❄ EU-wide shipping under frost-free conditions | ✓ Free shipping on orders over €100!

Data protection

Privacy Policy

As of: November 11, 2019

Table of contents

Responsible

Fabian Striebe
Edelweißstraße 8
13158 Berlin

Email address: info@carniflor.de

Imprint: https://www.carniflor.de/impressum/

Overview of processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected persons.

Types of processed data

  • Inventory data (e.g., names, addresses).
  • Content data (e.g., text entries, photographs, videos).
  • Contact data (e.g., email, phone numbers).
  • Meta/communication data (e.g., device information, IP addresses).
  • Usage data (e.g., visited websites, interest in content, access times).
  • Contract data (e.g., subject matter of the contract, duration, customer category).
  • Payment data (e.g., bank details, invoices, payment history).

Categories of data subjects

  • Employees (e.g., staff, applicants, former employees).
  • Business and contractual partners.
  • Prospects.
  • Communication partners.
  • Customers.
  • Users (e.g., website visitors, users of online services).
  • Sweepstakes and competition participants.

Purposes of processing

  • Affiliate tracking.
  • Provision of our online offering and user-friendliness.
  • Visitor action evaluation.
  • Office and organizational procedures.
  • Direct marketing (e.g., via email or postal mail).
  • Conducting sweepstakes and competitions.
  • Feedback (e.g., collecting feedback via online form).
  • Interest-based and behavioral marketing.
  • Contact inquiries and communication.
  • Conversion measurement (measuring the effectiveness of marketing measures).
  • Profiling (creating user profiles).
  • Remarketing.
  • Reach measurement (e.g., access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g., interest-based/behavioral profiling, use of cookies).
  • Contractual services and support.
  • Administration and response to inquiries.


Relevant legal bases

Below we share the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may apply.

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given their consent to the processing of personal data concerning them for a specific purpose or multiple specific purposes.
  • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that occur at the request of the data subject.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR) – Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the protection of the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes, in particular, the Act on the Protection Against the Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains specific regulations regarding the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of employment relationships (§ 26 BDSG), particularly with regard to the establishment, execution, or termination of employment relationships and the consent of employees. Additionally, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transmission, availability assurance, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission and disclosure of personal data

In the context of our processing of personal data, it may occur that the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and particularly conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or the disclosure or transmission of data to other persons, entities, or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or contractually or legally required transmission, we process or allow the data to be processed only in third countries with an acknowledged level of data protection, which includes US processors certified under the "Privacy Shield," or based on special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was watched. We also include other technologies that fulfill the same functions as cookies in the term cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following types of cookies and functions are distinguished:

  • Temporary Cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
  • Permanent Cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Similarly, the interests of users, which are used for reach measurement or marketing purposes, can be stored in such a cookie.
  • First-Party Cookies: First-party cookies are set by us.
  • Third-Party Cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or absolutely required) Cookies: Cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).
  • Statistics, Marketing, and Personalization Cookies: Furthermore, cookies are usually also used in the context of reach measurement and when a user's interests or behavior (e.g., viewing certain content, using features, etc.) are stored in a user profile on individual websites. Such profiles are used to display content to users that corresponds to their potential interests. This process is also referred to as "tracking," i.e., tracking the potential interests of users. To the extent that we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed based on our legitimate interests (e.g., in the economic operation of our online offering and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.

General information on revocation and objection (Opt-Out): Depending on whether the processing is based on consent or legal permission, you have the option to revoke any given consent or to object to the processing of your data by cookie technologies at any time (collectively referred to as "Opt-Out"). You can initially declare your objection using your browser settings, e.g., by disabling the use of cookies (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. Additionally, you can receive further objection notices in the context of the information provided about the service providers and cookies used.

Processing of cookie data based on consent: Before we process or have data processed in the context of using cookies, we ask users for a revocable consent at any time. Until consent is given, only cookies that are necessary for the operation of our online offering will be used. Their use is based on our interest and the users' interest in the expected functionality of our online offering.

  • Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta-/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Commercial and business services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contract partners") within the framework of contractual and comparable legal relationships as well as related measures and in the context of communication with the contract partners (or pre-contractually), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations, to secure our rights, and for the purposes of the administrative tasks associated with this information as well as for corporate organization. We only pass on the data of the contractual partners to third parties within the framework of applicable law to the extent necessary for the aforementioned purposes or to fulfill legal obligations, or with the consent of the contractual partners (e.g., to involved telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

We inform the contractual partners about which data is required for the aforementioned purposes before or during the data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks, etc.), or personally.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (e.g., for tax purposes, usually 10 years). Data that has been disclosed to us in the context of an order by the contractual partner will be deleted in accordance with the specifications of the order, generally after the end of the order.

As far as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Economic analyses and market research: For business reasons and to recognize market trends, the wishes of contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc., whereby the group of affected persons may include contractual partners, interested parties, customers, visitors, and users of our online offerings.

The analyses are conducted for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we can consider the profiles of registered users along with their information, e.g., regarding services utilized, if available. The analyses are solely for our use and will not be disclosed externally, unless they are anonymous analyses with aggregated, thus anonymized values. Furthermore, we take the privacy of users into account and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as aggregated data).

Shop and E-Commerce: We process the data of our customers to enable them to select, acquire, or order the chosen products, goods, as well as related services, and their payment and delivery, or execution.

The required information is marked as such within the framework of the purchase or comparable acquisition process and includes the information needed for delivery, or provision and billing as well as contact information to hold any necessary consultations.

Educational and training services: We process the data of participants in our educational and training offerings (collectively referred to as "trainees") to provide our training services to them. The data processed in this context, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and training relationship. Forms of processing also include performance evaluation and the evaluation of our services as well as those of the instructors.

In the course of our activities, we may also process special categories of data, particularly information regarding the health of the trainees as well as data revealing ethnic origin, political opinions, religious or philosophical beliefs. For this purpose, we obtain explicit consent from the trainees if necessary and otherwise process the special categories of data only if it is required for the provision of training services, for health care purposes, social protection, or the protection of vital interests of the trainees.

If it is necessary for our contract fulfillment, to protect vital interests, or legally required, or if there is consent from the trainees, we disclose or transmit the data of the trainees in compliance with professional regulations to third parties or contractors, such as authorities or in the field of IT, office, or comparable services.

Artistic and literary services: We process the data of our clients to enable them to select, acquire, or commission the chosen services or works as well as related activities and their payment and delivery or execution.

The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information needed for delivery and billing as well as contact information to hold any necessary consultations.

Publishing Activities: We process the data of our contacts, interview partners, and other individuals who are the subject of our publishing, editorial, and journalistic as well as related activities. In this context, we refer to the applicability of protective provisions of freedom of opinion and press according to Art. 85 GDPR in conjunction with the respective national laws. The processing serves to fulfill our commissioned activities and takes place, in particular, based on the public interest in information and media offerings.

Travel-related Services: We process the data of our customers and interested parties (uniformly referred to as "customers") in accordance with the underlying contractual relationship. We may also process information about the characteristics and circumstances of individuals or their belongings if this is necessary within the framework of the contractual relationship. This may include, for example, information about personal living conditions, mobile assets, and financial situations.

In the context of our commissioning, it may be necessary for us to process special categories of data within the meaning of Art. 9 para. 1 GDPR, particularly information regarding a person's health. The processing is carried out to protect the health interests of customers and otherwise only with the consent of the customers.

If required for contract fulfillment or by law, or with customer consent, or based on our legitimate interests, we disclose or transmit customer data, e.g., to service providers involved in fulfilling travel services.

Events and Activities: We process the data of participants in the events, activities, and similar activities that we offer or organize (hereinafter uniformly referred to as "participants" and "events") to enable their participation in the events and the use of the services or actions associated with participation.

If we process health-related data, religious, political, or other special categories of data in this context, it is done within the framework of transparency (e.g., at thematically oriented events or for health prevention, safety, or with the consent of the affected individuals).

The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing as well as contact information to enable any necessary consultations. To the extent that we gain access to information from end customers, employees, or other individuals, we process this in accordance with legal and contractual requirements.

Further information on commercial services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") to enable them to select, acquire, or commission the chosen services or works as well as related activities and their payment and delivery or execution or provision.

The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing as well as contact information to hold any necessary consultations.

  • Types of processed data: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, duration, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Interested parties, business and contractual partners, customers.
  • Purposes of processing: Contractual services and service, contact inquiries and communication, office and organizational procedures, administration and response to inquiries, evaluation of visit actions, interest-based and behavior-based marketing, profiling (creating user profiles), security measures.
  • Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Use of online marketplaces for e-commerce

We offer our services on online platforms operated by other service providers. In this context, in addition to our privacy notices, the privacy notices of the respective platforms apply. This is particularly true regarding the measurement procedures for reach and interest-based marketing used on the platforms.

  • Types of processed data: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, duration, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Customers.
  • Purposes of processing: Contractual services and service.
  • Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Payment service providers

As part of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer affected individuals efficient and secure payment options and use additional payment service providers alongside banks and credit institutions (collectively referred to as "payment service providers").

The data processed by the payment service providers include inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. This information is necessary to carry out the transactions. However, the entered data is only processed by the payment service providers and stored with them. That is, we do not receive account or credit card-related information, but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission aims to verify identity and creditworthiness. For this, we refer to the terms and conditions and the privacy notices of the payment service providers.

The terms and conditions and the privacy notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information, and other rights of the data subjects.

  • Types of processed data: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Customers, prospects.
  • Purposes of processing: Contractual services and support, contact inquiries and communication, affiliate tracking.
  • Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Registration and Login

Users can create a user account. During registration, users are informed of the required mandatory information and this data is processed for the purpose of providing the user account based on contractual obligations. The processed data includes, in particular, the login information (name, password, and an email address). The data entered during registration is used for the purposes of using the user account and its purpose.

Users may be informed via email about events that are relevant to their user account, such as technical changes. If users have canceled their user account, their data regarding the user account will be deleted, subject to any legal retention obligations. It is the users' responsibility to secure their data upon cancellation before the end of the contract. We are entitled to irretrievably delete all data of the user stored during the contract period.

In the context of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against abuse and other unauthorized use. Generally, this data is not shared with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Online Forum: Participation in the forum requires registration, during which, subject to other information in the registration form, one or your name, a password, and the email address to which the access data will be sent must be provided. For security reasons, the password should meet current technical standards, meaning it should be complex (users will be informed of this during registration if necessary) and not used elsewhere. Contributions in the forum are visible to the public unless their visibility is restricted to certain members or member groups. The contributions of the authors are stored with their names, if registered or provided, the time, and the content of the entry. During registrations and when writing entries, the IP addresses of the users are also stored, in case the entries contain prohibited content and the IP addresses could serve legal prosecution. The responsible party reserves the right to delete registrations and entries based on a reasonable assessment.

Two-Factor Authentication: Two-factor authentication provides an additional layer of security for your user account and ensures that only you can access your account, even if someone else knows your password.

For this purpose, you must perform an additional authentication measure in addition to your password (e.g., enter a code sent to a mobile device). We will inform you about the procedure we use.

  • Types of Processed Data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Contractual services and support, security measures, management and response to inquiries.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter referred to as "publication medium"). The data of readers are processed for the purposes of the publication medium only to the extent necessary for its presentation and the communication between authors and readers or for security reasons. Furthermore, we refer to the information regarding the processing of visitors to our publication medium within the framework of this privacy notice.

Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we may be held liable for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process user information for spam detection based on our legitimate interests.

On the same legal basis, we reserve the right to store the IP addresses of users for the duration of surveys and to use cookies to prevent multiple voting.

The information provided in the context of comments and posts regarding the person, any contact and website information, as well as the content details, will be stored by us permanently until the users object.

Comment subscriptions: Follow-up comments can be subscribed to by users with their consent. Users receive a confirmation email to verify that they are the owner of the entered email address. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on the cancellation options. For the purposes of proving the users' consent, we store the registration time along with the users' IP address and delete this information when users unsubscribe from the subscription.

You can unsubscribe from our subscription at any time, i.e., revoke your consents. We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

Retrieval of WordPress emojis and smilies: Within our WordPress blog, graphic emojis (or smilies), i.e., small graphic files that express feelings, are used for the efficient integration of content elements, sourced from external servers. The providers of the servers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to the users' browsers.

Profile pictures from Gravatar: We use the Gravatar service within our online offerings, particularly in the blog.

Gravatar is a service where users can sign up and provide profile pictures and their email addresses. When users leave posts or comments on other online presences (especially in blogs) with the respective email address, their profile pictures can be displayed next to the posts or comments. For this purpose, the email address provided by the users is transmitted to Gravatar in an encrypted form to check whether a profile is stored for it. This is the only purpose of transmitting the email address. It will not be used for other purposes and will be deleted afterwards.

The use of Gravatar is based on our legitimate interests, as we provide authors of posts and comments the opportunity to personalize their contributions with a profile picture.

By displaying the images, Gravatar learns the users' IP address, as this is necessary for communication between a browser and an online service.

If users do not want an avatar linked to their email address to appear in the comments, they should use an email address for commenting that is not registered with Gravatar. We also point out that it is possible to use an anonymous or even no email address if users do not wish for their email address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.

  • Types of processed data: Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contract data (e.g. subject matter of the contract, duration, customer category).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contractual services and support, feedback (e.g. collecting feedback via online form), security measures, management and response to inquiries, contact requests and communication, provision of our online offerings and user-friendliness.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), consent (Art. 6 para. 1 sentence 1 lit. a GDPR), protection of vital interests (Art. 6 para. 1 sentence 1 lit. d. GDPR).

Services used and service providers:

Contact

When contacting us (e.g., via contact form, email, phone, or via social media), the information of the inquiring persons is processed as far as necessary to respond to the contact inquiries and any requested actions.

The response to contact inquiries within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and, furthermore, based on the legitimate interests in responding to the inquiries.

  • Types of processed data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact inquiries and communication.
  • Legal bases: Fulfillment of contracts and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Communication via Messenger

We use messenger services for communication purposes and therefore ask you to pay attention to the following notes regarding the functionality of the messengers, encryption, the use of communication metadata, and your options to object.

You can also contact us through alternative means, e.g., via phone or email. Please use the contact options provided to you or the contact options specified within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not accessible, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of the message content.

However, we additionally inform our communication partners that the providers of the messengers may not see the content but can find out that and when communication partners communicate with us, as well as process technical information about the device used by the communication partners and, depending on their device settings, also location information (so-called metadata).

Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Furthermore, if we do not ask for consent and they, for example, contact us on their own initiative, we use messenger in relation to our contractual partners as a contractual measure and in the case of other interested parties and communication partners based on our legitimate interests in quick and efficient communication and meeting the needs of our communication partners for communication via messengers. Furthermore, we would like to point out that we do not transmit the contact data provided to us to the messengers for the first time without your consent.

Revocation, objection, and deletion: You can revoke any consent given at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages according to our general deletion policies (i.e. for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that any inquiries from the communication partners have been answered, when no reference to a previous conversation is expected and there are no legal retention obligations opposing deletion.

Reservation of reference to other communication channels: In conclusion, we would like to point out that we reserve the right, for your safety, not to respond to inquiries via messenger. This is the case, for example, if contractual details require special confidentiality or if a response via messenger does not meet formal requirements. In such cases, we refer you to more appropriate communication channels.

  • Types of processed data: Contact data (e.g. email, phone numbers), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text inputs, photographs, videos).
  • Affected persons: Communication partners.
  • Purposes of processing: Contact inquiries and communication, direct marketing (e.g. via email or postal mail).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Surveys and questionnaires

The surveys and questionnaires we conduct (hereinafter referred to as "surveys") are evaluated anonymously. Personal data is processed only to the extent necessary for the provision and technical execution of the surveys (e.g., processing the IP address to display the survey in the user's browser or using a temporary cookie (session cookie) to allow resuming the survey) or if users have consented.

Notes on legal bases: If we ask participants for consent to process their data, this legal basis applies to the processing; otherwise, the processing of participants' data is based on our legitimate interests in conducting an objective survey.

  • Types of processed data: Contact data (e.g., email, phone numbers), content data (e.g., text inputs, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact inquiries and communication, direct marketing (e.g., via email or postal mail), tracking (e.g., interest-/behavior-based profiling, use of cookies), feedback (e.g., collecting feedback via online form).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Provision of the online service and web hosting

In order to provide our online service securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space, database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting service may include all information related to users of our online service that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, and all inputs made within our online service or from websites.

Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the email sending (e.g. the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent encrypted over the internet. Typically, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission path of the emails between the sender and the reception on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for each access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transmitted data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider.

The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure server load and stability.

  • Processed data types: Content data (e.g. text inputs, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Music and Podcasts

We use the hosting and analysis services of the service providers listed below to offer our audio content for listening or downloading and to obtain statistical information about the retrieval of the audio content.

  • Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta-/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors), visit action evaluation, profiling (creating user profiles).

Services used and service providers:

Cloud services

We use software services accessible over the internet and executed on the servers of their providers (so-called "cloud services," also referred to as "Software as a Service") for the following purposes: document storage and management, calendar management, email sending, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferences.

In this context, personal data may be processed and stored on the providers' servers, as far as they are part of communication processes with us or are otherwise processed by us, as outlined in this privacy policy. This data may include in particular master data and contact data of users, data on transactions, contracts, other processes, and their contents. The providers of cloud services also process usage data and metadata, which they use for security purposes and service optimization.

If we provide forms or other documents and content for other users or publicly accessible websites using cloud services, the providers may store cookies on users' devices for web analysis purposes or to remember users' settings (e.g., in the case of media control).

Notes on legal bases: If we request consent for the use of cloud services, the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of cloud services has been agreed upon in this context. Otherwise, user data will be processed based on our legitimate interests (i.e., interest in efficient and secure administrative and collaboration processes).

  • Types of processed data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Customers, employees (e.g., staff, applicants, former employees), interested parties, communication partners.
  • Purposes of processing: Office and organizational procedures.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Newsletters and mass communication

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described during the subscription process, they are decisive for the users' consent. Furthermore, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter, or additional information if it is necessary for the purposes of the newsletter.

Double Opt-In Procedure: The registration for our newsletter is generally done in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with someone else's email address. Registrations for the newsletter are logged to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them, in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called "blacklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we engage a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Notes on Legal Bases: The sending of newsletters is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing, as far as and to the extent that this is legally permitted, e.g., in the case of advertising to existing customers. If we engage a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was conducted in accordance with the law.

Content: Information about us, our services, promotions, and offers.

Success Measurement: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.

This information is used for the technical improvement of our newsletter based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if applicable, that of the mailing service provider, to monitor individual users. Rather, the evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the success measurement are carried out, subject to the explicit consent of the users, based on our legitimate interests for the purpose of using a user-friendly and secure newsletter system, which serves both our business interests and meets the expectations of the users.

A separate revocation of the success measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to.

Requirement for the use of free services: Consent to the sending of mailings may be made a condition for the use of free services (e.g., access to certain content or participation in certain actions). If users wish to use the free service without subscribing to the newsletter, we ask you to get in touch.

  • Types of processed data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
  • Data subjects: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Direct marketing (e.g., via email or postal mail), contractual services and support.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Right to object (Opt-Out): You can unsubscribe from our newsletter at any time, i.e., revoke your consents or object to further receipt. You can find a link to unsubscribe from the newsletter either at the end of each newsletter or use one of the contact options provided above, preferably by email, for this purpose.

Services used and service providers:

Advertising communication via mail, fax, or telephone

We process personal data for the purposes of advertising communication, which can take place through various channels, such as email, telephone, mail, or fax. In this context, we observe the legal requirements and obtain the necessary consents, provided that the communication is not legally permitted.

Recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or objection, we can store the data required to prove consent for up to three years based on our legitimate interests before we delete it. The processing of this data will be limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via email or postal mail).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Competitions and contests

We process personal data of participants in competitions and contests only in compliance with the relevant data protection regulations, as far as the processing is contractually necessary for the provision, execution, and settlement of the competition, the participants have consented to the processing, or the processing serves our legitimate interests (e.g., in the security of the competition or the protection of our interests against abuse through possible collection of IP addresses when submitting competition contributions).

If, in the context of the competitions, contributions from participants are published (e.g., in the context of a vote or presentation of the competition contributions or the winners or reporting on the competition), we point out that the names of the participants may also be published in this context. Participants can object to this at any time.

If the sweepstake takes place within an online platform or a social network (e.g., Facebook or Instagram, hereinafter referred to as "online platform"), the terms of use and privacy policies of the respective platforms also apply. In these cases, we would like to point out that we are responsible for the information provided by the participants in the context of the sweepstake and that inquiries regarding the sweepstake should be directed to us.

The data of the participants will be deleted as soon as the sweepstake or competition has ended and the data is no longer required to inform the winners or because inquiries regarding the sweepstake are expected. In principle, the data of the participants will be deleted no later than 6 months after the end of the sweepstake. Data of the winners may be retained longer, for example, to answer inquiries about the prizes or to fulfill the prize services; in this case, the retention period depends on the type of prize and is, for example, up to three years for items or services, to handle warranty cases. Furthermore, the data of the participants may be stored longer, for example, in the form of reporting on the sweepstake in online and offline media.

If data is collected in the context of the sweepstakes for other purposes, their processing and retention period are governed by the privacy notices for this use (e.g., in the case of a newsletter subscription in connection with a sweepstake).

  • Types of processed data: Inventory data (e.g., names, addresses), content data (e.g., text entries, photographs, videos).
  • Data subjects: Sweepstakes and competition participants.
  • Purposes of processing: Conducting sweepstakes and competitions.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).

Web analytics and optimization

Web analytics (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offerings and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can identify, for example, when our online offering or its functions or content are used most frequently or invite reuse. We can also track which areas need optimization.

In addition to web analytics, we can also use testing methods to test and optimize different versions of our online offerings or their components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures with the same purpose can be used. This information may include, for example, viewed content, visited websites and elements used there, and technical information such as the browser used, the computer system used, as well as information on usage times. If users have consented to the collection of their location data, this may also be processed depending on the provider.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to point out the information regarding the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta-/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest-/behavior-based profiling, use of cookies), visit action evaluation, profiling (creating user profiles), interest-based and behavior-based marketing.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Online marketing

We process personal data for online marketing purposes, which may particularly include the marketing of advertising spaces or the display of advertising and other content (collectively referred to as "content") based on potential user interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar methods are used, through which the information relevant for displaying the aforementioned content about the user is stored. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical details, such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of users are also stored. However, we use available IP masking methods (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored as part of the online marketing methods, but pseudonyms. That is, we and the providers of the online marketing methods do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or by similar methods. These cookies can later also be read on other websites that use the same online marketing method, analyzed for content display purposes, supplemented with additional data, and stored on the server of the online marketing method provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case when users are, for example, members of a social network whose online marketing methods we use and the network connects the profiles of users with the aforementioned information. We ask you to note that users may make additional agreements with the providers, e.g. by consenting during registration.

We generally only gain access to aggregated information about the success of our advertisements. However, we can check, as part of so-called conversion measurements, which of our online marketing methods have led to a so-called conversion, i.e. for example, to a contract conclusion with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to point out the information regarding the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta-/communication data (e.g. device information, IP addresses).
  • Affected persons: Users (e.g. website visitors, users of online services), interested parties.
  • Purposes of processing: Tracking (e.g. interest-/behavior-based profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavior-based marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, detection of returning visitors).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Right to object (Opt-Out): We refer to the privacy notices of the respective providers and the objection options provided for the providers (so-called "Opt-Out"). If no explicit Opt-Out option has been provided, there is the possibility that you can disable cookies in your browser settings. However, this may limit the functionality of our online offerings. Therefore, we additionally recommend the following Opt-Out options, which are offered summarizingly for each area: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-border: http://optout.aboutads.info.

Services used and service providers:

Affiliate Programs and Affiliate Links

In our online offering, we incorporate so-called affiliate links or other references (which may include discount codes, for example) to the offers and services of third-party providers (collectively referred to as "affiliate links"). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third-party providers (collectively referred to as "commission").

In order to track whether users have taken advantage of the offers from an affiliate link we have used, it is necessary for the respective third parties to know that users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g., purchases) serves solely the purpose of commission accounting and will be terminated as soon as it is no longer necessary for that purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that are part of the link or can otherwise be stored, e.g., in a cookie. The values may include, in particular, the originating website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, the users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history).
  • Affected persons: Users (e.g. website visitors, online service users), customers.
  • Purposes of processing: Affiliate tracking, contractual services and support.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Offer of an affiliate program

We offer an affiliate program, i.e., commissions or other benefits (collectively referred to as "commission") for users (referred to as "affiliates") who refer to our offers and services. The referral is made via a link assigned to the respective affiliate or other methods (e.g., discount codes) that allow us to recognize that the utilization of our services was based on the referral (collectively referred to as "affiliate links").

In order to track whether users have utilized our services based on the affiliate links used by the affiliates, it is necessary for us to know that users have followed an affiliate link. The assignment of the affiliate links to the respective business transactions or to other

This module is only accessible after entering the license code "Privacy Policy German"

Do you already have a license code? Please enter it above in the premium area.

Or please purchase the license from us in the shop for business customers.

Do you want to know how the license acquisition works? Please take a look at our instructions.

The use of For full text please purchase the license. services For full text please purchase the license. is solely For full text please purchase the license. for the purpose For full text please purchase the license. Commission settlement For full text please purchase the license. will For full text please purchase the license. as soon as For full text please purchase the license. for For full text please purchase the license. purpose For full text please purchase the license. is no longer For full text please purchase the license.

For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. Affiliate links For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license. For full text please purchase the license.

Notes For full text please purchase the license. Legal bases: For full text please purchase the license. we For full text please purchase the license. users For full text please purchase the license.

  • Processed data types: Contract data (e.g., subject matter of the contract, duration, customer category), usage data (e.g., visited websites, interest in content, access times).
  • Affected persons: Users (e.g., website visitors, users of online services), business and contractual partners.
  • Purposes of processing: Contractual services and service, affiliate tracking.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Evaluation platforms

We participate in evaluation procedures to assess, optimize, and promote our services. When users rate us through the involved evaluation platforms or procedures, or provide feedback in other ways, the general terms and conditions and the privacy notices of the providers also apply. As a rule, the evaluation also requires registration with the respective providers.

To ensure that the reviewers have actually used our services, we transmit the necessary data regarding the customer and the service used to the respective review platform with the consent of the customers (including name, email address, and order number or article number). This data is used solely to verify the authenticity of the user.

Rating Widget: We integrate so-called "rating widgets" into our online offering. A widget is a functional and content element embedded in our online offering that displays variable information. It can be represented, for example, in the form of a seal or a comparable element, sometimes also called a "badge." While the corresponding content of the widget is displayed within our online offering, it is retrieved at that moment from the servers of the respective widget provider. Only in this way can the current content be shown, especially the current rating. For this, a data connection must be established from the webpage accessed within our online offering to the server of the widget provider, and the widget provider receives certain technical data (access data, including IP address) that is necessary for delivering the content of the widget to the user's browser.

Furthermore, the widget provider receives information that users have visited our online offering. This information may be stored in a cookie and used by the widget provider to recognize which online offerings participating in the evaluation process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes.

  • Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: Customers, users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form), reach measurement (e.g. access statistics, recognition of returning visitors), visit action evaluation, interest-based and behavioral marketing, profiling (creating user profiles).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Services used and service providers:

Presences in social networks

We maintain online presences within social networks to communicate with users active there or to provide information about us there.

We would like to point out that user data may be processed outside the territory of the European Union. This may pose risks for users, as it could make the enforcement of users' rights more difficult. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they commit to complying with the data protection standards of the EU.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests. These usage profiles can in turn be used to display advertisements both within and outside the networks that presumably match the users' interests. For these purposes, cookies are usually stored on the users' computers, which store the usage behavior and interests of the users. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing forms and the options for objection (Opt-Out), we refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of inquiries for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

  • Types of processed data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact inquiries and communication, tracking (e.g. interest-/behavior-based profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Services used and service providers:

Plugins and embedded functions as well as content

We integrate functional and content elements into our online offering that are sourced from the servers of their respective providers (hereinafter referred to as "third parties"). This may include, for example, graphics, videos, or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always assumes that the third-party providers of this content process the users' IP addresses, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' devices and may contain technical information about the browser and operating system, referring websites, visit times, as well as further details about the use of our online offerings, and may also be linked with such information from other sources.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to point out the information regarding the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. email, phone numbers), content data (e.g. text inputs, photographs, videos), inventory data (e.g. names, addresses).
  • Affected persons: Users (e.g., website visitors, users of online services), communication partners.
  • Purposes of processing: Provision of our online offering and user-friendliness, contractual services and support, contact requests and communication, direct marketing (e.g., via email or postal mail), tracking (e.g., interest-/behavior-based profiling, use of cookies), interest-based and behavior-based marketing, profiling (creating user profiles), reach measurement (e.g., access statistics, recognition of returning visitors), feedback (e.g., collecting feedback via online form), security measures, management and response to inquiries.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Services used and service providers:

Planning, organization, and support tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, administration, planning, and providing our services. In selecting the third-party providers and their services, we comply with legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. Various data may be affected, which we process in accordance with this privacy policy. This data may particularly include master data and contact data of users, data on transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask that you pay attention to the privacy notices of the respective third-party providers.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, the users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of processed data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners, users (e.g., website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Deletion of data

The data we process will be deleted in accordance with legal requirements as soon as the consents granted for processing are revoked or other permissions expire (e.g., when the purpose of processing this data no longer exists or it is no longer necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.

Further information on the deletion of personal data may also be provided within the individual privacy notices of this privacy policy.

Change and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as your participation (e.g., consent) or any other individual notification becomes necessary due to the changes.

Created with the free privacy policy generator by Dr. Thomas Schwenke