Privacy Policy

Privacy Policy

 

 

1. Overview of Data Protection

 

 

General Information

 

The following information provides a simple overview of what happens to your personal data when you visit this website.

Personal data is any data that can personally identify you. Detailed information on data protection can be found in the full Privacy Policy below.

 

 

Data Collection on This Website

 

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information About the Controller” in this Privacy Policy.

 

How do we collect your data?

Some data is collected when you provide it to us. This could, for example, be data you enter into a contact form.

 

Other data is collected automatically or after your consent when you visit the website. This includes technical data (e.g., browser type, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

 

What do we use your data for?

Part of the data is collected to ensure error-free operation of the website. Other data may be used to analyze your usage behavior.

 

What rights do you have regarding your data?

You have the right at any time to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data.

If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Under certain circumstances, you also have the right to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

 

You may contact us at any time with questions about data protection.

 

 

Analysis Tools and Third-Party Tools

 

When you visit this website, your surfing behavior may be statistically evaluated. This is primarily done using so-called analysis programs.

 

You will find detailed information on these tools in the full Privacy Policy.

​

2. Hosting

 

 

External Hosting

 

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated via the website.

 

External hosting is performed for the purpose of fulfilling our contractual obligations to potential and existing customers (Art. 6(1)(b) GDPR) and to ensure secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

If appropriate consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

 

Our hosting provider will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

 

We use the following hosting provider:

 

[Insert full name and address of the hosting provider]

 

 

Data Processing Agreement (DPA)

 

We have entered into a Data Processing Agreement (DPA) with the provider named above. This is a legally required contract under data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

​

 

 

3. General Information and Mandatory Disclosures

 

 

Data Protection

 

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable data protection regulations and this Privacy Policy.

 

When you use this website, various personal data is collected. Personal data is information that can be used to personally identify you. This Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

 

Please note that data transmission over the internet (e.g., when communicating by email) can have security vulnerabilities. A complete protection of data against access by third parties is not possible.

 

 

Information About the Controller

 

The controller responsible for data processing on this website is:

 

[Full name or business name and complete address of the website operator]

Phone: [Phone number]

Email: [Email address]

 

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

​

 

 

Storage Duration

 

Unless a specific storage period is mentioned in this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for retaining your personal data (e.g., retention periods under tax or commercial law); in such cases, deletion will occur once those reasons no longer apply.

​

 

 

Legal Basis for Data Processing

 

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR, if special categories of data are processed. If you have expressly consented to the transfer of personal data to third countries, the processing is based on Art. 49(1)(a) GDPR.

 

If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing also occurs in accordance with § 25(1) TTDSG. You may revoke your consent at any time.

 

If your data is necessary to fulfill a contract or to carry out pre-contractual measures, we process it under Art. 6(1)(b) GDPR.

If processing is necessary to fulfill a legal obligation, it is done on the basis of Art. 6(1)(c) GDPR.

Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The specific legal bases are explained in detail in this Privacy Policy.

​

 

 

Note on Data Transfers to Third Countries (e.g., the USA)

 

We use tools from companies based in third countries that are not considered safe under EU data protection law (such as the USA). If these tools are active, your personal data may be transferred to and processed in such countries. Please be aware that these countries may not offer a level of data protection equivalent to that of the EU.

 

For example, U.S. companies may be required to hand over data to security authorities without you being able to legally challenge this. Thus, we cannot rule out the possibility that U.S. authorities (e.g., intelligence agencies) may process, evaluate, and store your data located on U.S. servers for surveillance purposes.

 

We have no control over these processing activities.

​

Revocation of Your Consent to Data Processing

 

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The legality of the data processing carried out before the revocation remains unaffected.

​

 

 

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

 

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS.

The respective legal basis for processing can be found in this Privacy Policy.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

 

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING.

If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

​

 

 

Right to Lodge a Complaint with a Supervisory Authority

 

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the place of the alleged infringement.

This right exists without prejudice to any other administrative or judicial remedies.

​

 

 

Right to Data Portability

 

You have the right to receive data that we process on the basis of your consent or in fulfillment of a contract in a structured, commonly used, and machine-readable format.

You also have the right to have this data transmitted directly to another controller, where technically feasible.

​

 

 

Right to Access, Erasure, and Rectification

 

Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipient, and the purpose of the data processing.

You may also have the right to request the rectification or deletion of this data.

For further questions regarding personal data, you may contact us at any time.

​

 

 

Right to Restriction of Processing

 

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction applies in the following cases:

 

• If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request restriction of processing.

• If the processing of your personal data was/is unlawful, you may request restriction instead of erasure.

• If we no longer need your personal data, but you require it to exercise, defend, or assert legal claims, you may request restriction instead of deletion.

• If you have objected under Art. 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request restriction of processing.

 

If processing is restricted, such data may – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

​

 

 

SSL or TLS Encryption

 

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator.

 

You can recognize an encrypted connection by the browser’s address line switching from “http://” to “https://” and the padlock icon in your browser bar.

 

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

​

4. Data Collection on This Website

 

 

Cookies

 

Our website uses so-called “cookies.” Cookies are small text files that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device.

Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or they are automatically deleted by your web browser.

 

In some cases, third-party cookies may also be stored on your device when you enter our site. These cookies enable us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services).

 

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to analyze user behavior or to display advertisements.

 

Cookies that are necessary to carry out electronic communication, provide certain functions you request (e.g., the shopping cart), or optimize the website (e.g., cookies to measure web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified.

The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of services.

If consent to store cookies and similar recognition technologies has been requested, processing is based solely on that consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time.

 

You can configure your browser to notify you about cookie usage, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to enable automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

 

Where cookies are used by third-party companies or for analysis purposes, you will be informed separately within this Privacy Policy and, if required, asked for consent.

​

5. Social Media

 

 

Facebook

 

This website includes elements of the Facebook social network. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, collected data may also be transferred to the USA and other third countries.

 

You can find an overview of Facebook plugins here:

https://developers.facebook.com/docs/plugins/?locale=en_US

 

When the Facebook plugin is active, a direct connection is established between your device and the Facebook server. This allows Facebook to know that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link content from this site to your Facebook profile, allowing Facebook to associate your visit with your account.

 

We have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook’s privacy policy:

https://www.facebook.com/privacy/explanation

 

Joint Processing Responsibility (Art. 26 GDPR):

If data collected using the Facebook tools is also transmitted to Facebook, we and Meta Platforms Ireland Limited are jointly responsible. The joint processing agreement is available at:

https://www.facebook.com/legal/controller_addendum

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25 TTDSG); you may revoke your consent at any time. Without consent, the tool is used based on our legitimate interest in maximizing visibility on social media (Art. 6(1)(f) GDPR).

 

Facebook’s data transfers to the USA are based on the EU Commission’s standard contractual clauses:

 

• https://www.facebook.com/legal/EU_data_transfer_addendum

• https://www.facebook.com/policy.php

 

 

Twitter

 

Functions from the Twitter service are integrated into this website. These functions are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

 

When the Twitter plugin is active, a direct connection is established between your device and the Twitter server. Twitter is thus informed about your visit to this website. By using Twitter and the “Retweet” function, websites you visit are linked to your Twitter account and shared with other users.

 

We have no influence over the scope of the data collected by Twitter. More information:

https://twitter.com/privacy

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25 TTDSG). Revocable at any time.

Data transfers to the USA are based on standard contractual clauses:

https://gdpr.twitter.com/en/controller-to-controller-transfers.html

 

Privacy settings:

https://twitter.com/account/settings

 

 

Instagram

 

Functions of the Instagram service are integrated into this website. These functions are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

 

When the plugin is active, a direct connection is established between your device and Instagram’s servers. Instagram thus receives data about your activity on our site. If you are logged in to Instagram, you can link content from this site to your profile.

 

We have no influence over the collected data or its processing by Instagram.

More info:

https://instagram.com/about/legal/privacy/

 

Joint processing with Facebook/Instagram under Art. 26 GDPR:

https://www.facebook.com/legal/controller_addendum

 

Transfers to the USA are based on EU Standard Contractual Clauses.

 

 

LinkedIn

 

This website uses features of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

 

Every time a page containing LinkedIn features is accessed, a connection to LinkedIn’s servers is established. LinkedIn is informed that you visited this site with your IP address. If you click the “Recommend” button while logged into your LinkedIn account, LinkedIn can associate your visit to this site with you personally.

 

More info:

https://www.linkedin.com/legal/privacy-policy

 

Data transfers to the USA are based on Standard Contractual Clauses:

https://www.linkedin.com/help/linkedin/answer/62538

​

6. Analytics and Advertising Tools

 

 

Google Analytics

 

This website uses the web analytics service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics enables the website operator to analyze the behavior of visitors. It collects various usage data such as page views, time spent on site, operating systems, and user origin. This data is pseudonymized and assigned to a user ID.

 

Google Analytics uses technologies like cookies and device fingerprinting to recognize users. The data collected is typically transmitted to a Google server in the USA and stored there.

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG). Consent can be revoked at any time.

 

Data transfer to the USA is based on EU Standard Contractual Clauses:

https://privacy.google.com/businesses/controllerterms/mccs/

 

Browser Plugin to Opt Out:

https://tools.google.com/dlpage/gaoptout?hl=en

 

More about data handling by Google Analytics:

https://support.google.com/analytics/answer/6004245?hl=en

 

 

Google Ads

 

This website uses Google Ads, an online advertising program from Google Ireland Limited.

 

Google Ads allows us to display ads in Google’s search engine and on third-party websites when users search for specific terms. Ads can also be targeted based on user data such as location or interests.

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG). Revocable at any time.

 

Further information:

 

• https://policies.google.com/privacy/frameworks

• https://privacy.google.com/businesses/controllerterms/mccs/

 

 

Google AdSense (Non-Personalized)

 

We use Google AdSense in non-personalized mode. In this mode, ads are not based on your past behavior and no user profile is created. Instead, ads are shown based on context, such as your current search, website content, or location.

 

Google may still use cookies or similar technologies for fraud prevention and abuse detection.

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25 TTDSG).

 

Details on the differences between personalized and non-personalized ads:

https://support.google.com/adsense/answer/9007336

 

Manage your ad settings:

https://adssettings.google.com/authenticated

 

More about Google advertising technologies:

https://policies.google.com/technologies/ads

https://www.google.com/policies/privacy/

 

 

Google Ads Remarketing and Customer Matching

 

Google Ads Remarketing allows us to show ads to users who have previously interacted with our website. Remarketing lists can also be linked to Google’s cross-device capabilities.

 

We also use Customer Match to upload hashed email addresses of users to Google to create custom ad audiences.

 

Opt out of personalized advertising (for Google account holders):

https://www.google.com/settings/ads/onweb/

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG). Can be withdrawn anytime.

 

 

Google Conversion Tracking

 

Google Conversion Tracking helps us understand whether users perform specific actions after interacting with our ads (e.g., clicks, purchases).

 

We only receive aggregated statistics, not personal data. Google uses cookies or similar technologies for tracking.

 

More info:

https://policies.google.com/privacy?hl=en

 

 

Google DoubleClick

 

DoubleClick is used to display interest-based ads across the Google network. It uses cookies and device fingerprinting to build pseudonymized profiles and track ad performance.

 

Legal basis: Consent (Art. 6(1)(a) GDPR, § 25(1) TTDSG).

 

Opt-out:

 

• https://policies.google.com/technologies/ads

• https://adssettings.google.com/authenticated

 

 

Facebook Pixel

 

This website uses the Facebook Pixel for conversion tracking. The provider is Meta Platforms Ireland Limited. This tool tracks whether users perform specific actions after clicking on Facebook ads.

 

The collected data is anonymous to us but may be linked to user profiles by Facebook. Facebook may use it for advertising purposes according to their Data Policy:

https://www.facebook.com/about/privacy/

 

Data transfers to the USA are based on the Standard Contractual Clauses:

https://www.facebook.com/legal/EU_data_transfer_addendum

 

You can disable “Custom Audiences” here (Facebook login required):

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

 

Or, if you are not a Facebook user:

http://www.youronlinechoices.com/de/praferenzmanagement/

​

7. Newsletter

 

 

Newsletter Data

 

If you would like to subscribe to the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis.

 

We use newsletter service providers, which are described below.

 

 

Mailchimp (With Disabled Performance Tracking)

 

This website uses Mailchimp to send newsletters. The provider is The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

 

We have disabled performance tracking, meaning Mailchimp will not track how you interact with our newsletters.

 

If you no longer wish to receive the newsletter, you can unsubscribe via the link included in every newsletter.

 

Legal basis: Consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The legality of data processing prior to the revocation remains unaffected.

 

Data is stored until you unsubscribe and is then deleted from both our servers and Mailchimp’s. Data stored for other purposes remains unaffected.

 

Data transfers to the USA are based on the EU Standard Contractual Clauses:

 

• https://mailchimp.com/eu-us-data-transfer-statement/

• https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses

 

 

Blacklist After Unsubscribing

 

After unsubscribing, your email address may be stored in a blacklist to prevent future mailings. This is done to comply with legal obligations (Art. 6(1)(f) GDPR).

You may object to this if your interests outweigh our legitimate interest.

 

More information:

https://mailchimp.com/legal/terms/

 

 

Data Processing Agreement

 

We have entered into a legally required Data Processing Agreement (DPA) with Mailchimp to ensure that personal data is processed strictly in accordance with our instructions and GDPR compliance.

 

 

8. Plugins and Tools

 

 

Google Fonts (Local Hosting)

 

This website uses Google Fonts for uniform font representation. The fonts are locally installed, so no data is transferred to Google servers.

 

More info:

 

• https://developers.google.com/fonts/faq

• https://policies.google.com/privacy

 

 

9. eCommerce and Payment Providers

 

 

Processing of Customer and Contract Data

 

We collect, process, and use personal data only to the extent necessary for establishing, organizing, or changing legal relationships (contractual data).

We collect, process, and use personal data concerning the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

 

Legal basis: Art. 6(1)(b) GDPR.

 

Collected customer data will be deleted after the conclusion of the contract or termination of the business relationship and expiry of any legal retention periods.