Privacy Policy

Privacy Policy Introduction and Overview

We have written this privacy policy (version 13.09.2023-322329669) in order to explain to you, in
accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and
applicable national laws, which personal data (data for short) we as the controller – and the
processors commissioned by us (e.g. providers) – process, will process in the future and what legal
options you have. The terms used are to be considered gender-neutral.
In short: We provide you with comprehensive information about any of your personal data we
process.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy
is intended to describe the most important things to you as simply and transparently as possible.
So long as it aids transparency, technical terms are explained in a reader-friendly manner, links
to further information are provided and graphics are used. We are thus informing in clear and
simple language that we only process personal data in the context of our business activities if there
is a legal basis for it. This is certainly not possible with brief, unclear and legal-technical statements,
as is often standard on the internet when it comes to data protection. I hope you find the following
explanations interesting and informative. Maybe you will also find some information that you have
not been familiar with.

If you still have questions, we kindly ask you to contact the responsible body named below or in the
imprint, follow the existing links and look at further information on third-party sites. You can of
course also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by our company and to all personal data
processed by companies commissioned by us (processors). With the term personal data, we refer
to information within the meaning of Article 4 No. 1 GDPR, such as the name, email address and
postal address of a person. The processing of personal data ensures that we can offer and invoice
our services and products, be it online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presences and email communication
• mobile apps for smartphones and other devices

 

In short: This privacy policy applies to all areas in which personal data is processed in a structured
manner by the company via the channels mentioned. Should we enter into legal relations with you
outside of these channels, we will inform you separately if necessary.

Legal bases

In the following privacy policy, we provide you with transparent information on the legal principles
and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to
process personal data.
Whenever EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access the General Data
Protection Regulation of the EU online at EUR-Lex, the gateway to EU law, at
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data
for a specific purpose. An example would be the storage of data you entered into a contact
form.

2. Contract (Article 6 Paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract
or pre-contractual obligations with you. For example, if we conclude a sales contract with you,
we need personal information in advance.

3. Legal obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we
will process your data. For example, we are legally required to keep invoices for our
bookkeeping. These usually contain personal data.

4. Legitimate interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests
that do not restrict your basic rights, we reserve the right to process personal data. For
example, we have to process certain data in order to be able to operate our website securely
and economically. Therefore, the processing is a legitimate interest.

Other conditions such as making recordings in the interest of the public, the exercise of official
authority as well as the protection of vital interests do not usually occur with us. Should such a legal
basis be relevant, it will be disclosed in the appropriate place.

In addition to the EU regulation, national laws also apply:

 

• In Austria this is the Austrian Data Protection Act (Datenschutzgesetz), in short DSG.
• In Germany this is the Federal Data Protection Act (Bundesdatenschutzgesetz), in short
  BDSG.

Should other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the data protection controller

If you have any questions about data protection, you will find the contact details of the responsible person or controller below:

Carolin Kurth

E-Mail: info@camovis.de
Phone: 0049 (0)30 233 299 96

 

Storage Period

 

It is a general criterion for us to store personal data only for as long as is absolutely necessary for
the provision of our services and products. This means that we delete personal data as soon as any
reason for the data processing no longer exists. In some cases, we are legally obliged to keep
certain data stored even after the original purpose no longer exists, such as for accounting
purposes.

If you want your data to be deleted or if you want to revoke your consent to data processing, the
data will be deleted as soon as possible, provided there is no obligation to continue its storage.

We will inform you below about the specific duration of the respective data processing, provided
we have further information.

Rights in accordance with the General Data Protection

Regulation

In accordance with Articles 13, 14 of the GDPR, we inform you about the following rights you have
to ensure fair and transparent processing of data:

According to Article 15 DSGVO, you have the right to information about whether we are
processing data about you. If this is the case, you have the right to receive a copy of the data
and to know the following information:

• for what purpose we are processing;
• the categories, i.e. the types of data that are processed;
• who receives this data and if the data is transferred to third countries, how security can
  be guaranteed;
• how long the data will be stored;
• the existence of the right to rectification, erasure or restriction of processing and the
  right to object to processing;
• that you can lodge a complaint with a supervisory authority (links to these authorities
  can be found below);
• the origin of the data if we have not collected it from you;
• Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at
  a personal profile of you.

 

• You have a right to rectification of data according to Article 16 GDPR, which means that we
  must correct data if you find errors.
• You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which
  specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which
  means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that
  we will provide you with your data in a standard format upon request.
• According to Article 21 DSGVO, you have the right to object, which entails a change in
  processing after enforcement.
• If the processing of your data is based on Article 6(1)(e) (public interest, exercise of
  official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing.
  We will then check as soon as possible whether we can legally comply with this
  objection.
• If data is used to conduct direct advertising, you may object to this type of data
  processing at any time. We may then no longer use your data for direct marketing.
• If data is used to conduct profiling, you may object to this type of data processing at any
  time. We may no longer use your data for profiling thereafter.

According to Article 22 of the GDPR, you may have the right not to be subject to a decision
based solely on automated processing (for example, profiling).
You have the right to lodge a complaint under Article 77 of the GDPR. This means that you
can complain to the data protection authority at any time if you believe that the data
processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible party listed above with us!

If you believe that the processing of your data violates data protection law or your data protection
rights have been violated in any other way, you can complain to the supervisory authority. For
Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.
In Germany, there is a data protection officer for each federal state. For more information, you can
contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The
following local data protection authority is responsible for our company:

Berlin Data protection authority

State Commissioner for Data Protection: Meike Kamp
Address: Friedrichstraße 219, 10969 Berlin
Phone number: 030/138 89-0
E-mail address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this
processing, if this is required by law or if it is contractually necessary. In any case, we generally only
do so to the permitted extent. In most cases, your consent is the most important reason for data
being processed in third countries. When personal data is being processed in third countries such
as the USA, where many software manufacturers offer their services and have their servers located,
your personal data may be processed and stored in unexpected ways.

We want to expressly point out, that according to the European Court of Justice, there is currently
no adequate level of protection for data transfer to the USA. Data processing by US services (such
as Google Analytics) may result in data processing and retention without the data having
undergone anonymisation processes. Furthermore, US government authorities may be able to
access individual data. The collected data may also get linked to data from other services of the
same provider, should you have a user account with the respective provider. We try to use server
locations within the EU, whenever this is offered and possible.

We will provide you with more details about data transfer to third countries in the appropriate
sections of this privacy policy, whenever applicable.

Security of data processing operations

In order to protect personal data, we have implemented both technical and organisational
measures. We encrypt or pseudonymise personal data wherever this is possible. Thus, we make it
as difficult as we can for third parties to extract personal information from our data.

Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly
default” which means that both software (e.g. forms) and hardware (e.g. access to server rooms)
appropriate safeguards and security measures shall always be placed. If applicable, we will outline
the specific measures below.

TLS encryption with https

The terms TLS, encryption and https sound very technical, which they are indeed. We use HTTPS
(Hypertext Transfer Protocol Secure) to securely transfer data on the Internet.
This means that the entire transmission of all data from your browser to our web server is secured
– nobody can “listen in”.

We have thus introduced an additional layer of security and meet privacy requirements through
technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which
is an encryption protocol for safe data transfer on the internet, we can ensure the protection of
confidential information.

You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in

your browser’s top left corner in the left of the internet address (e.g. examplepage.uk), as well as by
the display of the letters https (instead of http) as a part of our web address.
If you want to know more about encryption, we recommend you to do a Google search for
“Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Communications

Communications Overview
Affected parties: Anyone who communicates with us via phone, email or online form
Processed data: e. g. telephone number, name, email address or data entered in forms.
You can find more details on this under the respective form of contact
Purpose: handling communication with customers, business partners, etc.
Storage duration: for the duration of the business case and the legal requirements
Legal basis: Article 6 (1) (a) GDPR (consent), Article 6 (1) (b) GDPR (contract), Article 6 (1) (f)
GDPR (legitimate interests)

If you contact us and communicate with us via phone, email or online form, your personal data may
be processed.

The data will be processed for handling and processing your request and for the related business
transaction. The data is stored for this period of time or for as long as is legally required.

Affected persons

The above-mentioned processes affect all those who seek contact with us via the communication
channels we provide.

Telephone

When you call us, the call data is stored in a pseudonymised form on the respective terminal
device, as well as by the telecommunications provider that is being used. In addition, data such as
your name and telephone number may be sent via email and stored for answering your inquiries.
The data will be erased as soon as the business case has ended and the legal requirements allow
for its erasure.

Email

If you communicate with us via email, your data is stored on the respective terminal device
(computer, laptop, smartphone, …) as well as on the email server. The data will be deleted as soon
as the business case has ended and the legal requirements allow for its erasure.

Online forms

If you communicate with us using an online form, your data is stored on our web server and, if
necessary, forwarded to our email address. The data will be erased as soon as the business case
has ended and the legal requirements allow for its erasure.

Legal bases

Data processing is based on the following legal bases:

• Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to
  continue to use it for the purposes of the business case;
• Art. 6 para. 1 lit. b GDPR (contract): For the performance of a contract with you or a processor
  such as a telephone provider, or if we have to process the data for pre-contractual activities,
  such as preparing an offer;
• Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to conduct our customer inquiries and
  business communication in a professional manner. Thus, certain technical facilities such
  email programs, Exchange servers and mobile network operators are necessary to efficiently
  operate our communications.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement is and why it is needed.
As the term “Data Processing Agreement” is quite lengthy, we will often only use the acronym DPA
here in this text. Like most companies, we do not work alone, but also use the services of other
companies or individuals. By involving different companies or service providers, we may pass on
personal data for processing. These partners then act as processors with whom we conclude a
contract, the so-called Data Processing Agreement (DPA). Most importantly for you to know is that
any processing of your personal data takes place exclusively according to our instructions and must
be regulated by the DPA.

 

Who are the processors?

As a company and website owner, we are responsible for any of your data that is processed by us.
In addition to the controller, there may also be so-called processors involved. This includes any
company or person who processes your personal data. More precisely and according to the GDPR’s
definition, this means: Any natural or legal person, authority, institution or other entity that
processes your personal data is considered a processor. Processors can therefore be service
providers such as hosting or cloud providers, payment or newsletter providers or large companies
such as Google or Microsoft.

To make the terminology easier to comprehend, here is an overview of the GDPR’s three roles:

Data subject (you as a customer or interested party) → Controller (we as a company and
contracting entity) → Processors (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. First and
foremost, it states that the processor processes the data exclusively in accordance with the GDPR.
The contract must be concluded in writing, although an electronic contract completion is also
considered a “written contract”. Any processing of personal data only takes place after this contract
is concluded. The contract must contain the following:

• indication to us as the controller
• obligations and rights of the controller
• categories of data subjects
• type of personal data
• type and purpose of data processing
• subject and duration of data processing
• location of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations
are:

• ensuring data security measures
• taking possible technical and organisational measures to protect the rights of the data subject
• maintaining a data processing record
• cooperation with the data protection authority upon request
• performing a risk analysis for any received personal data
• subprocessors may only be appointed with the written consent of the controller

You can see an example of what a DPA looks like at https://gdpr.eu/data-processing-agreement/.

This link shows a sample contract.

 

Cookies

Cookies Overview
Affected parties: visitors to the website
Purpose: depending on the respective cookie. You can find out more details below or from
the software manufacturer that sets the cookie.
Processed data: depends on the cookie used. More details can be found below or from the
manufacturer of the software that sets the cookie.
Storage duration: can vary from hours to years, depending on the respective cookie
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP-cookies to store user-specific data.
In the following we explain what cookies are and why they are used, so that you can better
understand the following privacy policy.

Whenever you surf the Internet, you are using a browser. Common browsers are for example,
Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in
your browser. These files are called cookies.

It is important to note that cookies are very useful little helpers. Almost every website uses cookies.
More precisely, these are HTTP cookies, as there are also other cookies for other uses. HTTP
cookies are small files that our website stores on your computer. These cookie files are
automatically placed into the cookie-folder, which is the “brain” of your browser. A cookie consists
of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.

Cookies store certain user data about you, such as language or personal page settings. When you
re-open our website to visit again, your browser submits these “user-related” information back to
our site. Thanks to cookies, our website knows who you are and offers you the settings you are
familiar to. In some browsers, each cookie has its own file, while in others, such as Firefox, all
cookies are stored in one single file.

The following graphic shows a possible interaction between a web browser such as Chrome and
the web server. The web browser requests a website and receives a cookie back from the server.
The browser then uses this again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by
our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Each
cookie must be evaluated individually, as each cookie stores different data. The expiry time of a
cookie also varies from a few minutes to a few years. Cookies are not software programs and do
not contain viruses, trojans or other malware. Cookies also cannot access your PC’s information.

This is an example of how cookie-files can look:

Name: _ga
Value: GA1.2.1326744211.152322329669-9
Purpose: Differentiation between website visitors
Expiry date: after 2 years
A browser should support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

Which types of cookies are there?

The exact cookies that we use, depend on the used services, which will be outlined in the following
sections of this privacy policy. Firstly, we will briefly focus on the different types of HTTP-cookies.

There are 4 different types of cookies:

Essential cookies

These cookies are necessary to ensure the basic functions of a website. They are needed when a
user for example puts a product into their shopping cart, then continues surfing on different
websites and comes back later in order to proceed to the checkout. These cookies ensure the
shopping cart does not get deleted, even if the user closes their browser window.

Purposive cookies

These cookies collect information about user behaviour and whether the user receives any error
messages. Furthermore, these cookies record the website’s loading time as well as its behaviour in
different browsers.

Target-orientated cookies

These cookies ensure better user-friendliness. Thus, information such as previously entered
locations, fonts sizes or data in forms stay stored.

Advertising cookies

These cookies are also known as targeting cookies. They serve the purpose of delivering
customised advertisements to the user. This can be very practical, but also rather annoying.

Upon your first visit to a website you are usually asked which of these cookie-types you want to
accept. Furthermore, this decision will of course also be stored in a cookie.

If you want to learn more about cookies and do not mind technical documentation, we recommend
https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task
Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find out more details below or
from the software manufacturer that sets the cookie.

Which data are processed?

Cookies are little helpers for a wide variety of tasks. Unfortunately, it is not possible to tell which
data is generally stored in cookies, but in the privacy policy below we will inform you on what data
is processed or stored.

Storage period of cookies

The storage period depends on the respective cookie and is further specified below. Some cookies
are erased after less than an hour, while others can remain on a computer for several years.

You can also influence the storage duration yourself. You can manually erase all cookies at any time
in your browser (also see “Right of objection” below). Furthermore, the latest instance cookies
based on consent will be erased is after you withdraw your consent. The legality of storage will
remain unaffected until then.

Right of objection – how can I erase cookies?

You can decide for yourself how and whether you want to use cookies. Regardless of which service
or website the cookies originate from, you always have the option of erasing, deactivating or only
partially accepting cookies. You can for example block third-party cookies but allow all other
cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or
erase cookie settings, you can find this option in your browser settings:

Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge

If you generally do not want cookies, you can set up your browser in a way to notify you whenever a
cookie is about to be set. This gives you the opportunity to manually decide to either permit or
deny the placement of every single cookie. This procedure varies depending on the browser.
Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome,
you could for example put the search term “delete cookies Chrome” or “deactivate cookies Chrome”
into Google.

Legal basis

The so-called “cookie directive” has existed since 2009. It states that the storage of cookies requires
your consent (Article 6 Paragraph 1 lit. a GDPR). Within countries of the EU, however, the reactions
to these guidelines still vary greatly. In Austria, however, this directive was implemented in Section
96 (3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines have not been
implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of
the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests
(Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to offer our visitors
a pleasant user experience on our website. For this, certain cookies often are absolutely necessary.

This is exclusively done with your consent, unless absolutely necessary cookies are used. The legal
basis for this is Article 6 (1) (a) of the GDPR.

In the following sections you will find more detail on the use of cookies, provided the used software
does use cookies.

Customer Data

Customer Data Overview

Affected parties: Customers or business and contractual partners
Purpose: Performance of a contract for the provision of agreed services or prior to entering
into such a contract, including associated communications.
Data processed: name, address, contact details, email address, telephone number,
payment information (such as invoices and bank details), contract data (such as duration and
subject matter of the contract), IP address, order data
Storage period: the data will be erased as soon as they are no longer required for our
business purposes and there is no legal obligation to process them.
Legal bases: Legitimate interests (Art. 6 Para. 1 lit. f GDPR), Contract (Art. 6 Para. 1 lit. b
GDPR)

 

What is customer data?

In order to be able to offer our services and contractual services, we also process data from our
customers and business partners. This data always includes personal data. Customer data is all
information that is processed on the basis of contractual or pre-contractual agreements so that the
offered services can be provided. Customer data is therefore all the information we collect and
process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The main reason is that we
simply need specific data to provide our services. Sometimes for example your email address may
be enough. But if you purchase a product or service, we may e. g. also need data such as your
name, address, bank details or other contract data. This data will subsequently be used for
marketing and sales optimisation so that we can improve our overall service for our customers and
clients. Another important reason for data processing is our customer service, which is very
important to us. We want you to have the opportunity to contact us at any time with questions
about our offers. Thus, we may need certain data such as your email address at the very least.

What data is processed?

Exactly which data is stored can only be shown by putting them in categories. All in all, it always
depends on which of our services you receive. In some cases, you may only give us your email
address so that we can e. g. contact you or answer your questions. In other instances, you may
purchase one of our products or services. Then we may need significantly more information, such
as your contact details, payment details and contract details.

Here is a list of potential data we may receive and process:

• Name
• Contact address
• Email address
• Phone number
• Your birthday
• Payment data (invoices, bank details, payment history, etc.)
• Contract data (duration, contents)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

We erase corresponding customer data as soon as we no longer need it to fulfill our contractual
obligations and purposes, and as soon as the data is also no longer necessary for possible warranty
and liability obligations. This can for example be the case when a business contract ends.
Thereafter, the limitation period is usually 3 years, although longer periods may be possible in
individual cases. Of course, we also comply with the statutory retention requirements. Your
customer data will certainly not be passed on to third parties unless you have given your explicit
consent.

Legal Basis

The legal basis for the processing of your data is Article 6 Paragraph 1 Letter a GDPR (consent),
Article 6 Paragraph 1 Letter b GDPR (contract or pre-contractual measures), Article 6 Paragraph 1
Letter f GDPR (legitimate interests) and in special cases (e. g. medical services) Art. 9 (2) lit. GDPR
(processing of special categories).

In the case of protecting vital interests, data processing is carried out in accordance with Article 9
Paragraph 2 Letter c. GDPR. For the purposes of health care, occupational medicine, medical
diagnostics, care or treatment in the health or social sectors or for the administration of systems
and services in health or social sectors, the processing of personal data takes place in accordance
with Art. 9 Para. 2 lit. h. GDPR. If you voluntarily provide data of these special categories, the
processing takes place on the basis of Article 9 Paragraph 2 lit. a GDPR.

Web hosting

Web hosting Overview

Affected parties: visitors to the website
Purpose: professional hosting of the website and security of operations
Processed data: IP address, time of website visit, browser used and other data. You can find more details on this
below or at the respective web hosting provider.
Storage period: dependent on the respective provider, but usually 2 weeks
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is web hosting?

Every time you visit a website nowadays, certain information – including personal data – is
automatically created and stored, including on this website. This data should be processed as
sparingly as possible, and only with good reason. By website, we mean the entirety of all websites
on your domain, i.e. everything from the homepage to the very last subpage (like this one here). By
domain we mean example.uk or examplepage.com.

When you want to view a website on a screen, you use a program called a web browser. You
probably know the names of some web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox,
and Apple Safari.

The web browser has to connect to another computer which stores the website’s code: the web
server. Operating a web server is complicated and time-consuming, which is why this is usually
done by professional providers. They offer web hosting and thus ensure the reliable and flawless
storage of website data.

Whenever the browser on your computer establishes a connection (desktop, laptop, smartphone)
and whenever data is being transferred to and from the web server, personal data may be
processed. After all, your computer stores data, and the web server also has to retain the data for a
period of time in order to ensure it can operate properly.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and operational security
2. To maintain the operational as well as IT security
3. Anonymous evaluation of access patterns to improve our offer, and if necessary, for
prosecution or the pursuit of claims

Which data are processed?

Even while you are visiting our website, our web server, that is the computer on which this website
is saved, usually automatically saves data such as

• the full address (URL) of the accessed website (e. g.
  https://www.examplepage.uk/examplesubpage.html?tid=322329669)
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e. g.
  https://www.examplepage.uk/icamefromhere.html/)
• the host name and the IP address of the device from the website is being accessed from (e.g.
  COMPUTERNAME and 194.23.43.121)
• date and time
• in so-called web server log files

How long is the data stored?

Generally, the data mentioned above are stored for two weeks and are then automatically deleted.
We do not pass these data on to others, but we cannot rule out the possibility that this data may be
viewed by the authorities in the event of illegal conduct.

In short: Your visit is logged by our provider (company that runs our website on special computers
(servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is justified in Art. 6 para. 1
lit. f GDPR (safeguarding of legitimate interests), as the use of professional hosting with a provider
is necessary to present the company in a safe and user-friendly manner on the internet, as well as
to have the ability to track any attacks and claims, if necessary.

Webhosting Other

Contact data for our Webhosting:

NETZBEST

You can learn more about the data processing at this provider in their Privacy Policy.

Website Builders Introduction

Website Builders Privacy Policy Overview

Affected parties: website visitors
Purpose: service optimisation
Data processed: The data that is being processed includes but is not limited to technical
usage information, browser activity, clickstream activity, session heat maps, contact details, IP
addresses or geographic locations. You can find more details in the Privacy Policy below as
well as in the providers’ Privacy Policies.
Storage duration: depends on the provider
Legal bases: Art. 6 (1) lit. f GDPR (legitimate interests), Art. 6 (1) lit. a GDPR (consent)

What are website builders?

We use a modular website builder for our website. This is a special form of Content Management
System (CMS). Website builders enable website operators to create websites very easily and
without any programming knowledge. In many cases, web hosts also offer website builders. Your
personal data may be collected, stored and processed if a website builder is being used. In this
Privacy Policy, you will find general information about data that is processed by such modular
website builder systems. You can find more information in the respective provider’s Privacy Policy.

Why do we use website builders for our website?

The greatest advantage of modular website builders is their ease of use. We want to offer you a
clear, simple and nicely designed website that we can easily operate and maintain by ourselves –
without needing any external support. Nowadays website builders offer many helpful functions
that we can use even without having any programming knowledge. This enables us to design our
website according to our wishes and therefore, to give you an informative and pleasant experience
on our website.

Which data are stored by website builders?

First of all, the exact data that is stored depends on the website builder that is being used. Each
provider processes and collects different data from website visitors. However, technical usage
information such as users’ operating system, browser, screen resolution, language and keyboard
settings, hosting provider as well as the date of the website visit are usually collected. Moreover,
tracking data (e. g. browser activity, clickstream activities, session heat maps, etc.) may also be
processed. The same goes for personal data, since data such as contact information e. g. email
address, telephone number (if you have provided it), IP address and geographic location data may
also be processed and stored. In the respective provider’s Privacy Policy you can find out exactly
which of your data is getting stored.

How long and where are the data stored?

Provided that we have any further information on this, we will inform you below about the duration
of the data processing associated with the website builder we use. You can find detailed
information on this in the provider’s Privacy Policy. Generally, we only process personal data for as
long as is absolutely necessary to provide our services and products. The provider may store your
data according to their own specifications, over which we have no influence.

Right to object

You always retain the right to information, rectification and erasure of your personal data. If you
have any questions, you can also contact the responsible parties at the respective website builder
system at any time. You can find the corresponding contact details either in our Privacy Policy or on
the website of the respective provider.

What is more, in your browser you can clear, disable or manage cookies that providers use for their
functions. Depending on the browser you use, this can be done in different ways. Please note, that
this may lead to not all functions working as usual anymore.

Legal Bases

We have a legitimate interest in using a website builder system to optimise our online service and
present it in an efficient and user-friendly way. The corresponding legal basis for this is Article 6 (1)
(f) GDPR (legitimate interests). However, we only use the website builder system if you have
consented to it.

If the processing of data is not absolutely necessary for the operation of the website, your data will
only be processed on the basis of your consent. This particularly applies to tracking activities. The
legal basis for this is Article 6 (1) (a) GDPR.

With this Privacy Policy, we have made you more familiar with the most important general
information on data processing. If you want to find out more about this, you will find further
information – if available – in the following section or in the Privacy Policy of the provider.

WordPress.com Privacy Policy

We use the well-known content management system WordPress.com for our website. The service
provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110,
USA.

What is WordPress?

The company was founded in 2003 and quickly developed into one of the most famous content
management systems (CMS) worldwide. A CMS is a software that helps us design our website and
display content beautifully and in an organized manner. The content can include text, audio, and
video.

By using WordPress, personal data about you may also be collected, stored, and processed.
Typically, mainly technical data such as operating system, browser, screen resolution, or hosting
provider are stored. However, personal data such as IP address, geographic data, or contact
information may also be processed.

Why do we use WordPress?

Programming is not one of our core competencies. Nevertheless, we want to have a powerful and
attractive website that we can manage and maintain ourselves. With a website builder system or a
content management system like WordPress, this is possible. With WordPress, we don’t need to be
programming experts to offer you a beautiful website. Thanks to WordPress, we can quickly and
easily operate our website even without technical knowledge. If technical problems arise or we
have special requests for our website, we still have our experts who are familiar with HTML, PHP,
CSS, and the like.

How secure is the data transfer with WordPress?

WordPress processes data from you, among other things, also in the USA. We would like to point
out that, according to the European Court of Justice, there is currently no adequate level of
protection for data transfers to the USA. This can entail various risks for the legality and security of
data processing.

As the basis for data processing by recipients located in third countries (outside the European
Union, Iceland, Liechtenstein, Norway, especially in the USA) or for transferring data to them,
WordPress uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard
Contractual Clauses (SCC) are templates provided by the European Commission and are intended
to ensure that your data complies with European data protection standards even when transferred
to third countries (such as the USA) and stored there. Through these clauses, WordPress commits
to maintaining the European level of data protection when processing your relevant data, even if
the data is stored, processed, and managed in the USA. These clauses are based on an
implementing decision of the European Commission. You can find the decision and the
corresponding standard contractual clauses, among others, here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing conditions (Data Processing Agreements), which correspond to the standard
contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can learn more about the data processed through the use of WordPress.com in the privacy
policy at https://automattic.com/de/privacy/.

Data Processing Agreement (DPA) WordPress.com

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered
into a Data Processing Agreement (DPA) with WordPress.com. What exactly a DPA is and especially
what must be included in a DPA, you can read in our general section “Data Processing Agreement
(DPA)”.

This contract is required by law because WordPress.com processes personal data on our behalf. It
clarifies that WordPress.com may only process data they receive from us according to our
instructions and must comply with the GDPR. You can find the link to the Data Processing
Agreement (DPA) under https://wordpress.com/support/data-processing-agreements/.

Web Analytics

Web Analytics Privacy Policy Overview

Affected parties: visitors to the website
Purpose: Evaluation of visitor information to optimise the website.
Processed data: Access statistics that contain data such as access location, device data,
access duration and time, navigation behaviour, click behaviour and IP addresses. You can
find more details on this from the respective web analytics tool directly.
Storage period: depending on the respective web analytics tool used
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Web Analytics?

We use software on our website, which is known as web analytics, in order to evaluate website
visitor behaviour. Thus, data is collected, which the analytic tool provider (also called tracking tool)
stores, manages and processes. Analyses of user behaviour on our website are created with this
data, which we as the website operator receive. Most tools also offer various testing options. These
enable us, to for example test which offers or content our visitors prefer. For this, we may show you
two different offers for a limited period of time. After the test (a so-called A/B test) we know which
product or content our website visitors find more interesting. For such testing as well as for various
other analyses, user profiles are created and the respective data is stored in cookies.

Why do we run Web Analytics?

We have a clear goal in mind when it comes to our website: we want to offer our industry’s best
website on the market. Therefore, we want to give you both, the best and most interesting offer as
well as comfort when you visit our website. With web analysis tools, we can observe the behaviour
of our website visitors, and then improve our website accordingly for you and for us. For example,
we can see the average age of our visitors, where they come from, the times our website gets
visited the most, and which content or products are particularly popular. All this information helps
us to optimise our website and adapt it to your needs, interests and wishes.

Which data are processed?

The exact data that is stored depends on the analysis tools that are being used. But generally, data
such as the content you view on our website are stored, as well as e. g. which buttons or links you
click, when you open a page, which browser you use, which device (PC, tablet, smartphone, etc.)
you visit the website with, or which computer system you use. If you have agreed that location data
may also be collected, this data may also be processed by the provider of the web analysis tool.

Moreover, your IP address is also stored. According to the General Data Protection Regulation
(GDPR), IP addresses are personal data. However, your IP address is usually stored in a
pseudonymised form (i.e. in an unrecognisable and abbreviated form). No directly linkable data
such as your name, age, address or email address are stored for testing purposes, web analyses
and web optimisations. If this data is collected, it is retained in a pseudonymised form. Therefore, it
cannot be used to identify you as a person.

The following example shows Google Analytics’ functionality as an example for client-based web
tracking with JavaScript code.

The storage period of the respective data always depends on the provider. Some cookies only
retain data for a few minutes or until you leave the website, while other cookies can store data for
several years.

Duration of data processing

If we have any further information on the duration of data processing, you will find it below. We
generally only process personal data for as long as is absolutely necessary to provide products and
services. The storage period may be extended if it is required by law, such as for accounting
purposes for example for accounting.

Right to object

You also have the option and the right to revoke your consent to the use of cookies or third-party
providers at any time. This works either via our cookie management tool or via other opt-out
functions. For example, you can also prevent data processing by cookies by managing, deactivating
or erasing cookies in your browser.

Legal basis

The use of Web Analytics requires your consent, which we obtained with our cookie popup.
According to Art. 6 para. 1 lit. a of the GDPR (consent), this consent represents the legal basis for
the processing of personal data, such as by collection through Web Analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors,
which enables us to technically and economically improve our offer. With Web Analytics, we can
recognise website errors, identify attacks and improve profitability. The legal basis for this is Art. 6
para. 1 lit. f of the GDPR (legitimate interests). Nevertheless, we only use these tools if you have
given your consent.

Since Web Analytics tools use cookies, we recommend you to read our privacy policy on cookies. If
you want to find out which of your data are stored and processed, you should read the privacy
policies of the respective tools.

If available, information on special Web Analytics tools can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Overview

Affected parties: website visitors
Purpose: Evaluation of visitor information to optimise the website.
Processed data: Access statistics that contain data such as the location of access, device
data, access duration and time, navigation behaviour and click behaviour. You can find more
details on this in the privacy policy below.
Storage period: Customizable, GA4 stores data for 14 months by default.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

On our website, we use the analytics tracking tool Google Analytics in the Google Analytics 4 (GA4)
version provided by the American company Google Inc. For the European region, Google Ireland
Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google Analytics collects data about your actions on our website. By combining various
technologies such as cookies, device IDs, and login information, you can be identified as a user
across different devices. This allows your actions to be analyzed across platforms as well.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics.
With the reports we receive from Google Analytics, we can better tailor our website and service to
your needs. In the following, we will provide more information about the tracking tool and
specifically inform you about the data processed and how you can prevent it.

Google Analytics is a tracking tool used for website traffic analysis. The basis for these
measurements and analyses is a pseudonymous user identification number. This number does not
include personally identifiable information such as name or address but is used to assign events to
a device. GA4 utilizes an event-based model that captures detailed information about user
interactions such as page views, clicks, scrolling, and conversion events. Additionally, GA4
incorporates various machine learning features to better understand user behavior and certain
trends. GA4 employs modeling through machine learning capabilities, meaning that based on the
collected data, missing data can be extrapolated to optimize the analysis and provide forecasts.

In order for Google Analytics to function properly, a tracking code is embedded in the code of our
website. When you visit our website, this code records various events that you perform on our
website. With GA4’s event-based data model, we, as website operators, can define and track
specific events to obtain analyses of user interactions. This allows us to track not only general
information such as clicks or page views but also specific events that are important for our
business, such as submitting a contact form or making a purchase.

Once you leave our website, this data is sent to and stored on Google Analytics servers.

Google processes the data, and we receive reports on your user behavior. These reports can
include, among others, the following:

• Audience reports: Audience reports help us get to know our users better and gain a more
  precise understanding of who is interested in our service.
• Advertising reports: Advertising reports make it easier for us to analyze and improve our
  online advertising.
• Acquisition reports: Acquisition reports provide helpful information on how we can attract
  more people to our service.
• Behavior reports: Here, we learn about how you interact with our website. We can track the
  path you take on our site and which links you click on.
• Conversion reports: Conversion refers to an action you take as a result of a marketing
  message, such as going from being a website visitor to becoming a buyer or newsletter
  subscriber. Through these reports, we gain insights into how our marketing efforts resonate
  with you, with the aim of improving our conversion rate.
• Real-time reports: With real-time reports, we can see what is currently happening on our
  website. For example, we can see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following
functions:

• Event-based data model: This model captures specific events that can occur on our website,
  such as playing a video, making a purchase, or subscribing to our newsletter.
• Advanced analytics features: With these features, we can gain a better understanding of your
  behavior on our website or certain general trends. For example, we can segment user groups,
  conduct comparative analyses of target audiences, or track your path on our website.
• Predictive modeling: Based on the collected data, missing data can be extrapolated through
  machine learning to predict future events and trends. This can help us develop better
  marketing strategies.
• Cross-platform analysis: Data collection and analysis are possible from both websites and
  apps. This enables us to analyze user behavior across platforms, provided you have
  consented to data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The
statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our
website. On one hand, we can optimize our site to make it more easily found by interested people
on Google. On the other hand, the data helps us better understand you as a visitor. We know
exactly what we need to improve on our website in order to provide you with the best possible
service. The data also helps us conduct our advertising and marketing activities in a more
personalized and cost-effective manner. After all, it only makes sense to show our products and
services to people who are interested in them.

What data is stored by Google Analytics?

With the help of a tracking code, Google Analytics creates a random, unique ID associated with your
browser cookie. This way, Google Analytics recognizes you as a new user, and a user ID is assigned
to you. When you visit our site again, you are recognized as a “returning” user. All collected data is
stored together with this user ID, making it possible to evaluate pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code.
The data is then stored in the corresponding property. For each newly created property, the default
is Google Analytics 4 Property. The data storage duration varies depending on the property used.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your
interactions, if you have consented, are measured across platforms. Interactions encompass all
types of actions you perform on our website. If you also use other Google systems (such as a
Google account), data generated through Google Analytics can be linked to third-party cookies.
Google does not disclose Google Analytics data unless we, as website operators, authorize it, except
when required by law.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, IP
address data is used by Google for deriving location data and is immediately deleted thereafter. All
IP addresses collected from users in the EU are deleted before the data is stored in a data center or
on a server.

Since GA4 focuses on event-based data, the tool uses significantly fewer cookies compared to
previous versions such as Google Universal Analytics. However, there are still some specific cookies
used by GA4. These can include:

Name: _ga
Value: 2.1326744211.152322329669-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is used to distinguish
website visitors.
Expiration: After 2 years

Name: _gid
Value: 2.1687193234.152322329669-1
Purpose: This cookie is also used to distinguish website visitors.
Expiration: After 24 hours

Name: gat_gtag_UA Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is deployed via Google Tag Manager,
this cookie will be named dc_gtm .
Expiration: After 1 minute

Note: This list cannot claim to be exhaustive, as Google may change their choice of cookies from
time to time. GA4 aims to improve data privacy and offers several options for controlling data
collection. For example, we can determine the storage duration ourselves and control data.

Here we provide an overview of the main types of data collected by Google Analytics:

Heatmaps: Google creates heatmaps to show the exact areas you click on. This provides us with
information about your interactions on our site.

Session Duration: Google refers to session duration as the time you spend on our site without
leaving. If you are inactive for 20 minutes, the session automatically ends.

Bounce Rate: Bounce rate refers to when you view only one page on our website and then leave.

Account Creation: If you create an account or place an order on our website, Google Analytics
collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, location data is
derived shortly before the IP address is deleted.

Technical Information: Technical information includes your browser type, internet service
provider, and screen resolution, among others.

Source of Origin: Google Analytics is interested in the website or advertisement that brought you
to our site.

Additional data may include contact information, reviews, media playback (e.g., if you play a video
on our site), sharing of content via social media, or adding to favorites. This list is not exhaustive
and serves only as a general guide to the data storage by Google Analytics.

Where and how long are the data stored?

Google has servers distributed worldwide. You can find precise information about the locations of
Google data centers at: https://www.google.com/about/datacenters/locations/?hl=en

Your data is distributed across multiple physical storage devices. This ensures faster access to data
and better protection against manipulation. Each Google data center has emergency programs in
place for your data. In the event of hardware failure or natural disasters, the risk of service
interruption at Google remains low.

The retention period of data depends on the properties used. The storage duration is always set
separately for each individual property. Google Analytics offers us four options for controlling the
storage duration:

• 2 months: This is the shortest storage period.
• 14 months: By default, data is stored in GA4 for 14 months.
• 26 months: Data can also be stored for 26 months.
• Data is only deleted manually.

In addition, there is also the option for data to be deleted only if you do not visit our website within
the selected time period. In this case, the retention period is reset every time you revisit our
website within the defined time frame.

Once the defined period has expired, the data is deleted once a month. This retention period
applies to data linked to cookies, user identification, and advertising IDs (e.g., cookies from the
DoubleClick domain). Report results are based on aggregated data and are stored independently of
user data. Aggregated data is a combination of individual data into larger units.

How can I delete my data or prevent data storage?

Under the data protection laws of the European Union, you have the right to access, update, delete,
or restrict your data. By using the browser add-on to deactivate Google Analytics JavaScript
(analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download
and install the browser add-on at: https://tools.google.com/dlpage/gaoptout?hl=en Please note that
this add-on only disables data collection by Google Analytics.

If you want to disable, delete, or manage cookies in general, you can find the respective instructions
for the most common browsers in the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we obtained through our cookie popup.
According to Art. 6(1)(a) of the GDPR, this consent constitutes the legal basis for the processing of
personal data that may occur during the collection by web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website
visitors to improve our offering technically and economically. By using Google Analytics, we can
identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f)
of the GDPR (legitimate interests). However, we only use Google Analytics if you have given your
consent.

Google processes data from you, among other things, in the United States. We would like to point
out that, in the opinion of the European Court of Justice, there is currently no adequate level of data
protection for the transfer of data to the United States. This may entail various risks to the legality
and security of data processing.

As the basis for data processing involving recipients based in third countries (outside the European
Union, Iceland, Liechtenstein, Norway, especially the United States) or the transfer of data to such
countries, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) of the GDPR).
Standard Contractual Clauses (SCC) are template clauses provided by the European Commission
and are intended to ensure that your data complies with European data protection standards even
when transferred and stored in third countries (such as the United States). Through these clauses,
Google undertakes to comply with the European level of data protection when processing your
relevant data, even if the data is stored, processed, and managed in the United States. These
clauses are based on an implementing decision of the European Commission. You can find the
decision and the corresponding Standard Contractual Clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find the Google Ads Data Processing Terms, which refer to the Standard Contractual
Clauses, at: https://business.safety.google/intl/en/adsprocessorterms/

We hope we have provided you with the most important information regarding the data processing
by Google Analytics. If you want to learn more about the tracking service, we recommend the
following links: https://marketingplatform.google.com/about/analytics/terms/en/ and
https://support.google.com/analytics/answer/6004245?hl=en

If you want to learn more about data processing, you can refer to the Google Privacy Policy at:
https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered
into a Data Processing Agreement (DPA) with Google Analytics. What exactly a DPA is and especially
what must be included in a DPA, you can read in our general section “Data Processing Agreement
(DPA)”.

This contract is required by law because Google Analytics processes personal data on our behalf. It
clarifies that Google Analytics may only process data they receive from us according to our
instructions and must comply with the GDPR. You can find the link to the Data Processing Terms
under https://business.safety.google/intl/en/adsprocessorterms/.

Google Remarketing Privacy Policy

We use Google Remarketing, an advertising analysis tool, for our website. The provider of this
service is the American company Google Inc. The entity responsible for all Google services in
Europe is the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).

Google also processes data in the USA, among other countries. We would like to note, that
according to the European Court of Justice, there is currently no adequate level of protection for
data transfers to the USA. This can be associated with various risks to the legality and security of
data processing.

Google uses standard contractual clauses approved by the EU Commission as the basis for data
processing by recipients based in third countries (i. e. outside the European Union, Iceland,
Liechtenstein, Norway, and thus especially in the USA) or data transfer there (= Art. 46, paragraphs
2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are legal templates provided by the EU
Commission. Their purpose is to ensure that your data complies with European data privacy
standards, even if your data is transferred to and stored in third countries (such as the USA). With
these clauses, Google commits to comply with the EU‘s level of data protection when processing
relevant data, even if it is stored, processed and managed in the USA. These clauses are based on
an implementing order by the EU Commission. You can find the order and the standard contractual
clauses here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

Google holds a contract on commissioned processing in accordance with Art. 28 DSGVO, which acts
as the data protection law basis for our customer relationship with Google. This refers to the EU
standard contractual clauses in terms of content. Here you can find the order processing
conditions: https://business.safety.google/intl/en/adsprocessorterms/

You can find out more about the data that is processed through the use of Google Remarketing in
their Privacy Policy at https://policies.google.com/privacy?hl=en.

Social Media

Social Media Privacy Policy Overview

Affected parties: website visitors
Purpose: Service presentation and optimisation, staying in contact with visitors, interested
parties, etc. as well as advertising
Processed data: data such as telephone numbers, email addresses, contact data, data on
user behaviour, information about your device and your IP address.
You can find more details on this directly at the respective social media tool used.
Storage period: depending on the social media platforms used
Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate
interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. For us to be able to
target interested users via social networks, user data may be processed. Additionally, elements of
social media platforms may be embedded directly in our website. This is e.g. the case if you click a
so-called social button on our website and are forwarded directly to our social media presence. Socalled social media are websites and apps on which registered members can produce and
exchange content with other members, be it openly or in certain groups and networks.

Why do we use Social Media?

For years, social media platforms have been the place where people communicate and get into
contact online. With our social media presence, we can familiarise interested people better with our
products and services. The social media elements integrated on our website help you switch to our
social media content quickly and hassle free.

The data that is retained and processed when you use a social media channel is primarily used to
conduct web analyses. The aim of these analyses is to be able to develop more precise and
personal marketing and advertising strategies. The evaluated data on your behaviour on any social
media platform can help to draw appropriate conclusions about your interests. Moreover, so-called
user profiles can be created. Thus, the platforms may also to present you with customised
advertisements. For this, cookies are usually placed in your browser, which store data on your user
behaviour.

We generally assume that we will continue to be responsible under Data Protection Law, even
when using the services of a social media platform. However, the European Court of Justice has
ruled that, within the meaning of Art. 26 GDPR, in certain cases the operator of the social media
platform can be jointly responsible with us. Should this be the case, we will point it out separately
and work on the basis of a related agreement. You will then find the essence of the agreement for
the concerned platform below.

Please note that when you use social media platforms or our built-in elements, your data may also
be processed outside the European Union, as many social media channels, such as Facebook or
Twitter, are American companies. As a result, you may no longer be able to easily claim or enforce
your rights regarding your personal data.

Which data are processed?

Exactly which data are stored and processed depends on the respective provider of the social
media platform. But usually it is data such as telephone numbers, email addresses, data you enter
in contact forms, user data such as which buttons you click, what you like or who you follow, when
you visited which pages, as well as information about your device and IP address. Most of this data
is stored in cookies. Should you have a profile on the social media channel you are visiting and are
logged in, data may be linked to your profile.

All data that are collected via social media platforms are also stored on the providers’ servers. This
means that only the providers have access to the data and can provide you with appropriate
information or make changes for you.

If you want to know exactly which data is stored and processed by social media providers and how
you can object to the data processing, we recommend you to carefully read the privacy policy of the
respective company. We also recommend you to contact the provider directly if you have any
questions about data storage and data processing or if you want to assert any corresponding
rights.

Duration of data processing

Provided we have any further information on this, we will inform you about the duration of the data
processing below. The social media platform Facebook example stores data until they are no longer
needed for the company’s own purposes. However, customer data that is synchronised with your
own user data is erased within two days. Generally, we only process personal data for as long as is
absolutely necessary for the provision of our services and products. This storage period can also be
exceeded however, if it is required by law, such as e.g. in the case of accounting.

Right to object

You also retain the right and the option to revoke your consent to the use of cookies or third-party
providers such as embedded social media elements at any time. This can be done either via our
cookie management tool or via other opt-out functions. You can e.g. also prevent data collection via
cookies by managing, deactivating or erasing cookies in your browser.

Since cookies may be used with social media tools, we also recommend you to read our privacy
policy on cookies. If you want to find out which of your data is stored and processed, we advise you
to read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data by integrated social media
elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR).
Generally, provided you have given your consent, your data will also be stored and processed on
the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining fast and good
communication with you and other customers and business partners. Nevertheless, we only use
the tools if you have consented. Most social media platforms also set cookies on your browser to
store data. We therefore recommend you to read our privacy policy on cookies carefully and to take
a look at the privacy policy or cookie policy of the respective service provider.

in the following section you can find information on special social media platforms – provided this
information is available.

Instagram Privacy Policy

Instagram Privacy Policy Overview

Affected parties: website visitors
Purpose: optimising our service
Processed data: includes data on user behaviour, information about your device and IP
address.
More details can be found in the privacy policy below.
Storage period: until Instagram no longer needs the data for its purposes
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated functions of Instagram to our website. Instagram is a social media platform of
the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram is a
subsidiary company of Facebook Inc. and is a part of Facebook’s products. The inclusion of
Instagram’s contents on our website is called embedding. With this, we can show you Instagram
contents such as buttons, photos or videos directly on our website. If you open websites of our
online presence, that have an integrated Instagram function, data gets transmitted to, as well as
stored and processed by Instagram. Instagram uses the same systems and technologies as
Facebook. Therefore, your data will be processed across all Facebook firms.

In the following, we want to give you a more detailed insight on why Instagram collects data, what
data these are and how you can control data processing. As Instagram belongs to Facebook Inc., we
have, on the one hand received this information from the Instagram guidelines, and on the other
hand from Facebook’s Data Policy.

Instagram is one of the most famous social media networks worldwide. Instagram combines the
benefits of a blog with the benefits of audio-visual platforms such as YouTube or Vimeo. To “Insta“
(how the platform is casually called by many users) you can upload photos and short videos, edit
them with different filters and also share them to other social networks. Also, if you do not want to
be active on Instagram yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is a social media platform whose success has skyrocketed within recent years. Naturally,
we have also reacted to this boom. We want you to feel as comfortable as possible on our website.
Therefore, we attach great importance to diversified contents. With the embedded Instagram
features we can enrich our content with helpful, funny or exciting Instagram contents. Since
Instagram is a subsidiary company of Facebook, the collected data can also serve us for customised
advertising on Facebook. Hence, only persons who are genuinely interested in our products or
services can see our ads.

Instagram also uses the collected data for tracking and analysis purposes. We receive summarised
statistics and therefore more insight to your wishes and interests. It is important to mention that
these reports do not identify you personally.

What data is stored by Instagram?

Whenever you land on one of our sites, which have Instagram functions (i.e. Instagram photos or
plugins) integrated to them, your browser automatically connects with Instagram’s servers.
Thereby, data is sent to, as well as saved and processed by Instagram. This always happens,
whether you have an Instagram account or not. Moreover, it includes information on our website,
your computer, your purchases, the advertisements you see and on how you use our offer. The
date and time of your interaction is also stored. If you have an Instagram account or are logged in,
Instagram saves significantly more data on you.

Facebook distinguishes between customer data and event data. We assume this is also the case for
Instagram. Customer data are for example names, addresses, phone numbers and IP addresses.
These data are only transmitted to Instagram, if they have been “hashed” first. Thereby, a set of
data is transformed into a string of characters, which encrypts any contact data. Moreover, the
aforementioned “event data“ (data on your user behaviour) is transmitted as well. It is also possible,
that contact data may get combined with event data. The collected data data is matched with any
data Instagram already has on you.

Furthermore, the gathered data are transferred to Facebook via little text files (cookies) which
usually get set in your browser. Depending on the Instagram function used, and whether you have
an Instagram account yourself, the amount of data that gets stored varies.

We assume data processing on Instagram works the same way as on Facebook. Therefore, if you
have an account on Instagram or have visited www.instagram.com, Instagram has set at least one
cookie. If this is the case, your browser uses the cookie to send information to Instagram, as soon
as you come across an Instagram function. No later than 90 days (after matching) the data is
deleted or anonymised. Even though we have studied Instagram’s data processing in-depth, we
cannot tell for sure what exact data Instagram collects and retains.

In the following we will show you a list of the least cookies placed in your browser when click on an
Instagram function (e.g. button or an Insta picture). In our test we assume you do not have an
Instagram account, since if you would be logged in to your Instagram account, your browser would
place significantly more cookies.

The following cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent falsifications of requests. We
could not find out more information on it.
Expiry date: after one year

Name: mid
Value: “”
Purpose: Instagram places this cookie to optimise its own offers and services in- and outside of
Instagram. The cookie allocates a unique user ID.
Expiry date: after end of session

Name: fbsr_322329669124024
Value: no information
Purpose: This cookie stores the login request of Instagram app users.
Expiry date: after end of session
Name: rur
Value: ATN
Purpose: This is an Instagram cookie which guarantees functionality on Instagram.
Expiry date: after end of session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe322329669”
Purpose: This cookie serves Instagram’s marketing purposes.
Expiry date: after end of session

Note: We do not claim this list to be exhaustive. The cookies that are placed in each individual case,
depend on the functions embedded as well as on your use of Instagram.

How long and where are these data stored?

Instagram shares the information obtained within the Facebook businesses with external partners
and persons you are globally connected with. Data processing is done according to Facebook’s
internal data policy. Your data is distributed to Facebook’s servers across the world, partially for
security reasons. Most of these servers are in the USA.

How can I erase my data or prevent data retention?

Thanks to the General Data Protection Regulation (GDPR), you have the right of information,
rectification, transfer and deletion of your data. Furthermore, you can manage your data in
Instagram’s settings. If you want to delete your data on Instagram completely, you will have to
delete your Instagram account permanently.

And this is how an Instagram account can be deleted:

First, open the Instagram app. Then, navigate to your profile page, select the three bars in the top
right, choose “Settings” and then click “Help”. Now, you will be redirected to the company’s website,
where you must click on “Managing Your Account” and then “Delete Your Account”.

When you delete your account completely, Instagram deletes posts such as your photos and status
updates. Any information other people shared about you are not a part of your account and do
therefore not get deleted.

As mentioned before, Instagram primarily stores your data via cookies. You can manage, deactivate
or delete these cookies in your browser. Depending on your browser, managing them varies a bit.
We will show you the instructions of the most relevant browsers here.

Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge

Generally, you can set your browser to notify you whenever a cookie is about to be set. Then you
can individually decide upon the permission of every cookie.

Legal basis

If you have consented to the processing and storage of your data by integrated social media
elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . Generally,
your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f
GDPR) to maintain fast and good communication with you or other customers and business
partners. We only use the integrated social media elements if you have given your consent. Most
social media platforms also place cookies in your browser to store data. We therefore recommend
you to read our privacy policy about cookies carefully and to take a look at the privacy policy or the
cookie policy of the respective service provider.

Instagram and Facebook also process data in the USA, among other countries. We would like to
note, that according to the European Court of Justice, there is currently no adequate level of
protection for data transfer to the USA. This can be associated with various risks to the legality and
security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union,
Iceland, Liechtenstein, Norway and especially in the USA) or data transfers there, Facebook uses
standard contractual clauses approved by the EU Commission (= Art. 46, paragraphs 2 and 3 of the
GDPR). These clauses oblige Facebook to comply with the EU’s level of data protection when
processing relevant data outside the EU. These clauses are based on an implementing order by the
EU Commission. You can find the order and the clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

We have tried to give you the most important information about data processing by Instagram. On
https://help.instagram.com/519522125107875 you can take a closer look at Instagram’s data guidelines.

LinkedIn Privacy Policy

LinkedIn Privacy Policy Overview

Affected parties: website visitors
Purpose: optimisation of our service
Processed data: includes data on user behaviour, information about your device and IP
address.
More details can be found in the privacy policy below.
Storage period: the data is generally deleted within 30 days
Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate
interests)

What is LinkedIn?

On our website we use social plugins from the social media network LinkedIn, of the LinkedIn
Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Social plugins can be feeds,
content sharing or a link to our LinkedIn page. Social plugins are clearly marked with the wellknown LinkedIn logo and for example allow sharing interesting content directly via our website.
Moreover, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data
processing in the European Economic Area and Switzerland.

By embedding these plugins, data can be sent to, as well as stored and processed by LinkedIn. In
this privacy policy we want to inform you what data this is, how the network uses this data and how
you can manage or prevent data retention.

LinkedIn is the largest social network for business contacts. In contrast to e.g. Facebook, LinkedIn
focuses exclusively on establishing business connections. Therefore, companies can present
services and products on the platform and establish business relationships. Many people also use
LinkedIn to find a job or to find suitable employees for their own company. In Germany alone, the
network has over 11 million members. In Austria there are about 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. You just cannot keep up with following every single social media
channel. Even if it would really be worth it, as it is with our channels, since we keep posting
interesting news and articles worth spreading. Therefore, on our website we have created the
opportunity to share interesting content directly on LinkedIn, or to refer directly to our LinkedIn
page. We consider built-in social plugins as an extended service on our website. The data LinkedIn
collects also help us to display potential advertising measures only to people who are interested in
our offer.

What data are stored by LinkedIn?

LinkedIn stores no personal data due to the mere integration of social plugins. LinkedIn calls the
data generated by plugins passive impressions. However, if you click on a social plugin to e.g. share
our content, the platform stores personal data as so-called “active impressions”. This happens
regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data
will be assigned to your account.

When you interact with our plugins, your browser establishes a direct connection to LinkedIn’s
servers. Through that, the company logs various usage data. These may include your IP address,
login data, device information or information about your internet or cellular provider. If you use
LinkedIn services via your smartphone, your location may also be identified (after you have given
permission). Moreover, LinkedIn can share these data with third-party advertisers in “hashed” form.
Hashing means that a data set is transformed into a character string. This allows data to be
encrypted, which prevents persons from getting identified.

Most data on of your user behaviour is stored in cookies. These are small text files that usually get
placed in your browser. Furthermore, LinkedIn can also use web beacons, pixel tags, display tags
and other device recognitions.

Various tests also show which cookies are set when a user interacts with a social plug-in. We do not
claim for the information we found to be exhaustive, as it only serves as an example. The following
cookies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16322329669-
Purpose: This cookie is a so-called “browser ID cookie” and stores your identification number (ID).
Expiry date: after 2 years

Name: lang
Value: v=2&lang=en-gb
Purpose:This cookie saves your default or preferred language.
Expiry date: after end of session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G322329669…
Purpose:This cookie is used for routing. Routing records how you found your way to LinkedIn and
how you navigate through the website.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose:No further information could be found about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:3223296692900777718326218137
Purpose: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through
the server.
Expiry date: after end of session

Name: bscookie
Value: “v=1&201910230812…
Purpose: This cookie is a security cookie. LinkedIn describes it as a secure browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose: We could not find any further information about this cookie.
Expiry date: after 7 days

Note: LinkedIn also works with third parties. That is why we identified the Google Analytics cookies
_ga and _gat in our test.

How long and where are the data stored?

In general, LinkedIn retains your personal data for as long as the company considers it necessary
for providing its services. However, LinkedIn deletes your personal data when you delete your
account. In some exceptional cases, LinkedIn keeps some summarised and anonymised data, even
account deletions. As soon as you delete your account, it may take up to a day until other people
can no longer see your data. LinkedIn generally deletes the data within 30 days. However, LinkedIn
retains data if it is necessary for legal reasons. Also, data that can no longer be assigned to any
person remains stored even after the account is closed. The data are stored on various servers in
America and presumably also in Europe.

How can I delete my data or prevent data retention?

You have the right to access and delete your personal data at any time. In your LinkedIn account
you can manage, change and delete your data. Moreover, you can request a copy of your personal
data from LinkedIn.

How to access account data in your LinkedIn profile:

In LinkedIn, click on your profile icon and select the “Settings & Privacy” section. Now click on
“Privacy” and then on the section “How LinkedIn uses your data on”. Then, click “Change” in the row
with “Manage your data and activity”. There you can instantly view selected data on your web
activity and your account history.

In your browser you also have the option of preventing data processing by LinkedIn. As mentioned
above, LinkedIn stores most data via cookies that are placed in your browser. You can manage,
deactivate or delete these cookies. Depending on which browser you have, these settings work a
little different. You can find the instructions for the most common browsers here:

Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge

You can generally set your browser to always notify you when a cookie is about to be set. Then you
can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to the processing and storage of your data by integrated social media
elements, your consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Generally,
your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f
GDPR) to maintain fast and good communication with you or other customers and business
partners. We only use the integrated social media elements if you have given your consent. Most
social media platforms also place cookies in your browser to store data. We therefore recommend
you to read our privacy policy about cookies carefully and take a look at the privacy policy or the
cookie policy of the respective service provider.

LinkedIn also processes data in the USA, among other countries. We would like to note, that
according to the European Court of Justice, there is currently no adequate level of protection for
data transfers to the USA. This can be associated with various risks to the legality and security of
data processing.

LinkedIn uses standard contractual clauses approved by the EU Commission as the basis for data
processing by recipients based in third countries (outside the European Union, Iceland,
Liechtenstein, Norway, and especially in the USA) or data transfer there (= Art. 46, paragraph 2 and
3 of the GDPR). These clauses oblige LinkedIn to comply with the EU’s level of data protection when
processing relevant data outside the EU. These clauses are based on an implementing order by the
EU Commission. You can find the order and the clauses here:
https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

We have tried to provide you with the most important information about data processing by
LinkedIn. On https://www.linkedin.com/legal/privacy-policy you can find out more on data
processing by the social media network LinkedIn.

Data Processing Agreement (DPA) LinkedIn

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered
into a Data Processing Agreement (DPA) with LinkedIn. What exactly a DPA is and especially what
must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”.

This contract is required by law because LinkedIn processes personal data on our behalf. It clarifies
that LinkedIn may only process data they receive from us according to our instructions and must
comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) under
https://www.linkedin.com/legal/l/dpa?.

XING Privacy Policy

Xing Privacy Policy Overview

Affected parties: website visitors
Purpose: optimising our service
Processed data: your IP address and browser data, as well as the date and time of your
page view
More details can be found in the privacy policy below.
Storage period: data of Xing users are stored until deletion is requested
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Xing?

On our website we use social plugins by the social media network Xing, by the company Xing SE,
Dammtorstrasse 30, 20354 Hamburg, Germany. Their functions allow you to for example share
content and follow interesting content on Xing directly via our website, or to log in to Xing via our
site. You can recognize the plugins by the company name or the Xing logo. If you open a website
that uses a Xing plugin, data can be transmitted to, and saved as well as evaluated by the “Xing
server”. In this privacy policy we will inform you on what data this is and how you can manage or
prevent data retention.

Xing is a social network with its headquarters in Hamburg. The company specializes in managing
professional contacts. That means, that as opposed to other networks, Xing is primarily about
professional networking. The platform is often used for job hunting or for companies to find
employees. Moreover, Xing offers interesting content on various professional topics. The global
counterpart of Xing is the American company LinkedIn.

Why do we use Xing on our website?

Nowadays, there is a flood of social media channels, and we understand that your time is very
precious. It is simply not possible for you to closely follow every social media channel of a company.
Therefore, we want to make your life as easy as possible and enable you to share or follow
interesting content on Xing directly via our website. With these so-called “social plugins” we are
expanding the service on our website. Additionally, the data collected by Xing help us to create
targeted advertising on the platform. This means that our services are only displayed to people
who are genuinely interested in them.

What data is stored by Xing?

As plugins for websites, Xing offers the share, follow and login buttons. As soon as you open a page
with an integrated Xing social plugin, your browser will connect to servers in a Xing data centre.
Xing claim that upon using the share button, no data that could directly relate to a person is stored.
Furthermore, Xing do not save your IP address, neither do any cookies get set upon using the share
button. This means that your user behaviour is not analysed. You can find more information at
https://dev.xing.com/plugins/share_button/privacy_policy.

With Xing’s other plugins, cookies only get set in your browser if you interact with the plugin or click
on it. Personal data such as your IP address, browser data, as well as the date and time of your visit
to Xing may be stored. If you have a XING account and are logged in, the collected data will be
assigned to your personal account and matched with the data stored in it.

If you click on the follow or log-in button and are not yet logged in to Xing, the following cookies are
set in your browser. Please keep in mind that this is an indicative list and we do not claim for it to
be exhaustive:

Name: AMCVS_0894FF2554F733210A4C98C6%40AdobeOrg
Value: 1
Purpose: This cookie is used to create and store identification details for website visitors.
Expiry date: after session end

Name: c_
Value: 157c609dc9fe7d7ff56064c6de87b019322329669-8
Purpose: We were unable to find out more information on this cookie.
Expiry date: after one day

Name: prevPage
Value: wbm%2FWelcome%2Flogin
Purpose: This cookie stores the URL of the previous website you visited.
Expiry date: after 30 minutes

Name: s_cc
Value: true
Purpose: This Adobe Site Catalyst cookie determines whether cookies are generally activated in the
browser.
Expiry date: after end of session

Name: s_fid
Value: 6897CDCD1013221C-39DDACC982217CD1322329669-2
Purpose: This cookie is used to identify a unique visitor.
Expiry date: after 5 years

Name: visitor_id
Value: fe59fbe5-e9c6-4fca-8776-30d0c1a89c32
Purpose: The visitor cookie contains a unique visitor ID and a unique identifier for your account.
Expiry date: after 2 years

Name:_session_id
Value: 533a0a6641df82b46383da06ea0e84e7322329669-2
Purpose: This cookie creates a temporary session ID that is used as the in-session user ID. The
cookie is vital to provide the functions of Xing.
Expiry date: after end of session

When you are logged in to Xing or are a member of the platform, further personal data will be
collected, processed and saved. Xing also passes personal data to third parties if it is either
necessary for its own business purposes, if you have given your consent or if there is a legal
obligation.

How long and where is the data stored?

Xing stores data on different servers in various data centres. The company stores this data until you
delete it or until you delete your user account. Of course, this only applies to users who are already
Xing members.

How can I erase my data or prevent data retention?

You have the right to access and delete your personal data at any time. Even if you are not a Xing
member, you can prevent potential data processing via your browser or manage it as you wish.
Most data are stored via cookies. Depending on which browser you are using, the settings work a
little different. You can find the instructions for the most common browsers here:

Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge

You can also set up your browser to notify you whenever a cookie is about to be placed. Then you
can always decide individually whether you want to allow or deny a cookie.

Legal basis

If you have consented processing and storage of your data by integrated social media elements,
this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . Generally, your data
is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) to
maintain fast and good communication with you or other customers and business partners. We
only use integrated social media elements if you have given your consent. Most social media
platforms also place cookies in your browser to store data. We therefore recommend you to read
our privacy policy about cookies carefully and to also take a look at the privacy policy or the cookie
policy of the respective service provider.

We tried to make you familiar with the most important information on data processing by Xing. At
https://privacy.xing.com/en/privacy-policy you can find out more about data processing by the
social media network Xing.

Cookie Consent Management Platform

Cookie Consent Management Platform Overview

Affected parties: Website visitors
Purpose: Obtaining and managing consent to certain cookies and thus the use of certain
tools
Processed data: data for managing cookie settings such as IP address, time of consent, type
of consent and individual consent. You can find more details on this directly with the tool that
is being used.
Storage period: depends on the tool used, periods of several years can be assumed
Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate
interests)

What is a cookie consent management platform?

We use a Consent Management Platform (CMP) software on our website that makes it easier for us
and you to handle the scripts and cookies used correctly and securely. The software automatically
creates a cookie pop-up, scans and controls all scripts and cookies, provides you with the cookie
consent required under data protection law and helps you and us to keep track of all cookies. Most
cookie consent management tools identify and categorize all existing cookies. As a website visitor,
you then decide for yourself whether and which scripts and cookies you allow or not. The following
graphic shows the relationship between browser, web server and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also
legally obliged to do so. We want to inform you as well as possible about all tools and all cookies
that can save and process your data. It is also your right to decide for yourself which cookies you
accept and which you do not. In order to grant you this right, we first need to know exactly which
cookies actually landed on our website. Thanks to a cookie management tool, which regularly scans
the website for all cookies present, we know about all cookies and can provide you with GDPRcompliant information. You can then use the consent system to accept or reject cookies.

Which data are processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have
complete control over the storage and processing of your data. The declaration of your consent is
stored so that we do not have to ask you every time you visit our website and we can also prove
your consent if required by law. This is saved either in an opt-in cookie or on a server. The storage
time of your cookie consent varies depending on the provider of the cookie management tool.
Usually this data (e.g. pseudonymous user ID, time of consent, detailed information on the cookie
categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you below about the duration of the data processing if we have further information.
In general, we only process personal data for as long as is absolutely necessary for the provision of
our services and products. Data stored in cookies are stored for different lengths of time. Some
cookies are deleted after you leave the website, others may be stored in your browser for a few
years. The exact duration of the data processing depends on the tool used, in most cases you
should be prepared for a storage period of several years. In the respective data protection
declarations of the individual providers, you will usually receive precise information about the
duration of the data processing.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies at any time.
This works either via our cookie management tool or via other opt-out functions. For example, you
can also prevent data collection by cookies by managing, deactivating or deleting cookies in your
browser.

Information on special cookie management tools can be found – if available – in the following
sections.

Legal basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we are
allowed to use cookies with your consent (Article 6 paragraph 1 lit. a GDPR), this consent is also the
legal basis for the use of cookies and the processing of your data. In order to be able to manage the
consent to cookies and to enable you to give your consent, a cookie consent management platform
software is used. The use of this software enables us to operate the website in an efficient and
legally compliant manner, which is a legitimate interest (Article 6 paragraph 1 lit. f GDPR).

Cloud Services

Cloud Services Privacy Policy Overview

Affected parties: We as the website operator and you as the website visitor
Purpose: security and data storage
Processed data: Data such as your IP address, name or technical data such as your browser
version
More details can be found below and in the individual privacy policies or in the privacy
policies of the providers
Duration of storage: In most cases, data is stored until it is no longer required in order to
provide the service
Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR
(legitimate interests)

What are cloud services?

As a website operator, cloud services provide us with storage space and computing power via the
internet. Data can be transmitted to an external system, where it may be processed and stored via
the internet. The relevant cloud provider manages this data. Depending on specific requirements,
an individual or a company can choose storage space or computing power. Cloud storage is
accessed via an API or via storage protocols. API stands for Application Programming Interface,
which is a programming interface that connects software with hardware components.

Why do we use cloud services?

We use cloud services for several reasons. A cloud service offers us the opportunity to store our
data securely. In addition, we can access the data from different locations and devices, giving us
more flexibility and simplifying our work processes. Cloud storage also saves us costs because we
don’t have to set up and manage our own infrastructure for data storage and data security. By
storing our data centrally in the cloud, we can also expand our application fields and manage our
information much better.

As website operator or company, we use cloud services primarily for our own purposes. We e. g.
manage our calendar and store documents or other important information in the cloud. However,
your personal data may also be stored. This can take place if you provide us with your contact
details (e.g. name and email address) while we store our customer data with a cloud provider.
Consequently, any of your data we process may also be stored and processed on external servers.
Provided we offer certain forms of content by cloud services on our website, cookies can also be set
for web analysis and advertising purposes. Furthermore, such cookies retain your settings (e.g. the
language used) so you will be provided with your usual web environment next time you visit our
website.

Which data is processed by cloud services?

Much of the data we store in the cloud cannot be used to identify you as a person, but some data is
personal data as defined by the GDPR. This is often customer data such as name, address, IP
address or telephone number or technical device information. Videos, images and audio files may
also be stored in the cloud. Exactly how the data is collected and stored depends on the respective
service. We only try to use services that handle your data in a very reliable and professional
manner. Generally, services such as Amazon Drive, have access to the stored files in order to be
able to offer their own service accordingly. For this, however, the services require consent (such as
for the right to copy files for security reasons). The data will be processed and handled as part of
the provided services and in compliance with applicable laws. This also includes compliance with
the GDPR for US providers (via the standard contractual clauses). In some cases, cloud services also
cooperate with third parties who may process data under instructions and in accordance with
privacy policies and other security measures. At this point we would like to emphasise again that all
well-known cloud services (such as Amazon Drive, Google Drive or Microsoft OneDrive) obtain the
right to access stored content in order to be able to offer and optimise their own services
accordingly.

Duration of data processing

We will inform you below about the duration of data processing, provided we have further
information on this. In general, cloud services store data until you or we revoke the data storage or
erase the retained data. In general, personal data is only stored for as long as it is necessary for the
provision of the respective services. However, it may take up to several months to erase your data
from the cloud. This may occur because data is usually not only stored on one server but divided
between different servers.

Right to object

You also have the right and the opportunity to revoke your consent to data storage in a cloud at
any time. If cookies are used, you also have a right to withdraw your consent. This can be done
either via our cookie management tool or via other opt-out functions. For example, you can also
prevent data collection through cookies by managing, deactivating or erasing the cookies in your
browser. We also recommend you read our general privacy policy on cookies. To find out exactly
which of your data is stored and processed, you should read the privacy policy of the respective
cloud provider.

Legal Basis

We use cloud services mainly on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in
good security and storage systems.

Certain types of processing, in particular the use of cookies and storage functions, require your
consent. If you have consented to your data being processed and stored by cloud services, this
consent is the legal basis for data processing (Article 6 (1) (a) GDPR). Most of the services we use
place cookies in your browser to store data. Thus, we recommend you read our privacy policy on
cookies carefully and study the privacy policy or cookie policy of the relevant service provider.

Information on special tools – if available – can be found in the following sections.

External Online Platforms Introduction

 

External Online Platforms Privacy Policy Overview

Affected parties: website visitors or visitors to the external online platforms
Purpose: Presentation and optimisation of our service, as well as establishing contact with
visitors & interested parties
Data processed: data such as phone numbers, email addresses, contact details, user
behaviour data, information about your device and your IP address.
More details can be found directly with the respective platform used.
Storage duration: depends on the platforms used
Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR
(legitimate interests)

What are external online platforms?

In order to be able to offer our services or products outside of our website, we also use external
platforms. These are mostly online marketplaces such as Amazon or eBay. In addition to our
responsibility for data protection, the data privacy regulations of the external platforms used also
apply. This especially applies when our products are purchased via such a platform, i. e. if there is a
payment process. Furthermore, most platforms also use your data to optimise their own marketing
measures. For example, the platform can use the collected data to tailor advertisements to the
interests of customers and website visitors.

Why do we use external online platforms?

In addition to our website, we also want to display our offer on other platforms in order to reach
more customers. External online marketplaces such as Amazon, eBay or Digistore24 offer large
sales websites that show our products to people who may not know our website. Moreover, built-in
elements on our site may also lead to an external online platform. Any data that is processed and
stored by the respective online platform is used by the business to log the payment process and
also to conduct web analyses.

The aim of these analyses is to enable the development of more precise and personal marketing
and advertising strategies. Depending on your interaction with a platform, the evaluated data may
be used to draw appropriate conclusions about your interests and to create a so-called user profile
on you. This also allows the platforms to show customised advertisements or products to you. For
this purpose, cookies are usually set in your browser in order to store data on your usage
behaviour.

Please note that when using the platforms or our built-in elements, your data may also be
processed outside the European Union, since online platforms such as Amazon or eBay are
American companies. As a result, you may not be able to claim or enforce your rights in relation to
your personal data as easily.

Which data is processed?

Exactly which data is stored and processed depends on the respective external platform. But
usually, it is data such as phone numbers, email addresses, data you enter in a contact form, along
with user data (e. g. which buttons you click and which pages you view during your visit), as well as
information about your device and IP address. In most cases, the majority of this data is stored in
cookies. If you have a profile on an external platform and are logged in there, your data can be
linked to any such profile. The collected data is stored on the servers of the platforms used, where
it is processed. You can find out exactly how an external platform stores, manages and processes
data in the respective privacy policy. If you have any questions about data storage and data
processing, or if you want to assert corresponding rights, we recommend that you contact the
platform directly.

Duration of data processing

We will inform you below about the duration of data processing, provided we have further
information on this. For example, Amazon stores data until it is no longer needed for its own
purposes. Generally, we only process your personal data as long as is absolutely necessary for the
provision of our services and products.

Right to object

You also have the right and the opportunity to revoke your consent to the use of cookies at any
time. This can be done either via our cookie management tool or via opt-out functions on the
respective external platform. You can also prevent data collection through cookies by managing,
deactivating or erasing the cookies in your browser.

As cookies may be used, we also recommend our general privacy policy on cookies. To find out
exactly which of your data is stored and processed, you should read the privacy policies of the
respective external platforms.

Legal Basis

If you have consented to your data being processed and stored by external platforms, this consent
is the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In general, if you have consented,
your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1
lit. f GDPR) in fast and good communication with you as well as other customers and business
partners. If there are integrated elements of external platforms on our website, we only use them if
you have given your consent.

Information on specific external platforms – if available – can be found in the following sections.

Audio & Video

Audio & Video Privacy Policy Overview

Affected parties: website visitors
Purpose: service optimisation
Processed data: Data such as contact details, user behaviour, device information and IP
addresses can be stored.
You can find more details in the Privacy Policy below.
Storage period: data are retained for as long as necessary for the provision of the service
Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate
interests)

What are audio and video elements?

We have integrated audio and video elements to our website. Therefore, you can watch videos or
listen to music/podcasts directly via our website. This content is delivered by service providers and
is obtained from the respective providers’ servers.

Audio and video elements are integrated functional elements of platforms such as YouTube, Vimeo
or Spotify. It is usually free of charge to use these portals, but they can also contain paid content.
With the integrated elements, you can listen to or view any of their content on our website.

If you use audio or video elements on our website, your personal data may get transmitted to as
well as processed and retained by service providers.

Why do we use audio & video elements on our website?

We of course want to provide you with the best offer on our website. And we are aware that
content is no longer just conveyed in text and static images. Instead of just giving you a link to a
video, we offer you audio and video formats directly on our website. These are entertaining or
informative, but ideally they are both. Our service therefore gets expanded and it gets easier for
you to access interesting content. In addition to our texts and images, we thus also offer video
and/or audio content.

Which data are retained by audio & video elements?

When you visit a page on our website with e.g. an embedded video, your server connects to the
service provider’s server. Thus, your data will also be transferred to the third-party provider, where
it will be stored. Certain data is collected and stored regardless of whether you have an account
with the third party provider or not. This usually includes your IP address, browser type, operating
system and other general information about your device. Most providers also collect information
on your web activity. This e.g. includes the session duration, bounce rate, the buttons you clicked or
information about the website you are using the service on. This data is mostly stored via cookies
or pixel tags (also known as web beacons). Any data that is pseudonymised usually gets stored in
your browser via cookies. In the respective provider’s Privacy Policy, you can always find more
information on the data that is stored and processed.

Duration of data processing

You can find out exactly how long the data is stored on the third-party provider’s servers either in a
lower point of the respective tool’s Privacy Policy or in the provider’s Privacy Policy. Generally,
personal data is only processed for as long as is absolutely necessary for the provision of our
services or products. This usually also applies to third-party providers. In most cases, you can
assume that certain data will be stored on third-party providers’ servers for several years. Data can
be retained for different amounts of time, especially when stored in cookies. Some cookies are
deleted after you leave a website, while others may be stored in your browser for a few years.

Right to object

You also retain the right and the option to revoke your consent to the use of cookies or third-party
providers at any time. This can be done either via our cookie management tool or via other opt-out
functions. You can e.g. also prevent data retention via cookies by managing, deactivating or erasing
cookies in your browser. The legality of the processing up to the point of revocation remains
unaffected.

Since the integrated audio and video functions on our site usually also use cookies, we recommend
you to also read our general Privacy Policy on cookies. You can find out more about the handling
and storage of your data in the Privacy Policies of the respective third party providers.

Legal basis

If you have consented to the processing and storage of your data by integrated audio and video
elements, your consent is considered the legal basis for data processing (Art. 6 Para. 1 lit. a
GDPR). Generally, your data is also stored and processed on the basis of our legitimate interest
(Art. 6 Para. 1 lit. f GDPR) in maintaining fast and good communication with you or other
customers and business partners. We only use the integrated audio and video elements if you have
consented to it.

Web Design Introduction

Web Design Privacy Policy Overview

Affected parties: website visitors
Purpose: improvement of user experience
Processed data: depends heavily on the services used. Usually, data such as IP address,
technical data, language settings, browser version, screen resolution and browser name are
processed. You can find more details directly with the respective web design tools.
Storage duration: depends on the tools used
Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR
(legitimate interests)

What is web design?

We use various tools on our website for the purpose of our web design. Contrary to common belief,
web design is not just about making our website look nice, but rather also about functionality and
performance. But of course, a good-looking website is also a major goal of professional web design.
Web design is a part of media design and deals with the visual as well as the structural and
functional design of a website. Our aim with our web design is to improve your experience on our
site. In web design jargon, this is called User Experience (UX) and usability. User Experience entails
all impressions and experiences that website visitors come across on a website. What is more,
usability is part of the User Experience, as it determines how user-friendly a website is. This
includes the clear structuring of content, subpages or products, along with how quickly and easily
the website enables you to find what you are looking for. In order to offer you the best possible
experience on our website, we also use so-called third-party web design tools. Therefore, all tools
and services that help improve our website’s design are classified under the category “web
design”. This may, for example, include fonts, various plugins or other integrated web design
functions.

Why do we use web design tools?

The way you absorb information on a website depends very much on its structure, functionality
and visual perception. Therefore, good and professional web design has become increasingly
important for us. We are constantly working on improving our site as a way of further extending
our services for you as a website visitor. Furthermore, a beautiful and functioning website also has
economic advantages for us. Needless to say, you will only visit it and take advantage of our offers
if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, any web design elements integrated into our pages may process your
data. The exact data that is processed depends on the tools used. Below you can see exactly which
tools we use for our website. For more information about data processing, we recommend you also
read the respective privacy policy of the respective tools. There you can usually find out which data
is processed, whether cookies are used and how long the data is stored. Moreover, fonts such as
Google Fonts, for example, also automatically transmit information such as your language settings,
IP address, browser version, browser screen resolution and browser name to Google’s servers.

Duration of data processing

Data processing times are very individual and depend on the web design elements used. For
example, when cookies are used, the retention period can be as little as a minute, but it may also
be a few years. Please make yourself familiar with this topic. You may for example read our general
section on cookies as well as the Privacy Policies of the tools used. There you can likely find out
exactly which cookies are used and what information is stored there. For example, Google Font files
are stored for one year, in order to improve the loading speed of a website. In principle, data is only
kept for as long as is necessary to provide the service. But legal requirements may require data to
be stored for longer.

Right to object

You also retain the right and the option to revoke your consent to the use of cookies or third-party
providers at any time. You can do this either via our cookie management tool or via other opt-out
functions. You can also prevent cookies from collecting your data by managing, deactivating or
deleting the cookies in your browser. However, among web design elements (typically fonts) there
is also data that cannot be erased easily. This is the case whenever data is automatically collected
as soon as a page is accessed and then directly transmitted to a third party (e.g. Google). In these
cases, please contact the support of the respective provider. In the case of Google, you can reach
support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to the use of web design tools, this consent serves as the legal basis for the
relevant data processing. According to Article 6 (1) (a) GDPR (consent), your consent represents the
legal basis for the processing of personal data, as it may occur when it is collected by web design
tools. We also have a legitimate interest in web design to improve on our website. After all, only
then can we provide you with a beautiful and professional web offer. The corresponding legal basis
for this is Article 6 (1) (f) GDPR (legitimate interests). However, we strongly want to emphasise once
more that we only use web design tools if you have given your consent.

You can find information on different web design tools – if available – in the following sections.

All texts are copyrighted