_controller_addendum), which also regulates security measures and the exercise of data subject rights. Further details are available here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can therefore address access or deletion requests directly to Facebook. Usersโ€™ rights (in particular, access, deletion, objection, complaint to a supervisory authority) remain unaffected.

Joint controllership is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Further processing, including possible transmission to Meta Platforms Inc. in the USA, is the sole responsibility of Meta Platforms Ireland Limited.

  • Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
  • Legal basis: Legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).
  • Website: https://www.facebook.com
  • Privacy policy: https://www.facebook.com/privacy/policy/
  • Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
  • LinkedIn: Social network โ€“ We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data of visitors that are used to create โ€œPage Insightsโ€ (statistics) of our LinkedIn profiles. These data include information about the types of content users view or interact with, and the actions they take. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles, such as job function, country, industry, seniority, company size, and employment status.

Privacy information on the processing of user data by LinkedIn can be found in LinkedInโ€™s Privacy Policy: https://www.linkedin.com/legal/privacy-policy. We have entered into a special agreement with LinkedIn Ireland (โ€œPage Insights Joint Controller Addendumโ€: https://legal.linkedin.com/pages-joint-controller-addendum), which in particular regulates the security measures to be observed by LinkedIn and in which LinkedIn undertakes to fulfill data subject rights (i.e., users may address access or deletion requests directly to LinkedIn).

Usersโ€™ rights (in particular the right to access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint controllership is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, an EU-based company. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular regarding the transmission of data to the parent company LinkedIn Corporation in the USA.

Plug-ins and Embedded Functions as well as Content
We integrate functional and content elements into our online offering, which are retrieved from the servers of their respective providers (hereinafter referred to as โ€œthird-party providersโ€). These may include graphics, videos, or maps (collectively referred to as โ€œcontentโ€).

Integration always requires that the third-party providers of this content process the usersโ€™ IP address, since they could not send the content to usersโ€™ browsers without the IP address. The IP address is therefore necessary for displaying such content or functions. We make every effort to use only content whose providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as โ€œweb beaconsโ€) for statistical or marketing purposes. Through โ€œpixel tags,โ€ information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on usersโ€™ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our online offering, as well as being linked with such information from other sources.

Notes on legal bases: Where we ask users for their consent to the use of third-party providers, the legal basis for processing is consent. Otherwise, user data are processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); audience building; marketing; profiles with user-related information (creation of user profiles).
  • Retention and deletion: Deletion in accordance with the information provided in the section โ€œGeneral Information on Data Storage and Deletion.โ€ Storage of cookies up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on usersโ€™ devices for a period of two years).
  • Legal bases: Consent (Art. 6 (1) sentence 1 lit. a) GDPR); legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • LinkedIn Plug-ins and Content: This may include content such as images, videos, or text and buttons that allow users to share content from this online offering within LinkedIn.
  • YouTube Videos: Video content.
  • YouTube Videos (Privacy-Enhanced Mode): Within our online offering, videos stored on YouTube are embedded. Integration of YouTube videos takes place via a special domain using the โ€œyoutube-nocookieโ€ component in so-called โ€œprivacy-enhanced mode.โ€ In โ€œprivacy-enhanced mode,โ€ until the video starts playing, only information such as your IP address and details about your browser and device are stored on your device in cookies or by comparable means that YouTube requires for playback, control, and optimization of video display. Once you play the videos, additional information may be processed by YouTube for the purposes of analyzing user behavior, storing in user profiles, and personalizing content and ads. The storage period for such cookies may be up to two years.
    • Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
    • Legal basis: Consent (Art. 6 (1) sentence 1 lit. a) GDPR).
    • Website: https://www.youtube.com
    • Privacy policy: https://policies.google.com/privacy
    • Basis for third-country transfers: Data Privacy Framework (DPF).
    • Further information: https://support.google.com/youtube/answer/171780?hl=en (instructions for enabling privacy-enhanced mode).

Created with the free Privacy Generator by Dr. Thomas Schwenke

Notes on Data Processing in Connection with Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as โ€œGoogle.โ€

Google Analytics uses โ€œcookies,โ€ which are text files placed on the visitorโ€™s computer to help analyze how the website is used. The information generated by the cookie about the visitorโ€™s use of this website (including the truncated IP address) is usually transmitted to a Google server and stored there.

Google Analytics is used exclusively with the extension โ€œ_anonymizeIp()โ€ on this website. This extension ensures anonymization of the IP address by shortening it and excludes direct personal reference. With this extension, the IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by the respective browser as part of Google Analytics is not merged with other Google data.

On behalf of the site operator, Google will use the collected information to evaluate the use of the website, to compile reports on website activity, and to provide other services relating to website and internet usage to the site operator (Art. 6 (1) lit. f GDPR). The legitimate interest in data processing lies in optimizing this website, analyzing its usage, and tailoring content. Usersโ€™ interests are sufficiently protected by pseudonymization.

Google LLC provides a guarantee to maintain an adequate level of data protection based on Standard Contractual Clauses. Data transmitted and linked with cookies, user IDs (e.g., user-ID), or advertising IDs are automatically deleted after 50 months. Data that have reached their retention period are automatically deleted once per month.

Data collection by Google Analytics can be prevented by adjusting the cookie settings for this website. Furthermore, users may object to the collection and storage of their IP address and data generated by cookies at any time with future effect. The corresponding browser plugin can be downloaded and installed via the following link: https://tools.google.com/dlpage/gaoptout.

Users can prevent data collection by Google Analytics on this website by clicking the following link. An opt-out cookie will be set, preventing future data collection when visiting this website.

Further information on Googleโ€™s data usage, settings, and opt-out options can be found in Googleโ€™s Privacy Policy (https://policies.google.com/privacy) as well as in the ad personalization settings provided by Google (https://adssettings.google.com/authenticated).

No VAT identification, as small business according to ยง19 (1) UStG, Germany