Privacy Policy

Table of Contents

  • Introduction and Overview
  • Scope of Application
  • Legal Bases
  • Contact Details of the Data Controller
  • Storage Duration
  • Rights According to the General Data Protection Regulation
  • Data Transfers to Third Countries
  • Data Processing Security
  • Communication
  • Data Processing Agreement (DPA)
  • Cookies
  • Web Hosting Introduction
  • Website Builder Systems Introduction
  • Web Analytics Introduction
  • Email Marketing Introduction
  • Social Media Introduction
  • Cookie Consent Management Platform Introduction
  • Payment Providers Introduction
  • Audio & Video Introduction
  • Survey and Polling Systems Introduction
  • Web Design Introduction
  • Online Booking Systems Introduction
  • Explanation of Terms Used
  • Closing Words

Introduction and Overview

We have written this privacy policy (version 23.03.2025-112968515) to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws about which personal data (referred to as "data") we, as the data controller – and the processors commissioned by us (e.g. hosting providers) – process, will process in the future, and what legal options you have. All terms used are to be understood in a gender-neutral way.

In short: We inform you comprehensively about the data we process about you.

Privacy policies often sound very technical and use legal terminology. However, this privacy policy is intended to explain the most important things to you as clearly and transparently as possible.
Wherever it supports clarity, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics may be used. We aim to communicate in clear and simple language that we only process personal data within the framework of our business activities when there is a corresponding legal basis.
This is certainly not possible if one simply provides short, vague, and legally complex explanations as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative and maybe you’ll even learn something new.

If you still have questions, we kindly ask you to contact the responsible entity listed below or in the legal notice (Impressum), follow the provided links, or consult third-party sources for more information. Our contact details can of course also be found in the legal notice.

Scope of Application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in accordance with Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data enables us to provide and bill for our services and products, whether online or offline.
The scope of this privacy policy includes:

  • all online presences (websites, online shops) we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in our company via the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately, if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations – i.e. the legal bases of the General Data Protection Regulation – that allow us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can read this EU GDPR online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions is met:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, we need personal information to conclude a purchase contract with you.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes, which usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For instance, we must process certain data to operate our website safely and efficiently, which constitutes a legitimate interest.

Other legal bases such as the performance of a task carried out in the public interest or in the exercise of official authority, or the protection of vital interests, usually do not apply to us. If such a legal basis becomes relevant, we will indicate it accordingly.

In addition to the EU Regulation, national laws also apply:

  • In Austria, this is the Data Protection Act (DSG).
  • In Germany, this is the Federal Data Protection Act (BDSG).
    If other regional or national laws apply, we will inform you in the following sections.

Contact Details of the Data Controller

If you have questions about data protection or the processing of personal data, you can find the contact details of the data controller according to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:

Vocalynnie e.U.
Christina Berger
Email: lynnie.brio@gmail.com
Mobile: +43 680 11 22 33 0
Stockholmer Platz 4/8
1100 Vienna, Austria

Legal Form: Sole Proprietorship
Company Register Number: 650702 s
Commercial Court: Vienna

Storage Duration

As a general rule, we only store personal data for as long as it is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing the data no longer applies. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to exist—for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.

We provide more detailed information about the specific duration of individual data processing operations below, where available.

Rights Under the General Data Protection Regulation (GDPR)

According to Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure fair and transparent data processing:

  • Under Article 15 GDPR, you have the right to obtain information about whether we process your personal data. If this is the case, you have the right to receive a copy of the data and the following information:
    • the purposes for which we process your data,
    • the categories of personal data being processed,
    • the recipients of the data, and—if data is transferred to third countries—how the security of this transfer is guaranteed,
    • the duration for which the data will be stored,
    • the existence of the right to rectification, erasure, restriction of processing, and the right to object to processing,
    • the right to lodge a complaint with a supervisory authority (see links to authorities below),
    • the source of the data if it was not collected directly from you,
    • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile about you.
  • Under Article 16 GDPR, you have the right to rectification. This means we must correct inaccurate data if you identify any errors.
  • Under Article 17 GDPR, you have the right to erasure ("right to be forgotten"), meaning you can request that your data be deleted.
  • Under Article 18 GDPR, you have the right to restrict processing. This means we are only allowed to store the data and may not use it further.
  • Under Article 20 GDPR, you have the right to data portability, meaning we must provide your data in a commonly used format upon request.
  • Under Article 21 GDPR, you have the right to object to data processing, which may result in a change in how we handle your data.

If the processing is based on Article 6(1)(e) GDPR (public interest or official authority) or Article 6(1)(f) GDPR (legitimate interest), you can object to the processing. We will then assess as soon as possible whether we can legally comply with the objection.

If data is used for direct marketing, you may object to this form of data processing at any time. After that, we may no longer use your data for direct marketing purposes.

If data is used for profiling, you may object to this at any time. We may no longer use your data for profiling after that.

  • Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing (including profiling), under certain circumstances.
  • Under Article 77 GDPR, you have the right to lodge a complaint. This means you can contact a supervisory authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: You have rights—do not hesitate to contact the responsible office listed above!

Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated in any other way, you can file a complaint with a supervisory authority.

In Austria, the competent authority is the Data Protection Authority, which you can find at: https://www.dsb.gv.at/

In Germany, each federal state has its own data protection officer. For more detailed information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

The following local data protection authority is responsible for our company:

Austria Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have given your consent or if another legal basis exists. This particularly applies if the processing is legally required or necessary for the fulfillment of a contractual relationship—and always only to the extent permitted.

Your consent is, in most cases, the primary reason we process data in third countries. The processing of personal data in third countries such as the USA, where many software providers are located and maintain servers, can mean that personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the European Court of Justice, an adequate level of protection for data transfers to the USA currently only exists if a US company processing personal data from EU citizens is an active participant in the EU-US Data Privacy Framework. You can find more information here:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored in a non-anonymized way. In addition, US government authorities may potentially access certain data. It is also possible that collected data may be linked with data from other services of the same provider, especially if you have a corresponding user account.

Whenever possible, we try to use server locations within the EU, provided that this is offered.

We will inform you in the appropriate sections of this privacy policy if data is transferred to third countries.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to draw conclusions about personal information from our data.

Article 25 GDPR refers to “data protection by design and by default,” meaning that both software (e.g., forms) and hardware (e.g., access to server rooms) must be designed with security in mind and corresponding measures implemented.

We will go into more detail about specific measures below, if applicable.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound technical—and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the internet.

This means that all data transferred from your browser to our web server is secure—no one can "listen in."

We have thus added an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security)—a protocol for secure data transmission on the internet—we ensure the protection of confidential data.

You can recognize that data transmission is encrypted by the small lock symbol at the top left in your browser, next to the website address (e.g., example.com), and the use of the "https" scheme instead of "http".

If you'd like to learn more about encryption, we recommend searching “Hypertext Transfer Protocol Secure wiki” on Google for helpful links and further reading.

Communication

Communication Summary
👥 Affected: Everyone communicating with us via telephone, email, or online form
📓 Processed Data: e.g., telephone number, name, email address, entered form data. More details can be found with the respective communication method
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage Duration: Duration of the business case and legal requirements
⚖️ Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. b GDPR (Contract), Art. 6 (1) lit. f GDPR (Legitimate Interests)

If you contact us via telephone, email, or online form, personal data may be processed.
The data is processed for the handling and response to your inquiry and the related business process. The data will be stored as long as necessary for the business case or as required by law.

Affected Individuals

All individuals who contact us through the communication methods provided are affected.

Telephone

If you call us, call data is pseudonymously stored on the respective device and with the telecommunications provider used. Additionally, data such as name and telephone number may be sent via email and stored for answering your request. The data is deleted once the business case is closed and legal requirements allow it.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and also on the email server. The data will be deleted as soon as the business case is closed and legal requirements allow it.

Online Forms

If you communicate with us via online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business case is closed and legal requirements allow it.

Legal Basis

Data processing is based on the following legal grounds:

  • Art. 6 (1) lit. a GDPR (Consent): You give us your consent to store and use your data for purposes related to the business case;
  • Art. 6 (1) lit. b GDPR (Contract): Processing is necessary for fulfilling a contract with you or a processor, such as a telephone provider, or for pre-contractual activities, e.g., preparing an offer;
  • Art. 6 (1) lit. f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication professionally. This requires certain technical tools like email programs, exchange servers, and mobile providers to enable efficient communication.

Data Processing Agreement (DPA)

In this section, we explain what a Data Processing Agreement (DPA) is and why it is necessary. Since “Data Processing Agreement” can be quite a mouthful, we’ll often refer to it as DPA here.

Like most businesses, we don’t work alone but also rely on the services of other companies or individuals. When including other providers, we may share personal data for processing. These partners then act as processors, and we sign a Data Processing Agreement (DPA) with them.
The most important thing for you to know is that the processing of your personal data only happens under our instructions and must be regulated by the DPA.

Who Are Processors?

As a company and website operator, we are responsible for all data we process from you. Besides the controller (us), there can also be processors. A processor is any company or person that processes personal data on our behalf.

In GDPR terms: any natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller is considered a processor.

Processors can include service providers such as hosting or cloud services, payment or newsletter providers, or major companies like Google or Microsoft.

Overview of the Three GDPR Roles:

  • Data Subject (you as a customer or interested party)
  • Controller (we as the company and client)
  • Processor (service providers such as web hosts or cloud providers)

Contents of a DPA

As previously mentioned, we’ve concluded a DPA with our partners who act as processors. This contract outlines that processors only process personal data in compliance with the GDPR.
The contract must be in written form, but electronic agreements are considered “written” under GDPR. Only after signing such a contract may personal data be processed.

The DPA must include:

  • Binding to us as the controller
  • Duties and rights of the controller
  • Categories of data subjects
  • Type of personal data
  • Nature and purpose of data processing
  • Subject and duration of the data processing
  • Place of data processing

Additionally, the DPA outlines the processor's obligations. The most important are:

  • Ensuring data security measures
  • Taking technical and organizational measures to protect data subject rights
  • Maintaining a record of processing activities
  • Cooperating with supervisory authorities upon request
  • Conducting a risk analysis regarding the processed personal data
  • Engaging sub-processors only with written approval from the controller

You can view an example DPA (in German) at:
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html

Cookies

Cookies Summary
👥 Affected: Visitors to the website
🤝 Purpose: Depends on the specific cookie. More details below or from the software provider setting the cookie
📓 Processed Data: Depends on the specific cookie. More details below or from the software provider setting the cookie
📅 Storage Duration: Varies per cookie, from hours to years
⚖️ Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What Are Cookies?

Our website uses HTTP cookies to store user-specific data.

We explain here what cookies are and why they are used to help you better understand the rest of the privacy policy.

Whenever you browse the internet, you use a browser like Chrome, Safari, Firefox, Internet Explorer, or Microsoft Edge. Most websites store small text files in your browser—these are called cookies.

One thing is certain: cookies are extremely useful helpers. Almost all websites use cookies—specifically HTTP cookies, as there are other types for different applications.
HTTP cookies are small files stored on your computer by our website, typically in your browser's cookie folder—the "brain" of the browser. A cookie consists of a name and a value and must be defined with one or more attributes.

Cookies store certain user data such as your language or personal site preferences. When you revisit our site, your browser sends this user-related information back to our site. Thanks to cookies, the website recognizes you and displays your usual settings.

Some browsers store each cookie in a separate file, others like Firefox store all cookies in a single file.

The graphic below (not included here) shows a possible interaction between a web browser and a web server, where a cookie is sent back and forth with every request.

Types of Cookies

There are first-party cookies and third-party cookies.

  • First-party cookies are set directly by our website.
  • Third-party cookies are set by partner websites (e.g., Google Analytics).

Each cookie must be assessed individually since each stores different data and has different lifetimes—ranging from a few minutes to several years.
Cookies are not software programs, don’t contain viruses, trojans, or other malicious code, and cannot access information on your PC.

Example Cookie Data:

  • Name: _ga
  • Value: GA1.2.1326744211.152112968515-9
  • Purpose: Distinguishing website visitors
  • Expiration: After 2 years

Minimum Browser Cookie Support:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services in use and are explained in the following sections of this Privacy Policy. At this point, we would like to briefly outline the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functions. For example, they are required when a user adds a product to the shopping cart, continues browsing other pages, and later proceeds to checkout. These cookies prevent the cart from being emptied, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They also measure the website's loading time and behavior across different browsers.

Target-oriented cookies
These cookies enhance user-friendliness. For instance, they store entered locations, font sizes, or form data.

Advertising cookies
Also known as targeting cookies, these are used to deliver personalized advertising to users. This can be very useful, but also quite annoying.

Typically, when you visit a website for the first time, you’ll be asked which of these cookie types you want to allow. Naturally, this decision is also stored in a cookie.

If you want to learn more about cookies and don’t shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the “Request for Comments” by the Internet Engineering Task Force (IETF) titled HTTP State Management Mechanism.

Purpose of processing via cookies

The specific purpose depends on the respective cookie. You can find more details below or from the provider of the software that sets the cookie.

Which data is processed?

Cookies are small helpers used for many different tasks. Unfortunately, it’s not possible to generalize what data is stored in cookies, but we will inform you about the processed and stored data in the context of this Privacy Policy.

Storage duration of cookies

The storage period depends on the respective cookie and will be specified further below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies in your browser at any time (see also “Right to object” below). Furthermore, cookies based on consent are deleted at the latest upon withdrawal of your consent, without affecting the lawfulness of storage prior to that point.

Right to object – how can I delete cookies?

You can decide for yourself how and whether you want to use cookies. Regardless of the service or website the cookies come from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies are stored in your browser, or if you want to change or delete cookie settings, you can do so in your browser settings:

  • Chrome: Delete, enable, and manage cookies in Chrome
  • Safari: Manage cookies and website data in Safari
  • Firefox: Delete cookies to remove data websites have stored on your computer
  • Internet Explorer: Delete and manage cookies
  • Microsoft Edge: Delete and manage cookies

If you generally do not want to allow any cookies, you can configure your browser to notify you each time a cookie is about to be set. This allows you to decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It’s best to search Google for instructions with terms like “delete cookies Chrome” or “disable cookies Chrome” for the Chrome browser.

Legal basis

Since 2009, the so-called "cookie directives" have been in place, stating that storing cookies requires your consent (Art. 6(1)(a) GDPR). However, reactions to this directive differ widely within EU countries. In Austria, the directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the cookie directive was not implemented as national law. Instead, it was largely implemented in § 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For strictly necessary cookies, there are legitimate interests (Art. 6(1)(f) GDPR), even without consent. These interests are mostly of an economic nature. We aim to offer website visitors a pleasant user experience, and certain cookies are often essential to that.

If non-essential cookies are used, this only happens with your consent. The legal basis in this case is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software in use employs cookies.

Web Hosting Introduction

Web Hosting Summary

👥 Data Subjects: Website visitors
🤝 Purpose: Professional hosting of the website and ensuring secure operation
📓 Data Processed: IP address, time of website visit, browser used, and additional data. More details can be found below or from the respective web hosting provider.
📅 Retention Period: Depends on the provider, typically 2 weeks
⚖️ Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites nowadays, certain information — including personal data — is automatically created and stored, and this also applies to this website. These data should be processed as sparingly and justifiably as possible. By “website,” we refer to all webpages under a domain, i.e., everything from the homepage to the very last subpage (such as this one). By “domain,” we mean addresses like example.com or testsite.org.

To view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some of them: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We generally refer to them as browsers or web browsers.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Running a web server is a complex and demanding task, which is why this is typically handled by professional providers. These providers offer web hosting services and ensure reliable and error-free data storage for websites.

When your browser (on a desktop, laptop, tablet, or smartphone) connects to the web server and transmits data to and from it, personal data may be processed. Your device stores some data, and the web server also needs to store data for a certain period to ensure proper functionality.

A picture is worth a thousand words — the following graphic illustrates the interaction between browser, the internet, and the hosting provider.

Why Do We Process Personal Data?

The purposes of data processing are:

  • Professional hosting of the website and maintaining secure operation
  • Ensuring operational and IT security
  • Anonymous analysis of user behavior to improve our service and, if necessary, for legal prosecution or to assert claims

What Data Is Processed?

Even now, while you're visiting our website, our web server (i.e., the computer hosting this website) typically stores data automatically, such as:

  • The full internet address (URL) of the visited page
  • Browser and browser version (e.g., Chrome 87)
  • Operating system used (e.g., Windows 10)
  • Referrer URL (i.e., the address of the page visited before) (e.g., https://www.example-source.com/whereicamefrom/)
  • Hostname and IP address of the accessing device (e.g., COMPUTERNAME and 194.23.43.121)
  • Date and time
  • In files known as web server log files

How Long Are the Data Stored?

Typically, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out that it may be viewed by authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company operating our website on special computers/servers), but we do not share your data without your consent!

Legal Basis

The lawful basis for processing personal data within the scope of web hosting arises from Art. 6(1)(f) GDPR (legitimate interests), as the use of professional hosting by a provider is necessary for the secure and user-friendly online presentation of our business, and potentially to pursue claims or defend against attacks.

A data processing agreement (DPA) pursuant to Art. 28 et seq. GDPR is typically in place between us and the hosting provider, ensuring data protection and security.

Website Builder Systems Introduction

Website Builder Systems Privacy Summary

👥 Data Subjects: Website visitors
🤝 Purpose: Optimization of our service
📓 Data Processed: Technical usage data such as browser activity, clickstream behavior, session heatmaps, contact details, IP address, and geographic location. Further details are provided below and in the provider’s privacy policy.
📅 Retention Period: Depends on the provider
⚖️ Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(a) GDPR (Consent)

What Are Website Builder Systems?

We use a website builder system for our website. These are special types of content management systems (CMS). Website builder systems allow site operators to create websites easily and without programming skills. Many web hosting companies also offer website builders. When using such a system, personal data may be collected, stored, and processed. In this privacy section, we provide general information on how such systems handle data. For more specific details, refer to the provider’s privacy policy.

Why Do We Use Website Builder Systems?

The biggest advantage of a website builder is its ease of use. We want to provide you with a clear, straightforward, and user-friendly website that we can manage and maintain ourselves without external support. Website builders now offer many useful features that can be used without coding skills. This allows us to design our website as we envision and offer you an informative and enjoyable experience.

What Data Is Stored by Website Builders?

The exact data stored depends on the specific website builder used. Each provider collects and processes different data about website visitors. Typically, technical data such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your visit is collected. Tracking data (e.g., browser activity, clickstream behavior, session heatmaps) may also be processed. Personal data like email address, phone number (if provided), IP address, and geographic location may also be stored. Please refer to the provider’s privacy policy for precise details.

How Long and Where Are the Data Stored?

We provide further information on the duration of data processing below, in connection with the specific website builder system used, where available. Detailed information can be found in the provider’s privacy policy. In general, we process personal data only for as long as necessary to provide our services and products. The provider may store your data based on their own policies, over which we have no control.

Right to Object

You always have the right to access, correct, or delete your personal data. If you have questions, you may also contact the provider of the website builder system directly. Contact details can be found either in this privacy policy or on the provider’s website.

You can delete, disable, or manage cookies used by the provider via your browser settings. This process varies depending on your browser. Please note that some functions may no longer work as usual if you disable cookies.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online services and present them efficiently and user-friendly. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the builder where you have given your consent.

Where data processing is not strictly necessary for the operation of the website, data is only processed on the basis of your consent. This primarily concerns tracking activities. The legal basis in this case is Art. 6(1)(a) GDPR.

This privacy policy provides you with the most important general information about data processing. For more detailed information — where available — please refer to the following section or the provider’s privacy policy.

WordPress.com Privacy Policy

WordPress.com Privacy Summary

👥 Data Subjects: Website visitors
🤝 Purpose: Optimization of our service
📓 Data Processed: Technical usage data such as browser activity, clickstream behavior, session heatmaps, contact details, IP address, and geographic location. More details can be found further below in this privacy policy.
📅 Retention Period: Depends on the type of data stored and the specific settings in place.
⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was founded in 2003 and quickly developed into one of the most well-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content in a clear and appealing way. This content may include text, audio, and video.

By using WordPress, personal data may also be collected, stored, and processed. In most cases, these are primarily technical data such as operating system, browser, screen resolution, or hosting provider. However, personal data such as IP address, geographic location, or contact information may also be processed.

Why do we use WordPress on our website?

We have many strengths, but programming is simply not one of our core competencies.

Nonetheless, we want to have a powerful and visually appealing website that we can manage and maintain ourselves. This is exactly what a website builder or content management system like WordPress makes possible. Thanks to WordPress, we don’t need to be programming pros to offer you a beautiful website. We can operate our website quickly and easily without technical knowledge. If technical issues arise or we have specific wishes for our site, we still have experts who are well-versed in HTML, PHP, CSS, and the like.

Due to the ease of use and extensive features of WordPress, we can design our web presence according to our needs and offer you a user-friendly experience.

What data is processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider, and the date of your visit.

Personal data is also collected. This primarily includes contact details (such as email address or phone number if you provide them), IP address, or your geographic location.

WordPress may also use cookies to collect data. These often capture data about your behavior on our website. For example, it can record which subpages you view frequently, how long you stay on specific pages, when you leave a page (bounce rate), or which preferences (e.g. language selection) you have set. Based on this data, WordPress can also better tailor its marketing efforts to your interests and user behavior. When you visit our site again, it will be displayed to you as previously configured.

WordPress may also use technologies such as pixel tags (web beacons), for example, to clearly identify you as a user and possibly provide interest-based advertising.

How long and where is the data stored?

The storage duration of data depends on several factors, primarily on the type of data stored and the specific settings of the website. In general, WordPress deletes data once it is no longer needed for its purposes. Of course, there are exceptions, especially when legal obligations require longer retention.

Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyze traffic on its websites (including all WordPress sites) and to resolve potential issues. Deleted content on WordPress websites is stored in the trash for 30 days to allow for recovery. Afterward, it may still remain in backups and caches until those are deleted.

The data is stored on Automattic’s servers in the United States.

How can I delete my data or prevent data storage?

You always have the right and option to access your personal data and object to its use and processing. You can also lodge a complaint with a state supervisory authority at any time.

In your browser, you can also manage, delete, or disable cookies individually. Please note, however, that deactivating or deleting cookies may negatively affect the functionality of our WordPress site. Depending on the browser you use, cookie management works a bit differently. In the “Cookies” section, you’ll find links to instructions for the most common browsers.

Legal basis

If you have consented to the use of WordPress, the legal basis for the relevant data processing is this consent. According to Art. 6(1)(a) GDPR (Consent), this represents the legal basis for processing personal data, as may occur through WordPress.

Additionally, we have a legitimate interest in using WordPress to optimize and present our online service attractively. The corresponding legal basis is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use WordPress if you have given your consent.

WordPress or Automattic also processes your data in the United States, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the secure and proper transfer of personal data from EU citizens to the U.S. You can find more information at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Additionally, Automattic uses Standard Contractual Clauses (SCCs) in accordance with Art. 46(2) and (3) GDPR. These are templates provided by the EU Commission to ensure that your data is subject to European data protection standards even when transferred to and stored in third countries (e.g. the U.S.). Through the EU-US Data Privacy Framework and these Standard Contractual Clauses, Automattic commits to complying with the European data protection level when processing your data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the relevant SCCs here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More details on Automattic’s privacy policy and how WordPress processes data can be found at:
https://automattic.com/privacy/

Data Processing Agreement (DPA) with WordPress.com

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with WordPress.com. What exactly a DPA is and what it must contain can be found in our general section on “Data Processing Agreements.”

This contract is legally required because WordPress.com processes personal data on our behalf. It stipulates that WordPress.com may only process the data they receive from us according to our instructions and must comply with the GDPR.
You can find the link to the DPA at:
https://wordpress.com/support/data-processing-agreements/

Web Analytics Introduction

Web Analytics Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Evaluation of visitor information to optimize the web offering.
📓 Processed Data: Access statistics that include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found in the respective web analytics tool used.
📅 Retention Period: Depends on the web analytics tool used.
⚖️ Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, known as Web Analytics or Web Analysis. Data is collected, stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). This data is used to create analyses of user behavior on our website, which are then made available to us as the website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. To do this, we show two different offers for a limited time. After the test (called an A/B test), we know which product or content our visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles may be created, and the data may be stored in cookies.

Why Do We Use Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering in our industry. To achieve this goal, we want to offer the best and most interesting content while ensuring that you feel completely comfortable on our website. Using web analytics tools, we can take a closer look at the behavior of our website visitors and improve our web offering accordingly. For example, we can identify the average age of our visitors, where they come from, when our website is visited most, or which content or products are particularly popular. All this information helps us optimize the website and tailor it to your needs, interests, and desires.

Which Data Is Processed?

The exact data stored depends on the analytics tools used. However, in general, the following data is stored: which content you view on our website, which buttons or links you click, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, or which computer system you use. If you have consented to the collection of location data, that information may also be processed by the web analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is usually stored in a pseudonymized (i.e., anonymized and shortened) form. For testing, web analytics, and web optimization purposes, no direct data, such as your name, age, address, or email address, is typically stored. All this data, if collected, is stored in pseudonymized form, meaning you cannot be identified as an individual.

The following example schematically shows how Google Analytics works as an example of client-based web tracking using JavaScript code.

How long the data is stored depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies may store data for several years.

Duration of Data Processing

We will inform you further about the duration of data processing below, if we have more information. Generally, we process personal data only as long as necessary for providing our services and products. If required by law, such as for accounting purposes, this retention period may be exceeded.

Right to Object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we have obtained through our cookie popup. According to Art. 6 (1) (a) GDPR (Consent), this consent is the legal basis for processing personal data as it may occur when collecting data through web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors and improving our offering technically and economically. Using web analytics, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests). We only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend reading our general cookie privacy policy. To learn more about the data stored and processed, you should read the privacy policies of the respective tools.

Information about specific web analytics tools will be provided in the following sections, if available.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
👥 Affected Individuals: Website visitors
🤝 Purpose: Analysis of visitor information to optimize the website offering.
📓 Processed Data: Access statistics containing data such as locations of visits, device data, duration and timing of access, navigation behavior, and click behavior. More details are provided below in this privacy policy.
📅 Retention Period: Customizable; by default, Google Analytics 4 stores data for 14 months
⚖️ Legal Grounds: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics in its Google Analytics 4 (GA4) version from the American company Google Inc. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics collects data about your actions on our website. Through a combination of technologies such as cookies, device IDs, and login credentials, you can be identified across different devices, allowing your actions to be analyzed across platforms.

For example, if you click on a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your needs. Below, we provide more details about the tracking tool, including which data is processed and how you can prevent it.

Google Analytics is a tracking tool that serves to analyze the traffic on our website. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as name or address, but serves to associate events with an end device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. Additionally, GA4 includes various machine learning functions to better understand user behavior and certain trends. GA4 utilizes machine learning features for modeling, meaning that based on the data collected, missing data can be estimated to optimize analysis and even make predictions.

In order for Google Analytics to function, a tracking code is embedded in the code of our website. When you visit our website, this code records various events you perform. With GA4's event-based data model, we, as website operators, can define and track specific events to obtain analyses of user interactions. This allows us to track not only general information such as clicks or page views but also special events that are important for our business. Such events could include submitting a contact form or purchasing a product.

Once you leave our website, this data is sent to Google's Analytics servers and stored there.

Google processes the data, and we receive reports about your user behavior. These reports may include the following:

  • Audience Reports: These reports help us understand our users better and know more precisely who is interested in our service.
  • Ad Reports: Through ad reports, we can more easily analyze and improve our online advertising.
  • Acquisition Reports: Acquisition reports provide helpful insights on how to attract more people to our service.
  • Behavior Reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click.
  • Conversion Reports: A conversion refers to a process in which you perform a desired action due to a marketing message. For example, if you move from being a pure website visitor to a buyer or newsletter subscriber. These reports provide insights into how our marketing efforts are received, helping us increase our conversion rate.
  • Real-Time Reports: These reports show us immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the above reports, Google Analytics 4 offers the following functions:

  • Event-Based Data Model: This model records specific events that occur on our website, such as playing a video, purchasing a product, or subscribing to our newsletter.
  • Advanced Analytics Features: These features allow us to better understand your behavior on our website or certain general trends. For example, we can segment user groups, perform comparison analyses of target audiences, or track your journey on our website.
  • Predictive Modeling: Using machine learning, missing data can be estimated based on collected data, which predicts future events and trends. This helps us develop better marketing strategies.
  • Cross-Platform Analysis: Data collection and analysis are possible from both websites and apps. This allows us to analyze user behavior across platforms, provided you have consented to data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is more easily found by interested individuals on Google. On the other hand, the data helps us understand you as a visitor better. This way, we know exactly what we need to improve on our website to offer you the best possible service. The data also helps us carry out our advertising and marketing activities more individually and cost-effectively. After all, it makes sense to show our products and services to people who are genuinely interested.

What data is stored by Google Analytics?

Google Analytics creates a random, unique ID using a tracking code that is associated with your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is how pseudonymous user profiles are evaluated.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for varying periods.

Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured cross-platform, provided you have consented to it. Interactions are any actions you perform on our website. If you use other Google systems (e.g., a Google account), data generated through Google Analytics may be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur when required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google uses the IP address data to derive location data and deletes it immediately afterward. All IP addresses collected from users in the EU are deleted before the data is stored in a data center or server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (e.g., Google Universal Analytics). However, some specific cookies are still used by GA4, including:

  • Name: _ga
    Value: 2.1326744211.152112968515-5
    Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It primarily serves to distinguish website visitors.
    Expiration Date: 2 years
  • Name: _gid
    Value: 2.1687193234.152112968515-1
    Purpose: This cookie also serves to distinguish website visitors.
    Expiration Date: 24 hours
  • Name: gat_gtag_UA<property-id>
    Value: 1
    Purpose: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named dc_gtm<property-id>.
    Expiration Date: 1 minute

Note: This list may not be exhaustive, as Google frequently changes the choice of cookies. GA4 aims to improve privacy, offering several options to control data collection. For example, we can set the retention period and control data collection.

Here is an overview of the main types of data collected by Google Analytics:

  • Heatmaps: Google generates so-called heatmaps. These show us exactly which areas you click on, helping us understand where you are navigating on our site.
  • Session Duration: Google refers to session duration as the time you spend on our site without leaving. If you are inactive for 20 minutes, the session ends automatically.
  • Bounce Rate: A bounce occurs when you view only one page on our website and then leave.
  • Account Creation: If you create an account or make a purchase on our website, Google Analytics collects this data.
  • Location: IP addresses are not logged or stored in Google Analytics. However, location data is derived just before the IP address is deleted.
  • Technical Information: Technical information includes your browser type, internet service provider, or screen resolution.
  • Referral Source: Google Analytics also tells us how you arrived on our site, whether via another website or through advertising.

Other data includes contact information, any ratings, media playback (e.g., when you play a video on our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and serves as a general guide to data storage by Google Analytics.

How long and where is the data stored?

Google has data centers worldwide. You can read exactly where Google's data centers are located here: Google Data Centers Locations

Your data is distributed across various physical media. This offers the advantage of faster data retrieval and better protection against manipulation. Each Google data center has corresponding emergency protocols for your data. If, for example, Google's hardware fails or natural disasters shut down servers, the risk of service interruption remains low.

The retention period of data can be adjusted in the Google Analytics settings. By default, data is stored for 14 months. This retention period applies to all data that is processed in connection with the user ID or event parameters. You can set the retention period yourself. However, it must not exceed 14 months. We, as the website operator, will never modify your personal data; this is done by Google.

How can I prevent data storage?

If you do not wish to have data about your behavior on our website analyzed, you can object at any time. You have various options to prevent Google Analytics from processing your data:

  1. Browser Add-Ons:
    If you do not wish to use Google Analytics at all, you can install a browser add-on that prevents Google Analytics from tracking your data. For example, the Google Analytics Opt-out Browser Add-on allows you to disable data collection entirely. You can download it here: Google Analytics Opt-out Add-on.
  2. Google Analytics Cookie Settings:
    In your browser settings, you can disable cookies or configure your browser to accept only cookies from specific websites, such as our site. You can also delete all stored cookies at any time.
  3. Opt-Out of Personalized Ads:
    If you would like to block personalized ads from Google and other third-party providers, you can do so via the following Google link: Google Ad Settings.
  4. Google Analytics Settings:
    If you wish to use Google Analytics but do not want certain features, such as cross-device tracking or demographic information, you can adjust the settings in your Google Analytics property.

For detailed information, visit the Google Privacy & Terms Website.

Legal Basis

The use of Google Analytics requires your consent, which we obtained through our cookie popup. This consent serves as the legal basis for the processing of personal data, as outlined in Article 6(1)(a) of the GDPR (Consent), which may occur when data is collected through web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering both technically and economically. By using Google Analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). However, we only use Google Analytics to the extent that you have given consent.

Google processes data, including from you, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which ensures the proper and secure transfer of personal data from EU citizens to the USA. More information on this can be found at EU-US Data Privacy Framework.

Furthermore, Google uses so-called Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). These clauses, provided by the EU Commission, ensure that your data complies with European privacy standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Google commits to adhering to European privacy levels when processing your data, even if the data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and relevant standard contractual clauses here: EU Lex Decision.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, are available at Google Ads Data Processing Terms.

We hope we have provided you with the essential information regarding the data processing by Google Analytics. If you wish to learn more about the tracking service, we recommend these two links: Google Analytics Terms and Google Analytics Support.

To learn more about data processing, you can refer to Google's privacy policy at Google Privacy Policy.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the GDPR, we have entered into a Data Processing Agreement (DPA) with Google. For a detailed explanation of what a DPA is and what it includes, please refer to our general section on "Data Processing Agreement (DPA)".

This agreement is legally required because Google processes personal data on our behalf. It specifies that Google may only process data received from us according to our instructions and must comply with the GDPR. The link to the Data Processing Terms can be found here: Google Ads Data Processing Terms.

Google Analytics Demographic and Interest Reports

We have enabled the advertising reports features in Google Analytics. The demographic and interest reports provide data about age, gender, and interests. This allows us to better understand our users without being able to attribute this data to individual persons. You can learn more about the advertising features at Google Analytics Advertising Features.

You can stop the use of Google account activities and information in “Ad Settings” at Google Ad Settings via the checkbox.

Google Analytics in Consent Mode

Depending on your consent, personal data is processed by Google Analytics in "Consent Mode". You can choose whether to accept Google Analytics cookies or not. By doing so, you also determine what data Google Analytics is allowed to process from you. This collected data is primarily used for measuring user behavior on the website, displaying targeted advertising, and providing us with web analytics reports. Generally, you give consent for data processing by Google via the cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed, meaning data cannot be attributed to individual users, and no user profile will be created. You can also consent solely to statistical measurement, in which case no personal data will be processed and, therefore, will not be used for advertising or advertising measurement purposes.

Google Analytics IP Anonymization

We have implemented IP address anonymization in Google Analytics on this website. This feature, developed by Google, ensures that we comply with applicable data protection regulations and recommendations from local data protection authorities that prohibit the storage of full IP addresses. The anonymization or masking of IP addresses takes place as soon as the IP addresses arrive at the Google Analytics data collection network and before the data is stored or processed.

More information about IP anonymization can be found here: Google Analytics IP Anonymization.

Google Optimize Privacy Policy

We use Google Optimize, a website optimization tool, on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, ensuring the proper and secure transfer of personal data from EU citizens to the USA. More information can be found at EU-US Data Privacy Framework.

Additionally, Google uses Standard Contractual Clauses (Art. 46 (2) and (3) GDPR). These clauses, provided by the EU Commission, ensure that your data remains compliant with European privacy standards even when transferred to third countries (e.g., the USA) and stored there. Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Google commits to adhering to European privacy standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an EU Commission Implementing Decision. You can find the decision and the relevant standard contractual clauses here: EU Lex Decision.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at Google Ads Data Processing Terms.

To learn more about the data processed through Google Optimize, you can refer to Google's Privacy Policy at Google Privacy Policy.

TikTok Pixel Privacy Policy

Summary of the TikTok Pixel Privacy Policy
👥 Affected Parties: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Your IP address, browser data, date and time of your page visit, or information about button clicks may be stored.
More details are provided below in the privacy policy.
📅 Storage Duration: Varies depending on settings
⚖️ Legal Basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)

What is TikTok Pixel?

We use the TikTok Pixel tracking software on our website. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European region, the responsible company is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. TikTok is a popular social media platform, especially among young people, where users can create, share, and view short video clips.

The TikTok Pixel is a snippet of code that we have embedded into our website to analyze user behavior on the site. Using one of TikTok’s business tools, the Pixel helps us measure website traffic, monitor ad campaign performance, optimize our campaigns, and acquire new customers.

This privacy policy informs you about which data are processed through TikTok Pixel, how long the data are stored, and how you can manage your privacy settings.

Why do we use TikTok on our website?

We have embedded TikTok Pixel into our website to better understand how you use our site, what interests you, and where we can improve our services. Additionally, this data helps us conduct more personalized advertising campaigns on TikTok. Ultimately, we want to show our offers only to people who are genuinely interested.

What data are processed by TikTok Pixel?

For tracking to work, a JavaScript code must be embedded in the website. The Pixel collects various data about your user behavior on our website and also uses cookies. Personal data such as your IP address may also be processed. The exact data processed depends primarily on individual settings and cannot be fully outlined in this general section.

TikTok distinguishes between the following types of information collected and processed by the TikTok Pixel:

  • Ad/Event Information: Information about the ad that a user clicked on TikTok.
  • Timestamp: The exact time when a Pixel event is triggered. For example, when a specific button is clicked, the time of the click is stored.
  • IP Address: The IP address is considered personal data and is used by TikTok to determine your geographic location.
  • User Agent: The user agent is used to identify the device model, operating system, and browser version.
  • Cookies: Cookies are used to store data for measuring the performance of campaigns or directly the performance of the website.
  • Metadata & Button Clicks: Includes various page performance data such as loading times and button clicks (button name, descriptive text, and attributes). It tracks exactly when you click which button and which subpage you visit.

This provides a general overview of the types of data that may be processed through TikTok Pixel. However, the type of data collected largely depends on the individual settings of the Pixel. In general, the data is used for analyzing website trends and personalizing advertisements.

How long and where is the data stored?

TikTok retains your data as long as necessary for providing the platform and for the purposes outlined in TikTok’s privacy policy. The company also retains data if it is required for fulfilling contractual and legal obligations, if TikTok has a legitimate business interest (e.g., improving and developing the platform, enhancing the security and stability of our services), or for asserting or defending legal claims.

The storage duration and locations of the data collected by TikTok can vary significantly and are subject to TikTok’s privacy policies. TikTok may store data on servers in the USA and other countries. The storage duration typically depends on the applicable legal requirements and internal policies. However, the exact storage duration has not yet been determined. Once we obtain more information, we will, of course, notify you.

How can I delete my data or prevent its storage?

You have the right to access, correct, delete, or restrict the processing of your personal data at any time. You may also withdraw your consent for the processing of data at any time.

If you want to disable, delete, or manage cookies, you can find links to relevant instructions for the most popular browsers in the "Cookies" section.

If you have a TikTok account, you can manage your privacy settings directly on TikTok. For example, in your TikTok account settings, you can specify which information can be shared and which cannot.

Legal Basis

If you have consented to TikTok Pixel processing and storing your data, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In general, your data are also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining efficient communication with you or other customers and business partners. We only use the TikTok Pixel to the extent you have granted consent. TikTok Pixel may also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy on cookies and review the privacy policy or cookie guidelines of the respective service provider.

TikTok processes data from you, including in the USA. We note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve risks for the legality and security of data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially in the USA), TikTok uses so-called standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are model clauses provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). These clauses require TikTok to adhere to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the relevant standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

For more information on TikTok’s privacy policy and data collection through TikTok Pixel, please visit TikTok’s website at https://www.tiktok.com/legal/page/eea/privacy-policy/en and the general TikTok information at https://www.tiktok.com/en/.

Email Marketing Introduction

Email Marketing Summary👥 Affected: Newsletter subscribers
🤝 Purpose: Direct marketing via email, notification of system-relevant events
📓 Processed Data: Data entered during registration, but at least the email address. More details can be found with the email marketing tool used.
📅 Retention Period: Duration of the subscription
⚖️ Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What is Email Marketing?

To keep you informed, we also use email marketing. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a subfield of online marketing, where news or general information about a company, products, or services is sent via email to a specific group of people who are interested.

If you wish to participate in our email marketing (usually via newsletter), you generally just need to sign up with your email address. You will fill out an online form and submit it. We may also ask for your salutation and name so that we can address you personally.

The registration for newsletters generally works through the "double opt-in" process. After you register for our newsletter on our website, you will receive an email in which you confirm your newsletter subscription. This ensures that the email address belongs to you and that no one else has signed up with a foreign email address. We or a notification tool we use logs each registration. This is necessary so that we can prove the legal correctness of the registration process. The registration time, confirmation time, and your IP address are usually stored. Additionally, any changes made to your stored data will also be logged.

Why Do We Use Email Marketing?

We want to stay in contact with you and present you with the most important news about our company. To do this, we use email marketing – often referred to as "newsletters" – as a key component of our online marketing. If you agree or it is legally permissible, we send you newsletters, system emails, or other notifications via email. When we refer to "newsletters" in the following text, we mainly mean regularly sent emails. We certainly do not want to annoy you with our newsletters. That's why we always strive to provide only relevant and interesting content. Through our newsletters, you will learn more about our company, services, or products. As we always aim to improve our offerings, you will also be informed about news or special, lucrative promotions. If we hire a service provider offering professional mailing tools for our email marketing, we do so to provide you with fast and secure newsletters. The main purpose of our email marketing is to inform you about new offers and to move closer to our business goals.

What Data is Processed?

When you become a subscriber to our newsletter via our website, you confirm your membership in an email list via email. In addition to your IP address and email address, your salutation, name, address, and phone number may also be stored, but only if you consent to this data storage. The data marked as necessary is required for your participation in the offered service. Providing this data is voluntary, but not providing it will result in you being unable to use the service. Additionally, information about your device or your preferred content on our website may be stored. For more details on data storage when visiting a website, refer to the section “Automatic Data Storage.” We record your consent so that we can always demonstrate that it complies with our laws.

Duration of Data Processing

If you unsubscribe from our email/newsletter list, we may store your email address for up to three years based on our legitimate interests, so that we can still prove your previous consent. We can only process this data if we need to defend against potential claims.

If you confirm that you have given consent for the newsletter registration, you can request the deletion of your data at any time. If you permanently oppose the consent, we reserve the right to store your email address on a blocking list. As long as you voluntarily subscribe to our newsletter, we will, of course, retain your email address.

Right to Object

You have the right to cancel your newsletter subscription at any time. To do this, simply withdraw your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. You will typically find a link at the end of each email to cancel your newsletter subscription. If the link is not available in the newsletter, please contact us via email, and we will immediately cancel your subscription.

Legal Basis

The sending of our newsletter is based on your consent (Article 6 (1) lit. a GDPR). This means that we can only send you a newsletter if you have actively signed up for it. In certain cases, we may also send advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing.

Information about specific email marketing services and how they process personal data can be found in the following sections, if applicable.

Social Media Introduction

Social Media Privacy Policy Summary
👥 Affected Parties: Website visitors
🤝 Purpose: Presentation and optimization of our services, contact with visitors, prospective customers, etc., advertising
📓 Processed Data: Data such as phone numbers, email addresses, contact information, user behavior data, information about your device, and your IP address.
More details can be found with the respective social media tool used.
📅 Retention Period: Depending on the social media platforms used
⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. In doing so, user data may be processed to allow us to specifically target users who are interested in us via social networks. Moreover, elements of a social media platform may be directly embedded into our website. This occurs when you click on a so-called social button on our website, which redirects you directly to our social media profile. Social media refers to websites and apps where registered members can create content, exchange content openly or within specific groups, and network with other members.

Why Do We Use Social Media?

For years, social media platforms have been the place where people communicate and connect online. With our social media profiles, we can present our products and services to potential customers. The social media elements embedded on our website help you quickly and easily switch to our social media content.

The data that is stored and processed through your use of a social media channel is primarily intended for web analytics. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, data analysis may help infer your interests and create so-called user profiles. This enables the platforms to present you with tailored advertisements. Typically, cookies are set in your browser for this purpose to store data about your usage behavior.

We generally assume that we remain responsible for data protection, even when using services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may share joint responsibility with us according to Art. 26 GDPR. If this is the case, we will inform you separately and work based on an agreement regarding this. The main points of the agreement are then provided below for the respective platform.

Please note that when using social media platforms or our embedded elements, data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are operated by American companies. As a result, you may find it more difficult to assert your rights regarding your personal data.

Which Data Is Processed?

The exact data stored and processed depends on the respective social media platform provider. However, it generally includes data such as phone numbers, email addresses, data entered in a contact form, user data (e.g., which buttons you click, whom you like or follow, which pages you visit, information about your device, and your IP address). Most of this data is stored in cookies. Especially if you have a profile on the visited social media platform and are logged in, data may be linked to your profile.

All data collected via a social media platform is also stored on the provider's servers. Only the providers have access to the data and can provide the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how to object to the data processing, you should carefully read the respective privacy policy of the company. If you have questions regarding data storage and processing or want to exercise your rights, we recommend contacting the provider directly.

Data Processing Duration

We will inform you about the duration of data processing further below if we have additional information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is reconciled with the provider’s user data is deleted within two days. In general, we process personal data only as long as necessary to provide our services and products. If required by law, such as for accounting purposes, this storage period may be exceeded.

Right of Objection

You also have the right to withdraw your consent to the use of cookies or third-party services, such as embedded social media elements, at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used in social media tools, we also recommend reading our general privacy policy regarding cookies. To learn exactly which data is stored and processed, you should review the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in efficient communication with you or other customers and business partners. We will only use the tools to the extent that you have given consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend reading our privacy policy on cookies and reviewing the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms can be found – if available – in the following sections.

AddThis Privacy Policy

Summary of AddThis Privacy Policy
👥 Affected Parties: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Data such as user behavior, information about your device, and your IP address.
Further details can be found below in the privacy policy.
📅 Data Retention Period: The collected data is stored for 13 months from the date of collection.
⚖️ Legal Grounds: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is AddThis?

We use AddThis plugins from Oracle America, Inc. (500 Oracle Parkway, Redwood Shores, CA 94065, USA) on our website. These plugins allow you to quickly and easily share content from our website with others. When you visit a webpage with an AddThis feature, data about you may be transferred, stored, and processed by AddThis. This privacy policy explains why we use AddThis, what data is processed, and how you can stop this data transfer.

AddThis develops software tools that are embedded on websites, enabling users to share content across different social media channels or via email. Additionally, AddThis provides functions for website analysis. The collected data is also used to offer interest-based advertising to internet users. The service is used by over 15 million website operators worldwide.

Why Do We Use AddThis on Our Website?

By using the AddThis buttons, you can share interesting content from our website on various social media channels like Facebook, Twitter, Instagram, or Pinterest. If you like our content, we would appreciate it if you shared it with your social community. The simplest way to do this is via the AddThis buttons.

What Data Does AddThis Store?

When you share content using AddThis and are logged into the respective social media account, data such as your visit to our website and the sharing of content may be associated with the user account of the corresponding social media channel. AddThis uses cookies, pixels, HTTP headers, and browser identifiers to collect data about your visitor behavior. Some of these data are shared with third parties after pseudonymization.

Here is an example list of data that may be processed:

  • Unique ID of a cookie placed in the web browser
  • Address of the visited website
  • Time of the website visit
  • Search queries through which a visitor arrived at the page with AddThis
  • Duration of stay on a website
  • IP address of the computer or mobile device
  • Mobile advertising IDs (Apple IDFA or Google AAID)
  • Information contained in HTTP headers or other transmission protocols used
  • The program (browser) or operating system (iOS) used on the computer

AddThis uses cookies, which we list as examples below. You can find more about AddThis cookies at Oracle's AddThis Privacy Policy.

  • Name: bt2
    Value: 8961a7f179d87qq69V69112968515-3
    Purpose: This cookie is used to track parts of the visited website to recommend other parts of the website.
    Expiration: After 255 days
  • Name: bku
    Value: ra/99nTmYN+fZWX7112968515-4
    Purpose: This cookie records anonymized user data such as your IP address, geographical location, visited websites, and which ads you clicked on.
    Expiration: After 179 days

Note: Please note that this is an example list, and we do not claim completeness.

AddThis also shares the collected information with other companies. More details can be found at Oracle's AddThis Privacy Policy. AddThis uses the collected data to create target groups and interest profiles to offer users interest-based advertising in the same advertising network.

How Long and Where is the Data Stored?

AddThis stores the collected data for 13 months from the date of collection. 1% of the data is retained as a "sample dataset" for up to 24 months to maintain the business relationship. However, in this "sample dataset," direct and indirect identifiers (such as your IP address and cookie ID) are hashed, meaning that personal data can no longer be associated with you without additional information. Since AddThis is headquartered in the USA, the collected data is also stored on American servers.

How Can I Delete My Data or Prevent Data Storage?

You have the right to access your personal data at any time and request its deletion. If you no longer wish to see ads based on data collected by AddThis, you can use the Opt-out button at Oracle's Opt-Out Page. This will set an opt-out cookie, which you should not delete to maintain this setting.

You can also manage your preferences for usage-based online advertising through Your Online Choices - Austria.

Additionally, your browser offers a way to manage or block data processing. The handling of data varies slightly depending on the browser. Under the "Cookies" section, you will find the corresponding links to guides for the most popular browsers.

Legal Basis

If you consent to the processing and storage of your data through integrated social media elements, this consent serves as the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining efficient communication with you and other customers or business partners. However, we only use the integrated social media elements to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend reading our cookie privacy text carefully and checking the privacy policy or cookie guidelines of the respective service provider.

AddThis also processes data in the USA. Please be aware that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA, which may entail various risks for the legality and security of data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA), AddThis uses standard contractual clauses approved by the EU Commission (Art. 46 para. 2 and 3 GDPR). These clauses require AddThis to ensure the EU level of data protection during the processing of relevant data outside the EU. These clauses are based on an implementation decision of the EU Commission. You can find the decision and clauses here: EU Commission Decision.

For more information on how AddThis processes your data, visit Oracle's Privacy Policy.

Instagram Privacy Policy

Instagram Privacy Policy Summary👥 Affected individuals: Visitors to the website
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Data such as user behavior data, device information, and IP address.
For more details, please refer to the full privacy policy below.
📅 Storage Duration: Until Instagram no longer needs the data for its purposes
⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?

We have integrated Instagram features on our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of Facebook products. Embedding Instagram content on our website is called "Embedding." This allows us to show you Instagram content like buttons, photos, or videos directly on our website. When you visit pages on our website that have Instagram functionality integrated, data is transmitted, stored, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Therefore, your data is processed across all Facebook companies.

Below, we provide a more detailed explanation of why Instagram collects data, what data is involved, and how you can largely control data processing. Since Instagram is part of Meta Platforms Inc., we base our information both on Instagram’s policies and Meta’s own privacy policy.

Instagram is one of the most well-known social media networks worldwide. It combines the advantages of a blog with the benefits of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos, edit them with various filters, and share them on other social networks. If you don’t want to actively participate, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has exploded in popularity in recent years. Naturally, we’ve responded to this boom. We want you to feel as comfortable as possible on our website, which is why we offer a variety of content. By embedding Instagram features, we can enrich our content with helpful, fun, or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalized ads on Facebook. This way, our ads only reach people who are genuinely interested in our products or services.

Instagram uses the collected data for measurement and analysis purposes. We receive aggregated statistics, providing insight into your preferences and interests. It is important to note that these reports do not personally identify you.

What data does Instagram store?

When you visit one of our pages that includes Instagram features (like Instagram images or plugins), your browser automatically connects to Instagram's servers. Data is sent to, stored by, and processed by Instagram, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, ads you view, and how you use our services. The date and time of your interaction with Instagram are also stored. If you have an Instagram account and are logged in, Instagram will store much more data about you.

Facebook differentiates between customer data and event data. We assume that Instagram operates in the same way. Customer data includes, for example, name, address, phone number, and IP address. This customer data is only transmitted to Instagram after being "hashed." Hashing means converting a dataset into a string of characters, thus encrypting the contact details. Event data, on the other hand, refers to information about your user behavior. Sometimes, contact data is combined with event data. The collected contact data is cross-referenced with data Instagram already has about you.

Through small text files (cookies), which are usually set in your browser, the collected data is transmitted to Facebook. Depending on the Instagram features used and whether you have an Instagram account, different amounts of data are stored.

We assume that Instagram's data processing functions similarly to Facebook's. This means that if you have an Instagram account or visit www.instagram.com, Instagram will set at least one cookie. If this is the case, your browser will send information to Instagram via the cookie as soon as you interact with an Instagram feature. These data will be deleted or anonymized after 90 days (following reconciliation). Although we have thoroughly examined Instagram's data processing, we cannot say with certainty which data Instagram collects and stores.

Below are cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Instagram image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, more cookies will obviously be set in your browser.

Cookies used in our test:

  • Name: csrftoken
    Value: “”
    Purpose: This cookie is likely set for security reasons to prevent request forgery. We couldn’t find more details.
    Expiry date: after one year
  • Name: mid
    Value: “”
    Purpose: Instagram uses this cookie to optimize its services and offerings both on and off Instagram. It sets a unique user ID.
    Expiry date: after session ends
  • Name: fbsr_112968515124024
    Value: no data
    Purpose: This cookie stores the login request for Instagram app users.
    Expiry date: after session ends
  • Name: rur
    Value: ATN
    Purpose: This is an Instagram cookie that ensures functionality on Instagram.
    Expiry date: after session ends
  • Name: urlgen
    Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe112968515”
    Purpose: This cookie serves Instagram's marketing purposes.
    Expiry date: after session ends

Note: We cannot guarantee completeness here. The cookies set depend on the integrated functions and how you use Instagram.

How long and where is the data stored?

Instagram shares the received information with Facebook companies, external partners, and people you connect with worldwide. The data processing is done in accordance with Instagram's own data policy. For security reasons, your data is distributed across Facebook’s servers globally. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation (GDPR), you have the right to access, transfer, correct, and delete your data. You can manage your data through Instagram’s settings. If you wish to completely delete your data on Instagram, you must permanently delete your Instagram account.

Here’s how to delete your Instagram account:

  1. Open the Instagram app. On your profile page, scroll down and click on "Help Center." This will take you to the company's website.
  2. On the website, click on "Manage Your Account" and then "Delete Your Account."

If you completely delete your account, Instagram will delete posts such as your photos and status updates. Information shared by others about you is not part of your account and will not be deleted.

As mentioned earlier, Instagram primarily stores your data through cookies. These cookies can be managed, disabled, or deleted in your browser. Depending on your browser, the management process differs slightly. You can find links to the corresponding browser instructions under the "Cookies" section.

You can also set your browser to always inform you when a cookie is about to be set. This way, you can decide individually whether to allow the cookie or not.

Legal Basis

If you have consented to the processing and storage of your data by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in having effective communication with you or other customers and business partners. We only use the embedded social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy policy regarding cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Instagram processes your data, including in the USA. Instagram (Meta Platforms) is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Instagram also uses standard contractual clauses (Art. 46 para. 2 and 3 GDPR). These clauses ensure that your data complies with European data protection standards, even when transferred to third countries (such as the USA). By participating in the EU-US Data Privacy Framework and using standard contractual clauses, Instagram commits to ensuring European data protection standards are adhered to when processing and managing your data, even when stored and processed in the USA. These clauses are based on an implementing decision of the EU Commission, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We’ve tried to provide the most important information about data processing by Instagram. You can delve deeper into Instagram's data policies at https://privacycenter.instagram.com/policy/

Instagram Lookalike Audience Privacy Policy

We also use Instagram's Lookalike Audience advertising tool. The service provider is Meta Platforms Inc., a U.S. company. For the European region, Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Meta Platforms processes data, including in the USA. Facebook and Meta Platforms are active participants in the EU-U.S. Data Privacy Framework. For more information, see their privacy policy.

TikTok Privacy Policy

TikTok Privacy Policy Summary
👥 Affected: Visitors to the website
🤝 Purpose: Optimization of our service performance
📓 Processed Data: This may include your IP address, browser data, date and time of your page visit
For more details, please see the full privacy policy below.
📅 Retention Period: Varies depending on settings
⚖️ Legal Bases: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (f) GDPR (Legitimate Interests)

What is TikTok?
On our website, we use TikTok integration. The service provider is the Chinese company Beijing Bytedance Technology Ltd. For the European region, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible. TikTok is a popular social media platform, especially among young people, where users can create, share, and view short video clips.
In this privacy policy, we inform you about what data TikTok processes, how long the data is stored, and how you can manage your privacy settings.

Why do we use TikTok on our website?
We have integrated TikTok on our website to allow you to watch TikTok videos and possibly interact with them if you feel like it. TikTok is known for its fun and creative content, and of course, we don't want to withhold such content from you. After all, we also enjoy watching some creative TikTok videos ourselves.

What data is processed by TikTok?
If you view or interact with TikTok videos on our website, TikTok may collect information about your usage behavior and device. This may include data such as your IP address, browser type, operating system, location, and other technical details. TikTok may also use cookies and similar technologies to collect information and personalize your user experience.
If you have a TikTok account, additional information may also be collected and processed. This includes user information (such as name, date of birth, or email address) and data about your communication with other TikTok users.

How long and where is the data stored?
The retention period and storage locations for the data collected by TikTok may vary significantly and are subject to TikTok’s privacy policy. TikTok may also store data on servers in the USA and other countries. The retention period is generally based on the relevant legal requirements and internal guidelines. However, we have not yet been able to find out exactly how long the data is stored. As soon as we have further information, we will inform you accordingly.

How can I delete my data or prevent data storage?
If you have a TikTok account, you can manage your privacy settings directly on TikTok. You can decide, for example, in your TikTok account settings which information can be shared and which cannot. Additionally, you can manage and disable cookies in your web browser to limit data collection. This is also possible without a TikTok account. However, please note that this may affect the functionality of our website and your TikTok experience.

Legal Basis
If you have consented to the processing and storage of your data by TikTok, this consent serves as the legal basis for data processing (Article 6 (1) (a) GDPR). In principle, your data is also stored and processed based on our legitimate interest (Article 6 (1) (f) GDPR) in maintaining efficient and clear communication with you or other customers and business partners. We use the integrated social media elements only to the extent that you have granted consent. TikTok may also set cookies in your browser to store data. Therefore, we recommend reading our cookie privacy statement carefully and reviewing the privacy policy or cookie guidelines of the respective service provider.

TikTok processes your data, including in the USA. We point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

As the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly the USA) or the transfer of data there, TikTok uses standard contractual clauses (Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the EU Commission to ensure that your data meets European data protection standards even when transferred and stored in third countries (such as the USA). Through these clauses, TikTok commits to adhering to the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the relevant standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Further information on TikTok's privacy policy and the collection of data by TikTok can be found on the TikTok website at https://www.tiktok.com/legal/page/eea/privacy-policy/en and in the general information about TikTok at https://www.tiktok.com/en/.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary
👥 Affected: Website Visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools
📓 Processed Data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found in the specific tool used.
📅 Retention Period: Depends on the tool used, but expect retention periods of several years
⚖️ Legal Bases: Article 6 (1) (a) GDPR (Consent), Article 6 (1) (f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?
We use a Consent Management Platform (CMP) software on our website, which facilitates the proper and secure handling of used scripts and cookies for both us and you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, offers the necessary cookie consent for you, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide which scripts and cookies you wish to allow or not allow. The following graphic shows the relationship between the browser, web server, and CMP.

Why do we use a cookie management tool?
Our goal is to provide you with the best possible transparency in the area of privacy. Additionally, we are legally required to do so. We want to inform you about all tools and cookies that may store and process your data. It is also your right to decide which cookies you accept and which you do not. To grant you this right, we first need to know which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information. Through the consent system, you can then accept or reject cookies.

What data is processed?
Within our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your consent declaration is stored so that we do not need to ask you again on every new visit to our website, and so we can prove your consent if legally required. This is either stored in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the retention period for your cookie consent varies. Typically, this data (e.g., pseudonymous user ID, consent time, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing
We will inform you about the duration of data processing further below, if we have additional information on this. In general, we process personal data only for as long as necessary to provide our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted once you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used. Typically, you should expect retention periods of several years. In the privacy policies of the individual providers, you can generally find precise information about the duration of data processing.

Right of Objection
You also have the right at any time to withdraw your consent to the use of cookies. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis
When you consent to cookies, personal data is processed and stored through these cookies. If we are allowed to use cookies with your consent (Article 6 (1) (a) GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. To manage cookie consent and enable you to give consent, a cookie consent management platform software is used. The use of this software allows us to operate the website efficiently and in a legally compliant manner, which represents a legitimate interest (Article 6 (1) (f) GDPR).

Payment Providers Introduction

Summary of Payment Provider Privacy Policy

  • 👥 Affected individuals: Visitors of the website
  • 🤝 Purpose: Enable and optimize the payment process on our website
  • 📓 Processed data: Data such as name, address, banking information (account number, credit card number, passwords, TANs, etc.), IP address, and contract data.Further details can be found in the respective payment provider tool.
  • 📅 Storage duration: Dependent on the payment provider used
  • ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment)

What is a Payment Provider?

We use online payment systems on our website that allow us and you to process secure and smooth transactions. Personal data may be sent, stored, and processed by the respective payment provider. Payment providers are online payment systems that enable you to make purchases via online banking. The payment is processed by the payment provider you choose, and we are subsequently informed about the completed transaction. This method can be used by any user who has an active online banking account with a PIN and TAN. Few banks today do not offer or accept such payment methods.

Why do we use Payment Providers on our Website?

We naturally want to offer the best possible service on our website and online store to ensure you feel comfortable and enjoy our offerings. We know that your time is valuable, and payment processes need to function smoothly and quickly. For this reason, we offer you various payment providers. You can select your preferred payment provider and pay in the usual manner.

Which Data is Processed?

The specific data processed depends on the respective payment provider. However, as a general rule, data such as name, address, banking details (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data for processing a transaction. In addition, contract data and user data, such as when you visit our website, which content interests you, or which subpages you click on, may be stored. Your IP address and information about the computer you use are typically stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. As website operators, we do not receive this data directly. We are only informed whether the payment was successful or not. Payment providers may forward data to relevant parties for identity and credit checks. All payment transactions are subject to the terms and privacy policies of the respective provider. Please also refer to the general terms and privacy policies of the payment provider. You have the right to request deletion or correction of your data at any time. For any rights inquiries (right of withdrawal, right to access, and right to rectification), please contact the respective service provider.

Duration of Data Processing

We will inform you below about the duration of data processing if we have additional information. Generally, we process personal data only as long as necessary to provide our services and products. If legally required, such as for accounting purposes, this retention period may be extended. For instance, we retain contractual records (invoices, contracts, bank statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB).

Right of Objection

You always have the right to request information, rectification, and deletion of your personal data. For questions, you can also contact the responsible party of the used payment provider at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant payment provider.

Cookies used by payment providers for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. Please note, however, that this may affect the functionality of the payment process.

Legal Basis

Therefore, in addition to conventional bank/credit institutions, we offer other payment service providers for the fulfillment of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR). The privacy policies of individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide an overview of data processing and storage. For any questions regarding data protection, you can always contact the responsible parties.

You can find more specific information about the payment providers in the following sections, if available.

PayPal Privacy Policy

Summary of PayPal Privacy Policy

  • 👥 Affected individuals: Visitors of the website
  • 🤝 Purpose: Optimizing the payment process on our website
  • 📓 Processed data: Data such as name, address, banking information (account number, credit card number, passwords, TANs, etc.), IP address, and contract data may be processed.Further details can be found below in this privacy policy.
  • 📅 Storage duration: Data is typically stored until the cooperation with PayPal is terminated
  • ⚖️ Legal basis: Art. 6 para. 1 lit. b GDPR (contract processing), Art. 6 para. 1 lit. a GDPR (consent)

What is PayPal?

We use PayPal, an online payment service, on our website. The service provider is the American company PayPal Inc. For the European region, the responsible entity is PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

With PayPal, all users can send and receive money electronically. Founded in 1998, PayPal has grown to become one of the most well-known and largest online payment providers globally, with over 325 million active customers.

Why do we use PayPal for our Website?

There are various reasons we use PayPal and offer it on our website. As one of the most well-known online payment providers, many of our website visitors also trust PayPal. PayPal offers high security standards for digital money transfers, using various encryption methods to protect your personal data. We also value the ease of use and the ability to make international payments in various currencies. Typically, transactions are processed very quickly, which benefits both us and you as a customer.

What Data is Processed by PayPal?

PayPal differentiates between various categories of personal data that may be processed when using their service. These include registration and contact data, identification and signature data, payment information, imported contact data, profile data, device data (such as your IP address), location data, and derived data. Derived data refers to information that can be inferred from transactions or other data, such as buying habits, behavior patterns, creditworthiness, or personal preferences.

Additionally, PayPal may process data collected by third parties (e.g., identity verifiers, fraud detection providers, or your bank). This data may include information from credit agencies, transaction data, legal information, technical usage data, location data, and derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons, and widgets to recognize users, personalize content, and conduct analysis for interest-based advertising.

How Long and Where is Data Stored?

PayPal generally stores data as long as necessary to fulfill their obligations and for the purpose it was collected. Personal data necessary for the customer relationship is retained for 10 years after the relationship ends. If PayPal is subject to a legal obligation, the retention period for personal data is governed by applicable law (e.g., insolvency law). PayPal may also retain data longer if retention is advisable in case of legal disputes.

Since PayPal is a global company, it operates data centers worldwide where your data may be stored. This means your data may be stored outside your country and outside the scope of the GDPR on PayPal servers.

How Can I Delete My Data or Prevent Data Storage?

You have the right to access, correct, delete, or restrict the processing of your personal data at any time. You can also withdraw your consent to data processing at any time.

If you wish to manage, delete, or disable cookies, you can refer to the "Cookies" section for instructions specific to the browser you use.

Legal Basis

We have a legitimate interest in incorporating PayPal as an external payment service to make our offering more attractive and to improve it technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. In such cases, additional data protection and contractual declarations (e.g., consent) may be required.

PayPal processes data from you, including in the USA. We point out that the European Court of Justice currently considers there to be no adequate level of protection for data transfers to the USA. This may involve various risks for the legality and security of data processing.

As the basis for data processing with recipients in third countries (outside the EU, Iceland, Liechtenstein, Norway, specifically in the USA) or data transfer there, PayPal uses so-called Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template agreements provided by the EU Commission to ensure that your data continues to comply with European data protection standards, even when transferred and stored in third countries (e.g., the USA). By using these clauses, PayPal agrees to comply with European data protection standards even when processing your relevant data in the USA. You can find more information on the Standard Contractual Clauses and the data processed by PayPal in the privacy policy at PayPal Privacy Full.

Audio & Video Introduction

Audio & Video Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Optimization of our service
📓 Processed Data: Data such as contact details, user behavior data, device information, and your IP address may be stored.
Further details can be found below in the corresponding privacy texts.
📅 Storage Duration: Data will generally be stored as long as necessary for the service purpose.
⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What are Audio and Video Elements?

We have integrated audio and video elements on our website, allowing you to watch videos or listen to music/podcasts directly from our site. The content is provided by service providers. Thus, all content is sourced from the respective servers of the providers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these platforms is generally free, but paid content may also be available. By using these embedded elements, you can listen to or view the respective content directly on our website.

When you use audio or video elements on our website, personal data may be transmitted, processed, and stored by the service providers.

Why Do We Use Audio & Video Elements on Our Website?

Naturally, we want to offer you the best possible experience on our website. We understand that content is no longer just conveyed through text and static images. Instead of simply providing a link to a video, we offer you audio and video formats directly on our website, which are entertaining, informative, or ideally both. This expands our service and makes it easier for you to access interesting content. Thus, alongside our texts and images, we also provide video and/or audio content.

What Data is Stored by Audio & Video Elements?

When you visit a page on our website that includes an embedded video, your server connects to the service provider's server. During this process, data is transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider. This typically includes your IP address, browser type, operating system, and other general information about your device. Additionally, most providers also collect information about your web activity, such as session duration, bounce rate, which buttons you clicked, or through which website you are using the service. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is typically stored in cookies in your browser. The exact data stored and processed can always be found in the privacy policy of the respective provider.

Duration of Data Processing

The duration of data storage on third-party servers can be found either below in the privacy text of the respective tool or in the privacy policy of the provider. In general, personal data is processed only as long as necessary to provide our services or products. This also generally applies to third-party providers. Typically, you can expect that certain data will be stored on third-party servers for several years. Data in cookies can be stored for varying periods. Some cookies are deleted immediately after leaving the website, while others may remain in your browser for several years.

Right of Objection

You have the right at any time to revoke your consent for the use of cookies or third-party providers. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent the data collection by cookies by managing, deactivating, or deleting cookies in your browser. The lawfulness of processing until the withdrawal remains unaffected.

Since embedded audio and video functions on our site usually also use cookies, you should also read our general privacy policy regarding cookies. In the privacy policies of the respective third-party providers, you will find more information about how your data is handled and stored.

Legal Basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in maintaining efficient and effective communication with you or other customers and business partners. We will use embedded audio and video elements only if you have given consent.

Spotify Privacy Policy

We use Spotify on our website, a tool for music and podcasts. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden.

For more information about the data processed through the use of Spotify, please refer to the Privacy Policy at https://www.spotify.com/de/legal/privacy-policy/.

YouTube Privacy Policy

Summary of YouTube Privacy Policy👥 Affected Parties: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Data such as contact details, user behavior data, device information, and your IP address may be stored. More details can be found below in this privacy policy.
📅 Storage Duration: Data is stored as long as necessary for the service purpose
⚖️ Legal Basis: Art. 6 (1) a GDPR (Consent), Art. 6 (1) f GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal, owned by Google since 2006. The portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our site that has an embedded YouTube video, your browser automatically connects to YouTube’s or Google's servers. Depending on the settings, various data may be transmitted. For processing data within the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible.

Below, we will explain in more detail which data is processed, why we use YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the years, YouTube has become one of the most important social media channels worldwide. In order to display videos on our website, YouTube provides a code snippet, which we have embedded on our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We aim to provide the best user experience on our website, and interesting videos are of course part of that. By embedding videos, we provide additional helpful content alongside our texts and images. Moreover, the embedded videos help our website to be found more easily through Google’s search engine. Even when we run ads through Google Ads, Google can – thanks to the collected data – only show these ads to people who are interested in our offerings.

What data does YouTube store?

Once you visit one of our pages with an embedded YouTube video, YouTube sets at least one cookie, which stores your IP address and our URL. If you are logged into your YouTube account, YouTube can link your interactions on our site to your profile, usually using cookies. This data includes session duration, bounce rate, approximate location, technical information such as browser type, screen resolution, or your internet provider. Other data may include contact information, ratings, sharing content via social media, or adding videos to your YouTube favorites.

If you are not logged into a Google or YouTube account, Google stores data with a unique identifier associated with your device, browser, or app. For example, your preferred language setting is maintained. However, many interaction data cannot be stored as fewer cookies are set.

In the following list, we show cookies that were set in a browser test. We show cookies set with and without a logged-in YouTube account. This list cannot claim to be exhaustive, as user data always depends on interactions with YouTube.

Cookies set without a logged-in YouTube account:

  • Name: YSC
    Value: b9-CV6ojI5Y112968515-1
    Purpose: Registers a unique ID to store statistics about the viewed video.
    Expiration: After session ends
  • Name: PREF
    Value: f1=50000000
    Purpose: Registers a unique ID. Google receives statistics on how you use YouTube videos on our website.
    Expiration: After 8 months
  • Name: GPS
    Value: 1
    Purpose: Registers a unique ID on mobile devices to track GPS location.
    Expiration: After 30 minutes
  • Name: VISITOR_INFO1_LIVE
    Value: 95Chz8bagyU
    Purpose: Attempts to estimate the user’s bandwidth on our website (with embedded YouTube video).
    Expiration: After 8 months

Cookies set with a logged-in YouTube account:

  • Name: APISID
    Value: zILlvClZSkqGsSwI/AU1aZI6HY7112968515-
    Purpose: Used to create a profile of your interests, which is used for personalized ads.
    Expiration: After 2 years
  • Name: CONSENT
    Value: YES+AT.de+20150628-20-0
    Purpose: Stores the user’s consent status for the use of various Google services. Also serves security purposes to verify users and protect data from unauthorized attacks.
    Expiration: After 19 years
  • Name: HSID
    Value: AcRwpgUik9Dveht0I
    Purpose: Used to create a profile about your interests, which helps to display personalized advertising.
    Expiration: After 2 years
  • Name: LOGIN_INFO
    Value: AFmmF2swRQIhALl6aL…
    Purpose: Stores information about your login data.
    Expiration: After 2 years
  • Name: SAPISID
    Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
    Purpose: Identifies your browser and device uniquely, used for creating a profile about your interests.
    Expiration: After 2 years
  • Name: SID
    Value: oQfNKjAsI112968515-
    Purpose: Stores your Google account ID and your last login time in digitally signed and encrypted form.
    Expiration: After 2 years
  • Name: SIDCC
    Value: AN0-TYuqub2JOcDTyL
    Purpose: Stores information on how you use the website and what ads you may have seen before visiting our site.
    Expiration: After 3 months

How long and where is the data stored?

The data that YouTube receives and processes is stored on Google servers. Most of these servers are located in the United States. You can view the exact locations of Google’s data centers under https://www.google.com/about/datacenters/locations/?hl=de. Your data is distributed across these servers, ensuring faster retrieval and better protection against tampering.

The data collected is stored by Google for varying lengths of time. Some data can be deleted at any time, others are automatically deleted after a limited time, and some are stored by Google for a longer period. Certain data (such as items from "My Activity," photos, or documents) stored in your Google account remain stored until you delete them. Even if you are not logged into a Google account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

You can manually delete data in your Google account. With the automatic deletion function introduced in 2019, location and activity data are stored for either 3 or 18 months, depending on your choice, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser to delete or disable Google cookies. Depending on which browser you use, this works in different ways. In the "Cookies" section, you will find links to the respective instructions for the most common browsers.

If you generally do not want cookies, you can set your browser to always notify you when a cookie is to be set. This way, you can decide whether to allow each cookie individually.

Legal Basis

If you have consented to the processing and storage of data through embedded YouTube elements, this consent constitutes the legal basis for data processing (Article 6, Section 1, Letter a of the GDPR). In principle, your data is also stored and processed based on our legitimate interest (Article 6, Section 1, Letter f of the GDPR) in maintaining effective and efficient communication with you or other customers and business partners. We will only use the embedded YouTube elements if you have provided your consent. YouTube also uses cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

YouTube processes data, including in the USA. YouTube (or Google) is an active participant in the EU-US Data Privacy Framework, which ensures the correct and secure transfer of personal data from EU citizens to the United States. More information about this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called Standard Contractual Clauses (Article 46, Section 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data continues to comply with European data protection standards, even when it is transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Google commits to adhering to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to learn more about how your data is handled, we recommend reading the privacy policy at https://policies.google.com/privacy?hl=en.

YouTube Subscribe Button Privacy Policy

We have integrated the YouTube Subscribe Button (also known as the "Subscribe-Button") on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the word "Subscribe" or "YouTube" in white text against a red background, with the white "Play" symbol to the left. The button may also appear in a different design.

Our YouTube channel frequently offers fun, interesting, or exciting videos. By using the embedded "Subscribe-Button," you can subscribe to our channel directly from our website without needing to visit the YouTube website. We aim to make it as easy as possible for you to access our comprehensive content. Please note that by doing so, YouTube may store and process data about you.

If you see an embedded subscription button on our page, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube may also gather information about your browser, approximate location, and preferred language. In our test, the following four cookies were set without being logged into YouTube:

  • Name: YSC
    Value: b9-CV6ojI5112968515Y
    Purpose: This cookie registers a unique ID to store statistics of the viewed video.
    Expiration Date: End of session
  • Name: PREF
    Value: f1=50000000
    Purpose: This cookie also registers your unique ID. Google uses PREF to gather statistics on how you use YouTube videos on our website.
    Expiration Date: 8 months
  • Name: GPS
    Value: 1
    Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
    Expiration Date: 30 minutes
  • Name: VISITOR_INFO1_LIVE
    Value: 11296851595Chz8bagyU
    Purpose: This cookie estimates the bandwidth of the user on our website (with embedded YouTube video).
    Expiration Date: 8 months

Note: These cookies were set during a test and may not be exhaustive.

If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and associate them with your YouTube account. For example, YouTube may receive information such as how long you stay on our page, the type of browser you use, your preferred screen resolution, and what actions you perform.

YouTube uses this data to improve its own services and offerings, as well as to provide analysis and statistics for advertisers (using Google Ads).

Survey and Polling Systems Introduction

Survey and Polling Systems Privacy Policy Summary

  • Affected Individuals: Website visitors
  • Purpose: Evaluation of surveys on the website
  • Processed Data: Contact data, device data, access duration and timing, IP addresses. More details can be found with the specific survey or polling system used.
  • Storage Duration: Dependent on the tool used
  • Legal Basis: Article 6, Section 1, Letter a of the GDPR (Consent), Article 6, Section 1, Letter f of the GDPR (Legitimate Interests)

What are Survey and Polling Systems?

We regularly conduct various surveys and polls on our website. These are always evaluated anonymously. A survey or polling system is a tool embedded into our website that asks you questions (e.g., about our products or services), which you can answer if you wish to participate. Your responses are always evaluated anonymously. However, with your consent for data processing, personal data may also be stored and processed.

Why do we use Survey and Polling Systems?

We want to offer you the best products and services in our industry. Surveys provide us with perfect feedback from you and help us understand what you expect from us and our offerings. Based on these anonymous evaluations, we can tailor our products or services to your wishes and expectations. Additionally, this information helps us target our advertising and marketing efforts more effectively at individuals who are genuinely interested in our offerings.

What data is processed?

Personal data is only processed if it is necessary for the technical implementation or if you have consented to the processing of personal data. In such cases, your IP address may be stored, for example, so that the survey can be displayed in your browser. Cookies may also be used to allow you to continue the survey at a later time.

If you have consented to data processing, besides your IP address, contact data such as your email address or phone number may also be processed. Data entered in an online form may also be stored and processed. Some providers may store information about your visited web pages on our website, when you started and finished the survey, and various technical details about your computer.

How long is data stored?

The duration of data processing and storage primarily depends on the tools we use. More information about the data processing of individual tools can be found below. The privacy policies of the providers usually specify how long data is stored and processed. In principle, personal data is only processed as long as necessary to provide our services. If data is stored in cookies, the storage duration can vary significantly. Data may be deleted immediately after leaving a website, but it may also remain stored for several years. Therefore, you should carefully examine each individual cookie if you want detailed information about the data storage. Usually, the privacy policies of the individual providers offer informative details about their cookies.

Right of Withdrawal

You also have the right and opportunity to withdraw your consent to the use of cookies or embedded survey systems at any time. This can be done either through our cookie management tool or other opt-out functions. For example, you can prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used in survey systems, we also recommend reading our general privacy policy regarding cookies. To understand exactly what data is being stored and processed about you, you should review the privacy policies of the respective tools.

Legal Basis

The use of survey systems requires your consent, which we obtained through our cookie popup. According to Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for processing personal data that may occur when collecting data through survey and questionnaire systems.

In addition to the consent, we have a legitimate interest in conducting surveys on our topic. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We only use the tools to the extent that consent has been given.

Since cookies may be used in survey systems, we also recommend reading our general privacy policy on cookies. To learn exactly what data is stored and processed about you, please read the privacy policies of the respective tools.

Information about the individual survey systems can be found – if available – in the following sections.

Google Forms Privacy Policy

We use Google Forms for our website, a service for Google Cloud Forms. The service provider is the American company Google Inc. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).

Google processes data about you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which governs the proper and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Google uses so-called standard contractual clauses (= Article 46(2) and (3) of the GDPR). Standard contractual clauses (SCCs) are template agreements provided by the EU Commission to ensure that your data meets European data protection standards when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which correspond to the standard contractual clauses and also apply to Google Forms, can be found at https://business.safety.google/adsprocessorterms/.

To learn more about the data processed by Google when using their services, please refer to their privacy policy at https://policies.google.com/privacy.

Data Processing Agreement (DPA) Google Forms

We have entered into a Data Processing Agreement (DPA) with Google under Article 28 of the GDPR. You can learn more about what a DPA is and what it must include in our general section on the "Data Processing Agreement (DPA)."

This agreement is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://workspace.google.com/terms/dpa_terms.html.

Web Design Introduction

Web Design Privacy Policy Summary

  • 👥 Affected: Website visitors
  • 🤝 Purpose: Improvement of user experience
  • 📓 Processed data: The data processed depends heavily on the services used. Typically, this includes IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found in the privacy policies of the tools used.
  • 📅 Storage duration: Dependent on the tools used
  • ⚖️ Legal basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website to serve our web design. Web design is not just about making our website look good, as often assumed, but also about functionality and performance. However, the appropriate look of a website is one of the key goals of professional web design. Web design is a subfield of media design, dealing with both the visual, structural, and functional aspects of a website. The goal is to improve your experience on our website using web design. In web design jargon, this is referred to as User Experience (UX) and usability. User Experience refers to all impressions and experiences that a visitor has while using a website. A subcategory of User Experience is usability, which focuses on the ease of use of a website. It is especially important that content, subpages, or products are clearly structured, and you can easily and quickly find what you are looking for. To offer you the best possible experience on our website, we also use third-party web design tools. In this privacy policy, all services that enhance the design of our website fall under the category of “Web Design.” These can include fonts, various plugins, or other web design features.

Why do we use web design tools?

How you take in information on a website depends heavily on the structure, functionality, and visual perception of the site. This is why good, professional web design has always been important to us. We are constantly working to improve our website and view this as an added service for you, the website visitor. A well-designed, functional website also provides us with economic benefits. After all, you will only visit us and use our services if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. The specific data processed depends heavily on the tools used. Further below, you will see exactly which tools we use for our website. We recommend that you also read the privacy policy of the respective tools for more information on data processing. Usually, you will learn there which data is processed, whether cookies are used, and how long the data is stored. For example, fonts like Google Fonts automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers.

Duration of Data Processing

The duration of data processing is very individual and depends on the web design elements used. For example, if cookies are used, the storage duration can range from one minute to a few years. We recommend you check this information. We suggest reading our general section on cookies as well as the privacy policies of the tools used. Typically, you will learn which cookies are used and which information is stored in them. For example, Google Font files are stored for one year to improve website loading times. In general, data is only stored as long as necessary to provide the service. Data may be stored longer in case of legal requirements.

Right to Object

You have the right and the option at any time to withdraw your consent to the use of cookies or third-party services. This can be done either through our cookie management tool or via other opt-out functions. You can also prevent the collection of data through cookies by managing, disabling, or deleting cookies in your browser. However, there are also data related to web design elements (usually with fonts) that cannot be so easily deleted. This is the case when data is automatically collected upon visiting a page and transmitted to a third-party provider (such as Google). In such cases, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=en.

Legal Basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for processing personal data, such as what may occur when data is collected through web design tools. Additionally, we have a legitimate interest in improving the web design of our website. After all, we can only provide you with a beautiful and professional online offering in this way. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We will only use web design tools as far as you have given your consent. We would like to emphasize this point once again.

Information about specific web design tools is provided in the following sections, if applicable.

Google Fonts Privacy Policy

Summary of the Google Fonts Privacy Policy👥 Affected: Visitors to the website🤝 Purpose: Optimization of our service offering📓 Processed Data: Data such as IP address and CSS and font requestsMore details can be found further below in this privacy policy.📅 Retention Period: Font files are stored by Google for one year.⚖️ Legal Basis: Article 6(1)(a) of the GDPR (Consent), Article 6(1)(f) of the GDPR (Legitimate Interests)

What are Google Fonts?

We use Google Fonts on our website. These are the “Google Fonts” from Google Inc. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).

No login or password is required to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested from the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, there is no need to worry that your Google account data will be transmitted to Google during the use of Google Fonts. Google collects usage data for CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at how the data is stored in detail shortly.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are open-source software licenses.

Why Do We Use Google Fonts on Our Website?

With Google Fonts, we can use fonts on our website without having to upload them to our own server. Google Fonts is an important element in maintaining the quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a significant advantage for use on mobile devices. When you visit our site, the small file size results in a fast loading time. Additionally, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can cause errors. Such errors can distort texts or even entire websites visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as beautifully and consistently as possible.

What Data Does Google Store?

When you visit our website, the fonts are loaded from a Google server. Through this external call, data is transmitted to the Google servers. Google also recognizes that you or your IP address visited our website. The Google Fonts API was developed to reduce the usage, storage, and collection of end-user data to what is necessary for proper font delivery. API stands for "Application Programming Interface" and serves as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests at Google. By collecting usage statistics, Google can determine how popular individual fonts are. The results are published on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in Google's BigQuery database. Businesses and developers use the Google web service BigQuery to analyze and process large data sets.

It should be noted that with every Google Fonts request, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to the Google servers. Whether this data is also stored is not clearly determined or communicated by Google.

How Long and Where Is the Data Stored?

Requests for CSS assets are stored by Google for one day on its servers, which are mainly located outside the EU. This allows us to use the fonts via a Google stylesheet. A stylesheet is a format template that allows you to easily and quickly change the design or font of a website.

Font files are stored by Google for one year. Google’s aim is to generally improve the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and appear immediately on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How Can I Delete My Data or Prevent Data Storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when a page is visited. To delete this data prematurely, you would need to contact Google support at https://support.google.com/?hl=en&tid=112968515. You can only prevent data storage by not visiting our site.

Unlike other web fonts, Google gives us unrestricted access to all fonts. We can therefore access an unlimited number of fonts and make the most of them for our website. More information about Google Fonts and other questions can be found at https://developers.google.com/fonts/faq?tid=112968515. While Google addresses privacy-related matters there, detailed information about data storage is not provided. It is relatively difficult to get precise information about stored data from Google.

Legal Basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for processing personal data that may occur during the collection by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimize our online service. The legal basis for this is Article 6(1)(f) of the GDPR (Legitimate Interests). We will only use Google Fonts as far as you have given your consent.

Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called Standard Contractual Clauses (= Article 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data continues to meet European data protection standards when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to adhering to the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

You can also read what data Google collects and how it is used at https://www.google.com/intl/en/policies/privacy.

Google Fonts Local Privacy Policy

We use Google Fonts from Google Inc. on our website. For the European region, the company responsible is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). We have embedded the Google Fonts locally, meaning on our web server – not on Google’s servers. As a result, there is no connection to Google servers, and therefore no data transmission or storage occurs.

What are Google Fonts?

Google Fonts, formerly called Google Web Fonts, is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, you could use fonts without uploading them to your server. However, to prevent any information transmission to Google servers, we have downloaded the fonts onto our server. In this way, we comply with data protection regulations and do not send any data to Google Fonts.

Online Booking Systems Introduction

Online Booking Systems Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Improving user experience and organization
📓 Processed Data: The data processed depends largely on the services used. It often includes IP addresses, contact and payment details, and/or technical data. More details are available with the respective tools used.
📅 Storage Duration: Depends on the tools used
⚖️ Legal Grounds: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is an Online Booking System?

To allow bookings through our website, we use one or more booking systems. For example, appointments can be easily made online. A booking system is a software application integrated into our website that displays available resources (such as available dates) and allows you to directly book and usually pay online. You are likely familiar with such booking systems from the hospitality or restaurant industries. Nowadays, these systems are used across various sectors. Booking systems can be used both internally for us and externally for customers like you, depending on the tool and its settings. Typically, personal data is also collected and stored.

Most often, the booking process works as follows: You will find the booking system on our website, where you can select an appointment for a service and enter your data with a few clicks, often paying immediately. It is possible that you will be required to enter further details about yourself through a form. Please be aware that all the data you input may be stored and managed in a database.

Why Do We Use an Online Booking System?

We view our website in part as a free service to you. You should receive helpful information and feel comfortable on our site. This includes providing an online service that makes booking appointments or services as simple as possible. Gone are the days when you had to wait for a booking confirmation by phone or email for several days. With an online booking system, everything is done in just a few clicks, and you can get back to other things. It also simplifies the management of all bookings and appointments for us. For both you and us, we find this type of booking system extremely beneficial.

What Data is Processed?

The exact data processed cannot be detailed in this general information about booking systems, as it depends on the tool used and its features. Many booking systems offer additional functions beyond the basic booking feature. For example, many systems also include an external online payment system (such as Stripe, Klarna, or PayPal) and a calendar synchronization feature. Accordingly, different and varying amounts of data may be processed depending on the tool’s functions. Typically, data such as IP address, name, and contact details, as well as technical information about your device and the time of the booking, are processed. If you make a payment within the system, bank details such as account numbers, credit card numbers, passwords, TANs, etc., are stored and forwarded to the respective payment provider. We recommend carefully reviewing the privacy policy of the specific tool being used to understand exactly which data is processed.

Duration of Data Processing

Each booking system stores data for different lengths of time. Therefore, we cannot specify the exact duration of data processing here. However, as a general rule, personal data is always stored only for as long as necessary to provide the services. Booking systems generally also use cookies to store information for varying lengths of time. Some cookies are deleted as soon as you leave the site, while others may be stored for several years. More information can be found in our "Cookies" section. Please also review the respective privacy policies of the providers. They should explain how long your data will be stored in each case.

Right to Object

If you have consented to data processing by a booking system, you always have the option and right to withdraw that consent. Therefore, please be aware that you have rights regarding your personal data, and you can exercise these rights at any time. If you do not want personal data to be processed, no personal data should be processed. It’s as simple as that. The easiest way to revoke data processing is through a cookie consent tool or any other opt-out functions provided. You can also manage cookie data storage directly in your browser. Until you withdraw your consent, the lawfulness of the data management remains unaffected.

Legal Basis

If you have consented to the use of booking systems, the legal basis for the corresponding data processing is your consent. This consent constitutes the legal basis for processing personal data as it applies to booking systems, according to Art. 6(1)(a) GDPR.

Furthermore, we have a legitimate interest in using booking systems, as they help us both expand our customer service and optimize our internal booking organization. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the tools to the extent that you have granted consent. We want to emphasize this point again.

Information on Special Booking Systems
You will find information about specific booking systems in the following sections, if available.

Explanation of Terms Used

We always strive to write our privacy policy as clearly and understandably as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as "personal data") or specific technical terms (such as "cookies," "IP address"). However, we do not want to use these terms without explanation. Below, you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous sections of our privacy policy. If these terms are derived from the GDPR and are legal definitions, we will also include the relevant GDPR texts and, if necessary, add our own explanations.

Data Processor

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Data Processor" refers to a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Explanation: As a company and website owner, we are responsible for all the data we process about you. In addition to the controller, there may also be so-called data processors. This includes any company or person that processes personal data on our behalf. Data processors can include service providers such as tax consultants, as well as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

Consent

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Consent" refers to any freely given, specific, informed, and unambiguous indication of the data subject's wishes, in the form of a statement or a clear affirmative action, which signifies the data subject's agreement to the processing of personal data relating to them.

Explanation: Typically, consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to the data processing or consent to it. You can usually also make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data should be processed. In principle, consent can also be given in writing, not just through a tool.

Recipient

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Recipient" refers to a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether it is a third party or not. However, authorities that receive personal data in the course of a specific investigation under Union law or the law of a Member State are not considered recipients; the processing of this data by the authorities takes place in accordance with applicable data protection provisions and for the purposes of processing.

Explanation: Any person or company that receives personal data is considered a recipient. Therefore, we and our data processors are also considered recipients. Only authorities conducting an investigation are not regarded as recipients.

Personal Data

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Personal Data" refers to any information relating to an identified or identifiable natural person (the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Explanation: Personal data includes all information that can identify you as a person. Typically, these are data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers, such as social security number, tax identification number, ID card number, or matriculation number
  • Bank details such as account number, credit card information, account balances, etc.
    According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, by extension, you as the account holder. Therefore, even storing an IP address requires a legal basis under the GDPR. There are also "special categories" of personal data, which are particularly sensitive and require extra protection. These include:
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, such as information obtained from blood or saliva samples
  • Biometric data (information about physical, mental, or behavioral traits that can identify a person)
  • Health data
  • Data related to sexual orientation or sexual life

Profiling

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Profiling" refers to any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

Explanation: Profiling involves compiling various pieces of information about a person to learn more about them. In the web domain, profiling is often used for advertising purposes or creditworthiness assessments. Web or advertising analysis programs collect data on your behavior and interests on a website. This data is used to create a user profile, which helps target ads to specific groups.

Controller

Definition under Article 4 of the GDPR
For the purposes of this regulation, the term:
"Controller" refers to the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data and, therefore, the "controller." When we pass the collected data on to other service providers for processing, these are "data processors." A "data processing agreement" (DPA) must be signed for this.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Processing" refers to any operation or set of operations which is performed on personal data, whether by automated means or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Note: When we refer to "processing" in our privacy policy, we mean any type of data processing. This includes, as mentioned in the original GDPR definition above, not only collecting but also storing and processing data.

Closing Remarks

Congratulations! If you are reading these lines, you have really "fought" your way through our entire privacy policy or at least scrolled down to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously. It is important to us that we inform you to the best of our knowledge and belief about the processing of personal data. However, we do not just want to tell you what data is processed, but also explain the reasons behind the use of various software programs. Privacy policies usually sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach and explain the matter in simple and clear language. Of course, this is not always possible due to the topic at hand. Therefore, the most important terms are explained at the end of the privacy policy.

If you have any questions about data protection on our website, please feel free to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Privacy policy created with the Data Protection Generator for Austria by AdSimple.

1. General Information

Protecting your personal data is a special concern to us. Therefore, we process your data solely based on the legal regulations (GDPR, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing in connection with our website.

2. Responsible Entity

Responsible for data processing on this website is:

Vocalynnie e.U.

Christina Berger

Email: lynnie.brio@gmail.com

Mobile: +43 680 11 22 33 0

Stockholmer Platz 4/8

1100 Vienna

Austria

Legal form: Sole proprietorship

FN: 650702 s

Commercial Court Vienna

3. Collection and Storage of Personal Data, as well as the Type and Purpose of Their Use

a) When Visiting the Website

When accessing our website www.vocalynnie.com, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected automatically and stored until it is deleted automatically:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The mentioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring comfortable use of our website
  • Evaluating system security and stability
  • For other administrative purposes

The legal basis for data processing is Article 6(1) sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. In no case do we use the collected data to draw conclusions about your person.

b) When Using Our Contact Form and Booking

If you register for lessons through our website, we need your first and last name, your email address, and your date of birth. This information is required to verify whether you are of legal age, as we need parental consent for minor students.

Data processing for booking and contacting us takes place according to Article 6(1) sentence 1 lit. b GDPR for the fulfillment of a contract and to carry out pre-contractual measures.

4. Disclosure of Data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  • You have given us explicit consent to do so according to Article 6(1) sentence 1 lit. a GDPR
  • The disclosure is required for the assertion, exercise, or defense of legal claims according to Article 6(1) sentence 1 lit. f GDPR, and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data
  • There is a legal obligation for disclosure according to Article 6(1) sentence 1 lit. c GDPR
  • The disclosure is legally permissible and necessary for the performance of contractual relationships with you according to Article 6(1) sentence 1 lit. b GDPR.

5. Cookies

Our website uses cookies. These are small text files that are stored on your device and saved by your browser. They do not cause any harm.

We use cookies to make our offering more user-friendly. Some cookies remain on your device until you delete them. They allow us to recognize your browser the next time you visit.

If you do not wish this, you can configure your browser to inform you about the setting of cookies and only allow it in individual cases.

If you deactivate cookies, the functionality of our website may be limited.

6. Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics also uses cookies, which allow an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. We have activated IP anonymization on this website, so your IP address will be truncated by Google within European Union member states or in other contracting states of the Agreement on the European Economic Area before being transmitted.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide further services related to website and internet usage to the website operator.

You can prevent the storage of cookies by adjusting your browser software accordingly; however, we point out that you may not be able to use all features of this website to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: Browser Add-on to disable Google Analytics.

7. Integration of Third-Party Services and Content

We integrate YouTube videos, Spotify links, image galleries, TikTok videos, and content from Instagram on our website. These contents are provided by Google LLC, TikTok Inc., Facebook Inc. (Instagram), and other providers. When you access a page with embedded content, a connection is established to the servers of these providers, and your IP address and possibly other information will be transmitted.

8. Online Survey Tool

We use an anonymous online survey tool to gather feedback from our students. Participation in these surveys is voluntary and anonymous. The results of these surveys may be published on our website.

9. Newsletter

If you wish to subscribe to our newsletter in the future, we need your email address and your explicit consent that you agree to receive the newsletter. Data processing is based on your consent according to Article 6(1) lit. a GDPR. You can withdraw your consent to store the data, the email address, and its use for sending the newsletter at any time.

10. Rights of the Data Subject

You have the right to access, rectification, erasure, restriction, data portability, withdrawal, and objection. If you believe that the processing of your data violates data protection law or your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority.

11. Right to Object

If your personal data is processed on the basis of legitimate interests according to Article 6(1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons related to your particular situation.

12. Data Security

We use the commonly used SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser during your visit to the website. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

13. External Service Providers

The logo of our website was designed by an external person. The website was created by Sebastian Wieser.

14. Current Status and Changes to This Privacy Policy

This privacy policy is currently valid and has the status of July 2024.

Due to the development of our website and offerings or changes in legal or regulatory requirements, it may be necessary to change this privacy policy. The most current version of the privacy policy can always be accessed and printed from our website at www.vocalynnie.com/datenschutz.