Privacy Policy

Introduction In this privacy policy we explain how we process your personal data (hereinafter also simply referred to as "data"), for what purpose and to what extent. This policy applies to all processing of your personal data by us, whether as part of our services or specifically on our websites, mobile apps and external online platforms, including our social media profiles (collectively, “Online Services”).

The terms used in this statement are gender-neutral.

As of: May 20, 2024

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment details.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Event data (Facebook).

Categories of affected persons

  • Customers.
  • Interested parties.
  • Communication partner.
  • Users.
  • Business and contractual partners.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Safety measures.
  • Direct marketing.
  • Range measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Affiliate tracking.
  • Manage and respond to inquiries.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Essential legal foundations

Here you will find a summary of the principles according to the GDPR, which form the basis for our processing of personal data. Please note that in addition to the provisions of the GDPR, country-specific data protection regulations may apply in your or our country. More specific legal bases, if relevant in individual cases, are set out in our privacy policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a GDPR): The data subject has consented to the processing of their personal data for specific, clearly defined purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR): The processing is necessary to fulfill a contract to which the data subject is a party, or in order to carry out pre-contractual measures at the request of the data subject.
  • Legal obligations (Art. 6 Para. 1 S. 1 lit. c GDPR): Processing is necessary to comply with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR): Processing is necessary to protect the legitimate interests of the person responsible or third parties, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, are more important.

National data protection regulations in Germany

In addition to the GDPR regulations, national data protection laws apply in Germany, in particular the Federal Data Protection Act (BDSG). This law contains specific regulations regarding the right to information, the right to erasure, the right to object, processing of special categories of personal data, processing for other purposes, data transfer and automated decision-making and profiling. In addition, different federal states may have their own data protection laws.

Security measures

We take appropriate technical and organizational measures in accordance with legal requirements to ensure a level of protection appropriate to the risk. These measures include, among other things, ensuring the confidentiality, integrity and availability of data. We control physical and electronic access to the data, as well as access, input, distribution, ensuring availability and its separation. We have also set up procedures to protect the rights of those affected, to delete data and to respond to data threats. We take data protection into account when developing and selecting hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.

TLS/SSL encryption (https)

To protect user data when transmitted via our online services, we use TLS/SSL encryption. SSL (Secure Sockets Layer) is the standard technology for secure Internet connections that encrypts data transmitted between a website or app and a browser (or between two servers). TLS (Transport Layer Security) is an updated, more secure version of SSL. HTTPS appears in the URL when a website is secured by an SSL/TLS certificate.

Transmission of personal data

As part of our data processing, it may happen that data is transmitted or disclosed to other bodies, companies or people. These include, for example, service providers who are entrusted with IT tasks or providers of services and content that are integrated into a website. We always observe the legal requirements and conclude appropriate contracts or agreements with the recipients to protect your data.

International data transfers

Data processing in third countries: We only process data in third countries (outside the EU or EEA) or pass it on there if this is in accordance with legal requirements. If the data protection level of a third country has been recognized by an adequacy decision by the EU Commission (Article 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the level of data protection is otherwise secured, e.g. B. through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractually or legally required transmission (Art. 49 Para. 1 GDPR). Information on third country transfers and adequacy decisions can be found in the EU Commission's information offering.

EU-US Trans-Atlantic Data Privacy Framework

As part of the “Data Privacy Framework” (DPF), the EU Commission has recognized the level of data protection for certain companies in the USA. The list of certified companies and further information about the DPF can be found on the US Department of Commerce website. We will inform you which service providers we use are certified under the Data Privacy Framework.

Deletion of data

We delete processed data in accordance with legal requirements as soon as consent to processing is revoked or other permissions no longer apply (e.g. if the purpose of processing no longer applies or the data is no longer required for this purpose). If data is required for other legally permissible purposes, their processing will be carried out for these purposes

Purposes limited and the data will be blocked. This applies, for example, to data that must be retained for commercial or tax reasons or is necessary to assert, exercise or defend legal claims or to protect the rights of other natural or legal persons. Our data protection notice may contain further information on the retention and deletion of data.

Rights of the affected persons

As a data subject, you have various rights under the GDPR, in particular under Articles 15 to 21 GDPR:

  • Right to object: You can object to the processing of your personal data at any time for reasons arising from your particular situation, in particular if this is based on Article 6 Paragraph 1 Letter e or f GDPR takes place. This also applies to profiling based on these provisions. When processing your data for direct advertising, you can object to the processing of your data for this purpose at any time; This also applies to profiling that is associated with such advertising.
  • Right to revoke consent: You can revoke your consent at any time.
  • Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data.
  • Right to rectification: You can request that your data be completed or corrected.
  • Right to deletion and restriction of processing: You can request the deletion of your data or, alternatively, a restriction on the processing of the data.
  • Right to data portability: You have the right to receive the data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible. li>
  • Complaint to a supervisory authority: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR.

Use of cookies


General information about cookies

Cookies are small text or memory files that can store and read information on end devices. They are used, for example, to save the login status in user accounts, the contents of a shopping cart in e-shops or accessed content and functions of an online offer. Cookies can also be used for various other purposes, such as ensuring the functionality, security and user-friendliness of online offerings and collecting data about website visitor flows.

We use cookies in accordance with legal regulations. To do this, we obtain prior consent from users in cases where it is required by law. Consent is not required if the storage and reading of information, including cookies, is strictly necessary to provide users with the expressly requested telemedia service. These generally include cookies that are necessary for the functionality, load balancing, security, storage of user settings and similar main and secondary functions of the online offering. Consent is revocable and will be clearly communicated to users, including information about respective cookie usage.

Data protection principles for the use of cookies

The legal basis for processing personal data using cookies depends on whether we obtain consent from users. If consent is given, consent is the legal basis. Otherwise, the processing is based on our legitimate interests, such as business operations and improving our online offering, or if the use of cookies is necessary to fulfill our contractual obligations. We will explain the purposes for which cookies are used in the course of this data protection declaration or when obtaining consent.

Storage period of cookies

There are two types of cookies in terms of how long they are stored:

  • Temporary cookies (session cookies): These cookies are deleted as soon as the user leaves the online offering and closes their device.
  • Permanent cookies: These cookies remain stored even after the device is closed. For example, you can save login status or preferred content when the user visits a website again. The storage period of permanent cookies can be up to two years, unless we provide specific information about the type and duration of storage.

Revocation and objection to the use of cookies (opt-out)

Users can revoke their consent at any time and object to the processing of their data. Restrictions on the use of cookies can be set in the browser settings, but this may affect the functionality of our online offering. Objections to the use of cookies for marketing purposes can be made via websites such as https://optout.aboutads.info and https://www.youronlinechoices.com be explained.

  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Edit cookie settings

Additional information on processing processes and services

We use a cookie consent management process to manage and verify user consent to the use of cookies and the associated processing and providers. The declaration of consent is saved so that it does not have to be requested repeatedly. The storage can take place on the server side or in a cookie (opt-in cookie) in order to be able to assign the consent to a user or device. The duration of storage of consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information about the scope of the consent (such as categories of cookies and/or service providers), as well as the browser, system and end device.

Commercial services

Processing of data in business relationships

We process the data of our business partners, such as customers and interested parties (collectively referred to as “business partners”), within the framework of contractual and comparable legal relationships as well as in communication with business partners, e.g. to process inquiries.

This data processing is carried out in order to fulfill our contractual obligations, such as the provision of agreed services, obligations to update and rectify faults. We also use the data for administration, organizational tasks and to protect our rights. In addition, we process data based on our legitimate interests in efficient and business operations and security measures. This also includes protecting our business partners and our operations from misuse and danger. We only pass on data from business partners to the extent that this is necessary for the stated purposes or to fulfill legal obligations. Information about other processing purposes, e.g. for marketing purposes, is provided in this data protection declaration.

The necessary data for these purposes will be communicated to business partners before or during data collection, e.g. in online forms, through special markings or symbols.

Deletion of data and retention periods

We delete the data after statutory warranty and similar obligations have expired, usually after 4 years, unless the data must be stored in a customer account or retained for legal archiving reasons. The statutory retention period for documents relevant to tax law is ten years and six years for commercial and business letters.

Use of third-party providers and platforms

We may involve third parties or platforms in providing our services. In these cases, the terms and conditions and data protection information of the respective provider or platform apply.

  • Types of data processed: Inventory data, payment data, contact data, contract data, usage data, meta, communication and procedural data.
  • Affected persons: Customers, interested parties, business and contractual partners.
  • Purposes of processing: Provision of contractual services, security measures, contact requests, communication, office and organizational procedures.
  • Legal basis: Fulfillment of the contract, legal obligations, legitimate interests.

Other processing processes and services

  • Shop and e-commerce: Processing customer data for the selection, ordering, payment and delivery of products and services.
  • Agency services: Processing customer data as part of our contractual services such as consulting, campaign planning, software and design development.
  • Project and development services: Processing of customer data for the selection, commissioning and implementation of services.
  • Offering software and platform services: Processing user data to provide our contractual services.
  • Technical services: Processing of customer data for technical services.

Provision of the online offer and web-hosting

Processing of user data

We process user data in order to be able to offer you our online services. This includes the processing of the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data, meta, communication and procedural data.
  • Affected persons: Users of our online services.
  • Purposes of processing: Provision of our online offering, user-friendliness, information technology infrastructure, security measures.
  • Legal basis: Legitimate interests.

Other processing processes, procedures and services

  • Provision of online offerings on rented storage space: Use of storage space, computing capacity and software from server providers to provide our online offerings.
  • Collection of access data and log files: Logging of access to our online offering in server log files, including IP addresses and other data, for security purposes and to ensure server utilization and stability. Log file information is stored for a maximum of 30 days and then deleted or anonymized, unless it is required to retain evidence.

Blogs and digital publications

Use of blogs and online communication means

We use blogs or similar forms of online communication and publication (hereinafter referred to as “publication medium”). Reader data is only processed to the extent that this is necessary for the presentation of the medium and the interaction between authors and readers or for security reasons. Further information on the processing of data from visitors to our publication medium can be found in this data protection notice.

  • Types of data processed: Inventory data, contact data, content data, usage data, meta, communication and process data.
  • Affected persons: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of contractual services, feedback, provision of our online offering, user-friendliness, security measures, administration and response to inquiries.
  • Legal basis: Legitimate interests.

Other processing purposes and services

  • Comments and contributions: When you leave comments or contributions, we store IP addresses for security reasons in order to protect ourselves against illegal content. Storage is based on our legitimate interests. We also process user information to detect spam and use IP addresses and cookies to prevent multiple voting in surveys. The information is stored permanently until the user objects.

Contact and inquiry management

Processing when contacting

When you contact us (e.g. via post, contact form, email, telephone or social media) as well as within the framework of existing user and business relationships, we process the inquirers' data to the extent that this is necessary to answer the inquiries.< /p>

  • Types of data processed: Contact data, content data, usage data, meta, communication and process data.
  • Affected persons: Communication partner.
  • Purposes of processing: Contact inquiries and communication, management and response to inquiries, feedback, provision of our online offering, user-friendliness.
  • Legal basis: Legitimate interests, contract fulfillment and pre-contractual inquiries.

Other processing processes and services

  • Contact form: When you use our contact form, emails or other communication channels, we process the data provided to process the request.

Newsletter and digital notifications

Sending of newsletters

  • Requirement for free services: Consent to sending newsletters may be required in order to use free services. If you would like to use the free service without subscribing to the newsletter, please contact us.
  • HubSpot: Email sending and automation services; Provider: HubSpot, Inc. Further information and data protection notices can be found on the HubSpot website.
  • Mailchimp: Email sending and automation services; Provider: Rocket Science Group, LLC. Further information and data protection notices can be found on the Mailchimp website. Special security measures and information on data transmission can be found under the links provided.

    • Web analysis, monitoring and optimization

    Analysis and optimization of the online offering

    We use web analysis methods, also known as “reach measurement”, to evaluate the flow of visitors to our website. This may include visitors' behavior, interests or demographic information, such as age or gender, in pseudonymous form. With these analyzes we can, for example, determine which times have the highest usage of our online offering and which areas should be optimized.

    We also use testing procedures to evaluate and improve different versions of our online offering or its components.

    The data collected may include profiles that summarize information about the use of a device. Data can be stored and read in the browser or end device. Information collected includes, among other things, websites visited, elements used, technical data such as browser and operating system and times of use. If users agree, location data can also be processed.

    The users' IP addresses are stored, but we use an IP masking process (pseudonymization by shortening the IP address) to protect users. We and the providers of the software used do not know the actual identity of the users, but only the pseudonymous information stored in the profiles.

    • Types of data processed: Usage data, meta, communication and procedural data.
    • Affected persons: Users (e.g. website visitors, users of online services).
    • Purposes of processing: Reach measurement, creation of user profiles, provision of our online offering, user-friendliness.
    • Security measures: IP masking.
    • Legal basis: Consent, legitimate interests.

    Other processing processes, procedures and services

    • Google Analytics 4: Use of Google Analytics to measure and analyze the use of our online offering. Use of pseudonymous user identification numbers, storage of usage times and sources, technical data of the devices and browsers, creation of pseudonymous user profiles. No storage of individual IP addresses for EU users. Further information and privacy policy can be found on the Google Analytics website.
    • Google Tag Manager: Management of website tags via an interface, no creation of user profiles or storage of cookies. IP address is only used to run the tag manager. Further information and data protection regulations can be found on the Google website.

    For more detailed information about the services and data processing, please visit the specified websites. Users can object to the use of these tools at any time (opt-out), for example via appropriate opt-out plugins or advertising display settings.

    Online marketing

    Processing of data for marketing purposes

    We process personal data for online marketing purposes, which includes in particular the marketing of advertising space or the presentation of advertising and other content based on the potential interests of users and the measurement of their effectiveness.

    For this purpose, we create so-called user profiles, which are stored in cookies or using similar methods. These profiles contain information such as content viewed, websites visited and online networks used. Technical data such as the browser used, the operating system and information about times of use can also be processed. If users have agreed to the collection of their location data, this can also be processed.

    The users' IP addresses are stored and we use IP masking procedures (pseudonymization) to protect users. No clear user data (such as email addresses or names) is stored, but rather pseudonyms. Neither we nor the providers of online marketing methods know the actual identity of the users, only the information in the profiles.

    The profile information is usually stored in cookies and can later be used on other websites that use the same online marketing process for content display and analysis and supplemented with further data.

    • Types of data processed: Usage data, meta, communication and procedural data.
    • Affected persons: Users (e.g. website visitors, users of online services).
    • Purposes of processing: Reach measurement, tracking, marketing, creation of user profiles, conversion measurement.
    • Security measures: IP masking.
    • Legal basis: Consent, legitimate interests.
    • Opt-out option: Users can object to the use of cookies in their browser settings, but this may limit the functions of our online offering. We offer further opt-out options on a regional basis.

    Processing processes and services

    • Google Ads and conversion measurement: Placement of ads in Google's advertising network and measurement of the conversion of the ads. We only receive anonymous information.
    • Google Adsense with personalized ads: Use of Google Adsense for personalized ads.
    • Google Adsense with non-personalized ads: Use of Google Adsense for non-personalized ads.

    Affiliate programs and affiliate links

    Inclusion of affiliate links

    In our online offering we include affiliate links or other references to the offers and services of third-party providers. If users follow these links or subsequently take advantage of the offers, we may receive a commission from the third party providers.

    In order to track whether users have taken advantage of the offers via the affiliate links we use, it is necessary that the third-party providers know that the users have followed such a link. The assignment of the affiliate links to the business transactions or promotions serves the sole purpose of commission billing and will be canceled as soon as it is no longer necessary.

    For this assignment, the affiliate links can be supplemented with certain values, which are either part of the link or can be stored in a cookie. These values include in particular the source website, the time, online identifiers and the type of link used.