Privacy Policy

Introduction and Overview

We have written this privacy policy (Version 03.12.2025-313084794) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter "data") we as the controller – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about data that we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within the framework of our business activities when there is a corresponding legal basis. This is certainly not possible if you give as brief, unclear, and legal-technical explanations as are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or another piece of information that you did not know yet.
If questions remain, we would like to ask you to contact the responsible party named below or in the legal notice, follow the existing links, and view further information on third-party sites. You can, of course, also find our contact details in the legal notice.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the mentioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to be able to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the performance of tasks in the public interest and the exercise of official authority as well as the protection of vital interests do not usually occur with us. Should such a legal basis be relevant, it will be indicated in the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany, the Federal Data Protection Act applies, abbreviated BDSG.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

If you have questions about data protection or the processing of personal data, you will find the contact details of the controller below in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
Felix Gillen
Blandina-Ridder-Str. 16, 50935 Köln
Authorized representative: Felix Gillen
Email: mail@felix-gillen.de

Legal Notice: https://www.fernweh.guide/impressum/

Storage Duration

That we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to delete your data or revoke your consent to data processing, the data will be deleted as quickly as possible and as long as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information about it.

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 GDPR, we inform you about the following rights that you have to ensure fair and transparent processing of data:

• You have the right to information according to Article 15 GDPR about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and if the data is transmitted to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• You have the right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
• You have the right to erasure ("right to be forgotten") according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
• You have the right to restriction of processing according to Article 18 GDPR, which means that we may only store the data but not use it further.
• You have the right to data portability according to Article 20 GDPR, which means that we will provide you with your data in a common format upon request.
• You have the right to object according to Article 21 GDPR, which, after enforcement, results in a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used to conduct direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
  • If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
• You have the right under Article 22 GDPR, under certain circumstances, not to be subject to a decision based solely on automated processing (e.g., profiling).
• You have the right to complain according to Article 77 GDPR. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

North Rhine-Westphalia Data Protection Authority

State Commissioner for Data Protection: Bettina Gayk
Address: Kavalleriestraße 2-4, 40213 Düsseldorf
Email Address: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de/

Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is another legal permission. This applies in particular if the processing is legally required or necessary for the fulfillment of a contractual relationship and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that according to the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information on this can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework can result in data possibly not being processed and stored in anonymized form. Furthermore, US government authorities may possibly gain access to individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, provided you have a corresponding user account. If possible, we try to use server locations within the EU, provided this is offered.
We inform you in more detail about data transfer to third countries at the appropriate places in this privacy policy, if this applies.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible within our capabilities for third parties to infer personal information from our data.

Art. 25 GDPR speaks here of "data protection by design and by default" and means that one always thinks about security both in software (e.g., forms) and hardware (e.g., access to the server room) and takes appropriate measures. In the following, we will go into more detail on specific measures if necessary.

TLS Encryption with https

TLS, encryption, and https sound very technical and are. We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data securely over the Internet.
This means that the complete transmission of all data from your browser to our web server is secured – no one can "eavesdrop".

In this way, we have introduced an additional security layer and fulfill data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol at the top left in the browser, to the left of the Internet address (e.g., example.com) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

Communication Summary 👥 Affected: All those who communicate with us by phone, email, or online form 📓 Processed Data: e.g., name, email address, entered form data. More details can be found for each contact method used 🤝 Purpose: Processing communication with customers, business partners, etc. 📅 Storage Duration: Duration of the business case and legal requirements ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

If you contact us and communicate by phone, email, or online form, personal data may be processed.

The data is processed for handling and processing your question and the associated business process. The data is stored for as long as the business case lasts or as long as the law requires.

Affected Persons

All those who contact us via the communication channels we provide are affected by the mentioned processes.

Phone

If you call us, call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name can be sent by email afterwards and stored for answering inquiries. The data is deleted as soon as the business case has been completed and legal requirements allow.

Email

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted as soon as the business case has been completed and legal requirements allow.

Online Forms

If you communicate with us via an online form, data is stored on our web server and may be forwarded to an email address of ours. The data is deleted as soon as the business case has been completed and legal requirements allow.

Legal Basis

The processing of data is based on the following legal bases:

• Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and use it further for purposes related to the business case;
• Art. 6(1)(b) GDPR (Contract): There is a need to fulfill a contract with you or a processor such as the phone provider, or we must process the data for pre-contractual activities, such as preparing an offer;
• Art. 6(1)(f) GDPR (Legitimate Interests): We want to conduct customer inquiries and business communication in a professional framework. For this, certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to be able to conduct communication efficiently.

Data Processing Agreement (DPA)

In this section, we would like to explain what a data processing agreement is and why it is needed. Because the word "data processing agreement" is quite a tongue-twister, we will often use only the acronym DPA in the text. Like most companies, we do not work alone but also use services from other companies or individuals. Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors, with whom we conclude a contract, the so-called data processing agreement (DPA). Most importantly for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who are Processors?

We as a company and website owner are responsible for all data that we process from you. In addition to the controllers, there can also be so-called processors. This includes every company or person that processes personal data on our behalf. More precisely and according to the GDPR definition: every natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For better understanding of the terms, here is an overview of the three roles in the GDPR:

Data Subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service providers such as web hosts or cloud providers)

Content of a Data Processing Agreement

As already mentioned above, we have concluded a DPA with our partners who act as processors. Above all, it is stipulated that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although electronic contract conclusion is also considered "written" in this context. Only on the basis of the contract does the processing of personal data take place. The contract must contain the following:

• Binding to us as the controller
• Obligations and rights of the controller
• Categories of data subjects
• Type of personal data
• Type and purpose of data processing
• Subject and duration of data processing
• Place of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• To ensure measures for data security
• To take possible technical and organizational measures to protect the rights of the data subject
• To maintain a data processing register
• To cooperate with the data protection supervisory authority upon request
• To conduct a risk analysis regarding the received personal data
• Sub-processors may only be commissioned with written approval from the controller

You can see what such a DPA looks like concretely, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A sample contract is presented here.

Cookies

Cookies Summary 👥 Affected: Website visitors 🤝 Purpose: depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie. 📓 Processed Data: Depends on the respective cookie used. More details can be found below or with the manufacturer of the software that sets the cookie. 📅 Storage Duration: depends on the respective cookie, can vary from hours to years ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, since there are also other cookies for other application areas. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, so to speak the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our page again, your browser transmits the "user-related" information back to our page. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware". Cookies also cannot access information on your PC.

For example, cookie data might look like this:

Name: _ga
Value: GA1.2.1326744211.152313084794-9
Purpose: Distinguishing website visitors
Expiration: after 2 years

These minimum sizes should be supported by a browser:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies total

What Types of Cookies are There?

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly address the different types of HTTP cookies.

One can distinguish 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then surfs to other pages, and only goes to checkout later. Through these cookies, the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure loading time and website behavior in different browsers.

Targeting Cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, you are asked on your first visit to a website which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and don't shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, one cannot generalize which data is stored in cookies, but we will inform you about the processed or stored data within the framework of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence on the storage duration yourself. You can delete all cookies manually at any time via your browser (see also below "Right to Object"). Furthermore, cookies that are based on consent are deleted at the latest after revocation of your consent, whereby the lawfulness of the storage until then remains unaffected.

Right to Object – How Can I Delete Cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block cookies from third parties but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you don't want cookies at all, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you want to allow it or not. The procedure varies depending on the browser. It's best to search for instructions in Google with the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called "Cookie Guidelines". It states that storing cookies requires consent (Article 6(1)(a) GDPR) from you. However, within the EU countries, there are still very different reactions to these guidelines. In Austria, however, this guideline was implemented in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in § 15 para. 3 of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For absolutely necessary cookies, even if no consent is present, there are legitimate interests (Article 6(1)(f) GDPR), which are mostly of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary.

To the extent that cookies that are not absolutely necessary are used, this only happens with your consent. The legal basis is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics containing data such as locations of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found with the respective Web Analytics tool used. 📅 Storage Duration: depends on the Web Analytics tool used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, briefly called Web Analytics or web analysis. Data is collected that the respective analytics tool provider (also called tracking tool) stores, manages, and processes. With the help of the data, analyses of user behavior on our website are created and made available to us as website operators. In addition, most tools offer various testing possibilities. For example, we can test which offers or content are best received by our visitors. For this, we show you two different offers for a limited period. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why Do We Conduct Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting offering on the one hand, and on the other hand, ensure that you feel comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us accordingly. For example, we can recognize how old our visitors are on average, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us optimize the website and thus adapt it perfectly to your needs, interests, and wishes.

What Data is Processed?

Which data is exactly stored depends, of course, on the analysis tools used. However, as a rule, for example, it is stored which content you view on our website, which buttons or links you click, when you call up a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you have agreed that location data may also be collected, this can also be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e., in unrecognizable and shortened form). For the purpose of tests, web analysis, and web optimization, no direct data such as your name, age, address, or email address are generally stored. All this data is stored pseudonymized if collected. This way, you cannot be identified as a person.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of Data Processing

We will inform you about the duration of data processing below, provided we have further information about it. Generally, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, as for example in the case of accounting, this storage duration can also be exceeded.

Right to Object

You also have the right and the possibility at any time to revoke your consent to the use of cookies or third parties. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of Web Analytics requires your consent, which we have obtained with our cookie popup. This consent represents the legal basis for the processing of personal data, as may occur in the collection by Web Analytics tools, according to Art. 6(1)(a) GDPR (Consent).

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Web Analytics, we recognize errors on the website, can identify attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools to the extent that you have given consent.

Since cookies are used in Web Analytics tools, we also recommend reading our general privacy policy on cookies. To find out which data is exactly stored and processed about you, you should read through the privacy policies of the respective tools.

Information about specific Web Analytics tools can be found – if available – in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics containing data such as locations of access, device data, access duration and time, navigation behavior, and click behavior. More details can be found further below in this privacy policy. 📅 Storage Duration: individually adjustable, by default Google Analytics 4 stores data for 14 months ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics in version Google Analytics 4 (GA4) from the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. Through the combination of various technologies such as cookies, device IDs, and login credentials, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better adapt our website and service to your wishes. In the following, we will go into more detail about the tracking tool and inform you above all about which data is processed and how you can prevent this.

Google Analytics is a tracking tool that serves the data traffic analysis of our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but serves to assign events to an end device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, conversion events. In addition, various machine learning functions have also been built into GA4 to better understand user behavior and certain trends. GA4 uses machine learning functions for modeling. This means that on the basis of the collected data, missing data can also be extrapolated to optimize the analysis and also to make predictions.

For Google Analytics to work in principle, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define and track specific events to obtain analyses of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events can be, for example, submitting a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These can include, among others, the following reports:

• Audience Reports: Through audience reports, we get to know our users better and know more precisely who is interested in our service.
• Advertising Reports: Through advertising reports, we can analyze and improve our online advertising more easily.
• Acquisition Reports: Acquisition reports give us helpful information about how we can inspire more people for our service.
• Behavior Reports: Here we learn how you interact with our website. We can trace which path you take on our page and which links you click.
• Conversion Reports: Conversion is a process in which you perform a desired action based on a marketing message. For example, when you go from a pure website visitor to a buyer or newsletter subscriber. Using these reports, we learn more about how our marketing measures are received by you. This way, we want to increase our conversion rate.
• Real-time Reports: Here we always learn immediately what is happening on our website. For example, we see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following functions, among others:

• Event-based Data Model: This model captures very specific events that can occur on our website. For example, playing a video, purchasing a product, or subscribing to our newsletter.
• Advanced Analysis Functions: With these functions, we can better understand your behavior on our website or certain general trends. For example, we can segment user groups, perform comparative analyses of target audiences, or trace your path on our website.
• Predictive Modeling: Based on collected data, missing data can be extrapolated through machine learning that predict future events and trends. This can help us develop better marketing strategies.
• Cross-Platform Analysis: Data collection and analysis are possible from both websites and apps. This gives us the opportunity to analyze user behavior across platforms, provided you have consented to data processing, of course.

Why Do We Use Google Analytics on Our Website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our page so that it is easier to find on Google by interested people. On the other hand, the data helps us understand you as a visitor better. We thus know very precisely what we need to improve on our website to offer you the best possible service. The data also serves us to conduct our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What Data is Stored by Google Analytics?

Google Analytics creates a random, unique ID using a tracking code that is linked to your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. The next time you visit our page, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

To be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not pass on Google Analytics data, except we as website operators approve it. Exceptions can occur if it is legally required.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are thus deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152313084794-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiration: after 2 years

Name: _gid
Value: 2.1687193234.152313084794-1
Purpose: This cookie also serves to distinguish website visitors
Expiration: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie receives the name _dc_gtm_ <property-id>.
Expiration: after 1 minute

Note: This list cannot claim to be complete, as Google also changes its cookie choices from time to time. GA4 also aims to improve data protection. Therefore, the tool offers some options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we show you an overview of the most important types of data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Through heatmaps, you can see exactly those areas that you click. This way, we get information about where you are "traveling" on our page.

Session Duration: Google refers to session duration as the time you spend on our page without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce Rate: A bounce is when you only view one page on our website and then leave our website again.

Account Creation: If you create an account on our website or place an order, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, derivations for location data are used shortly before the IP address is deleted.

Technical Information: Technical information includes, among others, your browser type, your Internet provider, or your screen resolution.

Source: Google Analytics and we are naturally also interested in which website or which advertisement you came to our page from.

Further data are contact data, any ratings, playing media (e.g., if you play a video on our page), sharing content via social media, or adding to your favorites. The list does not claim to be complete and serves only as a general orientation of data storage by Google Analytics.

How Long and Where is the Data Stored?

Google has distributed its servers around the world. Here you can read exactly where the Google data centers are located: https://datacenters.google/

Your data is distributed across various physical storage media. This has the advantage that the data can be retrieved faster and is better protected against manipulation. In every Google data center, there are corresponding emergency programs for your data. For example, if the hardware at Google fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

The retention period of the data depends on the properties used. The storage duration is always set individually for each property. Google Analytics offers us four options for controlling the storage duration:

• 2 months: this is the shortest storage duration.
• 14 months: by default, data remains stored at GA4 for 14 months.
• 26 months: you can also store the data for 26 months.
• Data is only deleted when we delete it manually

In addition, there is also the option that data is only deleted when you no longer visit our website within the period we have chosen. In this case, the retention period is reset each time you visit our website again within the set period.

When the set period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.

How Can I Delete My Data or Prevent Data Storage?

According to the data protection law of the European Union, you have the right to obtain information about your data, update it, delete it, or restrict it. Using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables data collection by Google Analytics.

If you want to disable, delete, or manage cookies in general, you will find the corresponding links to the respective instructions for the most well-known browsers in the "Cookies" section.

Legal Basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. This consent represents the legal basis for the processing of personal data, as may occur in the collection by Web Analytics tools, according to Art. 6(1)(a) GDPR (Consent).

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we recognize errors on the website, can identify attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Analytics to the extent that you have given consent.

Google processes data from you, among others, also in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information on this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to third countries (such as to the USA) and stored there. Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

We hope we have been able to bring you closer to the most important information about Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/en/ and https://support.google.com/analytics/answer/6004245?hl=en.

If you want to learn more about data processing, use the Google privacy policy at https://policies.google.com/privacy?hl=en.

Data Processing Agreement (DPA) Google Analytics

We have concluded a data processing agreement (DPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). What a DPA is exactly and above all what must be contained in a DPA can be read in our general section "Data Processing Agreement (DPA)".

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data that it receives from us according to our instructions and must comply with the GDPR. You can find the link to the data processing terms at https://business.safety.google/intl/en/adsprocessorterms/

Google Analytics in Consent Mode

Depending on your consent, personal data from you is processed by Google Analytics in the so-called consent mode (or "Consent Mode"). You can choose whether you consent to Google Analytics cookies or not. This way, you also choose which data Google Analytics may process from you. This collected data is mainly used to perform measurements about user behavior on the website, to play targeted advertising, and to provide us with web analysis reports. Usually, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be assigned to individual users and thus no user profile of you is created. You can also only consent to statistical measurement. In this case, no personal data is processed and consequently not used for advertising or advertising measurement results.

Google Analytics IP Anonymization

We have implemented IP address anonymization from Google Analytics on this website. This function was developed by Google so that this website can comply with applicable data protection regulations and recommendations of local data protection authorities when they prohibit the storage of the complete IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=en.

Email Marketing Introduction

Email Marketing Summary 👥 Affected: Newsletter subscribers 🤝 Purpose: Direct marketing by email, notification of system-relevant events 📓 Processed Data: Data entered during registration, but at least the email address. More details can be found with the respective email marketing tool used. 📅 Storage Duration: Duration of the subscription ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Email Marketing?

To keep you constantly informed, we also use the possibility of email marketing. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. News or general information about a company, products, or services are sent by email to a specific group of people who are interested in it.

If you want to participate in our email marketing (mostly via newsletter), you usually just need to register with your email address. To do this, you fill out an online form and submit it. However, it can also happen that we ask you for your salutation and name so that we can address you personally.

Basically, registering for newsletters works with the so-called "double opt-in procedure". After you have registered for our newsletter on our website, you will receive an email asking you to confirm your newsletter registration. This ensures that the email address belongs to you and that no one has registered with a foreign email address. We or a notification tool used by us logs each individual registration. This is necessary so that we can prove the legally correct registration process. Usually, the time of registration, the time of registration confirmation, and your IP address are stored. In addition, it is also logged when you make changes to your stored data.

Why Do We Use Email Marketing?

We naturally want to stay in touch with you and always present you with the most important news about our company. For this, we use email marketing – often simply referred to as "newsletter" – as an essential part of our online marketing. If you agree or if it is legally permitted, we will send you newsletters, system emails, or other notifications by email. When we use the term "newsletter" in the following text, we primarily mean regularly sent emails. Of course, we do not want to bother you with our newsletter in any way. That is why we always strive to offer only relevant and interesting content. This way, you will learn more about our company, our services, or products. Since we are always improving our offers, you will also always find out about news or special, lucrative promotions through our newsletter. If we commission a service provider who offers a professional sending tool for our email marketing, we do this to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to achieve our corporate goals.

What Data is Processed?

If you become a subscriber to our newsletter via our website, you confirm your membership in an email list by email. In addition to your IP address and email address, your salutation, name, and address may also be stored. However, only if you agree to this data storage. The data marked as such is necessary for you to participate in the offered service. The provision is voluntary, but failure to provide it means that you cannot use the service. In addition, information about your device or your preferred content on our website may also be stored. More about the storage of data when you visit a website can be found in the "Automatic Data Storage" section. We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of Data Processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests, so that we can still prove your previous consent. We may only process this data if we have to defend ourselves against possible claims.

However, if you confirm that you have given us consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your email address.

Right to Object

You have the option to cancel your newsletter subscription at any time. To do this, you only need to revoke your consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks. Most of the time, you will find a link directly at the end of each email to unsubscribe from the newsletter. If the link is really not found in the newsletter, please contact us by email and we will cancel your newsletter subscription immediately.

Legal Basis

The sending of our newsletter is based on your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. If applicable, we may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information on specific email marketing services and how they process personal data will be provided – if available – in the following sections.

Blogs and Publication Media Introduction

Blogs and Publication Media Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Presentation and optimization of our service, as well as communication between website visitors, security measures, and administration 📓 Processed Data: Data such as contact details, IP address, and published content. More details can be found with the tools used. 📅 Storage Duration: depends on the tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1) S. 1 lit. b. GDPR (Contract)

What are Blogs and Publication Media?

On our website, we use blogs or other communication tools with which we can communicate with you and you with us. In doing so, your data may also be stored and processed by us. This may be necessary to display content accordingly, for communication to function, and for security to be increased. In our privacy text, we generally discuss what data of yours may be processed. Exact details on data processing always depend on the tools and functions used. You can find precise information about data processing in the privacy notices of the individual providers.

Why Do We Use Blogs and Publication Media?

Our greatest concern with our website is to provide you with interesting and exciting content, and at the same time, your opinions and content are also important to us. That is why we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. For example, you can write comments on our content, comment on other comments, or in some cases even write your own posts.

What Data is Processed?

Which data is processed exactly always depends on the communication functions we use. Very often, IP address, username, and the published content are stored. This is primarily done to ensure security, prevent spam, and to be able to take action against illegal content. Cookies can also be used for data storage. These are small text files that are stored with information in your browser. More details on the collected and stored data can be found in our individual sections and in the privacy policy of the respective provider.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. For example, post and comment functions store data until you revoke data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies can also be used with publication media, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policies of the respective tools.

Legal Basis

We primarily use communication tools on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers, business partners, and visitors. Insofar as the use serves the processing of contractual relationships or their initiation, the legal basis is also Art. 6(1) S. 1 lit. b. GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or message functions, require your consent. If and insofar as you have consented that your data may be processed and stored by integrated publication media, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools will be provided – if available – in the following sections.

Online Marketing Introduction

Online Marketing Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering. 📓 Processed Data: Access statistics containing data such as locations of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found with the respective online marketing tool used. 📅 Storage Duration: depends on the online marketing tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all measures carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures aim to draw people's attention to our website. To be able to show our offer to many interested people, we therefore engage in online marketing. This usually involves online advertising, content marketing, or search engine optimization. To be able to use online marketing efficiently and targeted, personal data is also stored and processed. The data helps us, on the one hand, to show our content only to those people who are actually interested in it, and on the other hand, we can measure the advertising success of our online marketing measures.

Why Do We Use Online Marketing Tools?

We want to show our website to everyone who is interested in our offer. We are aware that this is not possible without consciously implemented measures. That is why we do online marketing. There are various tools that make our work on our online marketing measures easier and also constantly provide suggestions for improvement based on data. This allows us to tailor our campaigns more precisely to our target group. The purpose of these online marketing tools is ultimately to optimize our offer.

What Data is Processed?

For our online marketing to work and for the success of the measures to be measured, user profiles are created and data is stored, for example, in cookies (these are small text files). With the help of this data, we can not only place advertisements in the classic sense, but also display our content directly on our website in the way you prefer. Various third-party tools offer these functions and accordingly collect and store your data. The cookies mentioned store, for example, which web pages you have visited on our website, how long you have viewed these pages, which links or buttons you click, or from which website you came to us. In addition, technical information can also be stored. For example, your IP address, which browser you use, from which end device you visit our website, or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we can also store and process this.

Your IP address is stored in pseudonymized form (i.e., shortened). Unique data that directly identifies you as a person, such as name, address, or email address, is also stored only in pseudonymized form within the framework of advertising and online marketing procedures. We therefore cannot identify you as a person, but we only have the pseudonymized, stored information in the user profiles.

The cookies may also be used, analyzed, and used for advertising purposes on other websites that work with the same advertising tools. The data can then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (names, email address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously entered data with the user profile.

For all advertising tools we use that store your data on their servers, we always receive only summarized information and never data that identifies you as an individual. The data only shows how well implemented advertising measures worked. For example, we see which measures prompted you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted immediately after leaving the website, others can remain stored in your browser for several years. In the respective privacy policies of the individual providers, you will usually receive precise information about the individual cookies that the provider uses.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The legality of the processing until revocation remains unaffected.

Since online marketing tools can generally use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented that third-party providers may be used, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6(1)(a) GDPR (Consent), constitutes the legal basis for the processing of personal data, as may occur during collection by online marketing tools.

From our side, there is also a legitimate interest in measuring online marketing measures in anonymized form in order to optimize our offer and our measures with the help of the data obtained. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.

Information on specific online marketing tools will be provided – if available – in the following sections.

Partner Programs Introduction

Partner Programs Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Economic success and optimization of our service. 📓 Processed Data: Access statistics containing data such as locations of access, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. 📅 Storage Duration: personal data is usually stored by partner programs until it is no longer needed ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Partner Programs?

On our website, we use partner programs from various providers. Through the use of a partner program, your data may be transferred, stored, and processed by the respective partner program provider. In this privacy text, we give you a general overview of data processing by partner programs and show you how you can prevent or revoke data transfer. Every partner program (also called affiliate program) is based on the principle of referral commission. A link or an advertisement with a link is placed on our website, and if you are interested in it, click on it, and purchase a product or service through this channel, we receive a commission (advertising cost reimbursement) for it.

Why Do We Use Partner Programs on Our Website?

Our goal is to provide you with a pleasant time with lots of helpful content. For this, we put a lot of work and time into the development of our website. With the help of partner programs, we have the opportunity to be compensated a little for our work. Every partner link is, of course, always related to our topic and shows offers that might interest you.

What Data is Processed?

To track whether you have clicked on a link used by us, the partner program provider must know that it was you who followed the link via our website. A correct assignment of the partner program links used to the following actions (business transaction, purchase, conversion, impression, etc.) must therefore take place. Only then can the billing of commissions work.

For this assignment to work, a value can be appended to a link (in the URL) or information can be stored in cookies. This stores, for example, from which page you come (referrer), when you clicked on the link, an identifier of our website, what the offer is about, and a user identifier.

This means that as soon as you interact with products and services of a partner program, this provider also collects data from you. Which data is stored exactly depends on the individual providers. For example, the Amazon partner program distinguishes between active and automatic information. Active information includes name, email address, age, payment information, or location information. Automatically stored information in this case includes user behavior, IP address, device information, and the URL.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. In general, personal data is only processed for as long as is necessary for the provision of services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted immediately after leaving the website, others can remain stored in your browser for several years, unless they are actively deleted. The exact duration of data processing depends on the provider used; mostly, you should expect a storage duration of several years. In the respective privacy policies of the individual providers, you will usually receive precise information about the duration of data processing.

Right to Object

You always have the right to information, rectification, and erasure of your personal data. If you have any questions, you can also contact the responsible persons of the partner program provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the respective provider.

Cookies that providers use for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways.

Legal Basis

If you have consented that partner programs may be used, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6(1)(a) GDPR (Consent), constitutes the legal basis for the processing of personal data, as may occur during collection by a partner program.

From our side, there is also a legitimate interest in using a partner program to optimize our online service and our marketing measures. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the partner program if you have given your consent.

Information on specific partner programs will be provided – if available – in the following sections.

Content Delivery Networks Introduction

Content Delivery Networks Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our service (to load the website faster) 📓 Processed Data: Data such as your IP address More details can be found below and in the individual privacy texts. 📅 Storage Duration: most data is stored until it is no longer needed to fulfill the service ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is a Content Delivery Network?

On our website, we use a so-called Content Delivery Network. Such a network is usually simply called a CDN. A CDN helps us to load our website quickly and smoothly, regardless of your location. In doing so, your personal data is also stored, managed, and processed on the servers of the CDN provider used. Below, we generally discuss the service and its data processing in more detail. Precise information on the handling of your data can be found in the respective privacy policy of the provider.

Every Content Delivery Network (CDN) is a network of regionally distributed servers, all connected via the internet. Through this network, website content (especially very large files) can be delivered quickly and smoothly even during high load peaks. The CDN creates a copy of our website on its servers for this purpose. Since these servers are distributed worldwide, the website can be delivered quickly. The data transfer to your browser is therefore significantly shortened by the CDN.

Why Do We Use a Content Delivery Network for Our Website?

A fast-loading website is part of our service. We know, of course, how annoying it is when a website loads at a snail's pace. Most of the time, you even lose patience and leave before the website is fully loaded. We naturally want to avoid this. Therefore, a fast-loading website is a matter of course for our website offering. With a Content Delivery Network, our website loads significantly faster in your browser. The use of the CDN is particularly helpful if you are abroad, because the website is delivered from a server near you.

What Data is Processed?

If you request a website or the content of a website and it is cached in a CDN, the CDN forwards the request to the server closest to you, and this delivers the content. Content Delivery Networks are designed so that JavaScript libraries can be downloaded and hosted on npm and Github servers. Alternatively, with most CDNs, WordPress plugins can also be loaded if they are hosted on WordPress.org. Your browser can send personal data to the Content Delivery Network we use. This includes data such as IP address, browser type, browser version, which website is loaded, or time and date of the page visit. This data is collected and stored by the CDN. Whether cookies are used for data storage depends on the network used. Please read the privacy texts of the respective service for this.

Right to Object

If you want to completely prevent this data transfer, you can install a JavaScript blocker (see, for example, https://noscript.net/) on your PC. Of course, our website can then no longer offer the usual service (such as fast loading speed).

Legal Basis

If you have consented that a Content Delivery Network may be used, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6(1)(a) GDPR (Consent), constitutes the legal basis for the processing of personal data, as may occur during collection by a Content Delivery Network.

From our side, there is also a legitimate interest in using a Content Delivery Network to optimize and secure our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tool if you have given your consent.

Information on specific Content Delivery Networks will be provided – if available – in the following sections.

Cloud Services

Cloud Services Privacy Policy Summary 👥 Affected: We as website operators and you as website visitors 🤝 Purpose: Security and data storage 📓 Processed Data: Data such as your IP address, name, or technical data such as browser version More details can be found below and in the individual privacy texts or in the privacy policies of the providers 📅 Storage Duration: most data is stored until it is no longer needed to fulfill the service ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Cloud Services?

Cloud services provide us as website operators with storage space and computing power via the internet. Data can be transferred, processed, and stored to an external system via the internet. The respective cloud provider manages this data. Depending on the requirements, an individual or a company can choose the storage space size or computing power. Cloud storage is accessed via an API or via storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software with hardware components.

Why Do We Use Cloud Services?

We use cloud services for several reasons. A cloud service offers us the possibility to store our data securely. In addition, we have access to the data from various locations and devices, thus having more flexibility and facilitating our work processes. Cloud storage also saves us costs because we do not have to set up and manage our own infrastructure for data storage and data security. Through the central storage of our data in the cloud, we can also expand our application areas and manage our information much better.

As website operators or as a company, we primarily use cloud services for our own purposes. For example, we use the services to manage our calendar, to store documents or other important information in the cloud. However, your personal data may also be stored there. This is the case, for example, if you provide us with your contact details (such as name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you can also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies can also be set for web analytics and advertising purposes. Furthermore, such cookies remember your settings (e.g., the language used) so that you find your usual web environment on your next visit to our website.

What Data is Processed by Cloud Services?

Many of the data we store in the cloud do not have a personal reference, but some data, according to the GDPR definition, are personal data. This often involves customer data such as name, address, IP address, or technical device information. In the cloud, videos, images, and audio files can also be stored. How the data is collected and stored exactly depends on the respective service. We try to use only services that handle data very trustworthy and professionally. Basically, the services, such as Amazon Drive, have access to the stored files to be able to offer their own service accordingly. However, for this, the services require permissions such as the right to copy files for security reasons. This data is processed and managed within the framework of the services and in compliance with applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). These cloud services also cooperate with third-party providers in some cases, who can process data under instruction and in accordance with the privacy policies and other security measures. We would like to emphasize once again at this point that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft Onedrive) obtain the right to access stored content in order to be able to offer and optimize their own service accordingly.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. In general, cloud services store data until you or we revoke data storage or delete the data again. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. However, a final data deletion from the cloud can take several months. This is because the data is usually not stored on just one server, but is distributed across various servers.

Right to Object

You also have the right and the option to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of revocation here. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. We also recommend our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policies of the respective cloud providers.

Legal Basis

We primarily use cloud services on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in a good security and storage system.

Certain processing operations, in particular the use of cookies and the use of storage functions, require your consent. If you have consented that your data may be processed and stored by cloud services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and consult the privacy policy or cookie guidelines of the respective service provider.

Information on specific tools will be provided – if available – in the following sections.

Single Sign-On Logins Introduction

Single Sign-On Logins Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Simplification of the authentication process 📓 Processed Data: Is highly dependent on the respective provider, usually email address and username can be stored. More details can be found with the respective tool used. 📅 Storage Duration: depends on the tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Article 6(1)(b) GDPR (Contract fulfillment), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Single Sign-On Logins?

On our website, you have the option to quickly and easily register for our online service via a user account of another provider (e.g., via Facebook). This authentication process is called, among other things, "Single Sign-On login". This login process only works, of course, if you are registered with the other provider or have a user account and enter the corresponding access data into the online form. In many cases, you are already logged in, the access data is automatically entered into the form, and you only have to confirm the Single Sign-On login via a button. In the course of this registration, your personal data may also be processed and stored. In this privacy text, we generally discuss data processing by Single Sign-On logins. More detailed information can be found in the privacy policies of the respective providers.

Why Do We Use Single Sign-On Logins?

We want to make your life on our website as easy and pleasant as possible. Therefore, we also offer Single Sign-On logins. This saves you valuable time because you only need one authentication. Since you only have to remember one password and it is only transmitted once, security is also increased. In many cases, you have already automatically saved your password with the help of cookies, and the login process on our website therefore only takes a few seconds.

What Data is Stored by Single Sign-On Logins?

Although you log in to our website via this special login process, the actual authentication takes place with the corresponding Single Sign-On provider. As website operators, we receive a user ID in the course of authentication. This states that you are logged in with this ID with the corresponding provider. This ID cannot be used for any other purposes. Other data may also be transmitted to us, but this depends on the Single Sign-On providers used. It also depends on what data you voluntarily provide during the authentication process and what data you generally release in your settings with the provider. This usually involves data such as your email address and your username. We do not know your password, which is necessary for logging in, and it is not stored with us. It is also important for you to know that data stored with us can be automatically compared with the data of the respective user account through the login process.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. Customer data that is compared with its own user data is, however, deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Right to Object

You also have the right and the option to revoke your consent to the use of Single Sign-On logins at any time. This usually works via the provider's opt-out functions. If available, you will also find links to the corresponding opt-out functions in our privacy texts for the individual tools.

Legal Basis

If it has been agreed with you and this takes place within the framework of contract fulfillment (Article 6(1)(b) GDPR) and consent (Article 6(1)(a) GDPR), we can use the Single Sign-On procedure on these legal bases.

In addition to consent, we have a legitimate interest in offering you a quick and easy login process. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use Single Sign-On login if you have given your consent.

If you no longer want this link to the provider with the Single Sign-On login, please dissolve it in your user account with the respective provider. If you also want to delete data with us, it is necessary to cancel your registration.

Online Map Services Introduction

Online Map Services Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Improvement of user experience 📓 Processed Data: Which data is processed depends heavily on the services used. Mostly it is IP address, location data, search terms, and/or technical data. More details can be found with the respective tools used. 📅 Storage Duration: depends on the tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Online Map Services?

For our website, we also use online map services as an extended service. Google Maps is probably the service you are most familiar with, but there are also other providers who specialize in creating digital maps. Such services make it possible to display locations, route plans, or other geographical information directly via our website. Through an integrated map service, you no longer have to leave our website to, for example, view the route to a location. For the online map to work on our website, map sections are integrated using HTML code. The services can then display road maps, the earth's surface, or aerial/satellite images. If you use the integrated map offer, data is also transferred to the tool used and stored there. This data may also contain personal data.

Why Do We Use Online Map Services on Our Website?

Generally speaking, our aim is to offer you a pleasant time on our website. And your time is, of course, only pleasant if you can easily find your way around our website and find all the information you need quickly and easily. That's why we thought an online map system could be a significant optimization of our service on the website. Without leaving our website, you can easily view route descriptions, locations, or even sights with the help of the map system. It is also super practical that you can see at a glance where our company is located so that you can find us quickly and safely. You see, there are simply many advantages, and we clearly consider online map services on our website as part of our customer service.

What Data is Stored by Online Map Services?

When you open a page on our website that has an online map function integrated, personal data can be transmitted to the respective service and stored there. This usually involves your IP address, through which your approximate location can also be determined. In addition to the IP address, data such as entered search terms and longitude and latitude coordinates are also stored. If you enter an address for route planning, this data is also stored. The data is not stored with us, but on the servers of the integrated tools. You can imagine it roughly like this: you are on our website, but when you interact with a map service, this interaction actually happens on their website. For the service to function properly, at least one cookie is usually set in your browser. Google Maps, for example, also uses cookies to record user behavior and thus optimize its own service and display personalized advertising. You can find out more about cookies in our "Cookies" section.

How Long and Where is the Data Stored?

Each online map service processes different user data. If we have further information, we will inform you about the duration of data processing below in the corresponding sections for the individual tools. Basically, personal data is always stored only for as long as it is necessary for the provision of the service. Google Maps, for example, stores certain data for a specified period, other data you have to delete yourself. Mapbox, for example, stores the IP address for 30 days and then deletes it. You see, each tool stores data for different lengths of time. Therefore, we recommend that you carefully read the privacy policies of the tools used.

The providers also use cookies to store data about your user behavior with the map service. More general information about cookies can be found in our section "Cookies", but also in the privacy texts of the individual providers you can find out which cookies may be used. Mostly, however, this is only an exemplary list and is not exhaustive.

Right to Object

You always have the option and the right to access your personal data and to object to its use and processing. You can also revoke your consent, which you have given us, at any time. In general, this works most easily via the cookie consent tool. However, there are also other opt-out tools that you can use. Possible cookies that are set by the used providers can also be managed, deleted, or deactivated by you with a few mouse clicks. However, it can then happen that some functions of the service no longer work as usual. How you manage cookies in your browser also depends on your used browser. In the section "Cookies", you will also find links to the instructions for the most important browsers.

Legal Basis

If you have consented that an online map service may be used, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6(1)(a) GDPR (Consent), constitutes the legal basis for the processing of personal data, as may occur during collection by an online map service.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we always only use an online map service if you have given your consent. We absolutely want to emphasize this again at this point.

Information on specific online map services will be provided – if available – in the following sections.

Miscellaneous Introduction

Miscellaneous Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Improvement of user experience 📓 Processed Data: Which data is processed depends heavily on the services used. Mostly it is IP address and/or technical data. More details can be found with the respective tools used. 📅 Storage Duration: depends on the tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What falls under "Miscellaneous"?

The "Miscellaneous" category includes those services that do not fit into any of the above categories. These are usually various plugins and integrated elements that improve our website. As a rule, these functions are obtained from third-party providers and integrated into our website. Examples include web search services such as Algolia Place, Giphy, Programmable Search Engine, or online services for weather data such as OpenWeather.

Why Do We Use Other Third-Party Providers?

We want to offer you the best web offering in our industry with our website. A website has long ceased to be merely a business card for companies. Rather, it is a place that should help you find what you are looking for. To constantly make our website even more interesting and helpful for you, we use various services from third-party providers.

What Data is Processed?

Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored, and processed there. This is necessary because otherwise the content cannot be sent to your browser and consequently cannot be displayed correctly. It can also happen that service providers also use pixel tags or web beacons. These are small graphics on websites that can record a log file and also create analyses of this file. With the information obtained, the providers can improve their own marketing measures. In addition to pixel tags, such information (e.g., which button you click or when you access which page) can also be stored in cookies. In addition to analysis data on your web behavior, technical information such as your browser type or your operating system can also be stored there. Some providers can also link the data obtained with other internal services or with third-party providers. Each provider handles your data differently. Therefore, we recommend that you carefully read the privacy policies of the respective services. We are generally striving to use only services that handle data protection very carefully.

Duration of Data Processing

We will inform you about the duration of data processing below, if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Legal Basis

If we ask for your consent and you also consent that we may use the service, this serves as the legal basis for the processing of your data (Art. 6(1)(a) GDPR). Additionally, we have a legitimate interest in analyzing the behavior of website visitors and thus technically and economically improving our offering. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.

Information on specific tools will be provided – if available – in the following sections.

Hosting via Vercel

This website is hosted by Vercel Inc. When you access the website, Vercel processes technically necessary data to provide the website and ensure its security/stability. This may include, in particular, IP address, date and time of access, page/URL accessed, referrer URL, browser and device information, and log/diagnostic data.

The processing takes place for the provision of the website and for the defense against attacks / ensuring operation on the basis of Art. 6(1)(f) GDPR (legitimate interest).

Vercel may also process data in the USA. According to its own statements, Vercel bases transfers to third countries on appropriate safeguards (e.g., EU-US Data Privacy Framework).

Provider:
Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

Data Protection Contact:
Vercel Inc., Attn: Data Protection, c/o EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium, Email: privacy@vercel.com

Further information can be found in the Vercel Privacy Policy.

Vercel Analytics Privacy Policy

To improve this website, we use Vercel Web Analytics. Usage and performance data are collected, e.g., page views, approximate origin/region, device/browser type, time and duration of visit, and technical performance metrics. According to the provider, Vercel Analytics is designed for data-saving measurement and can be operated without the use of cookies; nevertheless, personal data (especially the IP address) may be processed.

The processing takes place for statistical evaluation and optimization of the website on the basis of Art. 6(1)(f) GDPR (legitimate interest). If you use a consent banner for Analytics, you can instead specify Art. 6(1)(a) GDPR (Consent) as the legal basis and only load Vercel Analytics after consent.

Provider/Recipient: Vercel Inc. (contact details see above).

Closing Remarks

Congratulations! If you are reading these lines, you have really "fought" through our entire privacy policy or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and conscience about the processing of personal data. In doing so, we want to not only tell you which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. Since most of you are not web developers or lawyers, we also wanted to take a different linguistic approach and explain the matter in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Privacy Policy created with the Data Protection Generator for Germany by AdSimple. Also check out our Sample Privacy Policy.