Privacy Policy

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, the purposes for which they are processed, and the scope of such processing. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Version: December 14, 2024

Responsible Entity

Platinum Pilates Germany AG
Kaiserleistrasse 3
63067 Offenbach am Main

Authorized Representatives: Board: Jamila Mitchell

Email Address: info@platinumpilates.de

Imprint: https://platinumpilates.de/de/impressum

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and references the data subjects.

Types of Data Processed

• Inventory data.
• Location data.
• Contact data.
• Content data.
• Contract data.
• Usage data.
• Metadata, communication, and procedural data.
• Event data (Facebook).
• Log data.

Categories of Data Subjects

• Service recipients and clients.
• Communication partners.
• Users.
• Contest and competition participants.
• Business and contractual partners.
• Participants.

Purposes of Processing

• Provision of contractual services and fulfillment of contractual obligations.
• Communication.
• Security measures.
• Direct marketing.
• Reach measurement.
• Tracking.
• Office and organizational procedures.
• Conversion measurement.
• Target group formation.
• Affiliate tracking.
• Organizational and administrative procedures.
• Conducting contests and competitions.
• Feedback.
• Surveys and questionnaires.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.
• Public relations.
• Sales promotion.

Applicable Legal Bases

Applicable Legal Bases under the GDPR: Below is an overview of the legal bases of the GDPR under which we process personal data. Please note that national data protection regulations in your or our place of residence or domicile may also apply in addition to the GDPR. If more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR): The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6(1)(f) GDPR): The processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject, which require the protection of personal data, do not outweigh these.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations in Germany also apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission and automated decision-making in individual cases, including profiling. Furthermore, the data protection laws of individual federal states may also apply.

Third Countries (outside the EU and Switzerland): Data protection regulations in the country where the controller is based may also apply in addition to or instead of the GDPR. These regulations may include provisions that go beyond the requirements of the GDPR or deviate from them. They include, among others, provisions on the protection against misuse of personal data, rules on information and deletion rights, objection rights, processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making, including profiling.

Provision of the Online Offering and Web Hosting

We process users’ data to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the users’ browser or device.

• Types of Data Processed: Usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties). Log data (e.g., log files related to logins, data retrieval, or access times).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers); Security measures.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Retention and Deletion.”
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).

Additional Notes on Processing Operations, Procedures, and Services:

• Provision of the Online Offering on Rented Storage Space: To provide our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also referred to as a “web host”); Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR).
• Collection of Access Data and Log Files: Access to our online offering is logged in the form of “server log files.” Server log files may include the address and name of the accessed web pages and files, the date and time of access, transferred data volumes, notifications of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, such as preventing server overloads (especially in the event of misuse, e.g., DDoS attacks), and to ensure server stability and performance; Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidence purposes is excluded from deletion until the incident in question is fully resolved.

Use of Cookies

The term “cookies” refers to functionalities that store and retrieve information on users’ devices. Cookies can be used for various purposes, such as ensuring the functionality, security, and comfort of online offerings, as well as for analyzing visitor flows. We use cookies in accordance with legal requirements. When necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when the storage and retrieval of information are essential to provide explicitly requested content and functionalities, such as storing settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information on the scope and use of cookies.

Legal Basis for Data Processing: Whether we process personal data via cookies depends on user consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as outlined in this section and in the context of the respective services and procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

• Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
• Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, and preferred content can be displayed directly when a user revisits a website. Likewise, usage data collected through cookies may be used for reach measurement. Unless we explicitly inform users of the type and storage duration of cookies (e.g., when obtaining consent), they should assume that these are permanent and may be stored for up to two years.

General Notes on Revocation and Objection (Opt-out): Users can revoke their consent at any time and may also object to data processing in accordance with legal requirements, including via their browser’s privacy settings.

• Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved parties).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Additional Notes on Processing Operations, Procedures, and Services:

• Processing of Cookie Data Based on Consent: We use a consent management solution to obtain users’ consent for the use of cookies or the procedures and providers mentioned in the consent management solution. This procedure serves to obtain, record, manage, and revoke consent, particularly regarding the use of cookies and similar technologies for storing, retrieving, and processing information on users’ devices. Users can manage and revoke their consents through this process. Consent declarations are stored to avoid repeated queries and to demonstrate consent in compliance with legal requirements. Storage occurs server-side and/or via a cookie (so-called opt-in cookie) or similar technology, enabling the consent to be assigned to a specific user or their device. Unless specific details about consent management service providers are provided, the following general notes apply: Consent storage duration is up to two years. A pseudonymous user identifier is created, stored alongside the time of consent, the extent of consent (e.g., cookie categories and/or service providers), and information about the browser, system, and device used; Legal Basis: Consent (Art. 6(1)(a) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via post, contact form, email, telephone, or social media) and within the scope of existing user and business relationships, we process the information of the inquiring persons to the extent necessary to respond to contact inquiries and any requested measures.

• Processed Data Types: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions as well as related information, such as authorship details or creation timestamps); usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected Persons: Communication partners.
• Purposes of Processing: Communication; organizational and administrative processes; feedback (e.g., collecting feedback via online form); providing our online offering and user-friendliness.
• Retention and Deletion: Deletion in accordance with the information in the section “General Information on Data Retention and Deletion”.
• Legal Bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further Information on Processing Procedures, Methods, and Services:

• Contact Form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to us to respond to and handle the respective inquiry. This typically includes information such as name, contact details, and any additional information shared that is necessary for proper handling. We use this data exclusively for the stated purpose of contact and communication; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as “newsletters”) only with the consent of the recipients or based on legal authorization. If the contents of the newsletter are specified during registration, they are decisive for the user’s consent. Typically, providing your email address is sufficient for subscribing to our newsletter. However, to offer a personalized service, we may ask for your name for a personalized salutation in the newsletter or additional information if necessary for the newsletter’s purpose.

Retention and Restriction of Processing: We may retain unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove a previously given consent. Processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided the former existence of a consent can also be confirmed. In cases where we are obligated to permanently respect objections, we reserve the right to store the email address solely for this purpose in a suppression list (known as a “blocklist”).

We log the registration process based on our legitimate interests to document its proper execution. If we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure email distribution system.

Contents: Information about us, our services, campaigns, and offers.

• Processed Data Types: Master data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons); usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
• Affected Persons: Communication partners.
• Purposes of Processing: Direct marketing (e.g., via email or post).
• Legal Bases: Consent (Art. 6(1) sentence 1 lit. a GDPR).
• Opt-Out Option: You can unsubscribe from our newsletter at any time, i.e., revoke your consent or object to further receipt. A link to unsubscribe can be found at the end of each newsletter, or you may use one of the above contact options, preferably via email.

Further Information on Processing Procedures, Methods, and Services:

• SMS Distribution: Electronic notifications may also be sent as SMS text messages (or exclusively via SMS, if the distribution authorization, e.g., consent, only covers SMS distribution); Legal Bases: Consent (Art. 6(1) sentence 1 lit. a GDPR).

• Types of Data Processed: Personal data (e.g., full name, residential address, contact information, customer number, etc.); contact details (e.g., postal and email addresses, or phone numbers); content data (e.g., textual or visual messages and posts, as well as related information such as author details or creation time). Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
• Data Subjects: Participants.
• Purposes of Processing: Feedback (e.g., collecting feedback via online forms). Surveys and questionnaires (e.g., surveys with input fields, multiple-choice questions).
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion”.
• Legal Basis: Legitimate interests (Article 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate visitor traffic on our online offerings and may include behavior, interests, or demographic information of the visitors, such as age or gender, in pseudonymous values. With reach analysis, we can, for example, identify the times when our online offering or its functions or content are most frequently used or invite repeated use. We can also track which areas require optimization.

In addition to web analysis, we may use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles may be created for these purposes, i.e., data collected during a usage session, and information may be stored in a browser or on an end device and then retrieved. The data collected may include visited websites and the elements used on them, as well as technical information such as the browser used, the computer system, and information about usage times. If users have consented to the collection of their location data by us or the providers of the services we use, location data may also be processed.

Additionally, the IP addresses of users are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personal data of users (e.g., email addresses or names) is stored as part of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software we use know the actual identity of users, only the information stored in their profiles for the purposes of the respective procedures.

Legal Basis: If we ask users for consent to use third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we would also like to refer you to the information regarding the use of cookies in this privacy statement.

• Types of Data Processed: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, users of online services).
• Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles). Providing our online offering and user-friendliness.
• Retention and Deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion”. Cookies may be stored for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
• Security Measures: IP masking (pseudonymization of IP addresses).
• Legal Basis: Consent (Article 6(1)(a) GDPR). Legitimate interests (Article 6(1)(f) GDPR).

Further Information on Processing, Procedures, and Services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any personal data such as names or email addresses. It serves to assign analytical information to an end device to identify which content users have accessed within one or more usage sessions, which search terms they used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources referring users to our online offering and technical aspects of their end devices and browsers.
  Pseudonymous user profiles are created with information from the use of different devices, where cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, it provides approximate geographic location data by deriving metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and corresponding IDs). In the case of EU data traffic, IP address data is only used for the purpose of geolocation before it is immediately deleted. It is not logged, is not accessible, and is not used for any other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Security Measures: IP masking (pseudonymization of IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Data Transfers to Third Countries: Data Privacy Framework (DPF); Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Ad Personalization Settings: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing and data processed).

Online Marketing

We process personal data for the purpose of online marketing, which may include the marketing of advertising spaces or the display of advertising and other content (collectively referred to as “Content”) based on potential user interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar methods are used, through which the information relevant for displaying the aforementioned content is stored about the user. This may include, for example, viewed content, visited websites, used online networks, but also communication partners and technical details such as the browser used, the computer system used, as well as information about usage times and functions used. If users have consented to the collection of their location data, these may also be processed.

In addition, the IP addresses of users are stored. However, we use available IP masking procedures (i.e., pseudonymization by truncating the IP address) for user protection. In general, no personal data of users (e.g., email addresses or names) is stored as part of the online marketing procedure, but pseudonyms. This means that neither we nor the providers of online marketing procedures know the actual user identity, only the information stored in their profiles.

The data in the profiles are usually stored in cookies or via similar methods. These cookies may later be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with additional data, which is then stored on the server of the online marketing service provider.

Exceptionally, it is possible to associate personal data with the profiles, primarily when users are members of a social network whose online marketing procedure we use, and the network connects the user profiles with the aforementioned information. We ask that users note that they can make additional agreements with providers, such as consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing procedures led to a so-called conversion, e.g., to the conclusion of a contract with us. Conversion measurement is used solely for the analysis of the success of our marketing activities.

Unless otherwise specified, we ask you to assume that cookies used are stored for a period of two years.

Legal Basis: If we ask users for their consent to use third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we would also like to refer you to the information regarding the use of cookies in this privacy statement.

Right to Withdraw and Object:

We refer to the privacy notices of the respective providers and the opt-out options (so-called “Opt-Out”) provided for these providers. If no explicit opt-out option is provided, you can, as an alternative, disable cookies in your browser settings. However, this may limit some functionalities of our online offering. Therefore, we additionally recommend the following opt-out options, which are offered in summary for the respective regions:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-border: https://optout.aboutads.info.

• Processed Data Types: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Users (e.g., website visitors, online service users).
• Purposes of Processing: Reach measurement (e.g., access statistics, detection of recurring visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); audience creation; marketing; user-related profiles (creating user profiles). Conversion measurement (measuring the effectiveness of marketing actions).
• Retention and Deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”. Storage of cookies for up to 2 years (unless stated otherwise, cookies and similar storage methods can be stored on the users’ devices for a period of two years).
• Security Measures: IP masking (pseudonymization of IP address).
• Legal Basis: Consent (Art. 6(1) sentence 1 lit. a GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further Information on Processing Processes, Procedures, and Services:

• Google Ads and Conversion Tracking: Online marketing procedure for placing content and ads within the advertising network of the service provider (e.g., in search results, videos, on websites, etc.), so that they are displayed to users who are presumed to have an interest in the ads. Additionally, we measure the conversion of the ads, i.e., whether users interacted with the ads and used the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1) sentence 1 lit. a GDPR), Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Further Information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.
• Google Adsense with Personalized Ads: We integrate the Google Adsense service, which allows us to display personalized ads within our online offering. Google Adsense analyzes user behavior and uses this data to serve targeted advertising tailored to our visitors’ interests. For each ad placement or other usage of these ads, we receive financial compensation; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Further Information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.
• Google Adsense with Non-Personalized Ads: We use the Google Adsense service to display non-personalized ads in our online offering. These ads are not based on individual user behavior but are selected based on general characteristics such as the page content or approximate geographic location. We receive compensation for displaying or otherwise using these ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1) sentence 1 lit. a GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Further Information: Types of processing and processed data: https://business.safety.google/adsservices/. Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.

Affiliate Program Offering

We offer an affiliate program, i.e., commissions or other benefits (collectively referred to as “Commission”) for users (referred to as “Affiliates”) who refer to our offers and services. The referral is made via a link assigned to the respective affiliate or other methods (e.g., discount codes), which allow us to identify that the use of our services is based on the referral (collectively referred to as “Affiliate Links”).

In order to track whether users have used our services due to the affiliate links employed by the affiliates, it is necessary for us to know that users have followed an affiliate link. The attribution of affiliate links to the respective business transactions or other use of our services is solely for the purpose of commission settlement and will be deleted once it is no longer required for this purpose.

For the purposes of the aforementioned attribution of affiliate links, the affiliate links may be supplemented with specific values that are part of the link or otherwise, such as in a cookie, to be stored. The values may include, in particular, the referring website (referrer), the time, an online identifier of the operator of the website where the affiliate link was located, an online identifier, etc.

• Processed Data Types: Contractual data (e.g. contract subject, duration, customer category); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with – This text section must be unlocked with a premium license. – premiumtext premiumtext ); Log data (e.g. log files related to logins or data retrieval – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext ).
• Data Subjects: Users (e.g. website visitors, users of – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext ). Business and contractual partners.
• Purpose of Processing: Provision of contractual services and fulfillment of contractual obligations. Affiliate tracking.
• Retention and Deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
• Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Customer Reviews and Evaluation Processes

We participate in review and evaluation procedures to assess, optimize, and promote our services. When users review us through the participating review platforms or procedures or provide feedback in other ways, the general terms and conditions and privacy policies of the providers also apply. Typically, leaving a review also requires registration with the respective providers.

To ensure that the reviewers have actually used our services, we transmit, with the consent of the customers, the necessary data regarding the customer and the service used to the respective review platform (including name, email address, and order number or article number). This data is used solely for verifying the authenticity of the user.

• Processed Data Types: Contractual data (e.g. contract subject, duration, customer category); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta-, communication- and process data (e.g. IP addresses, timestamps, identification numbers, involved persons).
• Data Subjects: Service recipients and clients. Users (e.g. website visitors, users of online services).
• Purpose of Processing: Feedback (e.g. collecting feedback via online form). Marketing.
• Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further Information on Processing Processes, Procedures, and Services:

• Review Widget: We integrate “review widgets” into our online offering. A widget is a functional and content element embedded in our online offering that displays changing information. For example, it may appear as a seal or similar element, sometimes also referred to as a “badge”. While the corresponding widget content is displayed within our online offering, it is retrieved from the servers of the respective widget provider. This ensures that the current content is always shown, especially the current review. A data connection must be established from the webpage accessed within our online offering to the widget provider’s server, and the widget provider receives certain technical data (access data, including IP address) necessary for delivering the widget content to the user’s browser. Additionally, the widget provider receives information about users visiting our online offering. This information may be stored in a cookie and used by the widget provider to identify which online offers the user has visited. The information may be stored in a user profile and used for advertising or market research purposes. Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).
• ProvenExpert: Review platform; Service Provider: Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin, Germany; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.provenexpert.com/de-de/. Privacy Policy: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.
• Trusted Shops (Trustedbadge): Review platform – In the context of joint responsibility between us and Trusted Shops, please direct any privacy-related inquiries and the assertion of your rights to Trusted Shops, using the contact details provided in the privacy information. Nevertheless, you may always contact the responsible party of your choice. Your inquiry will then, if necessary, be forwarded to the other responsible party for a response.The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured through standard contractual clauses and additional contractual measures.
  When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which includes your IP address, date and time of access, amount of data transmitted, and the requesting provider (access data), documenting the retrieval. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to any individual. The anonymized data is mainly used for statistical purposes and error analysis.If you have given consent, the Trustbadge will access stored order information (order amount, order number, and possibly purchased product) as well as your email address on your device and hash the email address using a cryptographic one-way function. The hashed value is then transmitted to Trusted Shops together with the order information as per Art. 6(1) sentence 1 lit. a GDPR. This serves to verify whether you are already registered for Trusted Shops services. If so, further processing will occur according to the contract between you and Trusted Shops. If you are not yet registered for the services or do not grant consent for automatic recognition via the Trustbadge, you will be given the opportunity to manually register for the services or finalize protection under your existing user contract.The Trustbadge accesses the following information after your order is completed: order amount, order number, and email address. This is necessary to offer buyer protection. Data will only be transmitted to Trusted Shops after you actively consent to complete buyer protection by clicking the appropriately labeled button in the so-called Trustcard. If you opt to use the services, further processing is based on the contract with Trusted Shops under Art. 6(1) lit. b GDPR to finalize your registration for buyer protection and secure the order, and to send you review invitations via email.Trusted Shops uses service providers for hosting, monitoring, and logging. The legal basis is Art. 6(1) lit. f GDPR for ensuring the smooth operation of the services. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured for the USA through standard contractual clauses and additional measures, and for Israel, through an adequacy decision.
  Service Provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany; Legal Basis: Consent (Art. 6(1) sentence 1 lit. a) GDPR), Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.trustedshops.de. Privacy Policy: https://www.trustedshops.de/impressum-datenschutz/.
• Trustpilot: Review platform; Service Provider: Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://de.trustpilot.com. Privacy Policy: https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

Presences in Social Networks (Social Media)

We maintain online presences in social networks and process user data in this context to communicate with active users or provide information about us.

We would like to point out that user data may be processed outside of the European Union. This may pose risks to users, as enforcing user rights could be more difficult.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage behavior and resulting interests may be used to create user profiles. These profiles may be used for targeted advertising both within and outside the networks, presumably aligned with the user’s interests. Typically, cookies are stored on users’ devices to track usage behavior and interests. User profiles may also contain data that is independent of the devices used by the users (especially if they are members of the platforms and logged in there).

For a detailed description of the respective processing activities and opt-out options, please refer to the privacy policies and information of the respective platform operators.

Even for inquiries or asserting data subject rights, we advise that these are most effectively addressed to the providers. Only they have access to the user data and can take the necessary actions or provide information. If you need assistance, you may contact us.

• Processed Data Types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. text or image messages and posts, and related information such as author details or creation time); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems, interactions with content and functions); Account data (e.g. full name, address, contact details, customer number, etc.). Meta-, communication-, and process data (e.g

• Processed Data Types: Contractual data (e.g. contract subject, duration, customer category); Usage data (e.g. page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with – This text section must be unlocked with a premium license. – premiumtext premiumtext ); Log data (e.g. log files related to logins or data retrieval – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext ).
• Data Subjects: Users (e.g. website visitors, users of – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext ). Business and contractual partners.
• Purpose of Processing: Provision of contractual services and fulfillment of contractual obligations. Affiliate tracking.
• Retention and Deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion”.
• Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

• Instagram: Social network that allows sharing photos and videos, commenting and favoriting posts, sending messages, subscribing to profiles and pages; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
• Facebook Pages: Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “Fanpage”). This data includes information about the types of content users view or interact with or actions they perform (see “Things you and others do and provide” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (“Information about Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which specifically outlines the security measures Facebook must adhere to and where Facebook agrees to comply with the rights of data subjects (e.g., users can directly contact Facebook with requests for access or deletion). The rights of users (particularly the right to access, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly regarding the transmission of data to its parent company, Meta Platforms, Inc. in the USA; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Standard contractual clauses (SCCs).

• LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors, which is used to create the “Page Insights” (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as actions they perform. Device details are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from user profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn’s privacy notices: https://www.linkedin.com/legal/privacy-policy.
  We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must observe and in which LinkedIn agrees to comply with the rights of data subjects (e.g., users can directly contact LinkedIn with requests for access or deletion). The rights of users (particularly the right to access, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with LinkedIn. Joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is solely the responsibility of LinkedIn Ireland Unlimited Company, particularly regarding the transmission of data to the parent company LinkedIn Corporation in the USA; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Pinterest: Social network, allows sharing photos, commenting, favoriting, and curating posts, sending messages, and subscribing to profiles; Service Provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
• Snapchat: Social network, allows sharing photos and videos, commenting and favoriting posts, sending messages, subscribing to profiles and pages; Service Provider: Snap Inc., 3000 31st Street, Santa Monica, California 90405 USA; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.snapchat.com/; Privacy Policy: https://www.snap.com/de-DE/privacy/privacy-policy. Basis for third-country transfers: Standard Contractual Clauses (https://www.snap.com/en-US/terms/standard-contractual-clauses).
• Threads: Social network; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.threads.net/. Privacy Policy: https://help.instagram.com/515230437301944.
• X: Social network; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://x.com. Privacy Policy: https://x.com/de/privacy.
• YouTube: Social network and video platform; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out Option: https://myadcenter.google.com/personalizationoff.
• Xing: Social network; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR); Website: https://www.xing.com/. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plug-ins and Embedded Features as well as Content

We integrate functional and content elements into our online offerings, which are sourced from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or city maps (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of users, as they could not send the content to the users’ browsers without the IP address. The IP address is thus necessary for the display of these contents or functions. We strive to only use content where the respective providers apply the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be analyzed. The pseudonymous information can also be stored in cookies on the users’ devices and may include technical details such as the browser and operating system, referring websites, visit times, and other details about the use of our online offerings, but may also be linked with information from other sources.

Notes on Legal Grounds: If we ask users for their consent to use third-party providers, the legal basis for data processing is the consent provided. Otherwise, user data will be processed based on our legitimate interests (i.e., the interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information regarding the use of cookies in this privacy policy.

• • • • Processed Data Types: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons); Location data (information regarding the geographical position of a device or person); Event data (Facebook) (“Event Data” refers to information sent to the provider Meta via Meta Pixel (whether through apps or other channels) regarding individuals or their actions. This includes, for example, details of website visits, interactions with content and features, app installations, and product purchases. The processing of event data is aimed at creating target groups for content and advertising messages (Custom Audiences). It is important to note that Event Data does not include actual content such as written comments, login information, or contact details such as names, email addresses, or phone numbers. Event Data is deleted by Meta after a maximum of two years, and the target groups formed from it disappear with the deletion of our Meta user accounts.); Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or pictorial messages and posts, as well as related information such as author details or creation time).
      • Data Subjects: Users (e.g., website visitors, online service users).
      • Purposes of Processing: Providing our online offer and user-friendliness; reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest- or behavior-based profiling, use of cookies); audience formation; marketing; profiles with user-related information (creating user profiles). Feedback (e.g., collecting feedback via online forms).
      • Storage and Deletion: Deletion in accordance with the details provided in the section “General Information on Data Storage and Deletion.” Storage of cookies for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
      • Legal Grounds: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further Notes on Processing Procedures, Processes, and Services:

• • • • Integration of Third-Party Software, Scripts, or Frameworks (e.g., jQuery): We integrate software into our online offerings that we retrieve from servers of other providers (e.g., functional libraries we use for displaying or enhancing the user-friendliness of our online offerings). The respective providers collect the IP address of users and may process it for the purposes of delivering the software to the users’ browsers, as well as for security purposes and for analyzing and optimizing their services. Legal Grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
      • Facebook Plugins and Content: Facebook Social Plugins and Content – This may include content such as images, videos, or text, as well as buttons that allow users to share content from this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt of “Event Data” transmitted via Facebook Social Plugins (and embedded content features) executed on our online offerings, but not for the further processing of this data. The shared responsibility covers the following purposes: a) Display of content and advertising information corresponding to the presumed interests of users; b) Delivery of commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., enhancing the recognition of content or advertisements likely to align with users’ interests). We have entered into a special agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum), which specifies security measures Facebook must follow (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook commits to fulfilling the data subject rights (e.g., users can address requests for information or deletion directly to Facebook). Note: When Facebook provides us with metrics, analyses, and reports (which are aggregated, meaning no details about individual users are received and are anonymous for us), this processing is not part of the joint responsibility but based on a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA, based on Standard Contractual Clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially for information, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Grounds: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for Third-Country Transfers: Data Privacy Framework (DPF).
      • Google Fonts (Hosted on Our Server): Provision of font files for the user-friendly display of our online offering; Service Provider: Google Fonts are hosted on our server, no data is transmitted to Google; Legal Grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
      • Google Fonts (Sourced from Google Server): Sourcing fonts (and symbols) for the technically secure, maintenance-free, and efficient use of fonts and symbols with respect to up-to-date versions, loading times, uniform display, and consideration of possible licensing restrictions. The font provider will receive the user’s IP address to ensure the fonts are made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for providing the fonts depending on the devices and technical environment used. These data may be processed on a server of the font provider in the USA. When visiting our online offering, users’ browsers send HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the cascading style sheets (CSS) for Google Fonts and the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the User-Agent, which describes the browser and operating system versions of website visitors, as well as the referring URL (i.e., the website where the Google font is to be displayed). IP addresses are not logged or stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, User-Agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The User-Agent is primarily logged for debugging and used to generate aggregated usage statistics to measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and to generate an aggregated report on top integrations based on the number of font requests. According to Google, none of the information collected by Google Fonts is used to create user profiles or display targeted ads; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=de.
      • Font Awesome (Hosted on Our Server): Display of fonts and symbols; Service Provider: Font Awesome Icons are hosted on our server, no data is transmitted to the Font Awesome provider.

Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

• Google Maps: We integrate the maps service “Google Maps” provided by Google. The processed data may include, in particular, IP addresses and location data of users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Consent (Art. 6 (1) sentence 1 (a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for Transfers to Third Countries: Data Privacy Framework (DPF).
• Instagram Plugins and Content: Instagram Plugins and content – for example, content such as images, videos, or texts, and buttons allowing users to share content from this online service within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt of “Event Data” transmitted by Facebook via Instagram features (e.g., embedding features for content) executed on our online service. However, we are not responsible for the further processing of this data. The purposes of this joint responsibility are: a) displaying content and advertising information likely to match users’ interests; b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g., improving the recognition of content or advertisements likely to match users’ interests). We have entered into a specific agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum) that governs, in particular, the security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms) and where Facebook has agreed to fulfill the rights of the data subjects (e.g., users can address access or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analytics, and reports (aggregated, meaning no information about individual users, and anonymized for us), this processing does not fall under joint responsibility but is based on a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA, is based on Standard Contractual Clauses (“Facebook-EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). User rights (including the right to access, deletion, objection, and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://privacycenter.instagram.com/policy/.
• LinkedIn Plugins and Content: LinkedIn Plugins and Content – for example, content such as images, videos, or texts, and buttons that allow users to share content from this online service within LinkedIn; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Basis for Transfers to Third Countries: Data Privacy Framework (DPF). Opt-Out Option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• MyFonts: Fonts; data processed during font retrieval include the project identification number (anonymized), the URL of the licensed website linked to a customer number to identify the licensee and licensed web fonts, and the referring URL; the anonymized web font project identification number is stored in encrypted log files with such data for 30 days to determine the monthly number of page views. After this extraction and storage of the page view count, the log files are deleted; Service Provider: Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.myfonts.co. Privacy Policy: https://www.myfonts.com/info/legal/#Privacy.
• OpenStreetMap: We integrate the maps service “OpenStreetMap” based on the Open Data Commons Open Database License (ODbL) offered by the OpenStreetMap Foundation (OSMF). User data is used by OpenStreetMap solely for the purpose of displaying the map functions and caching the selected settings. This data may include, in particular, IP addresses and location data of users, which, however, will not be collected without their consent (usually carried out through the settings on their devices or browsers); Service Provider: OpenStreetMap Foundation (OSMF); Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.openstreetmap.de. Privacy Policy: https://osmfoundation.org/wiki/Privacy_Policy.
• Pinterest Plugins and Content: Pinterest Plugins and Content – for example, content such as images, videos, or texts, and buttons that allow users to share content from this online service within Pinterest; Service Provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.pinterest.com. Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
• Shariff: We use the privacy-friendly “Shariff” buttons. “Shariff” was developed to provide more privacy online by replacing the standard “Share” buttons of social networks. In this process, not the users’ browsers but the server hosting this online service establishes a connection to the respective social media platforms’ servers and queries, for example, the number of likes. The user remains anonymous. More information on the Shariff project can be found from the developers of the magazine c’t: https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html; Service Provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-im-Datenschutztest-3096932.html.

Privacy Policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html.

• X-Plugins and Content: Plugins and buttons of the platform “X” – These may include, for example, content such as images, videos, or texts, and buttons that allow users to share content from this online service within X; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://x.com/de; Privacy Policy: https://x.com/de/privacy, (Settings: https://x.com/personalization); Data Processing Agreement: https://privacy.x.com/en/for-our-partners/global-dpa. Basis for Transfers to Third Countries: Standard Contractual Clauses (https://privacy.x.com/en/for-our-partners/global-dpa).
• YouTube Videos: Video content; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6 (1) sentence 1 (a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Transfers to Third Countries: Data Privacy Framework (DPF). Opt-Out Option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for ad display: https://myadcenter.google.com/personalizationoff.
• YouTube Videos: Embedded video content from YouTube. The integration of these YouTube videos is done via a special domain using the “youtube-nocookie” component in the so-called “extended privacy mode.” In the “extended privacy mode,” only information such as your IP address, browser, and device information is stored on your device in cookies or similar methods until the video starts. This data is required by YouTube for video display, control, and optimization. Once you play the videos, additional information related to usage behavior analysis, profile storage, and personalization of content and advertisements may be processed by YouTube. The storage duration for cookies can be up to two years; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6 (1) sentence 1 (a) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for Transfers to Third Countries: Data Privacy Framework (DPF). Further Information: https://support.google.com/youtube/answer/171780?hl=en-US#zippy=%2Cturn-on-privacy-enhanced-mode%2Cturn-on-extended-privacy-mode.
• Xing Plugins and Buttons: Xing Plugins and buttons – These may include, for example, content such as images, videos, or texts, and buttons that allow users to share content from this online service within Xing; Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://www.xing.com. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
• Vimeo Video Player: Integration of a video player; Service Provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR); Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Data Processing Agreement: https://vimeo.com/enterpriseterms/dpa. Basis for Transfers to Third Countries: Standard Contractual Clauses (https://vimeo.com/enterpriseterms/dpa).

 

Management, Organization, and Auxiliary Tools

We use services, platforms, and software from third-party providers (hereinafter referred to as “third-party providers”) for purposes of organization, management, planning, and providing our services. When selecting third-party providers and their services, we observe legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. Various data may be affected, which we process in accordance with this privacy policy. This data may include, in particular, user master data, contact data, transaction data, contractual data, other process data, and their contents.

As part of communication, business, or other relationships with us, if users are referred to third-party providers or their software or platforms, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask that you pay attention to the privacy notices of the respective third-party providers.

• Processed Data Types: Content data (e.g., text or image messages and posts, and information related to them such as author or creation time); usage data (e.g., page views, dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Affected Persons: Communication partners, users (e.g., website visitors, online service users).
• Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.
• Retention and Deletion: Deletion as per the information in the section “General Information on Data Storage and Deletion.”
• Legal Basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).

Amendment and Update

We kindly ask you to regularly review the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you once the changes require an action from your side (e.g., consent) or a separate individual notification.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that these addresses may change over time, and we ask you to verify the information before contacting them.