Data protection

Privacy Policy

Table of contents

• Introduction and Overview
• scope
• Legal basis
• Contact details of the responsible party
• Storage duration
• Rights under the General Data Protection Regulation
• Data transfer to third countries
• Data processing security
• communication
• Cookies
• Web hosting
• Facebook Pixel Privacy Policy
• Google Analytics Privacy Policy
• Google Tag Manager Privacy Policy
• Email marketing
• Online marketing
• Google Ads (Google AdWords) Conversion Tracking Privacy Policy
• Cookie Consent Management Platform
• Payment providers
• Klarna Checkout Privacy Policy
• Stripe Privacy Policy
• Instant bank transfer Privacy policy
• Social Media
• Facebook Privacy Policy
• Instagram Privacy Policy
• LinkedIn Privacy Policy
• SoundCloud Privacy Policy
• YouTube Privacy Policy
• Google reCAPTCHA Privacy Policy

Introduction and Overview

We have prepared this privacy policy (version 06.09.2021-111824947) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We will provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way , links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will discover some information that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data ( Data Protection Act ), abbreviated DSG .
• In Germany , the Federal Data Protection Act ( BDSG) applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection, you will find the contact details of the responsible person or body below:
ALPIN LOACKCKER GmbH
Walgaustraße 33
A - 6833 Klaus
Authorized representative: Felix Loacker
Legal notice: https://www.feelgrounds.com/pages/impressum

Storage duration

We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
• According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which, if exercised, will result in a change to the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If your data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data transfer to third countries

We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, if it is required by law or contractually necessary, and in any case only to the extent generally permitted. Your consent is, in most cases, the primary reason we allow data to be processed in third countries. Processing personal data in third countries, such as the USA, where many software companies offer services and have their servers, can mean that personal data may be processed and stored in unexpected ways.

We expressly point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data points. Additionally, it is possible that collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this option is available.

We will inform you in more detail about data transfers to third countries at the relevant points in this privacy policy, if applicable.

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). We will discuss specific measures below, if necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secure – nobody can “listen in”.

This introduces an additional layer of security, allowing us to comply with data protection by design (Article 25, Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small lock symbol. top left in the browser, to the left of the internet address (e.g. examplepage.de) and the use of the scheme https (instead of http) as part of our internet address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

communication

Communication Summary 👥 Affected: Everyone who communicates with us by phone, email or online form 📓 Data processed: e.g., telephone number, name, email address, form data entered. More details can be found under the respective contact method used. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage period: Duration of the business transaction and legal regulations ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

When you contact us and communicate via telephone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your inquiry and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

phone

When you call us, the call data is stored pseudonymously on your device and with your telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored for the purpose of responding to your inquiry. This data will be deleted as soon as the matter is resolved and legal requirements permit.

e-mail

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on our email server. This data will be deleted once the business transaction is complete and legal requirements permit.

Online forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address provided by us. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal grounds:

• Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
• Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.

Cookies

Cookies Summary 👥 Affected: Visitors to the website 🤝 Purpose: depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie. 📓 Data processed: Depends on the specific cookie used. More details can be found below or on the website of the software provider that sets the cookie. 📅 Storage duration: depends on the specific cookie and can vary from hours to years. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language preferences or personal website settings. When you revisit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser, such as Chrome, and a web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.

This is what cookie data might look like, for example:

Name: _ga
Value: GA1.2.1326744211.152111824947-9
Purpose: Differentiating website visitors
Expiry date: after 2 years

These are the minimum sizes a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. And of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265 , the Internet Engineering Task Force (IETF) Request for Comments entitled “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it's impossible to generalize about what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage duration of cookies

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website the cookies originate from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all others.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this information in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally don't want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. The procedure varies depending on the browser. The best way to find instructions is to search on Google using the keywords "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

Legal basis

Since 2009, the so-called "Cookie Directive" has been in effect. This directive stipulates that storing cookies requires your consent (Article 6(1)(a) GDPR). However, reactions to this directive vary considerably across EU countries. In Austria, the directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directive was not transposed into national law. Instead, it was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for this.

Unless strictly necessary, cookies are only used with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections will provide you with more detailed information about the use of cookies, if the software used employs cookies.

Web hosting

Web hosting summary 👥 Affected: Visitors to the website 🤝 Purpose: professional website hosting and operational security 📓 Data processed: IP address, time of website visit, browser used, and other data. More details can be found below or on the website of your web hosting provider. 📅 Storage duration: depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only with justification. By "website," we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean, for example, example.de or sample.com.

If you want to view a website on a screen, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and time-consuming task, which is why it's usually handled by professional providers, or hosting providers. These providers offer web hosting and thus ensure the reliable and error-free storage of website data.

When your browser connects to the web server (desktop, laptop, smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.

To illustrate:

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or pursuit of claims.

What data is processed?

Even while you are currently visiting our website, our web server, that is the computer on which this website is stored, usually automatically saves data such as

• the complete internet address (URL) of the accessed website (e.g. https://www.examplewebsite.de/examplesubpage.html?tid=111824947)
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.de/fromwhereIcame.html/)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

The data mentioned above is generally stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that authorities may access it in the event of unlawful activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting from a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising therefrom.

Checkdomain Privacy Policy

We use Checkdomain, a web hosting provider, for our website. The service provider is the German company checkdomain GmbH, Große Burgstraße 27/29, 23552 Lübeck, Germany. You can find more information about the data processed through the use of Checkdomain in their privacy policy at https://www.checkdomain.de/agb/datenschutz/ .

Facebook Pixel Privacy Policy

We use the Facebook pixel on our website. We have implemented a code snippet on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions allowing Facebook to track your user actions if you arrived at our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with the data in your Facebook account. Facebook then deletes this data. The collected data is anonymous to us and cannot be viewed; it is only used for advertising purposes. If you are a Facebook user and are logged in, your visit to our website will be automatically associated with your Facebook user account.

We want to show our services and products only to people who are genuinely interested. Using the Facebook pixel, our advertising can be better tailored to your needs and interests. This allows Facebook users (provided they have allowed personalized advertising) to see relevant ads. Facebook also uses the collected data for analysis and its own advertising purposes.

Below, we show you the cookies that were set by integrating the Facebook pixel on a test page. Please note that these are only example cookies. Different cookies will be set depending on your interactions on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6111824947-7
Purpose: This cookie is used by Facebook to display advertising products.
Expiry date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used to ensure that the Facebook pixel functions properly.
Expiry date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062111824947-3
Value: Author's name
Purpose: This cookie stores the text and name of a user who, for example, leaves a comment.
Expiry date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (Author's URL)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiry date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Author's email address
Purpose: This cookie stores the user's email address, provided they have entered it on the website.
Expiry date: after 12 months

Note: The cookies mentioned above relate to individual user behavior. Changes to Facebook's use of cookies are always possible.

If you are logged into Facebook, you can change your ad preferences yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can generally manage your online behavioral advertising at http://www.youronlinechoices.com/de/praferenzmanagement/ . There you have the option to deactivate or activate providers.

Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is primarily carried out via Facebook pixels. This may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data points. It is also possible that this data may be linked to data from other Facebook services where you have a user account.

If you would like to learn more about Facebook's data protection practices, we recommend that you consult the company's own data policy at https://www.facebook.com/policy.php .

Facebook Automatic Advanced Matching Privacy Policy

We have also activated Automatic Advanced Matching as part of the Facebook Pixel function. This pixel function allows us to send hashed email addresses, names, genders, cities, states, postal codes, dates of birth, and phone numbers to Facebook as additional information, provided you have given us this data. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy. 📅 Storage duration: depends on the properties used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the Google Analytics (GA) tracking tool from the American company Google Inc. on our website. For the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. Below, we explain the tracking tool in more detail, focusing on what data is stored and how you can prevent this.

Google Analytics is a tracking tool used to analyze website traffic. For Google Analytics to function, a tracking code is embedded in our website's code. When you visit our website, this code records various actions you perform. Once you leave our website, this data is sent to and stored on Google Analytics servers.

Google processes the data and we receive reports about your user behavior. These may include, among other things, the following reports:

• Target group reports: Through target group reports, we get to know our users better and know more precisely who is interested in our service.
• Ad reports: Ad reports help us to analyze and improve our online advertising more easily.
• Acquisition reports: Acquisition reports give us helpful information about how we can attract more people to our service.
• Behavior reports: Here we learn how you interact with our website. We can track your path on our site and which links you click.
• Conversion reports: A conversion is a process where you perform a desired action as a result of a marketing message. For example, when you go from being a website visitor to a customer or newsletter subscriber. These reports help us understand how our marketing efforts are performing for you, which is how we aim to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of our website's strengths and weaknesses. On the one hand, we can optimize our site so that it's easier for interested people to find it on Google. On the other hand, the data helps us understand you, our visitors, better. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to make our advertising and marketing efforts more targeted and cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a returning user. All collected data is stored along with this user ID. This is what makes it possible to analyze pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is used by default. Alternatively, you can also create the Universal Analytics property. Data is stored for varying lengths of time depending on the property used.

Your interactions on our website are measured using identifiers such as cookies and app instance IDs. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152111824947-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Its primary function is to distinguish website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152111824947-1
Purpose: The cookie also serves to distinguish website visitors.
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiry date: after 1 minute

Name: AMP_TOKEN
Value: not specified
Purpose: The cookie contains a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values ​​indicate a logout, a request, or an error.
Expiry date: after 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie allows us to track your behavior on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years

Name: __utmt
Value: 1
Purpose: This cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiry date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated each time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. It is a session cookie and is only stored until you close your browser.
Expiry date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of visitor traffic to our website. In other words, the cookie stores where you came from. This could be another website or an advertisement.
Expiry date: after 6 months

Name: __utmv
Value: not specified
Purpose: This cookie is used to store user-defined data. It is updated whenever information is sent to Google Analytics.
Expiry date: after 2 years

Note: This list is not exhaustive, as Google frequently changes its choice of cookies.

Here we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. These heatmaps show exactly which areas you click on. This gives us information about where you are on our website.

Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate : A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no unique identification is possible.

Location: Your country and approximate location can be determined via your IP address. This process is also known as IP geolocation.

Technical information: This includes, among other things, your browser type, your internet service provider, and your screen resolution.

Source of origin: Google Analytics; we are of course also interested in which website or advertisement you came to our site via.

Other data collected includes contact information, any ratings, media playback (e.g., when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where will the data be stored?

Google has distributed its servers all over the world. Most of these servers are located in America, and consequently, your data is mostly stored on American servers. You can find detailed information about the locations of Google's data centers here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical storage devices. This has the advantage of faster data retrieval and better protection against manipulation. Each Google data center has corresponding emergency backup programs for your data. Even if, for example, Google's hardware fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other event data, we have the option to choose a retention period of either 2 or 14 months.

For Universal Analytics properties, Google Analytics has a default user data retention period of 26 months. After this period, your user data is deleted. However, we have the option to choose the user data retention period ourselves. We have five options available for this:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

Additionally, there is the option to have data deleted only if you do not visit our website within the period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored separately from user data. Aggregated data is a combination of individual data points into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete, or restrict the processing of your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on fromhttps://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to disable, delete or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

The use of Google Analytics requires your consent, which we obtained via our cookie popup. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to obtaining your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Using Google Analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use Google Analytics if you have given your consent.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

We hope we have provided you with the most important information regarding data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de .

Google Tag Manager Privacy Policy

Google Tag Manager Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Organization of the individual tracking tools 📓 Data processed: The Google Tag Manager itself does not store any data. The data is collected by the tags of the web analytics tools used. 📅 Storage duration: depends on the web analytics tool used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is the Google Tag Manager?

We use Google Tag Manager from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through Google Tag Manager, we can centrally integrate and manage code snippets from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what the Google Tag Manager does, why we use it, and in what form data is processed.

The Google Tag Manager is an organizational tool that allows us to centrally integrate and manage website tags via a single user interface. Tags are small snippets of code that, for example, record (track) your activity on our website. This is achieved by inserting JavaScript code snippets into our website's source code. These tags often originate from Google products like Google Ads or Google Analytics, but tags from other companies can also be integrated and managed through the manager. Such tags perform various functions. They can collect browser data, feed data into marketing tools, integrate buttons, set cookies, and even track users across multiple websites.

Why do we use Google Tag Manager for our website?

As they say, organization is half the battle! And that certainly applies to maintaining our website. To make our website as user-friendly as possible for you and everyone interested in our products and services, we need various tracking tools, such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services, and which people we should show our offers to. For this tracking to work, we need to integrate the corresponding JavaScript code into our website. We could, in principle, insert each code snippet for the individual tracking tools separately into our source code. However, this is quite time-consuming, and it's easy to lose track. That's why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one central location. Furthermore, Google Tag Manager offers an easy-to-use interface, and no programming knowledge is required. This allows us to keep our tag jungle organized.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set cookies or store any data. It merely acts as a "manager" of the implemented tags. The data is collected by the individual tags of the various web analytics tools. The data is essentially routed through the Google Tag Manager to the individual tracking tools and is not stored there.

However, the situation is quite different with the embedded tags of various web analytics tools, such as Google Analytics. Depending on the analytics tool, various data about your web behavior are usually collected, stored, and processed using cookies. Please read our privacy policies for the individual analytics and tracking tools we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. This only pertains to the use of our Tag Manager and not to your data stored via the code snippets. We are allowing Google and others to receive selected data in anonymized form. We therefore consent to the anonymous sharing of our website data. Despite extensive research, we have not been able to determine exactly which aggregated and anonymous data is shared. In any case, Google deletes all information that could identify our website. Google aggregates this data with hundreds of other anonymous website data points and creates user trends as part of benchmarking. Benchmarking involves comparing your own results with those of your competitors. Processes can be optimized based on the collected information.

How long and where will the data be stored?

When Google stores data, this data is stored on Google's own servers. These servers are distributed around the world, with most located in the United States. You can find detailed information about the locations of Google's servers at https://www.google.com/about/datacenters/inside/locations/?hl=de .

For information on how long the individual tracking tools store your data, please refer to our individual privacy policies for each tool.

How can I delete my data or prevent data storage?

The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy policies for the individual tracking tools, you will find detailed information on how to delete or manage your data.

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

Legal basis

The use of Google Tag Manager requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Google Tag Manager helps us improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use Google Tag Manager if you have given your consent.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

If you would like to learn more about Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html .

Email marketing

Email Marketing Summary 👥 Affected: Newsletter subscribers 🤝 Purpose: Direct marketing via email, notification of system-relevant events 📓 Data processed: Data entered during registration, but at least the email address. More details can be found in the documentation for the respective email marketing tool used. 📅 Storage period: Duration of the subscription ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is email marketing?

To keep you up to date, we also use email marketing. If you have consented to receive our emails or newsletters, your data will be processed and stored. Email marketing is a sub-area of ​​online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested in them.

If you would like to participate in our email marketing (usually via newsletter), you normally only need to register with your email address. To do this, you fill out an online form and submit it. However, we may also ask you for information such as your title and name so that we can address you personally.

Newsletter subscriptions generally work using the so-called "double opt-in" process. After you register for our newsletter on our website, you will receive an email to confirm your subscription. This ensures that the email address belongs to you and that no one has registered using someone else's email address. We, or a notification tool we use, logs each individual registration. This is necessary so that we can prove the legally compliant registration process. The log typically records the time of registration, the time of confirmation, and your IP address. Additionally, any changes you make to your saved data are also logged.

Why do we use email marketing?

We naturally want to stay in touch with you and keep you up-to-date on the latest news about our company. For this, we use email marketing – often simply called a "newsletter" – as a key component of our online marketing strategy. If you consent or if it is legally permitted, we will send you newsletters, system emails, or other notifications via email. When we use the term "newsletter" in the following text, we primarily mean regularly sent emails. Of course, we don't want to bother you with our newsletters in any way. That's why we always strive to offer only relevant and interesting content. For example, you'll learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed about any new developments or special, attractive promotions. If we use a service provider with a professional email marketing tool, we do so to ensure we can deliver our newsletters to you quickly and securely. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your title, name, address, and telephone number may also be stored. However, this only happens if you consent to this data storage. The data marked as such is necessary for you to participate in the offered service. Providing this information is voluntary; however, failure to provide it will prevent you from using the service. Information about your device or your preferred content on our website may also be stored. You can find more information about data storage when you visit a website in the section "Automatic Data Storage." We record your declaration of consent so that we can always demonstrate that it complies with our legal obligations.

Duration of data processing

If you unsubscribe from our email/newsletter mailing list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at the time. We may only process this data if we need to defend ourselves against potential claims.

However, if you confirm that you have given us your consent to subscribe to our newsletter, you can submit an individual deletion request at any time. If you permanently withdraw your consent, we reserve the right to store your email address on a suppression list. As long as you have voluntarily subscribed to our newsletter, we will, of course, retain your email address.

Right to object

You can unsubscribe from our newsletter at any time. Simply withdraw your consent to receive it. This usually only takes a few seconds or one or two clicks. You'll typically find an unsubscribe link at the bottom of every email. If you can't find the link in the newsletter, please contact us by email and we'll unsubscribe you immediately.

Legal basis

We send our newsletter based on your consent (Article 6(1)(a) GDPR). This means we can only send you a newsletter if you have actively subscribed beforehand. We may also send you promotional messages based on Section 7(3) of the German Unfair Competition Act (UWG), provided you have become our customer and have not objected to the use of your email address for direct marketing.

Information on specific email marketing services and how they process personal data can be found – if available – in the following sections.

Online marketing

Online Marketing Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. Further details can be found in the documentation for the respective online marketing tool used. 📅 Storage duration: depends on the online marketing tools used. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is online marketing?

Online marketing encompasses all measures taken online to achieve marketing goals such as increasing brand awareness or closing a sale. Furthermore, our online marketing efforts aim to drive traffic to our website. We engage in online marketing to showcase our offerings to a wide audience of interested individuals. This typically involves online advertising, content marketing, and search engine optimization (SEO). To ensure our online marketing is efficient and targeted, we also store and process personal data. This data helps us to show our content only to those who are genuinely interested in it, and it also allows us to measure the success of our online marketing campaigns.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in our offerings. We understand that this isn't possible without deliberate measures. That's why we engage in online marketing. Various tools are available to simplify our online marketing efforts and provide us with ongoing data-driven suggestions for improvement. This allows us to target our campaigns more precisely to our audience. Ultimately, the purpose of these online marketing tools is to optimize our offerings.

What data is processed?

To ensure our online marketing works effectively and the success of our campaigns can be measured, user profiles are created and data is stored, for example, in cookies (small text files). This data allows us not only to display traditional advertising but also to personalize the content on our website to your liking. Various third-party tools offer these functions and, accordingly, collect and store your data. These cookies store information such as which pages you visited on our website, how long you viewed them, which links or buttons you clicked, and which website referred you to us. Technical information may also be stored, such as your IP address, the browser you are using, the device you are using to access our website, and the time you entered and left our site. If you have consented to us determining your location, we can also store and process this information.

Your IP address is stored in pseudonymized (i.e., shortened) form. Unique data that directly identifies you as an individual, such as your name, address, or email address, is also stored only in pseudonymized form for advertising and online marketing purposes. Therefore, we cannot identify you as an individual; we only store the pseudonymized information in the user profiles.

The cookies may also be used, analyzed, and used for advertising purposes on other websites that use the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique identifiers (names, email addresses, etc.) may also be stored in user profiles. This occurs, for example, if you are a member of a social media channel that we use for our online marketing activities and the network links previously received data to the user profile.

With all the advertising tools we use that store your data on their servers, we only ever receive aggregated information and never data that identifies you as an individual. The data simply shows how well our advertising campaigns performed. For example, we can see which measures motivated you or other users to visit our website and purchase a service or product. Based on these analyses, we can improve our advertising in the future and tailor it even more precisely to the needs and desires of interested individuals.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. Generally, we only process personal data for as long as is absolutely necessary for providing our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. You can usually find detailed information about the specific cookies used by each provider in their respective privacy policies.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of the processing up to the point of withdrawal remains unaffected.

Since online marketing tools typically use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by online marketing tools.

We also have a legitimate interest in measuring online marketing activities in anonymized form in order to optimize our offerings and measures using the data obtained. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use these tools if you have given your consent.

Information on specific online marketing tools can be found – if available – in the following sections.

Google Ads (Google AdWords) Conversion Tracking Privacy Policy

Google Ads (Google AdWords) Conversion Tracking Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: economic success and the optimization of our service performance. 📓 Data processed: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage period: Conversion cookies typically expire after 30 days and do not transmit any personal data. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Ads conversion tracking?

We use Google Ads (formerly Google AdWords) as an online marketing tool to promote our products and services. Our goal is to raise awareness of the high quality of our offerings among more people online. As part of our Google Ads advertising efforts, we use conversion tracking from Google Inc. on our website. However, in Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This free tracking tool allows us to better tailor our advertising to your interests and needs. The following article explains in more detail why we use conversion tracking, what data is stored, and how you can prevent this data storage.

Google Ads (formerly Google AdWords) is Google Inc.'s own online advertising system. We are confident in the quality of our offering and want as many people as possible to discover our website. Google Ads provides the best platform for this online. Naturally, we also want to gain a precise overview of the cost-benefit ratio of our advertising campaigns. Therefore, we use the Google Ads conversion tracking tool.

But what exactly is a conversion? A conversion occurs when you go from being a purely interested website visitor to taking action. This happens whenever you click on our ad and then perform another action, such as visiting our website. With Google's conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used, or whether users have subscribed to our newsletter.

Why do we use Google Ads conversion tracking on our website?

We use Google Ads to promote our offerings on other websites. Our goal is to ensure that our advertising campaigns reach only those people who are genuinely interested in our products or services. With the conversion tracking tool, we can see which keywords, ads, ad groups, and campaigns lead to the desired customer actions. We can see how many customers interact with our ads on a single device and then complete a conversion. This data allows us to calculate our cost-benefit ratio, measure the success of individual advertising campaigns, and consequently optimize our online marketing efforts. Furthermore, we can use the data we gather to make our website more engaging for you and tailor our advertising even more precisely to your needs.

What data is stored in Google Ads conversion tracking?

We have integrated a conversion tracking tag or code snippet into our website to better analyze certain user actions. When you click on one of our Google Ads, a "Conversion" cookie from a Google domain is stored on your computer (usually in your browser) or mobile device. Cookies are small text files that store information on your computer.

Here is the data for the most important cookies used by Google for conversion tracking:

Name: Conversion
Value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ111824947-3
Purpose: This cookie stores every conversion you make on our site after coming to us via a Google Ad.
Expiry date: after 3 months

Name: _gac
Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE
Purpose: This is a classic Google Analytics cookie and is used to record various actions on our website.
Expiry date: after 3 months

Note: The _gac cookie appears to only be used in connection with Google Analytics. The list above is not exhaustive, as Google also uses other cookies for analytical purposes.

As soon as you complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. As long as you are browsing our website and the cookie has not yet expired, we and Google recognize that you found us via our Google Ads ad. The cookie is read and sent back to Google Ads along with the conversion data. It is also possible that other cookies are used to measure conversions. Google Ads conversion tracking can be further refined and improved using Google Analytics. For ads that Google displays in various locations on the web, cookies named “__gads” or “_gac” may be set under our domain. Since September 2017, various campaign information from analytics.js has been stored using the _gac cookie. This cookie stores this data as soon as you visit one of our pages for which Google Ads automatic tagging has been enabled. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report from Google containing statistical analyses. This tells us, for example, the total number of users who clicked on our ad and which advertising measures were successful.

How long and where will the data be stored?

At this point, we would like to emphasize that we have no control over how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personally identifiable information. The cookies named "Conversion" and "_gac" (which is used in conjunction with Google Analytics) have an expiration date of 3 months.

How can I delete my data or prevent data storage?

You have the option to opt out of Google Ads conversion tracking. If you disable the Google conversion tracking cookie in your browser, you will block conversion tracking. In this case, you will not be included in the tracking tool's statistics. You can change your browser's cookie settings at any time. The process varies slightly depending on the browser. Here are instructions on how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. Downloading and installing this browser plug-in from https://support.google.com/ads/answer/7395996 will also disable all advertising cookies. Please note that disabling these cookies will not prevent advertisements from being displayed, but only personalized advertising.

Legal basis

If you have consented to the use of Google Ads Conversion Tracking, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during the collection of data by Google Ads Conversion Tracking.

We also have a legitimate interest in using Google Ads Conversion Tracking to optimize our online service and marketing activities. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use Google Ads Conversion Tracking if you have given your consent.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

If you would like to learn more about data protection at Google, we recommend Google's general privacy policy: https://policies.google.com/privacy?hl=de .

Cookie Consent Management Platform

Cookie Consent Management Platform Summary 👥 Affected: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Data processed: Data for managing cookie settings, such as IP address, time of consent, type of consent, and individual consents. More details can be found in the documentation for each tool used. 📅 Storage duration: Depends on the tool used; expect periods of several years. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website to facilitate the correct and secure handling of scripts and cookies for both you and us. The software automatically generates a cookie popup, scans and controls all scripts and cookies, provides you with the legally required cookie consent, and helps us and you maintain an overview of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide which scripts and cookies you allow or block. The following graphic illustrates the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the greatest possible transparency regarding data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we don't have to ask you every time you visit our website and so that we can prove your consent if legally required. This is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, details about the cookie categories or tools, browser, and device information) is usually stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. Generally, we only process personal data for as long as is absolutely necessary for providing our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; you should usually expect a storage period of several years. You can generally find detailed information about the duration of data processing in the respective privacy policies of the individual providers.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information on specific cookie management tools can be found – if available – in the following sections.

Legal basis

If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies based on your consent (Article 6(1)(a) GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. To manage cookie consent and enable you to grant it, we use cookie consent management platform software. The use of this software allows us to operate the website efficiently and in compliance with the law, which constitutes a legitimate interest (Article 6(1)(f) GDPR).

Payment providers

Payment provider privacy policy summary 👥 Affected: Visitors to the website 🤝 Purpose: To enable and optimize the payment process on our website 📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data More details can be found in the respective payment provider tool. 📅 Storage duration: depends on the payment provider used ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that ensure a secure and seamless payment process for both you and us. This may involve sending, storing, and processing personal data with the respective payment provider. These payment providers are online payment systems that allow you to place an order via online banking. The payment processing is handled by your chosen payment provider, and we subsequently receive confirmation of the payment. This method is available to any user with an active online banking account and PIN/TAN authentication. Very few banks still offer or accept such payment methods.

Why do we use payment providers on our website?

Naturally, we want to offer the best possible service with our website and integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is valuable and that payment processing, in particular, needs to be quick and seamless. For this reason, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

The exact data processed depends, of course, on the specific payment provider. However, data such as name, address, and bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary to process a transaction. Additionally, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is generally stored and processed on the payment providers' servers. We, as website operators, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. All payment transactions are always subject to the terms and conditions and privacy policies of the respective provider. Therefore, please always review the payment provider's terms and conditions and privacy policy. You also have the right to have your data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right of access, and data subject rights).

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents pertaining to a contract (invoices, contracts, bank statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are generated.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible parties at the payment provider you are using. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, disable, or manage cookies used by payment providers in your browser. The process varies depending on your browser. Please note, however, that this may prevent the payment process from working.

Legal basis

We therefore offer services for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) In addition to traditional banks and credit institutions, other payment service providers are also offered. The privacy policies of the individual payment providers (such as Amazon Payments , Apple Pay , or Discover ) provide you with a detailed overview of data processing and storage. Furthermore, you can always contact the responsible parties with any questions regarding data protection issues.

Information on specific payment providers can be found – if available – in the following sections.

Amazon Payments Privacy Policy

We use Amazon Payments, an online payment service, on our website. The service provider is the American company Amazon.com Inc. For the European region, Amazon Payments Europe SCA (38 Avenue JF Kennedy, L-1855 Luxembourg) is responsible.

Amazon also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Amazon uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. These clauses oblige Amazon to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

For more information about the data processed through the use of Amazon Payments, please see the Privacy Policy at https://pay.amazon.de/help/201212490 .

EPS transfer privacy policy

We use eps-Überweisung, an online payment service, on our website. The service provider is the Austrian company Stuzza GmbH, Frankgasse 10/8, 1090 Vienna, Austria. You can find more information about the data processed through the use of eps-Überweisung in the privacy policy at https://eservice.stuzza.at/de/datenschutzerklaerung.html .

giropay Privacy Policy

We use the online payment provider giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany. You can find more information about the data processed through the use of giropay in the privacy policy at https://www.giropay.de/rechtliches/datenschutzerklaerung/ .

Google Pay Privacy Policy

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

You can find out more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy .

Mastercard Privacy Policy

We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. For the European region, the company responsible is Mastercard Europe SA (Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium).

Mastercard also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.

Mastercard uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. These clauses oblige Mastercard to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

You can find out more about the data processed through the use of Mastercard in the Privacy Policy at https://www.mastercard.de/de-de/datenschutz.html .

PayPal Privacy Statement

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. For the European region, PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible.

PayPal also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.

PayPal uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for transferring data to such countries. These clauses oblige PayPal to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

You can find out more about the data processed through the use of PayPal in the Privacy Policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Klarna Checkout Privacy Policy

Klarna Checkout Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize the payment process on our website 📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details below in this privacy policy. 📅 Storage period: Data is stored as long as Klarna needs it for the processing purpose. ⚖️ Legal basis: Art. 6 para. 1 lit. c GDPR (Legal obligation), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Klarna Checkout?

We use the Klarna Checkout online payment system from the Swedish company Klarna Bank AB on our website. Klarna Bank is headquartered at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose to use this service, personal data will be sent to, stored, and processed by Klarna. This privacy policy provides you with an overview of Klarna's data processing practices.

Klarna Checkout is a payment system for online orders. The user selects their payment method, and Klarna Checkout handles the entire payment process. Once a user has made a payment through the checkout system and entered their information, future online purchases can be completed even faster and more easily. The Klarna system recognizes the existing customer as soon as their email address and postal code are entered.

Why do we use Klarna Checkout for our website?

Our goal with our website and integrated online shop is to offer you the best possible service. This includes not only the overall website experience and our products, but also smooth, fast, and secure payment processing for your orders. To guarantee this, we use the Klarna Checkout payment system.

What data does Klarna Checkout store?

As soon as you choose Klarna as your payment service and pay using the Klarna Checkout payment method, you also transmit personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our website address, date and time, language settings, time zone settings, and IP address are collected from you and transmitted to Klarna's servers, where they are stored. This data is stored even if you have not yet completed an order.

When you order a product or service through our shop, you must enter your personal data in the designated fields. This data is processed by Klarna for payment processing. Specifically, the following personal data (as well as general product information) may be stored and processed by Klarna for creditworthiness and identity verification:

• Contact information: Name, date of birth, national ID number, title, billing and shipping address, email address, telephone number, nationality or salary.
• Payment information such as credit card details or your account number
• Product information such as tracking number, type of item and price of the product

In addition, there is also data that can be collected optionally, provided you consciously choose to do so. This includes, for example, political, religious, or philosophical beliefs, or various health data.

In addition to the data mentioned above, Klarna may also collect data about the goods or services you purchase or order, either directly or through third parties (such as us or public databases). This could include, for example, the tracking number or the type of item ordered, as well as information about your creditworthiness, income, or credit history. Klarna may also share your personal data with service providers such as software providers, data storage providers, or us as the merchant.

When data is automatically entered into a form, cookies are always involved. If you don't want to use this function, you can deactivate these cookies at any time. Further down in the text, you will find instructions on how to delete, deactivate, or manage cookies in your browser. Our tests have shown that Klarna does not set any cookies directly. If you select the payment method "Klarna Sofort" and click "Order," you will be redirected to the Sofort website. After successful payment, you will be taken to our thank-you page. There, Sofort.com sets the following cookie:

Name : SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7111824947-4
Purpose: This cookie stores your session ID.
Expiry date: after the browser session ends

How long and where will the data be stored?

Klarna strives to store your data only within the EU or the European Economic Area (EEA). However, it is possible that data may be transferred outside the EU/EEA. If this occurs, Klarna ensures that data protection complies with the GDPR and that the third country is subject to an adequacy decision by the European Union. The data is always stored for as long as Klarna needs it for the processing purpose.

How can I delete my data or prevent data storage?

You can withdraw your consent to Klarna processing your personal data at any time. You also always have the right to access, correct, and delete your personal data. To do so, simply contact the company or its data protection team by email at datenschutz@klarna.de . You can also contact Klarna directly via the "My Data Protection Request" page on the Klarna website.

You can delete, disable, or manage cookies that Klarna may use for its functions in your browser. The process varies depending on the browser you use. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

We therefore offer services for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) In addition to traditional banks/credit institutions, we also offer the payment service provider Klarna Checkout.

We hope we have provided you with a good overview of data processing by Klarna. If you would like to learn more about how your data is handled, we recommend that you read Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy .

Stripe Privacy Policy

Stripe Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize the payment process on our website 📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details further down in this privacy policy. 📅 Storage period: Data is stored until the collaboration with Stripe is terminated. ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. a GDPR (consent)

What is Stripe?

We use a payment tool from the American technology company and online payment service Stripe on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data necessary for the payment process will be transferred to and stored by Stripe. In this privacy policy, we provide you with an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

The technology company Stripe offers payment solutions for online transactions. With Stripe, we can accept credit and debit card payments in our online shop. Stripe handles the entire payment process. A major advantage of Stripe is that you never have to leave our website or shop during the payment process, and payment processing is very fast.

Why do we use Stripe for our website?

Naturally, we want to offer the best possible service with our website and integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is valuable, and therefore payment processing, in particular, must be quick and seamless. In addition to our other payment providers, we have partnered with Stripe, which guarantees secure and fast payment processing.

What data does Stripe store?

If you choose Stripe as your payment method, your personal data will also be transmitted to and stored by Stripe. This includes transaction data such as the payment method (credit card, debit card, or bank account number), bank code, currency, amount, and date of payment. During a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Furthermore, for fraud prevention, financial reporting, and to fully provide its services, Stripe may also collect your name, address, phone number, and country, in addition to technical data about your device (such as IP address).

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies unrelated to Stripe. However, data may be shared with internal departments, a limited number of external Stripe partners, or to comply with legal requirements. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456111824947-5
Purpose: This cookie appears when you select your payment method. It stores and recognizes whether you are accessing our website via a PC, tablet, or smartphone.
Expiry date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9111824947-1
Purpose: This cookie is required to process a credit card transaction. It stores your session ID for this purpose.
Expiry date: after one year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Purpose: This cookie also stores your ID and is used by Stripe for the payment process on our website.
Expiry date : after the session ends

How long and where will the data be stored?

Personal data is generally stored for the duration of the service provision. This means the data is stored until we terminate our collaboration with Stripe. However, to comply with legal and regulatory obligations, Stripe may also store personal data beyond the duration of the service provision. Since Stripe is a global company, the data may also be stored in any country where Stripe offers its services. This means data may also be stored outside your country, for example, in the USA.

How can I delete my data or prevent data storage?

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the Stripe team at any time via https://support.stripe.com/contact/email .

You can delete, disable, or manage cookies that Stripe uses for its functions in your browser. The process varies depending on your browser. Please note, however, that this may prevent the payment process from working. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

We therefore offer services for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) In addition to traditional banks/credit institutions, we also offer the payment service provider Sofortüberweisung. Successful use of this service also requires your consent (Art. 6 para. 1 lit. a GDPR). , insofar as the use of cookies requires their permission.

Stripe processes data in the USA, among other locations. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Stripe uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. These clauses oblige Stripe to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

We have now given you a general overview of how Stripe processes and stores data. If you would like more detailed information, the comprehensive Stripe privacy policy at https://stripe.com/at/privacy is a good resource.

Instant bank transfer Privacy policy

Instant bank transfer Privacy policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize the payment process on our website 📓 Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data You can find more details below in the privacy policy. 📅 Storage period: Data is stored within the legally required retention period. ⚖️ Legal basis: Art. 6 para. 1 lit. c GDPR (Legal obligation), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is an "instant bank transfer"?

We offer the "Sofortüberweisung" payment method from Sofort GmbH on our website for cashless payments. Sofort GmbH has been part of the Swedish company Klarna since 2014, but its headquarters are located in Germany at Theresienhöhe 12, 80339 Munich.

If you choose this payment method, personal data will be transmitted to, stored by, and processed by Sofort GmbH or Klarna. This privacy notice provides you with an overview of data processing by Sofort GmbH.

Sofortüberweisung (Instant Bank Transfer) is an online payment system that allows you to place an order via online banking. The payment processing is handled by Sofort GmbH, and we receive immediate confirmation of the payment. This method is available to any user with an active online banking account and PIN/TAN authentication. Only a few banks still do not support this payment method.

Why do we use "Sofortüberweisung" on our website?

Our goal with our website and integrated online shop is to offer you the best possible service. This includes not only the overall website experience and our products, but also smooth, fast, and secure payment processing for your orders. To guarantee this, we use "Sofortüberweisung" (instant bank transfer) as our payment system.

What data is stored by "Sofortüberweisung"?

When you make an instant bank transfer using the Sofort/Klarna service, data such as your name, account number, bank code, subject, amount, and date are stored on the company's servers. We also receive this information via the payment confirmation.

As part of the account coverage check, Sofort GmbH verifies whether your account balance and overdraft limit cover the payment amount. In some cases, it also checks whether Sofort transfers have been successfully completed within the last 30 days. Furthermore, your user identification (such as account number or contract number) in abbreviated ("hashed") form and your IP address are collected and stored. For SEPA transfers, the BIC and IBAN are also stored.

According to the company, no other personal data (such as account balances, sales data, credit limits, account lists, mobile phone number, authentication certificates, security codes or PIN/TAN) is collected, stored or passed on to third parties.

Sofortüberweisung also uses cookies to make its service more user-friendly. When you order a product, you will be redirected to the Sofort or Klarna website. After successful payment, you will be redirected to our thank-you page. The following three cookies are set here:

Name : SOFUEB
Value: e8cipp378mdscn9e17kajlfhv7111824947-5
Purpose: This cookie stores your session ID.
Expiry date: after the browser session ends

Name : User[user_cookie_rules]
Value: 1
Purpose: This cookie stores your consent to the use of cookies.
Expiry date: after 10 years

Name: _ga
Value: GA1.2.69759879.1589470706
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. This is primarily used to distinguish website visitors. This is a cookie from Google Analytics.
Expiry date: after 2 years

Note: The list of cookies provided here is not exhaustive. Sofortüberweisung may use other cookies as well.

How long and where will the data be stored?

All collected data will be stored within the legally required retention period. This period can last between three and ten years.

Klarna/Sofort GmbH attempts to store data only within the EU or the European Economic Area (EEA). If data is transferred outside the EU/EEA, data protection must comply with the GDPR and the country must be included in an adequacy decision by the EU.

How can I delete my data or prevent data storage?

You can withdraw your consent to Klarna processing your personal data at any time. You also always have the right to access, correct, and delete your personal data. To do so, simply contact the company's data protection team by email at datenschutz@sofort.com.

You can manage, delete, or disable cookies used by Sofortüberweisung in your browser. The process varies depending on your browser. The following instructions show how to manage cookies in the most common browsers:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

We therefore offer services for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR) In addition to traditional banks/credit institutions, we also offer the payment service provider Sofortüberweisung. Successful use of this service also requires your consent (Art. 6 para. 1 lit. a GDPR). , insofar as the use of cookies requires their permission.

If you would like to learn more about data processing by the "Sofortüberweisung" service of Sofort GmbH, we recommend that you read the privacy policy at https://www.sofort.de/datenschutz.html .

Social Media

Social Media Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To present and optimize our services, to contact visitors, potential customers, etc., and to advertise. 📓 Data processed: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device and your IP address. More details can be found in the respective social media tool used. 📅 Storage duration: depends on the social media platforms used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. This may involve processing user data so that we can specifically target users who are interested in our content via social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This is the case, for example, when you click a "social button" on our website and are redirected directly to our social media profile. Social media platforms are websites and apps through which registered members can create content, share content openly or within specific groups, and connect with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to introduce our products and services to potential customers. The social media elements integrated into our website help you quickly and easily access our social media content.

The data collected and processed through your use of a social media channel primarily serves the purpose of web analytics. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to draw conclusions about your interests and create user profiles. This allows the platforms to present you with tailored advertisements. Cookies are usually placed in your browser for this purpose, storing data about your browsing behavior.

We generally assume that we remain responsible under data protection law even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 GDPR. Where this is the case, we will indicate this separately and operate on the basis of a corresponding agreement. The essential elements of the agreement are then reproduced below under the relevant platform.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective social media platform provider. However, it typically includes data such as phone numbers, email addresses, information you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Specifically, if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the provider's servers. Therefore, only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to this data processing, you should carefully read the respective company's privacy policy. If you have any questions about data storage and processing or wish to exercise your rights, we also recommend contacting the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with our own user data is deleted within two days. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party services such as embedded social media elements at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . In principle, if consent has been given, your data will also be stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Information on specific social media platforms – if available – can be found in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as customer data, user behavior data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until the data is no longer useful for Facebook's purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to provide you and others interested in our products and services with the best possible experience.

If your data is collected and forwarded via our embedded Facebook elements or our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone is responsible for the further processing of this data. Our joint obligations are also enshrined in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum . This agreement stipulates, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a data protection-compliant manner. Facebook, on the other hand, is responsible for the data security of Facebook products. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you direct your question to us, we are obligated to forward it to Facebook.

Below we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called "Facebook Business Tools." This is Facebook's official name. However, since the term is hardly known, we have decided to simply call them Facebook Tools. These include, among other things:

• Facebook Pixel
• social plug-ins (such as the "Like" or "Share" button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interfaces)
• SDKs (Collection of programming tools)
• Platform integrations
• Plugins
• Codes
• Specifications
• Documentation
• Technologies and services

These tools allow Facebook to expand its services and obtain information about user activity outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are genuinely interested. Facebook ads allow us to reach precisely these people. However, to show users relevant ads, Facebook needs information about their needs and desires. Therefore, we provide the company with information about user behavior (and contact details) on our website. This allows Facebook to gather better user data and show interested people relevant ads for our products and services. These tools thus enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as "event data." This data is also used for measurement and analytics services. Facebook can then create "campaign reports" on our behalf about the effectiveness of our advertising campaigns. Furthermore, these analyses give us a better understanding of how you use our services, website, or products. We use some of these tools to optimize your user experience on our website. For example, you can use social plugins to share content from our site directly on Facebook.

What data is stored by Facebook tools?

Using certain Facebook tools may result in personal data (customer data) being sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address may be transmitted.

Facebook uses this information to match the data it already holds about you (if you are a Facebook member). Before customer data is transmitted to Facebook, it undergoes a process called "hashing." This means that any data set of any size is transformed into a string of characters. This also serves to encrypt the data.

In addition to contact information, "event data" is also transmitted. "Event data" refers to information we receive about you on our website, such as which subpages you visit or which products you purchase. Facebook does not share this information with third parties (such as advertisers) unless it has explicit permission or is legally obligated to do so. "Event data" can also be linked to contact information. This allows Facebook to offer more personalized advertising. After the aforementioned matching process, Facebook deletes the contact data.

To optimize ad delivery, Facebook uses event data only when it has been combined with other data (collected by Facebook through other means). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data and information in browsers. Depending on the tools used and whether you are a Facebook member, a varying number of cookies will be placed in your browser. We provide more detailed information about individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies .

How long and where will the data be stored?

Generally, Facebook stores data until it is no longer needed for its own services and products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with the company's own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation (GDPR), you have the right to access, rectification, portability and erasure of your data.

Your data will only be completely deleted if you delete your Facebook account entirely. Here's how to delete your Facebook account:

1) Click on Settings on the right side of Facebook.

2) Next, click on “Your Facebook Information” in the left column.

3) Now click “Deactivation and Deletion”.

4) Now select “Delete account” and then click “Next and delete account”.

5) Now enter your password, click "Next" and then "Delete account".

The data that Facebook receives through our site is stored, among other things, via cookies (e.g., in the case of social plugins). You can disable, delete, or manage individual or all cookies in your browser. Depending on which browser you use, this works differently. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not.

Legal basis

If you have consented to the processing and storage of your data by integrated Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use these tools if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review Facebook's privacy statement or cookie policy.

Facebook also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for transferring data to such countries. These clauses oblige Facebook to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

We hope we have provided you with the most important information about the use and processing of data by Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend that you read the data policy at https://www.facebook.com/about/privacy/update .

Facebook Social Plugins Privacy Policy

Our website uses social plugins from Facebook Inc. You can recognize these buttons by the classic Facebook logo, such as the "Like" button (the hand with a raised thumb), or by a clear "Facebook Plugin" label. A social plugin is a small part of Facebook that is integrated into our site. Each plugin has its own function. The most frequently used functions are the familiar "Like" and "Share" buttons.

The following social plugins are offered by Facebook:

• “Save” button
• “Like” button, share, send and quote
• Page plug-in
• Comments
• Messenger plug-in
• Embedded posts and video players
• Group plug-in

You can find more information on how to use the individual plugins at https://developers.facebook.com/docs/plugins . We use social plugins both to offer you a better user experience on our site and because Facebook can use them to optimize our advertising.

If you have a Facebook account or have previously visited facebook.com , Facebook has already placed at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our site or interact with social plugins (e.g., the "Like" button).

The information collected will be deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, the website you visited, the date, the time, and other information relating to your browser.

To prevent Facebook from collecting and linking a lot of data during your visit to our website, you must log out of Facebook during your visit to the website.

If you are not logged into Facebook or do not have a Facebook account, your browser will send less information to Facebook because you have fewer Facebook cookies. However, data such as your IP address or which website you visit may still be transmitted to Facebook. We would like to explicitly point out that we do not have precise knowledge of the exact content of this data. However, we are trying to inform you about data processing to the best of our current knowledge. You can also read about how Facebook uses the data in the company's data policy at https://www.facebook.com/about/privacy/update .

The following cookies will be set in your browser at a minimum when you visit a website with social plugins from Facebook:

Name: dpr
Value: not specified
Purpose: This cookie is used to make the social plugins on our website work.
Expiry date: after the end of the session

Name: fr
Value: 0jieyh4111824947c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: The cookie is also necessary for the plug-ins to function properly.
Expiry date: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged into Facebook, you can change your ad preferences yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can generally manage your online behavioral advertising at http://www.youronlinechoices.com/de/praferenzmanagement/ . There you have the option to deactivate or activate providers.

If you would like to learn more about Facebook's data protection practices, we recommend that you consult the company's own data policy at https://www.facebook.com/policy.php .

Facebook Login Privacy Policy

We've integrated the convenient Facebook Login into our website. This allows you to easily log in with your Facebook account without having to create a separate user account. If you choose to register via Facebook Login, you will be redirected to the Facebook social media network. There, you will be logged in using your Facebook user credentials. This login process involves the storage and transmission of data about you and your user behavior to Facebook.

To store data, Facebook uses various cookies. Below, we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure that the social plugin on our website functions optimally.
Expiry date: after 3 months

Name: datr
Value: 4Jh7XUA2111824947SEmPsSfzCOO4JFFl
Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com, and the cookie helps to identify login activity and protect users.
Expiry date: after 2 years

Name: _js_datr
Value: deleted
Purpose: This session cookie is set by Facebook for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiry date: after the end of the session

Note: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include, for example, _fbp, sb, or wd. A complete list is not possible because Facebook has a large number of cookies and uses them variably.

Facebook Login offers you a quick and easy registration process, while also allowing us to share data with Facebook. This enables us to better tailor our offers and promotions to your interests and needs. The data we receive from Facebook in this way is public data such as...

• Your Facebook name
• Your profile picture
• a registered email address
• Friend lists
• Button information (e.g., "Like" button)
• Date of birth
• Language
• Place of residence

In return, we provide Facebook with information about your activity on our website. This includes information about your device, which subpages you visit, and which products you have purchased from us.

By using Facebook Login, you consent to data processing. You can revoke this consent at any time. If you would like more information about data processing by Facebook, we recommend that you read the Facebook Data Policy at https://de-de.facebook.com/policy.php .

If you are logged into Facebook, you can change your ad settings yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen .

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as user behavior data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Storage period: until Instagram no longer needs the data for its purposes ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram features into our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Since 2012, Instagram has been a subsidiary of Facebook Inc. and is part of the Facebook family of products. Embedding Instagram content on our website allows us to display content such as buttons, photos, or videos from Instagram directly on our site. When you visit pages on our website that have an integrated Instagram feature, data is transmitted to, stored by, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Therefore, your data is processed across all Facebook companies.

Below, we'll give you a more detailed look at why Instagram collects data, what data it collects, and how you can largely control its processing. Since Instagram belongs to Facebook Inc., we draw our information from both Instagram's policies and Facebook's own data policy.

Instagram is one of the most popular social media networks worldwide. It combines the advantages of a blog with those of audiovisual platforms like YouTube or Vimeo. On "Insta" (as many users casually call the platform), you can upload photos and short videos, edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has truly exploded in popularity in recent years. And of course, we've responded to this boom. We want you to feel as comfortable as possible on our website. That's why a diverse presentation of our content is a given for us. The embedded Instagram features allow us to enrich our content with helpful, funny, or exciting material from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be used for personalized advertising on Facebook. This ensures that our ads are only shown to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics, giving us more insight into your preferences and interests. It's important to note that these reports do not personally identify you.

What data does Instagram store?

When you visit one of our pages that includes Instagram features (such as Instagram images or plugins), your browser automatically connects to Instagram's servers. Data is then sent to, stored, and processed by Instagram, regardless of whether you have an Instagram account or not. This includes information about your visit to our website, your computer, purchases you've made, advertisements you see, and how you use our services. The date and time of your interaction with Instagram are also recorded. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that Instagram does the same. Customer data includes, for example, name, address, phone number, and IP address. This customer data will only be transmitted to Instagram after it has been hashed. Hashing means that a data record is transformed into a string of characters. This allows contact information to be encrypted. In addition, the aforementioned "event data" is also transmitted. Facebook—and consequently Instagram—understands "event data" as data about your user behavior. It is also possible that contact information may be combined with event data. The collected contact information is then compared with the data that Instagram already holds about you.

Small text files (cookies), usually placed in your browser, transmit the collected data to Facebook. The amount of data stored varies depending on the Instagram features you use and whether you have an Instagram account.

We assume that Instagram's data processing works the same way as Facebook's. This means that if you have an Instagram account or have visited www.instagram.com , Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. This data is deleted or anonymized after a maximum of 90 days (after reconciliation). Although we have thoroughly examined Instagram's data processing practices, we cannot say exactly which data Instagram collects and stores.

Below, we show you the minimum number of cookies that are set in your browser when you click on an Instagram feature (such as a button or an Instagram image). For our test, we assume you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: ""
Purpose: This cookie is most likely set for security reasons, to prevent request forgery. However, we were unable to determine this more precisely.
Expiry date: after one year

Name: mid
Value: ""
Purpose: Instagram sets this cookie to optimize its own services and offers both on and off Instagram. The cookie establishes a unique user ID.
Expiry date: after the end of the session

Name: fbsr_111824947124024
Value: not specified
Purpose: This cookie stores the login request for users of the Instagram app.
Expiry date: after the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: after the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe111824947”
Purpose: This cookie is used for Instagram's marketing purposes.
Expiry date: after the end of the session

Note: This list is not exhaustive. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where will the data be stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation (GDPR), you have the right to access, transfer, rectify, and erase your data. You can manage your data in your Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how you delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and tap "Help Center." This will take you to the company's website. On the website, tap "Manage your account" and then "Delete your account."

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data using cookies. You can manage, disable, or delete these cookies in your browser. The process varies slightly depending on your browser. Here, we'll show you the instructions for the most common browsers.

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Instagram and Facebook process data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for transferring data to such countries. These clauses oblige Facebook to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

We have tried to provide you with the most important information about data processing by Instagram. See https://help.instagram.com/519522125107875
You can learn more about Instagram's data policies.

LinkedIn Privacy Policy

LinkedIn Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as user behavior data, information about your device and your IP address. You can find more details below in the privacy policy. 📅 Data retention period: the data is generally deleted within 30 days. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is LinkedIn?

We use social plugins from the social media network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. These social plugins may include feeds, content sharing, or links to our LinkedIn page. The social plugins are clearly marked with the familiar LinkedIn logo and allow, for example, sharing interesting content directly from our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, is responsible for data processing.

By embedding such plugins, data can be sent to, stored by, and processed by LinkedIn. In this privacy policy, we want to inform you about the data involved, how the network uses this data, and how you can manage or prevent data storage.

LinkedIn is the largest social network for business contacts. Unlike Facebook, for example, the company focuses exclusively on building professional connections. Businesses can present their services and products on the platform and establish business relationships. Many people also use LinkedIn for job searches or to find suitable employees for their own companies. In Germany alone, the network has over 11 million members. In Austria, there are approximately 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. It's impossible to monitor every social media channel individually, even though, as in our case, it would be worthwhile. We regularly post interesting news and reports that are worth sharing. That's why we've added the option to share interesting content directly on LinkedIn or link directly to our LinkedIn page on our website. We see these integrated social plugins as an enhanced service on our website. The data LinkedIn collects also helps us ensure that our advertising is only shown to people who are genuinely interested in our offerings.

What data does LinkedIn store?

LinkedIn does not store any personal data simply by integrating social plugins. LinkedIn refers to this data, generated by plugins, as passive impressions. However, if you click on a social plugin, for example to share our content, the platform stores personal data as so-called "active impressions." This occurs regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data will be associated with your account.

Your browser establishes a direct connection to LinkedIn's servers when you interact with our plugins. This allows the company to log various usage data. In addition to your IP address, this can include, for example, login data, device information, or information about your internet or mobile provider. If you access LinkedIn services via your smartphone, your location can also be determined (after you have granted permission). LinkedIn may also share this data in hashed form with third-party advertisers. Hashing means that a data set is transformed into a string of characters. This allows the data to be encrypted in such a way that individuals can no longer be identified.

Most data about your user behavior is stored in cookies. These are small text files that are usually placed in your browser. LinkedIn may also use web beacons, pixel tags, ad tags, and other device identifiers.

Various tests also show which cookies are set when a user interacts with a social plug-in. The data found is not exhaustive and serves only as an example. The following cookies were set without the user being logged into LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16111824947-
Purpose: The cookie is a so-called "browser ID cookie" and therefore stores your identification number (ID).
Expiry date: After 2 years

Name: lang
Value: v=2&lang=de-de
Purpose: This cookie stores your preset or preferred language.
Expiry date: after the end of the session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G111824947…
Purpose: This cookie is used for routing. Routing records the paths you took to reach LinkedIn and how you navigate the website.
Expiry date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose: No further information could be obtained about this cookie.
Expiry date: after 2 minutes

Name: JSESSIONID
Value: ajax:1118249472900777718326218137
Purpose: This is a session cookie used by LinkedIn to maintain anonymous user sessions on the server.
Expiry date: after the end of the session

Name: bscookie
Value: “v=1&201910230812…
Purpose: This cookie is a security cookie. LinkedIn describes it as a Secure Browser ID cookie.
Expiry date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose: No further information could be found about this cookie.
Expiry date: after 7 days

Note: LinkedIn also works with third-party providers. Therefore, we also detected the two Google Analytics cookies _ga and _gat in our test.

How long and where will the data be stored?

LinkedIn generally retains your personal data for as long as the company deems necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. Once you delete your account, other people will no longer be able to see your data within one day. LinkedIn generally deletes data within 30 days. However, LinkedIn retains data if legally required to do so. Data that can no longer be associated with an individual remains stored even after the account is closed. The data is stored on various servers in America and presumably also in Europe.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. You can manage, modify, and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn.

Here's how to access the account details in your LinkedIn profile:

In LinkedIn, click your profile icon and select "Settings and privacy." Then click "Privacy" and, in the "How LinkedIn uses your data" section, click "Change." You can then download selected data about your web activity and account history.

You can also prevent LinkedIn from processing your data in your browser. As mentioned above, LinkedIn stores most of its data via cookies placed in your browser. You can manage, disable, or delete these cookies. The process varies slightly depending on your browser. Instructions for the most common browsers can be found here:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

LinkedIn also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

LinkedIn uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. These clauses oblige LinkedIn to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

We have tried to provide you with the most important information about data processing by LinkedIn. You can find out more about the data processing practices of the social media network LinkedIn at https://www.linkedin.com/legal/privacy-policy .

SoundCloud Privacy Policy

SoundCloud Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details below in this privacy policy. 📅 Storage period: Data is generally stored as long as it is needed for the service purpose. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is SoundCloud?

We use features (widgets) from the social media network SoundCloud, operated by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany, on our website. You can recognize the widgets by their familiar orange logo. By using features such as playing music, data is transmitted to, stored by, and analyzed by SoundCloud. This privacy policy explains what data is involved, why we use SoundCloud, and how you can manage or prevent your data from being transmitted.

The social media network SoundCloud is an online music platform for sharing and distributing audio files. Musicians and podcasters offer their audio files for download on SoundCloud. SoundCloud also allows users to embed audio files on other websites, which is exactly what we did. Typical features of SoundCloud include the waveform visualizations of audio files and the comment section. This allows registered users to listen to and comment on music tracks and podcasts at any time.

Why do we use SoundCloud on our website?

Our goal is to provide you with the best possible service on our website. This doesn't just mean our products or services. Comprehensive customer service also includes how comfortable you feel on our website and how helpful it is for you. Thanks to the embedded SoundCloud player, we can deliver audio content directly and free of charge. You don't have to follow any links to listen to an audio file; you can start right from our website.

What data is stored on SoundCloud?

As soon as you visit one of our websites that has an embedded widget (like or share button, or play function), your browser connects to a SoundCloud server. In doing so, data about you may be transferred to SoundCloud, where it is managed and stored. For example, SoundCloud learns your IP address and which page (in this case, ours) you visited and when. If you have a SoundCloud account and are logged in while browsing our website, the collected data will be directly associated with your account. You can only prevent this by logging out of SoundCloud while on our website. In addition to the information mentioned above, cookies also store data about your user behavior. For example, whenever you click a button, play or pause a track, this information is stored in cookies. The widget, or rather SoundCloud, is thus able to recognize you, and sometimes the widget is also used to deliver personalized content to you. SoundCloud uses not only its own cookies but also cookies from third-party providers such as Facebook and Google Analytics. These cookies help the company gather more information about your behavior on external websites and its own platform. As website operators, we do not receive any information about your user behavior from SoundCloud's cookies. Data transmission, and therefore information about your technical devices and your behavior on the website, takes place directly between you and SoundCloud.

Below we show cookies that are set when you visit a website that integrates SoundCloud features. This list is only an example of possible cookies and is not exhaustive. In this example, the user does not have a SoundCloud account.

Name: sc_anonymous_id
Value: 208165-986996-398971-423805111824947-0
Purpose: This cookie makes it possible to embed files or other content into websites and stores a user ID.
Expiry date: after 10 years

Note:
The cookie sc_anonymous_id is set immediately when you visit one of our websites that has a SoundCloud feature integrated. You don't need to interact with the feature yet for this to happen.

Name: __qca
Value: P0-1223379886-1579605792812111824947-7
Purpose: This cookie is a third-party cookie from Quantcast and collects data such as how often you visit the page or how long you stay on the page. The collected information is then shared with SoundCloud.
Expiry date: after one year

Name: Sclocale
Value: de
Purpose: This cookie stores the language setting you have pre-selected.
Expiry date: after one year

Name: _soundcloud_session
Value: /
Purpose: We were unable to find any specific information about this cookie.
Expiry date: after the end of the session

Name: _session_auth_key
Value: /
Purpose: The cookie allows session information (i.e., user behavior) to be stored and a client request to be authenticated.
Expiry date: after 10 years

SoundCloud also uses other third-party cookies such as _fbp, _ga, and gid from Facebook and Google Analytics. SoundCloud uses all the information stored in these cookies to improve its own services and to display personalized advertising.

How long and where will the data be stored?

Generally, the data collected by SoundCloud remains stored as long as a user account exists or as long as SoundCloud needs it to achieve its business objectives. The exact storage period varies depending on the context and legal obligations. Even if you don't have an account and personal data has been stored, you have the right to request its deletion.

How can I delete my data or prevent data storage?

If you have a SoundCloud account, you can manage data processing or delete your entire account via "Settings." Alternatively, you can manage, delete, or disable cookies in your browser according to your preferences. The procedure always depends on the browser you are using. If you choose to delete or disable cookies, please note that some features may no longer be available. The following instructions explain how to manage, delete, or disable cookies in your browser.

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

If you have consented to the processing and storage of your data through embedded SoundCloud elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . Your data is also generally stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded SoundCloud elements if you have given your consent. SoundCloud also uses cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

We hope we have given you a good overview of SoundCloud's data traffic. If you would like to learn more about SoundCloud's privacy policy and general data handling practices, we recommend that you read the company's privacy statement at https://soundcloud.com/pages/privacy .

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance 📓 Data processed: Data such as contact details, user behavior data, information about your device and your IP address may be stored. You can find more details below in this privacy policy. 📅 Storage period: Data is generally stored as long as it is needed for the service purpose. ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Depending on your settings, various data is transmitted during this process. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all data processing within the European Economic Area.

Below we would like to explain in more detail which data is processed, why we have embedded YouTube videos and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. To enable us to display videos on our website, YouTube provides a code snippet that we have embedded on our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are an essential part of that. With our embedded videos, we provide you with additional helpful content alongside our text and images. Furthermore, the embedded videos make our website easier to find on Google search. Even when we run advertisements through Google Ads, Google—thanks to the data collected—can only show these ads to people who are genuinely interested in our offerings.

What data does YouTube store?

As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, and technical information like browser type, screen resolution, and your internet service provider. Other data may include contact information, any ratings, sharing content via social media, or adding videos to your favorites on YouTube.

If you're not signed in to a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. This allows, for example, your preferred language setting to be retained. However, much interaction data cannot be stored because fewer cookies are set.

The following list shows cookies that were set in a browser test. We show cookies that were set both when no user was logged into a YouTube account and when a user was logged in. This list is not exhaustive, as user data always depends on interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y111824947-1
Purpose: This cookie registers a unique ID to store statistics about the video viewed.
Expiry date: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF about how you use YouTube videos on our website.
Expiry date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track your GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiry date: after 8 months

Other cookies that are set when you are logged in with your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7111824947-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertising.
Expiry date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores a user's consent status for using various Google services. CONSENT also serves a security purpose, verifying users and protecting user data from unauthorized access.
Expiry date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiry date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALLl6aL…
Purpose: This cookie stores information about your login data.
Expiry date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiry date: after 2 years

Name: SID
Value: oQfNKjAsI111824947-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertisements you may have seen before visiting our site.
Expiry date: after 3 months

How long and where will the data be stored?

The data that YouTube receives and processes from you is stored on Google servers. Most of these servers are located in America. You can see the exact locations of Google's data centers at https://www.google.com/about/datacenters/inside/locations/?hl=de . Your data is distributed across these servers. This makes the data faster to access and better protected against manipulation.

Google stores the collected data for varying lengths of time. Some data can be deleted at any time, some is automatically deleted after a limited period, and still other data is stored by Google for longer periods. Some data (such as items from "My Activity," photos or documents, and products) stored in your Google Account remains stored until you delete it. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

You can manually delete data from your Google account. However, with the automatic deletion feature for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your choice, and then deleted.

Whether or not you have a Google account, you can configure your browser to delete or disable cookies from Google. The process varies depending on the browser you use. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie or not.

Legal basis

If you have consented to the processing and storage of your data through embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . Your data is also generally stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given your consent. YouTube also uses cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

YouTube also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.

YouTube uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. These clauses oblige YouTube to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

Since YouTube is a subsidiary of Google, they share a privacy policy. If you would like to learn more about how your data is handled, we recommend reading the privacy policy at https://policies.google.com/privacy?hl=de.

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube subscribe button into our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words "Subscribe" or "YouTube" in white lettering against a red background, with the white play symbol to the left. However, the button may also be displayed in a different design.

Our YouTube channel regularly offers you funny, interesting, or exciting videos. With the built-in "Subscribe" button, you can subscribe to our channel directly from our website without having to visit the YouTube website separately. We want to make accessing our extensive content as easy as possible for you. Please note that YouTube may store and process your data as a result.

If you see a built-in subscribe button on our site, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location, and your preferred language. In our test, the following four cookies were set without us being logged into YouTube:

Name: YSC
Value: b9-CV6ojI5111824947Y
Purpose: This cookie registers a unique ID to store statistics about the video viewed.
Expiry date: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF about how you use YouTube videos on our website.
Expiry date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track your GPS location.
Expiry date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 11182494795Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiry date: after 8 months

Note: These cookies were set after a test and cannot claim to be exhaustive.

If you are logged into your YouTube account, YouTube can use cookies to store many of your actions/interactions on our website and associate them with your YouTube account. This allows YouTube to obtain information such as how long you browse our site, which browser type you use, your preferred screen resolution, and other actions you perform.

YouTube uses this data firstly to improve its own services and offers, and secondly to provide analyses and statistics for advertisers (who use Google Ads).

Google reCAPTCHA Privacy Policy

Google reCAPTCHA Privacy Policy Summary 👥 Affected: Visitors to the website 🤝 Purpose: To optimize our service performance and protect against cyberattacks 📓 Data processed: Data such as IP address, browser information, your operating system, limited location and usage data You can find more details below in this privacy policy. 📅 Storage duration: depends on the data stored ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is reCAPTCHA?

Our top priority is to ensure the best possible security and protection for our website, both for you and for us. To guarantee this, we use Google reCAPTCHA from Google Inc. For the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. reCAPTCHA allows us to determine whether you are a real person and not a robot or other spam software. By spam, we mean any unsolicited information sent electronically. With traditional CAPTCHAs, you usually had to solve text or image puzzles for verification. With Google's reCAPTCHA, we usually don't need to bother you with such puzzles. In most cases, simply checking a box to confirm that you are not a bot is sufficient. With the new Invisible reCAPTCHA version, you don't even need to check a box. You can learn more about how this works and, above all, what data is used for this purpose later in this privacy policy.

reCAPTCHA is a free CAPTCHA service from Google that protects websites from spam software and misuse by non-human visitors. It's most commonly used when filling out online forms. A CAPTCHA service is a type of automated Turing test designed to ensure that an action on the internet is performed by a human and not a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the difference between a bot and a human. With CAPTCHAs, this task is performed by a computer or software program. Classic CAPTCHAs use small tasks that are easy for humans to solve but pose significant challenges for machines. With reCAPTCHA, you no longer need to actively solve puzzles. The tool uses modern risk assessment techniques to distinguish humans from bots. All you have to do is check the "I'm not a robot" box, or with Invisible reCAPTCHA, even that isn't necessary. With reCAPTCHA, a JavaScript element is embedded in the source code, and the tool then runs in the background, analyzing your user behavior. From these user actions, the software calculates a so-called CAPTCHA score. Using this score, Google calculates the probability that you are a human even before you enter the CAPTCHA. reCAPTCHA, or CAPTCHAs in general, are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome real people to our site. Bots and spam software of any kind are not welcome. That's why we're doing everything we can to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This allows us to be fairly certain that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are indeed a human. reCAPTCHA thus serves the security of our website and, consequently, your security as well. For example, without reCAPTCHA, a bot could register as many email addresses as possible during the registration process in order to subsequently spam forums or blogs with unwanted advertising. With reCAPTCHA, we can prevent such bot attacks.

What data does reCAPTCHA store?

reCAPTCHA collects personal data from users to determine whether actions on our website are actually performed by humans. This means that the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. Within the member states of the EU or other contracting states of the Agreement on the European Economic Area, IP addresses are almost always shortened before the data is transferred to a server in the USA. The IP address is not combined with other Google data unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then, reCAPTCHA places an additional cookie in your browser and takes a snapshot of your browser window.

The following list of collected browser and user data is not exhaustive. Rather, it represents examples of data that, to our knowledge, is processed by Google.

• Referrer URL (the address of the page from which the visitor came)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (the software that enables your computer to run. Well-known operating systems are Windows, Mac OS X, or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
• Date and language settings (which language and date you have preset on your PC will be saved)
• All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under a single name)
• Screen resolution (indicates how many pixels the image display consists of)

It is undisputed that Google uses and analyzes this data even before you click the "I'm not a robot" checkbox. With the Invisible reCAPTCHA version, the checkbox is even omitted, and the entire recognition process runs in the background. Google does not provide detailed information on exactly how much and what kind of data it stores.

The following cookies are used by reCAPTCHA: This refers to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo . All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA set in the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111824947-8
Purpose: This cookie is set by DoubleClick (also owned by Google) to register and report a user's actions on the website in relation to advertisements. This allows advertising effectiveness to be measured and corresponding optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects website usage statistics and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie prevents a user from seeing the same ad more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa1118249470xgZFmiqWppRWKOr
Purpose: We couldn't find much information about this cookie. Google's privacy policy mentions it in connection with "advertising cookies" such as "DSID", "FLC", "AID", and "TAID". ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores a user's consent status for using various Google services. CONSENT also serves a security purpose, verifying users, preventing login credential fraud, and protecting user data from unauthorized access.
Expiry date: after 19 years

Name: NID
Value: 0WmuWqy111824947zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to personalize ads based on your Google searches. With the help of this cookie, Google "remembers" your most frequent search queries or your previous interactions with ads. This ensures you always receive tailored advertisements. The cookie contains a unique ID to collect user preferences for advertising purposes.
Expiry date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc111824947-4
Purpose: This cookie is set as soon as you check the "I'm not a robot" box. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymized form and is also used to distinguish between users.
Expiry date: after 10 minutes

Note: This list is not exhaustive, as Google is known to change its choice of cookies from time to time.

How long and where will the data be stored?

By integrating reCAPTCHA, your data is transferred to Google servers. Google does not clearly state where exactly this data is stored, even after repeated inquiries. Without confirmation from Google, it can be assumed that data such as mouse interactions, time spent on the website, and language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not combined with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plugin, the data will be combined. Google's separate privacy policy applies in this case.

How can I delete my data or prevent data storage?

If you do not want any data about you or your behavior to be transmitted to Google, you must completely log out of your Google account and delete all Google cookies before visiting our website or using the reCAPTCHA software. Data is automatically transmitted to Google as soon as you access our site. To delete this data, you must contact Google Support at https://support.google.com/?hl=de&tid=111824947 .

Therefore, by using our website, you agree that Google LLC and its representatives may automatically collect, process and use data.

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

Legal basis

If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during collection by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimize and improve the security of our online service. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests) . However, we only use Google reCAPTCHA if you have given your consent.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

You can learn more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/ . While Google provides some details on the technical development of reCAPTCHA there, you won't find specific information about data storage and privacy-related issues. A good overview of how Google generally uses data can be found in their privacy policy at https://www.google.com/intl/de/policies/privacy/ .

All texts are protected by copyright.

Source: Created with the AdSimple Privacy Policy Generator