✨ New: Discover the Omnichannel Difference in 2025!

✨ New: Discover the Omnichannel Difference in 2025!

✨ جديد: اكتشف اختلاف القناة الشاملة في عام 2025!

Try it free
جربه مجانا
Anfrage senden

Privacy Policy

Last updated: August 21, 2025

Table of Contents

Controller

Ayhan Bulut
Auhofstraße 9a
63741 Aschaffenburg

Authorized representatives: Ayhan Bulut

Email address: vorname.name@beispielsdomain.eu

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

Types of data processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of data subjects

  • Service recipients and clients.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contract partners.
  • Customers.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Target group formation.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and economic procedures.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for a specific purpose or for multiple specific purposes.
  • Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Reference to the applicability of the GDPR and the Swiss DPA: These data protection notices serve both to provide information in accordance with the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that, due to the broader scope and clarity, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms continues to be determined by the Swiss DPA within the scope of its applicability.

Security Measures

In accordance with legal requirements and considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, entry, transfer, ensuring availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and procedures, in line with the principle of data protection by design and by default.

Securing online connections with TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Data Subject Rights

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, in accordance with legal requirements, the completion of incomplete personal data.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to obtain the erasure of personal data concerning you without undue delay or, alternatively, to obtain the restriction of the processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Business Services

We process data of our contractual and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), within the scope of contractual and similar legal relationships and associated measures, and with regard to communication with the contractual partners (or pre-contractually), for example, to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed-upon services, any update obligations, and remedies for warranty and other performance issues. In addition, we use the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations, as well as for business organization. Furthermore, we process the data based on our legitimate interests in proper and business-like management as well as in security measures to protect our contractual partners and our business from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunication, transport, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of the applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, for example for marketing purposes, in this privacy policy.

We will inform the contractual partners what data is required for the aforementioned purposes before or during the data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiration of legal warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal reasons of archiving (for tax purposes, usually ten years). Data that has been disclosed to us by the contractual partner as part of an order will be deleted in accordance with the requirements and generally after the end of the order.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers). Contract data (e.g., subject of the contract, term, customer category).
  • Data subjects: Service recipients and clients; Interested parties. Business and contract partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and administrative procedures. Business processes and economic procedures.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Agency Services: We process the data of our customers within the scope of our contractual services, which may include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services; Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase, or commission the chosen services or works, as well as related activities, payment, and provision or execution.

    The required information is marked as such in the context of the order, purchase, or similar contract and includes the information required for service provision and billing, as well as contact information to be able to make any queries. Insofar as we have access to information of end customers, employees, or other persons, we process this in accordance with legal and contractual requirements; Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Provision of Software and Platform Services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as “users”) to be able to provide our contractual services to them and on the basis of legitimate interests to ensure the security of our services and to be able to further develop them. The required information is marked as such in the context of the order, purchase, or similar contract and includes the information required for service provision and billing, as well as contact information to be able to make any queries; Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) DSGVO).

Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients, or in special cases, mandates, patients, or business partners and other third parties – are processed in the context of contractual and similar legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data is used to fulfill contractual obligations and to make operational processes efficient. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies, and the ensuring of internal billing and financial processes. In addition, the data supports the safeguarding of the controller’s rights and promotes administrative tasks and the organization of the company.

Personal data may be passed on to third parties if this is necessary for the fulfillment of the aforementioned purposes or legal obligations.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts and the information relating to them, such as author information); Contract data (e.g., subject of the contract, term, customer category); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Service recipients and clients; Interested parties; Communication partners; Business and contract partners. Customers.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures; Business processes and economic procedures; Security measures. Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Customer Account: Customers can create an account within our online services (e.g., customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. In the context of registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times in order to be able to prove the registration and prevent any misuse of the customer account. If the customer account has been canceled, the data of the customer account will be deleted after the cancellation time, unless it is kept for other purposes than provision in the customer account or must be kept for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the responsibility of the customers to back up their data when canceling the customer account; Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of Online Services and Web Hosting

We process the data of users in order to be able to provide our online services to them. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the users’ browser or end device.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved); Log data (e.g., log files regarding logins or the retrieval of data or access times). Content data (e.g., text or image messages and posts and the information relating to them, such as author information or time of creation).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures. Provision of contractual services and fulfillment of contractual obligations.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Provision of Online Services on Rented Storage Space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also called “web host”); Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called “server log files.” The server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volume, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the server’s workload and stability; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
  • Email Sending and Hosting: The web hosting services we use also include the sending, receiving, and storing of emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the email sending (e.g., the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails on the internet are generally not sent encrypted. In most cases, emails are encrypted during transport, but (unless a so-called end-to-end encryption procedure is used) not on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission path of emails between the sender and the reception on our server; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
  • Hetzner: Services in the field of providing information technology infrastructure and associated services (e.g., storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz. Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.
  • 1&1 IONOS: Services in the field of providing information technology infrastructure and associated services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy. Data Processing Agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/vereinbarung-zur-auftragsverarbeitung-avv-mit-ionos-abschliessen/.

Use of Cookies

The term “cookies” refers to functions that store information on users’ end devices and read them out. Cookies can also be used for various purposes, for example, for the functionality, security, and convenience of online services and for creating analyses of visitor flows. We use cookies in accordance with legal regulations. If necessary, we obtain the consent of the users beforehand. If consent is not necessary, we rely on our legitimate interests. This applies when the storage and reading of information are essential to be able to provide explicitly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We provide clear information about their scope and which cookies are used.

Information on legal bases under data protection law: Whether we process personal data with the help of cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained in this section and in the context of the respective services and procedures.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., in the context of obtaining consent), they should assume that they are permanent and the storage duration can be up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw their given consent at any time and also declare an objection to the processing in accordance with the legal requirements, also by means of the privacy settings of their browser.

  • Types of data processed: Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Further information on processing processes, procedures, and services:

  • Processing of Cookie Data on the Basis of Consent: We use a consent management solution to obtain the user’s consent for the use of cookies or for the procedures and providers mentioned in the consent management solution. This procedure serves to obtain, log, manage, and withdraw consents, especially regarding the use of cookies and similar technologies that are used to store, read, and process information on the users’ end devices. As part of this procedure, the user’s consent for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure, is obtained. Users also have the option to manage and withdraw their consents. The consent declarations are stored to avoid a repeated query and to be able to provide proof of consent in accordance with legal requirements. The storage is done on the server side and/or in a cookie (so-called opt-in cookie) or by means of similar technologies to be able to assign the consent to a specific user or their device. If no specific information is available about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, the information on the scope of consent (e.g., relevant categories of cookies and/or service providers) and information about the browser, system, and end device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter “publication medium”). The data of the readers are only processed for the purposes of the publication medium to the extent that it is necessary for its presentation and the communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium in the context of this privacy policy.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts and the information relating to them, such as author information or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online form); Provision of our online services and user-friendliness; Security measures. Organizational and administrative procedures.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Comments and Posts: When users leave comments or other posts, their IP addresses can be stored on the basis of our legitimate interests. This is done for our security, in case someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be held liable for the comment or post and are therefore interested in the identity of the author.

    Furthermore, we reserve the right to process the user’s information for the purpose of spam detection on the basis of our legitimate interests.

    On the same legal basis, we reserve the right, in the case of surveys, to store the IP addresses of users for their duration and to use cookies to avoid multiple votes.

    The information about the person, any contact and website information as well as the content information provided in the context of the comments and posts will be stored by us permanently until the user objects; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Contact and Inquiry Management

When you contact us (e.g., by mail, contact form, email, phone, or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed, insofar as this is necessary to answer the contact inquiries and any requested measures.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts and the information relating to them, such as author information or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures, and services:

  • Contact Form: When you contact us via our contact form, by email, or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact information, and, if applicable, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Communication via Messenger

We use messengers for communication purposes and therefore ask you to note the following information on the functionality of the messengers, encryption, the use of metadata of communication, and your objection options.

You can also contact us via alternative channels, e.g., by phone or email. Please use the contact options provided to you or the contact options specified within our online services.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) are encrypted from end to end. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use a current version of the messenger with activated encryption to ensure the encryption of the message content.

However, we also point out to our communication partners that the providers of the messengers cannot see the content, but they can find out that and when communication partners communicate with us and that technical information about the end device of the communication partners and, depending on the settings of their device, also location information (so-called metadata) are processed.

Information on legal bases: If we ask communication partners for permission to communicate with them via messenger before communication, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in quick and efficient communication and the fulfillment of the needs of our communication partners for communication via messenger. We also point out that we do not transmit the contact data communicated to us to the messengers for the first time without your consent.

Withdrawal, objection, and deletion: You can withdraw a given consent at any time.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., text or image messages and posts and the information relating to them, such as author information).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Performance of a contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) exclusively with the consent of the recipients or on the basis of a legal basis. If the content of a newsletter is mentioned in the context of a subscription, this content is decisive for the user’s consent. For the subscription to our newsletter, providing your email address is usually sufficient. However, to be able to offer you a personalized service, we may ask you to provide your name for a personal salutation in the newsletter or for other information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a potential defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of a consent is also confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address for this purpose alone in a blocking list (so-called “blocklist”).

The logging of the registration procedure is carried out on the basis of our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Content:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers); Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Right to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e., withdraw your consent, or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can use one of the contact options mentioned above, preferably email.

Further information on processing processes, procedures, and services:

  • Measurement of Opening and Click Rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server or that of the sending service provider, if we use one, when the newsletter is opened. In the context of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are first collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening and click rates and the storage of the measurement results in the user profiles – This text area must be unlocked with a Premium license. – ; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Promotional Communication via Email, Mail, Fax, or Phone

We process personal data for the purpose of promotional communication, which can take place via various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to withdraw their given consent at any time or to object to the promotional communication at any time.

After withdrawal or objection, we store the data required for proof of previous authorization for contact or sending for up to three years after the end of the year of withdrawal or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest to permanently observe the objections of users, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, phone number, name).

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., text or image messages and posts and the information relating to them, such as author information or time of creation).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or post); Marketing. Sales promotion.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analytics, Monitoring, and Optimization

Web analytics (also known as “reach measurement”) serves to evaluate the visitor flows of our online services and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, determine at what time our online services or their functions or content are used most frequently, or invite to reuse. We can also understand which areas need optimization.

In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, can be created for these purposes, and information can be stored in a browser or on an end device and then read out. The collected information includes, in particular, visited websites and elements used there as well as technical information, such as the browser used, the computer system used, and information on usage times and used functions. If users have consented to the collection of their location data with us or with the providers of the services we use, the processing of location data is also possible.

In addition, the IP addresses of the users are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear data of the users (such as email addresses or names) are stored in the context of the online marketing procedure, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedure.

Information on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis for the data processing is consent. Otherwise, the user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Profiles with user-related information (creation of user profiles). Provision of our online services and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on the user’s devices for a period of two years.).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online services on the basis of a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to an end device to recognize what content users have viewed within one or different usage processes, what search terms they have used, have viewed again, or have interacted with our online services. The time of use and its duration are also stored, as well as the sources of the users who refer to our online services and technical aspects of their end devices and browsers.
    In the process, pseudonymous profiles of users are created with information from the use of different devices, whereby cookies can be used. Google Analytics does not log and store individual IP addresses for EU users. However, Analytics provides coarse geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, the IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. It is not logged, is not accessible, and is not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Right to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for displaying ad overlays: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
  • Google Tag Manager: We use Google Tag Manager, a software from Google that allows us to centrally manage so-called website tags via a user interface. Tags are small code elements on our website that are used to record and analyze visitor activities. This technology helps us improve our website and the content offered on it. Google Tag Manager itself does not create user profiles, does not store cookies with user profiles, and does not perform its own analyses. Its function is limited to simplifying and making the integration and management of tools and services that we use on our website more efficient. Nevertheless, when using Google Tag Manager, the user’s IP address is transmitted to Google, which is technically necessary to implement the services we use. Cookies can also be set in the process. However, this data processing only takes place when services are integrated via the Tag Manager. For more detailed information on these services and their data processing, please refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement:
    https://business.safety.google/adsprocessorterms. Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

Online Marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used, by means of which the information relevant for the display of the aforementioned content is stored. This may include, for example, viewed content, visited websites, used online networks, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times and used functions. If users have consented to the collection of their location data, this can also be processed.

In addition, the IP addresses of the users are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear data of the users (such as email addresses or names) are stored in the context of the online marketing procedure, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are generally stored in cookies or by means of similar procedures. These cookies can later generally also be read out on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing procedure provider.

In exceptional cases, it is possible to assign clear data to the profiles, primarily if the users are members of a social network, for example, whose online marketing procedure we use and the network connects the user profiles with the aforementioned information. We ask you to note that users can enter into additional agreements with the providers, for example, by consenting during registration.

We generally only get access to aggregated information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract with us. The conversion measurement is used solely for the success analysis of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used are stored for a period of two years.

Information on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis for the data processing is permission. Otherwise, the user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Information on withdrawal and objection:

We refer to the privacy policies of the respective providers and the objection options (so-called “opt-out”) specified for the providers. If no explicit opt-out option has been specified, there is the possibility of disabling cookies in the settings of your browser. However, this may limit functions of our online services. We therefore also recommend the following opt-out options, which are offered collectively for respective areas:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-region: https://optout.aboutads.info.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time details, identification numbers, persons involved).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest/behavior-based profiling, use of cookies); Target group formation; Marketing; Profiles with user-related information (creation of user profiles). Conversion measurement (measurement of the effectiveness of marketing measures).
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on the user’s devices for a period of two years.).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Google Ads and Conversion Measurement: Online marketing procedure for the purpose of placing content and advertisements within the advertising network of the service provider (e.g., in search results, in videos, on websites, etc.), so that they are displayed to users who have a presumed interest in the ads. In addition, we measure the conversion of the ads, i.e., whether the users have used them as an opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Third-country transfer basis: Data Privacy Framework (DPF); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing terms between controllers and standard contractual clauses for third-country data transfers: https://business.safety.google/adscontrollerterms.

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with the users active there or to provide information about us.

We point out that user data may be processed outside the area of the European Union. This may result in risks for the users, because, for example, the enforcement of user rights could be made more difficult.

Furthermore, the data of users within social networks are generally processed for market research and advertising purposes. For example, usage profiles can be created based on the user’s behavior and resulting interests. The latter may in turn be used to place advertisements within and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on the users’ computers, in which the usage behavior and the interests of the users are stored. In addition, data can also be stored in the usage profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the objection options (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., text or image messages and posts and the information relating to them, such as author information or time of creation). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form). Public relations.
  • Retention and deletion: Deletion in accordance with the information in the “General information on data storage and deletion” section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

  • Instagram: Social network, enables sharing of photos and videos, commenting on and liking posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Third-country transfer basis: Data Privacy Framework (DPF).
  • Facebook Pages: Profiles within the Facebook social network – The controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page (“Fanpage”). This includes, in particular, information about user behavior (e.g., viewed or interacted content, actions performed) and device information (e.g., IP address, operating system, browser type, language settings, cookie data). More detailed information on this can be found in the Facebook Data Policy: https://www.facebook.com/privacy/policy/. Facebook also uses this data to provide us with statistical evaluations via the “Page Insights” service, which provide information on how people interact with our page and its content. The basis for this is an agreement with Facebook (“Information about Page Insights”: https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, among other things, security measures and the exercise of data subject rights. Further information can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Users can therefore address requests for information or deletion directly to Facebook. The rights of the users (in particular the right to information, erasure, objection, and complaint to a supervisory authority) remain unaffected by this. Joint responsibility is limited exclusively to the collection of data by Meta Platforms Ireland Limited (EU). Meta Platforms Ireland Limited is solely responsible for the further processing, including a possible transfer to Meta Platforms Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).
  • LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data of visitors that are used to create “Page Insights” (statistics) of our LinkedIn profiles. This data includes information about the types of content that users view or with which they interact, as well as the actions they take. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings, and cookie data, as well as information from the user profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
    We have concluded a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”, https://legal.linkedin.com/pages-joint-controller-addendum), which, in particular, regulates what security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of the data subjects (i.e., users can, for example, address requests for information or deletion directly to LinkedIn). The rights of the users (in particular the right to information, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transmission of the data to LinkedIn Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transmission of the data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Third-country transfer basis: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa). Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke